From taz at TAZ-MANIA.COM Wed Jun 1 01:22:09 2005 From: taz at TAZ-MANIA.COM (Dennis Willson) Date: Thu Jan 12 21:29:51 2006 Subject: Feature Requests Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I know I will probably get flamed for this (although this seems to be a much better group about those sort of things that most of the lists I have been on). I have a couple of feature requests and I will explain why I want them as well. A third Spam level Currently I don't actually block (delete) any mail regardless of how high the Spam rating is, but would like to. Currently I use the two Spam levels as "might be Spam" and "most like is Spam" and I mark the subject differently. The first I mark with [Spam?] and the high level I mark as [**Spam**] and most of my customers filter these differently. The low level is set at a score of 3 and the high level with a score of 7. However I would like a third that I could set fairly high (say a score of 25) and set if for actual delete. I would have said a delete level except that I would want to be able to set if it mark and forward to me during some fine tuning so being able to use just a third level is best. Multiple sets of Blacklists Currently I have MailScanner set to mark any email that is on any of the blacklists as high level Spam and not to scan it with Spam Assassin if it's already on a blacklist. However some Blacklists are more trustworthy than others. I have my own DNSBL with 450,000 addresses I have collected with my honey pot and of course I find mine very reliable, there's a virus blacklist and there're others... While some of them are not so accurate or don't have a good way for fixed servers to get off of them. I would like to have one set of blacklists that I can set to work where you can assign what Spam level is set if the email is found on one or more of the blacklists and one set to actually delete if listed. Also an API that allows me to write my own filter system that is called by MailScanner similar to the way SpamAssassin is where I can examine all the information in the email and come back with a score. In MailScanner it would have the ability to define my module and where in the list of modules (anti-virus, SA, etc...) it's used and if it gets a high value whether or not to continue with the rest of the modules. Thanks for listening -- ________________________________________________________________________________ [IMAGE]Dennis Willson taz@taz-mania.com taz@scubatech.org www.taz-mania.com Ham: KA6LSW GMRS: WPSJ953 SCUBA: Rescue, Wreck, Night, EANx, Nitrox Blender, UW Photographer, Equip, Altitude Life should not be a journey to the grave with the intention of arriving safely in a nice looking and well preserved body, but rather to skid in broadside, thoroughly used up, totally worn out, and loudly proclaiming, "WOW! WHAT A RIDE!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2.2, Image/GIF 866bytes. ] [ Unable to print this part. ] From max at KIPNESS.COM Wed Jun 1 07:46:24 2005 From: max at KIPNESS.COM (Max Kipness) Date: Thu Jan 12 21:29:51 2006 Subject: Spam messages processesed several times! Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, I have the latest version of MailScanner and Spamassassin. Everything was running fine until this morning. The only modifications I can think of that were done, were the addition/installation of Razor2 and Pyzor, in addition to DCC that I was already running. Well, this morning I started noticing that there was always 150 ^Ö 300 messages waiting to be processed. This with a new server with dual Pentium 4 3Ghz processors. Normally I process around 8000 to 10000 spam messages a day, but when grepping maillog with the count parameter, I got 57,000! Well it seems that each spam message is being processed several times, some as many as 83 times. The log will show message XXXXX from IP xxxx is spam^Å.actions are store^Å.and then it will start the process for the same message over and over again, or around 60 -80 times. Anybody ever heard of this? Thanks, Max ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bg.mahesh at INDIAINFO.COM Wed Jun 1 08:20:33 2005 From: bg.mahesh at INDIAINFO.COM (BG Mahesh) Date: Thu Jan 12 21:29:51 2006 Subject: System load is very high because of MailScanner Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Few have responded that it is ok to have a high load average. However, if I can tune it well and good. hence I am still responding to few emails. # uptime 12:47:07 up 9 days, 1:11, 4 users, load average: 5.60, 5.36, 4.82 > > > Use # vmstat 2 and show us a few lines (abort with ctrl-C) > # vmstat 2 procs memory swap io system cpu r b w swpd free buff cache si so bi bo in cs us sy id 6 1 1 250776 76424 81608 52148 2 8 33 48 34 49 41 9 50 4 0 0 250776 81848 81608 52252 0 0 0 36 137 90 79 21 0 3 0 1 250776 62960 81628 57144 0 0 0 3414 182 198 55 20 25 3 0 0 250776 68504 81628 61968 0 0 0 72 152 134 85 15 0 4 0 0 250776 72220 81644 52384 0 0 0 94 183 175 90 10 0 2 1 1 250776 74884 81660 52348 0 0 0 468 203 263 63 18 19 0 2 1 250776 85172 81660 51900 0 0 0 698 230 368 37 13 50 4 0 0 250776 60812 81676 51764 0 0 0 534 222 299 60 18 22 > > He meant the sar reports. In redhat, see the /var/log/sa/sar* reports. > Sorry 'sar' reports are long.. # sar Linux 2.4.20-8 (blr.indiainfo.com) 06/01/2005 12:00:00 AM CPU %user %nice %system %idle 12:10:00 AM all 44.27 0.00 8.05 47.68 12:20:00 AM all 41.78 0.00 7.91 50.31 12:30:00 AM all 33.36 0.00 6.75 59.88 12:40:00 AM all 36.25 0.00 7.68 56.07 12:50:00 AM all 27.85 0.00 5.50 66.66 01:00:00 AM all 21.97 0.00 4.59 73.44 01:10:00 AM all 21.29 0.00 4.56 74.15 01:20:00 AM all 23.50 0.00 5.07 71.43 01:30:00 AM all 37.07 0.00 8.09 54.84 01:40:00 AM all 30.92 0.00 6.52 62.56 01:50:01 AM all 30.89 0.00 6.65 62.46 02:00:00 AM all 24.33 0.00 5.38 70.29 02:10:00 AM all 18.49 0.00 4.02 77.49 02:20:00 AM all 11.42 0.00 2.70 85.88 02:30:00 AM all 24.87 0.00 5.30 69.83 02:40:00 AM all 23.29 0.00 4.91 71.80 02:50:01 AM all 21.60 0.00 4.65 73.75 03:00:01 AM all 20.81 0.00 4.30 74.89 03:10:01 AM all 29.00 0.00 6.95 64.04 03:20:00 AM all 22.61 0.00 5.10 72.29 03:30:01 AM all 25.95 0.00 5.46 68.59 03:40:00 AM all 24.88 0.00 5.19 69.93 03:50:00 AM all 20.33 0.00 4.30 75.37 04:00:01 AM all 24.42 0.00 5.49 70.09 04:10:00 AM all 34.99 0.62 7.06 57.33 04:20:01 AM all 41.36 0.00 6.97 51.66 04:30:00 AM all 33.78 0.00 6.89 59.33 04:40:00 AM all 16.21 0.00 3.19 80.60 04:50:01 AM all 28.65 0.00 6.03 65.32 05:00:02 AM all 26.84 0.00 6.08 67.08 05:10:00 AM all 36.24 0.00 7.92 55.85 05:10:00 AM CPU %user %nice %system %idle 05:20:00 AM all 34.42 0.00 7.57 58.00 05:30:00 AM all 18.30 0.00 3.73 77.97 05:40:00 AM all 43.64 0.00 29.20 27.16 05:50:00 AM all 24.83 0.00 5.33 69.84 06:00:00 AM all 37.96 0.00 8.08 53.96 06:10:01 AM all 24.40 0.00 5.18 70.42 06:20:00 AM all 24.40 0.00 5.10 70.50 06:30:00 AM all 13.58 0.00 2.95 83.47 06:40:00 AM all 26.78 0.00 5.87 67.35 06:50:00 AM all 17.74 0.00 3.84 78.42 07:00:00 AM all 29.28 0.00 6.41 64.31 07:10:00 AM all 25.47 0.00 5.68 68.85 07:20:00 AM all 25.85 0.00 5.60 68.55 07:30:00 AM all 23.74 0.00 5.15 71.10 07:40:00 AM all 30.75 0.00 6.95 62.30 07:50:00 AM all 25.09 0.00 5.30 69.61 08:00:00 AM all 29.71 0.00 6.40 63.89 08:10:00 AM all 33.93 0.00 7.31 58.76 08:20:04 AM all 30.77 0.00 6.63 62.60 08:30:00 AM all 44.02 0.00 8.73 47.25 08:40:00 AM all 28.61 0.00 5.86 65.53 08:50:02 AM all 68.04 0.00 15.31 16.64 09:00:01 AM all 42.14 0.00 9.23 48.64 09:10:00 AM all 38.86 0.00 8.50 52.64 09:20:00 AM all 37.91 0.00 8.49 53.60 09:30:01 AM all 35.33 0.00 7.03 57.64 09:40:00 AM all 49.49 0.00 9.77 40.74 09:50:05 AM all 50.47 0.00 11.33 38.20 10:00:02 AM all 74.45 0.00 14.26 11.29 10:10:00 AM all 55.51 0.00 13.32 31.17 10:20:00 AM all 43.54 0.00 9.70 46.75 10:20:00 AM CPU %user %nice %system %idle 10:30:04 AM all 58.38 0.00 12.74 28.88 10:40:00 AM all 65.95 0.00 14.47 19.58 10:50:06 AM all 60.78 0.00 13.73 25.49 11:00:01 AM all 59.00 0.00 13.81 27.20 11:10:02 AM all 68.89 0.00 15.40 15.70 11:20:03 AM all 68.24 0.00 15.42 16.33 11:30:02 AM all 54.82 0.00 12.43 32.76 11:40:02 AM all 68.41 0.00 15.97 15.62 11:50:00 AM all 71.70 0.00 17.67 10.63 12:00:03 PM all 71.93 0.00 15.30 12.77 12:10:00 PM all 59.47 0.00 13.42 27.11 12:20:04 PM all 69.99 0.00 16.62 13.39 12:30:00 PM all 68.04 0.00 15.51 16.45 12:40:03 PM all 66.36 0.00 15.39 18.26 Average: all 37.63 0.01 8.43 53.92 -- B.G. Mahesh bg.mahesh@indiainfo.com http://www.indiainfo.com/ -- ______________________________________________ IndiaInfo Mail - the free e-mail service with a difference! www.indiainfo.com Check out our value-added Premium features, such as an extra 20MB for mail storage, POP3, e-mail forwarding, and ads-free mailboxes! Powered by Outblaze ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ius at ALPHA.RBRANA.CO.ID Wed Jun 1 08:21:16 2005 From: ius at ALPHA.RBRANA.CO.ID (ius) Date: Thu Jan 12 21:29:51 2006 Subject: sa-learn Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, i'm trying to train the bayes with spam and ham. The spam was successful, but the ham showed some errors (i think) : [root@alpha mail]# sa-learn --showdots --mbox --spam spam ........................................................................................ Learned from 87 message(s) (88 message(s) examined). [root@alpha mail]# sa-learn --showdots --mbox --ham archive .....Parsing of undecoded UTF-8 will give garbage when decoding entities at /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/HTML.pm line 182. .........................................................................Parsing of undecoded UTF-8 will give garbage when decoding entities at /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/HTML.pm line 182. ..................................................................................................................................................................................................................Parsing of undecoded UTF-8 will give garbage when decoding entities at /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/HTML.pm line 182. .....................................................................................Parsing of undecoded UTF-8 will give garbage when decoding entities at /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/HTML.pm line 182. .......................................................................Parsing of undecoded UTF-8 will give garbage when decoding entities at /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/HTML.pm line 182. ................................................................................... Learned from 508 message(s) (527 message(s) examined). [root@alpha mail]# anybody has seen these errors before ? Thanks ius ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From goudron_et_plumes at YAHOO.FR Wed Jun 1 08:32:49 2005 From: goudron_et_plumes at YAHOO.FR (Nestor Burma) Date: Thu Jan 12 21:29:51 2006 Subject: Need to upgrade MailScanner ? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, Once again, we get the "Please contact the authors" message : May 31 23:00:57 MailScanner[4885]: ISR-form-v1.0/ May 31 23:00:57 MailScanner[4885]: ProcessClamAVOutput: unrecognised line "ISR-form-v1.0/". Please contact the authors! We are using MS 4-41-3. Does this mean we should go to the latest release ? Sincerely, -- Nb _____________________________________________________________________________ Découvrez le nouveau Yahoo! Mail : 1 Go d'espace de stockage pour vos mails, photos et vidéos ! Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jun 1 08:55:39 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:51 2006 Subject: Huh? Message-ID: Fixed. I comment in the file that I forgot to remove. On 31 May 2005, at 23:14, Kevin Miller wrote: > Implemented phishing detection and it works a treat but > whitelisting wasn't > working. Reread the comments in the .conf file and lines 12-13 say > I can > use wildcards, while 19-20 say I can't. What's up w/that? > > I removed the wildcards from my entries but won't know if it worked > until I > get a new newsletter, probably next week... > > > #12 You can also use wildcards, so you can list *.bank.com instead of > #13 listing multiple web servers individually. Use with care. > #14 > ... > #18 > #19 Note: Do not add any form of wildcard, regular expression or > anything > #20 other than a fully qualified hostname to this file. It > won't work. > #21 > > ...Kevin > -- > Kevin Miller Registered Linux User No: 307357 > CBJ MIS Dept. Network Systems Admin., Mail Admin. > 155 South Seward Street ph: (907) 586-0242 > Juneau, Alaska 99801 fax: (907 586-4500 > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jun 1 09:07:43 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:51 2006 Subject: Feature Requests Message-ID: On 1 Jun 2005, at 01:22, Dennis Willson wrote: > I know I will probably get flamed for this (although this seems to > be a much better group about those sort of things that most of the > lists I have been on). > > I have a couple of feature requests and I will explain why I want > them as well. > > A third Spam level > Currently I don't actually block (delete) any mail regardless > of how high the Spam rating is, but would like to. Currently I use > the two Spam levels as "might be Spam" and "most like is Spam" and > I mark the subject differently. The first I mark with [Spam?] and > the high level I mark as [**Spam**] and most of my customers filter > these differently. The low level is set at a score of 3 and the > high level with a score of 7. However I would like a third that I > could set fairly high (say a score of 25) and set if for actual > delete. I would have said a delete level except that I would want > to be able to set if it mark and forward to me during some fine > tuning so being able to use just a third level is best. However many levels I provide, people always ask for another one :-) This is pretty easy to implement with a Custom Function. > Multiple sets of Blacklists > Currently I have MailScanner set to mark any email that is on > any of the blacklists as high level Spam and not to scan it with > Spam Assassin if it's already on a blacklist. However some > Blacklists are more trustworthy than others. I have my own DNSBL > with 450,000 addresses I have collected with my honey pot and of > course I find mine very reliable, there's a virus blacklist and > there're others... While some of them are not so accurate or don't > have a good way for fixed servers to get off of them. I would like > to have one set of blacklists that I can set to work where you can > assign what Spam level is set if the email is found on one or more > of the blacklists and one set to actually delete if listed. If you effectively want to score blacklists, then do it in SpamAssassin, that provides a system to do all this. > Also an API that allows me to write my own filter system that is > called by MailScanner similar to the way SpamAssassin is where I > can examine all the information in the email and come back with a > score. In MailScanner it would have the ability to define my module > and where in the list of modules (anti-virus, SA, etc...) it's used > and if it gets a high value whether or not to continue with the > rest of the modules. There is a generic virus scanner module, but not a generic spam scanner module. I will take a look at this one. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jun 1 09:09:04 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:51 2006 Subject: Spam messages processesed several times! Message-ID: [ The following text is in the "WINDOWS-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] What version of MailScanner are you running? Sorry, you already answered that. Also please put MailScanner into debug mode and run check_mailscanner. That should tell you why it is dying. On 1 Jun 2005, at 07:46, Max Kipness wrote: > Hello, > > > > I have the latest version of MailScanner and Spamassassin. > > > > Everything was running fine until this morning. The only > modifications I > can think of that were done, were the addition/installation of > Razor2 and > Pyzor, in addition to DCC that I was already running. > > > > Well, this morning I started noticing that there was always 150 ^Ö 300 > messages waiting to be processed. This with a new server with dual > Pentium > 4 3Ghz processors. Normally I process around 8000 to 10000 spam > messages a > day, but when grepping maillog with the count parameter, I got 57,000! > Well it seems that each spam message is being processed several times, > some as many as 83 times. The log will show message XXXXX from IP > xxxx is > spam^Å.actions are store^Å.and then it will start the process for the > same > message over and over again, or around 60 -80 times. > > > > Anybody ever heard of this? > > > > Thanks, > > Max > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jun 1 09:10:19 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:51 2006 Subject: Need to upgrade MailScanner ? Message-ID: No, you can probably safely ignore the warnings. I would be interested to see the message though, so I can fix the parser. On 1 Jun 2005, at 08:32, Nestor Burma wrote: > Hello, > > Once again, we get the "Please contact the authors" > message : > > May 31 23:00:57 MailScanner[4885]: ISR-form-v1.0/ > May 31 23:00:57 MailScanner[4885]: > ProcessClamAVOutput: unrecognised line > "ISR-form-v1.0/". Please contact the authors! > > We are using MS 4-41-3. Does this mean we should go to > the latest release ? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From a.peacock at CHIME.UCL.AC.UK Wed Jun 1 09:10:07 2005 From: a.peacock at CHIME.UCL.AC.UK (Anthony Peacock) Date: Thu Jan 12 21:29:51 2006 Subject: "No space left on device" Which device? Message-ID: Hi, MailScanner-4.41.3 I have got the following error twice in my logs. May 31 21:30:11 inetsrv-1.chime.ucl.ac.uk MailScanner[13128]: Cannot parse /var/spool/MailScanner/incoming/13128/j4VKTx9r023647.header and , MIME::Parser: can't flush: No space left on device at /usr/local/lib/perl5/site_perl/5.8.2/MIME/Parser.pm line 789, line 24. I understand that it is telling me that the device it is trying to flush to is too full. What I can't work out is which device as the partition that is /var has at least 3Gb free space at the moment. Is this trying to flush to a temp file on /tmp? As I could understand that getting too full. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "I haven't lost my mind...I sold it on eBay!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dh at UPTIME.AT Wed Jun 1 09:12:19 2005 From: dh at UPTIME.AT ([ISO-8859-1] David Höhn) Date: Thu Jan 12 21:29:51 2006 Subject: Feature Requests Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Julian Field wrote: > > > There is a generic virus scanner module, but not a generic spam scanner > module. I will take a look at this one. > Maybe make it generic enough so that I can plugin DSPAM and CRM114 right there? :) - -d - -- nee anata wo mitsukete soshite nidoto wasurezu donna ni munega itakutemo soba ni iru no zutto...zutto...zutto Key fingerprint = FD77 F0B7 5C65 F546 EB08 A4EC 3CCA 1A32 7E24 291E -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (Darwin) iD8DBQFCnW3jPMoaMn4kKR4RA6D4AJoDs507DV5YshufQ7c5e5tNC66kjACeKWlG 67ynlaDFN29HYMtsSyip6VI= =8vku -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jun 1 09:21:17 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:51 2006 Subject: "No space left on device" Which device? Message-ID: cd /var/spool/MailScanner/incoming df -k . df -i . On 1 Jun 2005, at 09:10, Anthony Peacock wrote: > Hi, > > MailScanner-4.41.3 > > I have got the following error twice in my logs. > > May 31 21:30:11 inetsrv-1.chime.ucl.ac.uk MailScanner[13128]: Cannot > parse /var/spool/MailScanner/incoming/13128/j4VKTx9r023647.header and > , MIME::Parser: can't flush: No space left on device at > /usr/local/lib/perl5/site_perl/5.8.2/MIME/Parser.pm line 789, > line 24. > > I understand that it is telling me that the device it is trying to > flush to is too full. What I can't work out is which device as the > partition that is /var has at least 3Gb free space at the moment. > > Is this trying to flush to a temp file on /tmp? As I could > understand that getting too full. > > > -- > Anthony Peacock > CHIME, Royal Free & University College Medical School > WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ > "I haven't lost my mind...I sold it on eBay!" > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From goudron_et_plumes at YAHOO.FR Wed Jun 1 09:18:21 2005 From: goudron_et_plumes at YAHOO.FR (Nestor Burma) Date: Thu Jan 12 21:29:51 2006 Subject: MailScanner/SpamAssassin timeouts Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, --- No Name a écrit : > The problem crops up after the MS initiated SA bayes > database > rebuild. As long as the bayes_auto_expire feature is > enabled in SA > configuration and disabled in MS there isn't any > problem. If I > disable auto expiring in SA (bayes_auto_expire 0) > and enable it in MS > (Rebuild Bayes Every = 28800) I get some SA > timeouts, but only from > the MS process which did the bayes database rebuild > and only for some > batches. If I TERM this process the timeout problem > is gone. The > problem also disappears after the periodically > restart of this > process, but if I do not kill the suspicious MS > process it disables > SA network checks and later SA local checks and I > get some spam > unchecked through. The other MS processes do not > show any problem > during these timeouts. Just for the record, we have drawn the same conclusion to explain our "SpamAssassin : Erreur de temporisation" (meaning timeout, french speaking around here) problems. Only the bayes-rebuilder process seems to suffer from them. Any way out to solve this problem (we have temporarily configured out bayes rebuilding by MS, but would like to get it back whenever possible). Tia, -- Nb _____________________________________________________________________________ Découvrez le nouveau Yahoo! Mail : 1 Go d'espace de stockage pour vos mails, photos et vidéos ! Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Wed Jun 1 09:21:11 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:51 2006 Subject: System load is very high because of MailScanner Message-ID: BG Mahesh wrote: > Few have responded that it is ok to have a high load average. > However, if I can tune it well and good. hence I am still responding > to few emails. > (snipped stats that show a somewhat high load... But the sar and vmstat show nothing special) > > > -- > B.G. Mahesh > bg.mahesh@indiainfo.com > http://www.indiainfo.com/ Count the processes in state D (non-interruptible wait state). I'm sure you'll see that it is this that is "artificially pushing the load upward" (each will add 1 to the load average). Unless you see large MS batches (in the maillog), your system seems to be chugging along nicely. -- Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Jun 1 09:21:31 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:51 2006 Subject: Warinig - Worm.Zafi.B Message-ID: Steve getting a lot of mytob.cp here - ClamAV not picking up the zip files for some reason, but Sophos is catching them fine. Something to look this morning as to why clamav is not detecting the zip varient.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Stephen Swaney wrote: > We're seeing two systems in the UK getting hammered by the Worm.Zafi.B > virus. All of the infections are from the same system so it's not too hard > to block. > > The symptom is that there are so many viruses being detected that mail > starts quickly backing up on the infected system. > > Steve > > Steve Swaney > President > Fortress Systems Ltd. > www.fsl.com > steve.swaney@fsl.com > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From goudron_et_plumes at YAHOO.FR Wed Jun 1 09:19:33 2005 From: goudron_et_plumes at YAHOO.FR (Nestor Burma) Date: Thu Jan 12 21:29:51 2006 Subject: Need to upgrade MailScanner ? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Julian, --- Julian Field a écrit: > No, you can probably safely ignore the warnings. I > would be interested to see the message though, so I > can fix the parser. Which message ? The one from ClamAv ? Sincerely, -- Nb _____________________________________________________________________________ Découvrez le nouveau Yahoo! Mail : 1 Go d'espace de stockage pour vos mails, photos et vidéos ! Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Wed Jun 1 09:28:20 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:29:51 2006 Subject: Warinig - Worm.Zafi.B Message-ID: Hi! > getting a lot of mytob.cp here - ClamAV not picking up the zip files for some > reason, but Sophos is catching them fine. > > Something to look this morning as to why clamav is not detecting the zip > varient.. So submit the ones its not picking up at virustotal.com :) Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From a.peacock at CHIME.UCL.AC.UK Wed Jun 1 09:37:48 2005 From: a.peacock at CHIME.UCL.AC.UK (Anthony Peacock) Date: Thu Jan 12 21:29:51 2006 Subject: "No space left on device" Which device? Message-ID: Hi Julian, Thanks for the response. I have already checked that, which is how I know that there is ~3Gb free space there at the moment. I guess it would be possible for enough email to arrive at one time to fill that partition, but I have never seen it happen before now. But now that you have confirmed that is defintely the area that was full during that processing run, I can keep an eye on it and look into throwing some more disk at it. Thanks. > cd /var/spool/MailScanner/incoming > df -k . > df -i . > > On 1 Jun 2005, at 09:10, Anthony Peacock wrote: > > > Hi, > > > > MailScanner-4.41.3 > > > > I have got the following error twice in my logs. > > > > May 31 21:30:11 inetsrv-1.chime.ucl.ac.uk MailScanner[13128]: Cannot > > parse /var/spool/MailScanner/incoming/13128/j4VKTx9r023647.header > > and , MIME::Parser: can't flush: No space left on device at > > /usr/local/lib/perl5/site_perl/5.8.2/MIME/Parser.pm line 789, > > line 24. > > > > I understand that it is telling me that the device it is trying to > > flush to is too full. What I can't work out is which device as the > > partition that is /var has at least 3Gb free space at the moment. > > > > Is this trying to flush to a temp file on /tmp? As I could > > understand that getting too full. > > > > > > -- > > Anthony Peacock > > CHIME, Royal Free & University College Medical School > > WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ > > "I haven't lost my mind...I sold it on eBay!" > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > > mailscanner' in the body of the email. Before posting, read the Wiki > > (http://wiki.mailscanner.info/) and the archives > > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > mailscanner' in the body of the email. Before posting, read the Wiki > (http://wiki.mailscanner.info/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ All sweeping generalisations are false. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Jun 1 09:44:01 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:51 2006 Subject: "No space left on device" Which device? Message-ID: Anthony not enough inodes left???? that will have the same effect.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Anthony Peacock wrote: > Hi Julian, > > Thanks for the response. I have already checked that, which is how I > know that there is ~3Gb free space there at the moment. > > I guess it would be possible for enough email to arrive at one time > to fill that partition, but I have never seen it happen before now. > > But now that you have confirmed that is defintely the area that was > full during that processing run, I can keep an eye on it and look > into throwing some more disk at it. > > Thanks. > > > >>cd /var/spool/MailScanner/incoming >>df -k . >>df -i . >> >>On 1 Jun 2005, at 09:10, Anthony Peacock wrote: >> >> >>>Hi, >>> >>>MailScanner-4.41.3 >>> >>>I have got the following error twice in my logs. >>> >>>May 31 21:30:11 inetsrv-1.chime.ucl.ac.uk MailScanner[13128]: Cannot >>>parse /var/spool/MailScanner/incoming/13128/j4VKTx9r023647.header >>>and , MIME::Parser: can't flush: No space left on device at >>>/usr/local/lib/perl5/site_perl/5.8.2/MIME/Parser.pm line 789, >>> line 24. >>> >>>I understand that it is telling me that the device it is trying to >>>flush to is too full. What I can't work out is which device as the >>>partition that is /var has at least 3Gb free space at the moment. >>> >>>Is this trying to flush to a temp file on /tmp? As I could >>>understand that getting too full. >>> >>> >>>-- >>>Anthony Peacock >>>CHIME, Royal Free & University College Medical School >>>WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ >>>"I haven't lost my mind...I sold it on eBay!" >>> >>>------------------------ MailScanner list ------------------------ >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >>>mailscanner' in the body of the email. Before posting, read the Wiki >>>(http://wiki.mailscanner.info/) and the archives >>>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>Support MailScanner development - buy the book off the website! >>> >>> >> >>-- >>Julian Field >>www.MailScanner.info >>Buy the MailScanner book at www.MailScanner.info/store >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >>------------------------ MailScanner list ------------------------ To >>unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >>mailscanner' in the body of the email. Before posting, read the Wiki >>(http://wiki.mailscanner.info/) and the archives >>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> > > > ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Jun 1 09:43:12 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:51 2006 Subject: Warinig - Worm.Zafi.B Message-ID: Raymond I have - to the clamav.net's submission page... checked first with command line it wasn't picking up t he zip varient, even using the external unzip facility. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Raymond Dijkxhoorn wrote: > Hi! > >> getting a lot of mytob.cp here - ClamAV not picking up the zip files >> for some reason, but Sophos is catching them fine. >> >> Something to look this morning as to why clamav is not detecting the >> zip varient.. > > > So submit the ones its not picking up at virustotal.com :) > > Bye, > Raymond. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Jun 1 09:59:33 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:51 2006 Subject: Warinig - Worm.Zafi.B Message-ID: Raymond hmm no Sophos on that check site. Anyway only 4 of the 18 AV engines on that site found something... (etrust-vet, fortinet, Nod-32, Norman). -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Raymond Dijkxhoorn wrote: > Hi! > >> getting a lot of mytob.cp here - ClamAV not picking up the zip files >> for some reason, but Sophos is catching them fine. >> >> Something to look this morning as to why clamav is not detecting the >> zip varient.. > > > So submit the ones its not picking up at virustotal.com :) > > Bye, > Raymond. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From a.peacock at CHIME.UCL.AC.UK Wed Jun 1 10:00:55 2005 From: a.peacock at CHIME.UCL.AC.UK (Anthony Peacock) Date: Thu Jan 12 21:29:51 2006 Subject: "No space left on device" Which device? Message-ID: Hi all, Thanks for the info. This must have been a transient problem overnight as the partition seems fine now. For info: # cd /var/spool/MailScanner/incoming # df -F ufs -o i . Filesystem iused ifree %iused Mounted on /dev/dsk/c0t0d0s1 7066 494054 1% /var # # df -k . Filesystem kbytes used avail capacity Mounted on /dev/dsk/c0t0d0s1 4032196 954531 3037344 24% /var It doesn't look to me like last night was a particularly busy night. But now that you have confirmed that the resource problem was on that partition, it becomes a sysadmin job for me to keep an eye on and provide more resource for this area. Thankyou to everyone for your help. > Anthony > > not enough inodes left???? that will have the same effect.. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Anthony Peacock wrote: > > Hi Julian, > > > > Thanks for the response. I have already checked that, which is how > > I know that there is ~3Gb free space there at the moment. > > > > I guess it would be possible for enough email to arrive at one time > > to fill that partition, but I have never seen it happen before now. > > > > But now that you have confirmed that is defintely the area that was > > full during that processing run, I can keep an eye on it and look > > into throwing some more disk at it. > > > > Thanks. > > > > > > > >>cd /var/spool/MailScanner/incoming > >>df -k . > >>df -i . > >> > >>On 1 Jun 2005, at 09:10, Anthony Peacock wrote: > >> > >> > >>>Hi, > >>> > >>>MailScanner-4.41.3 > >>> > >>>I have got the following error twice in my logs. > >>> > >>>May 31 21:30:11 inetsrv-1.chime.ucl.ac.uk MailScanner[13128]: > >>>Cannot parse > >>>/var/spool/MailScanner/incoming/13128/j4VKTx9r023647.header and , > >>>MIME::Parser: can't flush: No space left on device at > >>>/usr/local/lib/perl5/site_perl/5.8.2/MIME/Parser.pm line 789, > >>> line 24. > >>> > >>>I understand that it is telling me that the device it is trying to > >>>flush to is too full. What I can't work out is which device as the > >>>partition that is /var has at least 3Gb free space at the moment. > >>> > >>>Is this trying to flush to a temp file on /tmp? As I could > >>>understand that getting too full. > >>> > >>> > >>>-- > >>>Anthony Peacock > >>>CHIME, Royal Free & University College Medical School > >>>WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ > >>>"I haven't lost my mind...I sold it on eBay!" > >>> > >>>------------------------ MailScanner list ------------------------ > >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>>'leave mailscanner' in the body of the email. Before posting, read > >>>the Wiki (http://wiki.mailscanner.info/) and the archives > >>>(http://www.jiscmail.ac.uk/lists/mailscanner.html). > >>> > >>>Support MailScanner development - buy the book off the website! > >>> > >>> > >> > >>-- > >>Julian Field > >>www.MailScanner.info > >>Buy the MailScanner book at www.MailScanner.info/store > >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >> > >>------------------------ MailScanner list ------------------------ > >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > >>mailscanner' in the body of the email. Before posting, read the Wiki > >>(http://wiki.mailscanner.info/) and the archives > >>(http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> > >>Support MailScanner development - buy the book off the website! > >> > > > > > > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > mailscanner' in the body of the email. Before posting, read the Wiki > (http://wiki.mailscanner.info/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ All sweeping generalisations are false. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From chris at scorpion.nl Wed Jun 1 10:02:11 2005 From: chris at scorpion.nl (Christiaan den Besten) Date: Thu Jan 12 21:29:51 2006 Subject: Need to upgrade MailScanner ? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] No, he means the original message (which barfed the parser). I had the same thing for some time. Updated my unzip (tar / unrar etc ...) and the problem went away. bye, Chris ----- Original Message ----- From: "Nestor Burma" To: Sent: Wednesday, June 01, 2005 10:19 AM Subject: Re: Need to upgrade MailScanner ? Hi Julian, --- Julian Field a écrit: > No, you can probably safely ignore the warnings. I > would be interested to see the message though, so I > can fix the parser. Which message ? The one from ClamAv ? Sincerely, -- Nb _____________________________________________________________________________ Découvrez le nouveau Yahoo! Mail : 1 Go d'espace de stockage pour vos mails, photos et vidéos ! Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jun 1 10:08:19 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:51 2006 Subject: MailScanner ANNOUNCE: 4.42.9 released Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have just released the latest stable release of MailScanner. The major new features this month are - Panda support completely rewritten (thanks to Rick Cooper!). - New options to tag Subject: line of HTML mail that has been disarmed. - Can now set the number of "Spam Lists" that are hit before the message is treated as spam. - Now passes the testvirus.org "null MIME-boundary" test. You can download as usual from www.mailscanner.info. The full Change Log is this: * New Features and Improvements * - Now automatically detects and warns if the "Incoming Work Directory"   setting contains any links. It also corrects the path (but not in the   MailScanner.conf file) and continues to work properly. - Added support for Sophos 3.93.2. You must use the sophos-autoupdate from   this version if you want Sophos to work (both the sophos and sophossavi   scanner settings). - Tar and RPM distribution installation scripts now look for gtar if GNU   tar was not found, and is happy if /usr/local/bin/perl and /usr/bin/perl   point to the same place. - SophosSAVI errors are detected as if they were viruses, and are not   ignored. - Panda support completely reimplemented a lot better by Rick Cooper. - Upgraded File::Temp, Compress::Zlib and ExtUtils-MakeMaker to latest   releases. - New options "Disarmed Modify Subject" and "Disarmed Subject Text" now   provide the ability to alter the Subject: line if any HTML tags in the   body of the message were disarmed (by having their "Allow .... Tags" set   to "disarm". This is switched on by default. - New option "Spam Lists To Be Spam" now provides the ability to set how   many Spam Lists a message must appear in before it is considered to be   spam. The default is 1 as that mimics the previous behaviour. - Improved output of SuSE MailScanner init.d script. - Reversed spam and disarm tags to leave spam tag at start of Subject:. * Fixes* - Fixed problem that could cause harmless header files to be left in the   temporary working directories when using Postfix. - Fixed problem where attachment size checks were made on the contents of   zip files and not just the zip files themselves. - Hopefully fixed problem with ClamAV missing Worm.Sober.P occasionally. - No longer import missing whine method from MIME-tools. - Fixed problems with incomplete reporting of viruses in zip files. - Fixed problem with "Delete" MCP action not being logged in syslog. - Fixed problem with the "null MIME boundary" vulnerability test. - Added check to upgrade_MailScanner_conf and upgrade_langages_conf so they   check to ensure all input files have content before starting. - Fixed bug where clean header was being applied to unscanned mail when using   virus scanning rulesets. - Fixed wrong build number for 1 Perl module in install.sh scripts. - Fixed typo in upgrade_MailScanner_conf. - Made significant changes to child worker process management and re-spawning,   to try to avoid problems reported by a few users with MailScanner "slowly   stopping working" over the space of several hours. --  Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From goudron_et_plumes at YAHOO.FR Wed Jun 1 10:31:58 2005 From: goudron_et_plumes at YAHOO.FR (Nestor Burma) Date: Thu Jan 12 21:29:51 2006 Subject: Need to upgrade MailScanner ? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, --- Christiaan den Besten a écrit: > No, he means the original message (which barfed the > parser). I had the same thing for some time. Updated > my unzip (tar / unrar etc > ...) and the problem went away. Oh... Silly me. I'm sending it to Julian off-list (I guess it's not really interesting for anyone else). -- Nb _____________________________________________________________________________ Découvrez le nouveau Yahoo! Mail : 1 Go d'espace de stockage pour vos mails, photos et vidéos ! Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Jun 1 10:31:15 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:51 2006 Subject: MailScanner ANNOUNCE: 4.42.9 released Message-ID: Jules Installed - running, no immedidate issues.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Julian Field wrote: > I have just released the latest stable release of MailScanner. > > The major new features this month are > > - Panda support completely rewritten (thanks to Rick Cooper!). > - New options to tag Subject: line of HTML mail that has been disarmed. > - Can now set the number of "Spam Lists" that are hit before the message > is treated as spam. > - Now passes the testvirus.org "null MIME-boundary" test. > > You can download as usual from www.mailscanner.info > . > > The full Change Log is this: > > * New Features and Improvements * > - Now automatically detects and warns if the "Incoming Work Directory" > setting contains any links. It also corrects the path (but not in the > MailScanner.conf file) and continues to work properly. > - Added support for Sophos 3.93.2. You must use the sophos-autoupdate from > this version if you want Sophos to work (both the sophos and sophossavi > scanner settings). > - Tar and RPM distribution installation scripts now look for gtar if GNU > tar was not found, and is happy if /usr/local/bin/perl and /usr/bin/perl > point to the same place. > - SophosSAVI errors are detected as if they were viruses, and are not > ignored. > - Panda support completely reimplemented a lot better by Rick Cooper. > - Upgraded File::Temp, Compress::Zlib and ExtUtils-MakeMaker to latest > releases. > - New options "Disarmed Modify Subject" and "Disarmed Subject Text" now > provide the ability to alter the Subject: line if any HTML tags in the > body of the message were disarmed (by having their "Allow .... Tags" set > to "disarm". This is switched on by default. > - New option "Spam Lists To Be Spam" now provides the ability to set how > many Spam Lists a message must appear in before it is considered to be > spam. The default is 1 as that mimics the previous behaviour. > - Improved output of SuSE MailScanner init.d script. > - Reversed spam and disarm tags to leave spam tag at start of Subject:. > > * Fixes* > - Fixed problem that could cause harmless header files to be left in the > temporary working directories when using Postfix. > - Fixed problem where attachment size checks were made on the contents of > zip files and not just the zip files themselves. > - Hopefully fixed problem with ClamAV missing Worm.Sober.P occasionally. > - No longer import missing whine method from MIME-tools. > - Fixed problems with incomplete reporting of viruses in zip files. > - Fixed problem with "Delete" MCP action not being logged in syslog. > - Fixed problem with the "null MIME boundary" vulnerability test. > - Added check to upgrade_MailScanner_conf and upgrade_langages_conf so they > check to ensure all input files have content before starting. > - Fixed bug where clean header was being applied to unscanned mail when > using > virus scanning rulesets. > - Fixed wrong build number for 1 Perl module in install.sh scripts. > - Fixed typo in upgrade_MailScanner_conf. > - Made significant changes to child worker process management and > re-spawning, > to try to avoid problems reported by a few users with MailScanner "slowly > stopping working" over the space of several hours. > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From richard.gray at DNS.CO.UK Wed Jun 1 10:08:15 2005 From: richard.gray at DNS.CO.UK (Gray, Richard) Date: Thu Jan 12 21:29:51 2006 Subject: Feature Requests Message-ID: > > A third Spam level > > Currently I don't actually block (delete) any mail > regardless of I would > > have said a delete level except that I would want to be > able to set if > > it mark and forward to me during some fine tuning so being > able to use > > just a third level is best. > > However many levels I provide, people always ask for another > one :-) This is pretty easy to implement with a Custom Function. > Can I add to this? :) I'd really like to have multiple MCP matches. You mention using A custom function, and if you could point me in the right direction I would happily go and see what I can see. TIA R --------------------------------------------------- This email from dns has been validated by dnsMSS Managed Email Security and is free from all known viruses. For further information contact email-integrity@dns.co.uk ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jun 1 11:01:59 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:51 2006 Subject: Feature Requests Message-ID: On 1 Jun 2005, at 10:08, Gray, Richard wrote: >>> A third Spam level >>> Currently I don't actually block (delete) any mail >>> >> regardless of >> > I would > >>> have said a delete level except that I would want to be >>> >> able to set if >> >>> it mark and forward to me during some fine tuning so being >>> >> able to use >> >>> just a third level is best. >>> >> >> However many levels I provide, people always ask for another >> one :-) This is pretty easy to implement with a Custom Function. >> >> > > > Can I add to this? :) > > I'd really like to have multiple MCP matches. You mention using > A custom function, and if you could point me in the right direction > I would happily go and see what I can see. What do you mean? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Jan-Peter.Koopmann at seceidos.de Wed Jun 1 11:11:42 2005 From: Jan-Peter.Koopmann at seceidos.de (Jan-Peter Koopmann) Date: Thu Jan 12 21:29:51 2006 Subject: MailScanner ANNOUNCE: 4.42.9 released Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Wednesday, June 01, 2005 11:31 AM MailScanner mailing list wrote: > Jules > > Installed - running, no immedidate issues.. Same here. Moreover I just released the 4.42.9 port of FreeBSD. Should be available tomorrow. Jules I will send you an updated set of man pages off channel. Regards, JP ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Christo at IT4AFRICA.CO.ZA Wed Jun 1 11:02:55 2005 From: Christo at IT4AFRICA.CO.ZA (Christo Bezuidenhout) Date: Thu Jan 12 21:29:51 2006 Subject: Changelog Date Message-ID: I see that the date for version 4.42.9 is a month behind.   Thanx for the great product   Christo ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Jan-Peter.Koopmann at SECEIDOS.DE Wed Jun 1 11:16:44 2005 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:29:51 2006 Subject: Feature Requests Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Wednesday, June 01, 2005 10:12 AM MailScanner mailing list wrote: > Maybe make it generic enough so that I can plugin DSPAM and CRM114 > right there? :) Nice one. Should Julian not have anything more important to do during the next month I would like to second that wish! :-) Regards, JP ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From chuck.foster at STREAMSHIELD.COM Wed Jun 1 11:20:09 2005 From: chuck.foster at STREAMSHIELD.COM (Chuck Foster) Date: Thu Jan 12 21:29:51 2006 Subject: MailScanner ANNOUNCE: 4.42.9 released Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Not sure if it should be considered a bug or now, but I thought I'd try upgrade_MailScanner_conf for a change rather than making the manual inpection, and noticed that it changed my local %variables% like %ss-report-dir% to %ssreportdir% - this meant that any of the rules files that referred to my original version would no longer work, and also that the use of these variables within the configuration file itself were unmodified, too! C:> This message should be regarded as confidential. If you have received this email in error please notify the sender and destroy it immediately. Statements of intent shall only become binding when confirmed in hard copy by an authorized signatory. This message has been scanned for viruses and potentially harmful content by StreamShield Protector. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Jan-Peter.Koopmann at SECEIDOS.DE Wed Jun 1 11:33:03 2005 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:29:51 2006 Subject: Feature Requests Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Mittwoch, 1. Juni 2005 2:22 Dennis Willson wrote: > I know I will probably get flamed for this Go away!!! Just kidding. Why should you be flamed? > (although this seems to be > a much better group about those sort of things that most of the lists > I have been on). We are doing our best. > A third Spam level As Julian pointed out you could do this via a custom function. I would suggest to raise your thresholds though and stick with two scores. Once you tune your SpamAssassin a bit you will see _very_ few false positives. In our setup low score is at 6 and high score at 15. We barely have any low scoring spam comming through and I do not even remember a high scoring spam being a false positive. > Multiple sets of Blacklists >     Currently I have MailScanner set to mark any email that is on any > of the blacklists as high level Spam and not to scan it with Spam > Assassin if it's already on a blacklist. Is your throughput that high you cannot afford to run SpamAssassin on all mails? Are you using those DNSBLs for tagging only or do you plan on deleting mail based on them? If so, let the MTA do this. Regards, JP > Also an API that allows me to write my own filter system that is > called by MailScanner similar to the way SpamAssassin is where I can > examine all the information in the email and come back with a score. > In MailScanner it would have the ability to define my module and > where in the list of modules (anti-virus, SA, etc...) it's used and > if it gets a high value whether or not to continue with the rest of > the modules. I agree with this one since it would make DSPAM plugins possible. But consider this: SpamAssassin says the mail is spam with score 6. Your filter systems says the mail is no spam. BTW: Is your filter system going to use scores or just say spam/nospam? How should MailScanner treat the mail? As spam? As ham? Regards, JP ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "diveflag.gif" Image/GIF 868bytes. ] [ Unable to print this part. ] From Jan-Peter.Koopmann at seceidos.de Wed Jun 1 11:36:59 2005 From: Jan-Peter.Koopmann at seceidos.de (Jan-Peter Koopmann) Date: Thu Jan 12 21:29:51 2006 Subject: Need to upgrade MailScanner ? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Wednesday, June 01, 2005 10:10 AM MailScanner mailing list wrote: > No, you can probably safely ignore the warnings. I would be > interested to see the message though, so I can fix the parser. Let me add this one: 2005-06-01T12:34:35+0200 dns mail.info MailScanner MailScanner[61251]: Virus Scanning: McAfee found 2 infections 2005-06-01T12:34:35+0200 dns mail.info MailScanner MailScanner[61251]: UNRAR 3.40 freeware Copyright (c) 1993-2004 Alexander Roshal 2005-06-01T12:34:35+0200 dns mail.warning MailScanner MailScanner[61251]: ProcessClamAVOutput: unrecognised line \"UNRAR 3.40 freeware Copyright (c) 1993-2004 Alexander Roshal\". Please contact the authors! Obviously unrar changed its output. I am using a clamav-wrapper with external unrar. Regards, JP From a.peacock at CHIME.UCL.AC.UK Wed Jun 1 11:39:59 2005 From: a.peacock at CHIME.UCL.AC.UK (Anthony Peacock) Date: Thu Jan 12 21:29:51 2006 Subject: "No space left on device" Which device? Message-ID: Hi all, This does look like a resource limitation for my machine, but I thought people might like to know some further information that I have found out. At exactly the same time that I got the original errors from MIME::Parser, I got the following as well... May 31 21:30:10 inetsrv-1 tmpfs: [ID 518458 kern.warning] WARNING: /tmp: File system full, swap space limit exceeded So it does look like that part of the code uses /tmp, which is part of swap on this system, and fairly small. It looks like I might need to increase the space available to /tmp. # df -k /tmp Filesystem kbytes used avail capacity Mounted on swap 292984 392 292592 1% /tmp > Hi all, > > Thanks for the info. This must have been a transient problem > overnight as the partition seems fine now. > > For info: > > # cd /var/spool/MailScanner/incoming > # df -F ufs -o i . > Filesystem iused ifree %iused Mounted on > /dev/dsk/c0t0d0s1 7066 494054 1% /var > # > # df -k . > Filesystem kbytes used avail capacity Mounted on > /dev/dsk/c0t0d0s1 4032196 954531 3037344 24% /var > > It doesn't look to me like last night was a particularly busy night. > > But now that you have confirmed that the resource problem was on that > partition, it becomes a sysadmin job for me to keep an eye on and > provide more resource for this area. > > Thankyou to everyone for your help. > > > > Anthony > > > > not enough inodes left???? that will have the same effect.. > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > > > Anthony Peacock wrote: > > > Hi Julian, > > > > > > Thanks for the response. I have already checked that, which is > > > how I know that there is ~3Gb free space there at the moment. > > > > > > I guess it would be possible for enough email to arrive at one > > > time to fill that partition, but I have never seen it happen > > > before now. > > > > > > But now that you have confirmed that is defintely the area that > > > was full during that processing run, I can keep an eye on it and > > > look into throwing some more disk at it. > > > > > > Thanks. > > > > > > > > > > > >>cd /var/spool/MailScanner/incoming > > >>df -k . > > >>df -i . > > >> > > >>On 1 Jun 2005, at 09:10, Anthony Peacock wrote: > > >> > > >> > > >>>Hi, > > >>> > > >>>MailScanner-4.41.3 > > >>> > > >>>I have got the following error twice in my logs. > > >>> > > >>>May 31 21:30:11 inetsrv-1.chime.ucl.ac.uk MailScanner[13128]: > > >>>Cannot parse > > >>>/var/spool/MailScanner/incoming/13128/j4VKTx9r023647.header and , > > >>>MIME::Parser: can't flush: No space left on device at > > >>>/usr/local/lib/perl5/site_perl/5.8.2/MIME/Parser.pm line 789, > > >>> line 24. > > >>> > > >>>I understand that it is telling me that the device it is trying > > >>>to flush to is too full. What I can't work out is which device > > >>>as the partition that is /var has at least 3Gb free space at the > > >>>moment. > > >>> > > >>>Is this trying to flush to a temp file on /tmp? As I could > > >>>understand that getting too full. > > >>> > > >>> > > >>>-- > > >>>Anthony Peacock > > >>>CHIME, Royal Free & University College Medical School > > >>>WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ > > >>>"I haven't lost my mind...I sold it on eBay!" > > >>> > > >>>------------------------ MailScanner list > > >>>------------------------ To unsubscribe, email > > >>>jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in > > >>>the body of the email. Before posting, read the Wiki > > >>>(http://wiki.mailscanner.info/) and the archives > > >>>(http://www.jiscmail.ac.uk/lists/mailscanner.html). > > >>> > > >>>Support MailScanner development - buy the book off the website! > > >>> > > >>> > > >> > > >>-- > > >>Julian Field > > >>www.MailScanner.info > > >>Buy the MailScanner book at www.MailScanner.info/store > > >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > >> > > >>------------------------ MailScanner list ------------------------ > > >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > >>'leave mailscanner' in the body of the email. Before posting, read > > >>the Wiki (http://wiki.mailscanner.info/) and the archives > > >>(http://www.jiscmail.ac.uk/lists/mailscanner.html). > > >> > > >>Support MailScanner development - buy the book off the website! > > >> > > > > > > > > > > > > > ******************************************************************** > > ** > > > > This email and any files transmitted with it are confidential and > > intended solely for the use of the individual or entity to whom they > > are addressed. If you have received this email in error please > > notify the system manager. > > > > This footnote confirms that this email message has been swept > > for the presence of computer viruses and is believed to be clean. > > > > ******************************************************************** > > ** > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > > mailscanner' in the body of the email. Before posting, read the Wiki > > (http://wiki.mailscanner.info/) and the archives > > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > > -- > Anthony Peacock > CHIME, Royal Free & University College Medical School > WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ > All sweeping generalisations are false. > > -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "It is easy to be blinded to the essential uselessness of computers by the sense of accomplishment you get from getting them to work at all." -- Douglas Adams ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From adrik at SALESMANAGER.NL Wed Jun 1 11:50:58 2005 From: adrik at SALESMANAGER.NL (Adri Koppes) Date: Thu Jan 12 21:29:51 2006 Subject: MailScanner ANNOUNCE: 4.42.9 released Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks JP. Nice quick respons on keeping the FreeBSD port up to date. :-) Adri. > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Jan-Peter Koopmann > Sent: 01 June, 2005 12:12 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: MailScanner ANNOUNCE: 4.42.9 released > > > On Wednesday, June 01, 2005 11:31 AM MailScanner mailing list wrote: > > > Jules > > > > Installed - running, no immedidate issues.. > > Same here. Moreover I just released the 4.42.9 port of > FreeBSD. Should be available tomorrow. Jules I will send you > an updated set of man pages off channel. > > Regards, > JP > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Jan-Peter.Koopmann at SECEIDOS.DE Wed Jun 1 11:52:49 2005 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:29:52 2006 Subject: MailScanner ANNOUNCE: 4.42.9 released Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Wednesday, June 01, 2005 12:51 PM MailScanner mailing list wrote: > Thanks JP. > > Nice quick respons on keeping the FreeBSD port up to date. :-) It took me weeks the last times so I figured this might be a way to make up for it! :-) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From adrik at SALESMANAGER.NL Wed Jun 1 11:52:05 2005 From: adrik at SALESMANAGER.NL (Adri Koppes) Date: Thu Jan 12 21:29:52 2006 Subject: Feature Requests Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Jan-Peter Koopmann > Sent: 01 June, 2005 12:17 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Feature Requests > > > On Wednesday, June 01, 2005 10:12 AM MailScanner mailing list wrote: > > > Maybe make it generic enough so that I can plugin DSPAM and CRM114 > > right there? :) > > Nice one. Should Julian not have anything more important to > do during the next month I would like to second that wish! :-) > > Regards, > JP May I give it the third approval? Adri. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From adrik at SALESMANAGER.NL Wed Jun 1 11:56:12 2005 From: adrik at SALESMANAGER.NL (Adri Koppes) Date: Thu Jan 12 21:29:52 2006 Subject: MailScanner ANNOUNCE: 4.42.9 released Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Jan-Peter Koopmann > Sent: 01 June, 2005 12:53 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: MailScanner ANNOUNCE: 4.42.9 released > > > On Wednesday, June 01, 2005 12:51 PM MailScanner mailing list wrote: > > > Thanks JP. > > > > Nice quick respons on keeping the FreeBSD port up to date. :-) > > It took me weeks the last times so I figured this might be a > way to make up for it! :-) Much appreciated, since I prefer to wait for the new MailScanner port to become available and use portupgrade to do everything automagically.. Adri. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Wed Jun 1 12:18:52 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:29:52 2006 Subject: Warinig - Worm.Zafi.B Message-ID: Hi! > hmm no Sophos on that check site. > > Anyway only 4 of the 18 AV engines on that site found something... > (etrust-vet, fortinet, Nod-32, Norman). >> >> So submit the ones its not picking up at virustotal.com :) Virus total submits them by the ones that didnt fint it, so i guess clam will pick it up asap. Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Jan-Peter.Koopmann at SECEIDOS.DE Wed Jun 1 12:19:35 2005 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:29:52 2006 Subject: FreeBSD port Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > Much appreciated, since I prefer to wait for the new > MailScanner port to become available and use portupgrade to > do everything automagically.. BTW: I changed the port so that all archivers supported by clamav are now mandatory and automatically installed. Moreover clamav-wrapper is patched accordingly. Therefore a make renew-wrapper will give you that support now automatically. I just hope most people agree.. :-) Regards, JP ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From adrik at SALESMANAGER.NL Wed Jun 1 12:24:20 2005 From: adrik at SALESMANAGER.NL (Adri Koppes) Date: Thu Jan 12 21:29:52 2006 Subject: FreeBSD port Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Jan-Peter Koopmann > Sent: 01 June, 2005 13:20 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: FreeBSD port > > > > Much appreciated, since I prefer to wait for the new > > MailScanner port to become available and use portupgrade to > > do everything automagically.. > > BTW: I changed the port so that all archivers supported by > clamav are now mandatory and automatically installed. > Moreover clamav-wrapper is patched accordingly. Therefore a > > make renew-wrapper > > will give you that support now automatically. I just hope > most people agree.. :-) > > Regards, > JP JP, Thanks... I'll check for the port availability tomorrow and do a renew-wrapper manually afterwards. I'm currently using clamav-module, so it'll probably not do anything for me. I'll let you know if I detect any problems. Adri. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dri at B-W-COMPUTER.DE Wed Jun 1 12:54:52 2005 From: dri at B-W-COMPUTER.DE (Dirk Rieger) Date: Thu Jan 12 21:29:52 2006 Subject: Take 2: MailScanner children dying and not picking up new mail Message-ID: I cleaned up my perl-installation today, but where's still the old Problem after 4 hours the mailscanner children dying of old age after receiving a last mail. New childs are created, but doesn't seem to be recognized by the Mailscanner correctly. Does the 4.42.9-version includes some changes to this behavior from 4.42.8 ? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bg.mahesh at INDIAINFO.COM Wed Jun 1 12:55:50 2005 From: bg.mahesh at INDIAINFO.COM (BG Mahesh) Date: Thu Jan 12 21:29:52 2006 Subject: MailScanner ANNOUNCE: 4.42.9 released Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] The following line never gets updated when I use upgrade_MailScanner_conf command MailScanner Version Number = 4.36.1 I think upgrade utility is missing out in updating the above value. It doesn't hurt the working of MailScanner but it would be nice to see the correct value ----- Original Message ----- From: "Julian Field" To: MAILSCANNER@JISCMAIL.AC.UK Subject: MailScanner ANNOUNCE: 4.42.9 released Date: Wed, 1 Jun 2005 10:08:19 +0100 > > I have just released the latest stable release of MailScanner. > > The major new features this month are > > - Panda support completely rewritten (thanks to Rick Cooper!). > - New options to tag Subject: line of HTML mail that has been disarmed. > - Can now set the number of "Spam Lists" that are hit before the > message is treated as spam. > - Now passes the testvirus.org "null MIME-boundary" test. > > You can download as usual from www.mailscanner.info. > > The full Change Log is this: > > * New Features and Improvements * > - Now automatically detects and warns if the "Incoming Work Directory" > setting contains any links. It also corrects the path (but not in the > MailScanner.conf file) and continues to work properly. > - Added support for Sophos 3.93.2. You must use the sophos-autoupdate from > this version if you want Sophos to work (both the sophos and sophossavi > scanner settings). > - Tar and RPM distribution installation scripts now look for gtar if GNU > tar was not found, and is happy if /usr/local/bin/perl and /usr/ bin/perl > point to the same place. > - SophosSAVI errors are detected as if they were viruses, and are not > ignored. > - Panda support completely reimplemented a lot better by Rick Cooper. > - Upgraded File::Temp, Compress::Zlib and ExtUtils-MakeMaker to latest > releases. > - New options "Disarmed Modify Subject" and "Disarmed Subject Text" now > provide the ability to alter the Subject: line if any HTML tags in the > body of the message were disarmed (by having their "Allow .... Tags" set > to "disarm". This is switched on by default. > - New option "Spam Lists To Be Spam" now provides the ability to set how > many Spam Lists a message must appear in before it is considered to be > spam. The default is 1 as that mimics the previous behaviour. > - Improved output of SuSE MailScanner init.d script. > - Reversed spam and disarm tags to leave spam tag at start of Subject:. > > * Fixes* > - Fixed problem that could cause harmless header files to be left in the > temporary working directories when using Postfix. > - Fixed problem where attachment size checks were made on the contents of > zip files and not just the zip files themselves. > - Hopefully fixed problem with ClamAV missing Worm.Sober.P occasionally. > - No longer import missing whine method from MIME-tools. > - Fixed problems with incomplete reporting of viruses in zip files. > - Fixed problem with "Delete" MCP action not being logged in syslog. > - Fixed problem with the "null MIME boundary" vulnerability test. > - Added check to upgrade_MailScanner_conf and upgrade_langages_conf so they > check to ensure all input files have content before starting. > - Fixed bug where clean header was being applied to unscanned mail when using > virus scanning rulesets. > - Fixed wrong build number for 1 Perl module in install.sh scripts. > - Fixed typo in upgrade_MailScanner_conf. > - Made significant changes to child worker process management and > re- spawning, > to try to avoid problems reported by a few users with MailScanner "slowly > stopping working" over the space of several hours. > > -- Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- B.G. Mahesh bg.mahesh@indiainfo.com http://www.indiainfo.com/ -- ______________________________________________ IndiaInfo Mail - the free e-mail service with a difference! www.indiainfo.com Check out our value-added Premium features, such as an extra 20MB for mail storage, POP3, e-mail forwarding, and ads-free mailboxes! Powered by Outblaze ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jun 1 14:25:27 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:52 2006 Subject: MailScanner ANNOUNCE: 4.42.9 released Message-ID: Definite bug.Please try the attached version of upgrade_MailScanner_conf and let me know how you get on. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2.2, Application/OCTET-STREAM (Name: ] [ "upgrade_MailScanner_conf") 8.6KB. ] [ Unable to print this part. ] [ Part 2.3: "Attached Text" ] [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 1 Jun 2005, at 11:20, Chuck Foster wrote: Not sure if it should be considered a bug or now, but I thought I'd try upgrade_MailScanner_conf for a change rather than making the manual inpection, and noticed that it changed my local %variables% like %ss-report-dir% to %ssreportdir% - this meant that any of the rules files that referred to my original version would no longer work, and also that the use of these variables within the configuration file itself were unmodified, too!   --  Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jun 1 14:29:18 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:52 2006 Subject: Take 2: MailScanner children dying and not picking up new mail Message-ID: On 1 Jun 2005, at 12:54, Dirk Rieger wrote: > I cleaned up my perl-installation today, but where's still the old > Problem > after 4 hours the mailscanner children dying of old age after > receiving a > last mail. > New childs are created, but doesn't seem to be recognized by the > Mailscanner > correctly. > > Does the 4.42.9-version includes some changes to this behavior from > 4.42.8 ? Can't remember. Please confirm the problem still exists with 4.42.9. Though I still cannot recreate it, so don't hold your breath waiting for a fix. Sorry. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Wed Jun 1 14:19:17 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:29:52 2006 Subject: System load is very high because of MailScanner Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Steen, Glenn wrote: > BG Mahesh wrote: > >>Few have responded that it is ok to have a high load average. >>However, if I can tune it well and good. hence I am still responding >>to few emails. >> > > (snipped stats that show a somewhat high load... But the sar and vmstat > show nothing special) > >> >>-- >>B.G. Mahesh >>bg.mahesh@indiainfo.com >>http://www.indiainfo.com/ > > > Count the processes in state D (non-interruptible wait state). I'm > sure you'll see that it is this that is "artificially pushing the load > upward" (each will add 1 to the load average). > > Unless you see large MS batches (in the maillog), your system seems to > be chugging along nicely. > Ugo draws the same conclusion. How many child process do you have configured? > -- Glenn > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From listacct at TULSACONNECT.COM Wed Jun 1 14:35:44 2005 From: listacct at TULSACONNECT.COM (Mike Bacher) Date: Thu Jan 12 21:29:52 2006 Subject: (exim) retry timeout exceeded - config problem? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] [sent to the exim list as well - thought someone here might be able to help] Here is my situation. Using exim 4.34 built from freebsd-ports to do antivirus/antispam scanning (via MailScanner, of course :)) and sending all scanned mail to back-end mailhub via smart_route (manualroute). Anyway, this all works great when the mailhub that the mail is routed to is up and working. However, if that machine refuses connections on port 25 for whatever reason (or is just down completely), messages are not being queued up for the proper amount of time and are timing out immediately. My retry config (from configure_outgoing): # Domain Error Retries # ------ ----- ------- * * F,2d,1s; F,4d,6h I call exim two ways: /usr/local/sbin/exim -C /usr/local/etc/exim/configure_incoming -bd (exim-4.34-0) (for incoming messages) and: /usr/local/sbin/exim -C /usr/local/etc/exim/configure_outgoing -qff (exim-4.34-0) (to process the queue) Example from the mainlog: 2005-05-31 15:10:09 1DdD3x-0004pr-KN <= susanc@yahoo.com H=(yahoo.com) [207.104.211.110] P=esmtp S=17709 id=3246B18F59C6184EA13492A2E14783697BE220@tunxch01 2005-05-31 15:10:39 1DdD3x-0004pr-KN 68.91.137.174 [68.91.137.174]: Connection refused 2005-05-31 15:10:39 1DdD3x-0004pr-KN == tina.russell@mydomain.com R=customer_route T=remote_smtp defer (61): Connection refused 2005-05-31 15:10:39 1DdD3x-0004pr-KN ** tina.russell@mydomain.com: retry timeout exceeded 2005-05-31 15:10:39 1DdD4R-0004zk-A5 <= <> R=1DdD3x-0004pr-KN U=mailnull P=local S=18816 2005-05-31 15:10:39 1DdD3x-0004pr-KN Completed Any advice would be appreciated. -- ----------------------------------------- Mike Bacher / listacct@tulsaconnect.com TCIS - TulsaConnect Internet Services http://www.tulsaconnect.com ----------------------------------------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From john at OMEGADATA.NO Wed Jun 1 14:45:58 2005 From: john at OMEGADATA.NO (John Berntsen) Date: Thu Jan 12 21:29:52 2006 Subject: Take 2: MailScanner children dying and not picking up new mail Message-ID: Are you running razor2 and postfix? if that is the case you are having the same problem i had, mine was that razor2 put it's log file into one of the postfix queues. Solution, set: logfile = /var/log/razor-agent.log in the razor config file. Med vennlig hilsen / Regards John Berntsen -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: 1. juni 2005 15:29 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Take 2: MailScanner children dying and not picking up new mail On 1 Jun 2005, at 12:54, Dirk Rieger wrote: > I cleaned up my perl-installation today, but where's still the old > Problem > after 4 hours the mailscanner children dying of old age after > receiving a > last mail. > New childs are created, but doesn't seem to be recognized by the > Mailscanner > correctly. > > Does the 4.42.9-version includes some changes to this behavior from > 4.42.8 ? Can't remember. Please confirm the problem still exists with 4.42.9. Though I still cannot recreate it, so don't hold your breath waiting for a fix. Sorry. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martelm at QUARK.VSC.EDU Wed Jun 1 14:53:11 2005 From: martelm at QUARK.VSC.EDU (Michael H. Martel) Date: Thu Jan 12 21:29:52 2006 Subject: MailScanner ANNOUNCE: 4.42.9 released Message-ID: --On June 1, 2005 2:25:27 PM +0100 Julian Field wrote: > Definite bug. > Please try the attached version of upgrade_MailScanner_conf and let me > know how you get on. When I try this version I get this message : [root@hemlock etc]# ../bin/upgrade_MailScanner_conf /opt/MailScanner/etc/MailScanner.conf ./MailScanner.conf.original > ./MailScanner.conf.new : bad interpreter: No such file or directorybin/perl The old one works fine. Just FYI. Michael -- --------------------------------o--------------------------------- Michael H. Martel | Systems Administrator michael.martel@vsc.edu | Vermont State Colleges http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Wed Jun 1 14:59:57 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:29:52 2006 Subject: MailScanner ANNOUNCE: 4.42.9 released - bug not fixed Message-ID: Julian Have installed 4.42.9 but the fix you announced for the "Delete" MCP action is not working. Test messages are being caught by MCP and are not delivered according to the logs but there is no explicit MCP "Delete" action record being logged. Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." ________________________________ From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: 01 June 2005 10:08 To: MAILSCANNER@JISCMAIL.AC.UK Subject: MailScanner ANNOUNCE: 4.42.9 released I have just released the latest stable release of MailScanner. The major new features this month are - Panda support completely rewritten (thanks to Rick Cooper!). - New options to tag Subject: line of HTML mail that has been disarmed. - Can now set the number of "Spam Lists" that are hit before the message is treated as spam. - Now passes the testvirus.org "null MIME-boundary" test. You can download as usual from www.mailscanner.info. The full Change Log is this: * New Features and Improvements * - Now automatically detects and warns if the "Incoming Work Directory" setting contains any links. It also corrects the path (but not in the MailScanner.conf file) and continues to work properly. - Added support for Sophos 3.93.2. You must use the sophos-autoupdate from this version if you want Sophos to work (both the sophos and sophossavi scanner settings). - Tar and RPM distribution installation scripts now look for gtar if GNU tar was not found, and is happy if /usr/local/bin/perl and /usr/bin/perl point to the same place. - SophosSAVI errors are detected as if they were viruses, and are not ignored. - Panda support completely reimplemented a lot better by Rick Cooper. - Upgraded File::Temp, Compress::Zlib and ExtUtils-MakeMaker to latest releases. - New options "Disarmed Modify Subject" and "Disarmed Subject Text" now provide the ability to alter the Subject: line if any HTML tags in the body of the message were disarmed (by having their "Allow .... Tags" set to "disarm". This is switched on by default. - New option "Spam Lists To Be Spam" now provides the ability to set how many Spam Lists a message must appear in before it is considered to be spam. The default is 1 as that mimics the previous behaviour. - Improved output of SuSE MailScanner init.d script. - Reversed spam and disarm tags to leave spam tag at start of Subject:. * Fixes* - Fixed problem that could cause harmless header files to be left in the temporary working directories when using Postfix. - Fixed problem where attachment size checks were made on the contents of zip files and not just the zip files themselves. - Hopefully fixed problem with ClamAV missing Worm.Sober.P occasionally. - No longer import missing whine method from MIME-tools. - Fixed problems with incomplete reporting of viruses in zip files. - Fixed problem with "Delete" MCP action not being logged in syslog. - Fixed problem with the "null MIME boundary" vulnerability test. - Added check to upgrade_MailScanner_conf and upgrade_langages_conf so they check to ensure all input files have content before starting. - Fixed bug where clean header was being applied to unscanned mail when using virus scanning rulesets. - Fixed wrong build number for 1 Perl module in install.sh scripts. - Fixed typo in upgrade_MailScanner_conf. - Made significant changes to child worker process management and re-spawning, to try to avoid problems reported by a few users with MailScanner "slowly stopping working" over the space of several hours. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jun 1 15:05:50 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:52 2006 Subject: MailScanner ANNOUNCE: 4.42.9 released Message-ID: And if you just run upgrade_MailScanner_conf with no command-line parameters at all? On my system, it prints the usage, as it should. And post the output of head upgrade_MailScanner_conf as well. Sounds like either my or your email app has done something screwy. On 1 Jun 2005, at 14:53, Michael H. Martel wrote: > --On June 1, 2005 2:25:27 PM +0100 Julian Field > wrote: > > >> Definite bug. >> Please try the attached version of upgrade_MailScanner_conf and >> let me >> know how you get on. >> > > When I try this version I get this message : > > [root@hemlock etc]# ../bin/upgrade_MailScanner_conf /opt/ > MailScanner/etc/MailScanner.conf ./MailScanner.conf.original > ./ > MailScanner.conf.new > : bad interpreter: No such file or directorybin/perl > > > The old one works fine. Just FYI. > > > > Michael > > -- > > --------------------------------o--------------------------------- > Michael H. Martel | Systems Administrator > michael.martel@vsc.edu | Vermont State Colleges > http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jun 1 15:09:28 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:52 2006 Subject: MailScanner ANNOUNCE: 4.42.9 released - bug not fixed Message-ID: According to the code, it should work for MCP but not for spam. This is weird. What are your MCP actions? And your Spam actions? On 1 Jun 2005, at 14:59, Quentin Campbell wrote: > Julian > > Have installed 4.42.9 but the fix you announced for the "Delete" MCP > action is not working. > > Test messages are being caught by MCP and are not delivered > according to > the logs but there is no explicit MCP "Delete" action record being > logged. > > Quentin > --- > PHONE: +44 191 222 8209 Information Systems and Services (ISS), > University of Newcastle, > Newcastle upon Tyne, > FAX: +44 191 222 8765 United Kingdom, NE1 7RU. > ---------------------------------------------------------------------- > -- > "Any opinion expressed above is mine. The University can get its own." > > > > > ________________________________ > > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field > Sent: 01 June 2005 10:08 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: MailScanner ANNOUNCE: 4.42.9 released > > > I have just released the latest stable release of MailScanner. > > The major new features this month are > > - Panda support completely rewritten (thanks to Rick Cooper!). > - New options to tag Subject: line of HTML mail that has been > disarmed. > - Can now set the number of "Spam Lists" that are hit before the > message is treated as spam. > - Now passes the testvirus.org "null MIME-boundary" test. > > You can download as usual from www.mailscanner.info. > > The full Change Log is this: > > * New Features and Improvements * > - Now automatically detects and warns if the "Incoming Work > Directory" > setting contains any links. It also corrects the path (but not > in the > MailScanner.conf file) and continues to work properly. > - Added support for Sophos 3.93.2. You must use the > sophos-autoupdate from > this version if you want Sophos to work (both the sophos and > sophossavi > scanner settings). > - Tar and RPM distribution installation scripts now look for > gtar if GNU > tar was not found, and is happy if /usr/local/bin/perl and > /usr/bin/perl > point to the same place. > - SophosSAVI errors are detected as if they were viruses, and > are not > ignored. > - Panda support completely reimplemented a lot better by Rick > Cooper. > - Upgraded File::Temp, Compress::Zlib and ExtUtils-MakeMaker to > latest > releases. > - New options "Disarmed Modify Subject" and "Disarmed Subject > Text" now > provide the ability to alter the Subject: line if any HTML > tags in the > body of the message were disarmed (by having their "Allow .... > Tags" set > to "disarm". This is switched on by default. > - New option "Spam Lists To Be Spam" now provides the ability to > set how > many Spam Lists a message must appear in before it is > considered to be > spam. The default is 1 as that mimics the previous behaviour. > - Improved output of SuSE MailScanner init.d script. > - Reversed spam and disarm tags to leave spam tag at start of > Subject:. > > * Fixes* > - Fixed problem that could cause harmless header files to be > left in the > temporary working directories when using Postfix. > - Fixed problem where attachment size checks were made on the > contents of > zip files and not just the zip files themselves. > - Hopefully fixed problem with ClamAV missing Worm.Sober.P > occasionally. > - No longer import missing whine method from MIME-tools. > - Fixed problems with incomplete reporting of viruses in zip > files. > - Fixed problem with "Delete" MCP action not being logged in > syslog. > - Fixed problem with the "null MIME boundary" vulnerability > test. > - Added check to upgrade_MailScanner_conf and > upgrade_langages_conf so they > check to ensure all input files have content before starting. > - Fixed bug where clean header was being applied to unscanned > mail when using > virus scanning rulesets. > - Fixed wrong build number for 1 Perl module in install.sh > scripts. > - Fixed typo in upgrade_MailScanner_conf. > - Made significant changes to child worker process management > and re-spawning, > to try to avoid problems reported by a few users with > MailScanner "slowly > stopping working" over the space of several hours. > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list > ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bg.mahesh at INDIAINFO.COM Wed Jun 1 15:10:39 2005 From: bg.mahesh at INDIAINFO.COM (BG Mahesh) Date: Thu Jan 12 21:29:52 2006 Subject: System load is very high because of MailScanner Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > > Ugo draws the same conclusion. How many child process do you have > configured? > # As a rough guide, try 5 children per CPU. But read the notes above. Max Children = 5 I guess I have to change it to 10 and see how things work as we have a dual processor -- B.G. Mahesh bg.mahesh@indiainfo.com http://www.indiainfo.com/ -- ______________________________________________ IndiaInfo Mail - the free e-mail service with a difference! www.indiainfo.com Check out our value-added Premium features, such as an extra 20MB for mail storage, POP3, e-mail forwarding, and ads-free mailboxes! Powered by Outblaze ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martelm at QUARK.VSC.EDU Wed Jun 1 15:16:25 2005 From: martelm at QUARK.VSC.EDU (Michael H. Martel) Date: Thu Jan 12 21:29:52 2006 Subject: MailScanner ANNOUNCE: 4.42.9 released Message-ID: --On June 1, 2005 3:05:50 PM +0100 Julian Field wrote: > And if you just run upgrade_MailScanner_conf with no command-line > parameters at all? > On my system, it prints the usage, as it should. > > And post the output of > head upgrade_MailScanner_conf > as well. > Sounds like either my or your email app has done something screwy. [root@hemlock bin]# ./upgrade_MailScanner_conf : bad interpreter: No such file or directoryerl [root@hemlock bin]# head upgrade_MailScanner_conf #!/usr/bin/perl # # MailScanner - SMTP E-Mail Virus Scanner # Copyright (C) 2002 Julian Field # # $Id: upgrade_MailScanner_conf,v 1.1.2.16 2005/05/30 11:38:01 jkf Exp $ # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by Michael -- --------------------------------o--------------------------------- Michael H. Martel | Systems Administrator michael.martel@vsc.edu | Vermont State Colleges http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dri at B-W-COMPUTER.DE Wed Jun 1 15:18:25 2005 From: dri at B-W-COMPUTER.DE (Dirk Rieger) Date: Thu Jan 12 21:29:52 2006 Subject: Take 2: MailScanner children dying and not picking up new mail Message-ID: thx for your hint - I'll try this if the 4hour bug still occures with the 4.42.9-version... - ruffly in 2 hours ;) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Wed Jun 1 15:18:37 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:52 2006 Subject: MailScanner ANNOUNCE: 4.42.9 released Message-ID: Michael H. Martel wrote: > --On June 1, 2005 2:25:27 PM +0100 Julian Field > wrote: > >> Definite bug. >> Please try the attached version of upgrade_MailScanner_conf and let >> me know how you get on. > > When I try this version I get this message : > > [root@hemlock etc]# ../bin/upgrade_MailScanner_conf > /opt/MailScanner/etc/MailScanner.conf ./MailScanner.conf.original > > ./MailScanner.conf.new >> bad interpreter: No such file or directorybin/perl > > > The old one works fine. Just FYI. > > > > Michael Check that you don't have CR/LF wrong in the file. -- Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Wed Jun 1 15:20:42 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:52 2006 Subject: MailScanner ANNOUNCE: 4.42.9 released Message-ID: Michael H. Martel wrote: > --On June 1, 2005 3:05:50 PM +0100 Julian Field > wrote: > >> And if you just run upgrade_MailScanner_conf with no command-line >> parameters at all? On my system, it prints the usage, as it should. >> >> And post the output of >> head upgrade_MailScanner_conf >> as well. >> Sounds like either my or your email app has done something screwy. > > [root@hemlock bin]# ./upgrade_MailScanner_conf >> bad interpreter: No such file or directoryerl > > [root@hemlock bin]# head upgrade_MailScanner_conf > #!/usr/bin/perl > > # > # MailScanner - SMTP E-Mail Virus Scanner > # Copyright (C) 2002 Julian Field > # > # $Id: upgrade_MailScanner_conf,v 1.1.2.16 2005/05/30 11:38:01 jkf > Exp $ # > # This program is free software; you can redistribute it and/or > modify # it under the terms of the GNU General Public License as > published by > > > > > > Michael Pipe the head command into od or hexdump... I'm sure you'll see an extra ^M (CR) character on the end of each line;-). -- Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martelm at QUARK.VSC.EDU Wed Jun 1 15:21:47 2005 From: martelm at QUARK.VSC.EDU (Michael H. Martel) Date: Thu Jan 12 21:29:52 2006 Subject: MailScanner ANNOUNCE: 4.42.9 released Message-ID: --On June 1, 2005 3:05:50 PM +0100 Julian Field wrote: > Sounds like either my or your email app has done something screwy. Ahha! I see that when I look at it in BBEdit on my Mac, that it has DOS line breaks. Changing those to Unix line breaks works. We'll assume it was something that I did to the file. Thanks! Michael -- --------------------------------o--------------------------------- Michael H. Martel | Systems Administrator michael.martel@vsc.edu | Vermont State Colleges http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martelm at QUARK.VSC.EDU Wed Jun 1 15:22:41 2005 From: martelm at QUARK.VSC.EDU (Michael H. Martel) Date: Thu Jan 12 21:29:52 2006 Subject: MailScanner ANNOUNCE: 4.42.9 released Message-ID: --On June 1, 2005 4:20:42 PM +0200 "Steen, Glenn" wrote: > Pipe the head command into od or hexdump... I'm sure you'll see an extra > ^M (CR) character on the end of each line;-). How right you are. Now I wonder who put those there. Michael -- --------------------------------o--------------------------------- Michael H. Martel | Systems Administrator michael.martel@vsc.edu | Vermont State Colleges http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jun 1 15:28:30 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:52 2006 Subject: MailScanner ANNOUNCE: 4.42.9 released Message-ID: On 1 Jun 2005, at 15:22, Michael H. Martel wrote: > --On June 1, 2005 4:20:42 PM +0200 "Steen, Glenn" > wrote: > > >> Pipe the head command into od or hexdump... I'm sure you'll see an >> extra >> ^M (CR) character on the end of each line;-). >> > > How right you are. Now I wonder who put those there. Now I remember why I always gzip text files before mailing them to you all. Sorry about that, a corrected version is attached. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/X-GZIP 3.8KB. ] [ Unable to print this part. ] [ Part 3: "Attached Text" ] -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From john at OMEGADATA.NO Wed Jun 1 15:24:27 2005 From: john at OMEGADATA.NO (John Berntsen) Date: Thu Jan 12 21:29:52 2006 Subject: Take 2: MailScanner children dying and not picking up new mail Message-ID: It probably will die, if you have not removed the log file created by razor2 in the postfix queue "hold" i think it was. Med vennlig hilsen / Regards John Berntsen Omegadata AS Leangbukta 31 1392 Vettre Mobil 99 43 07 79 Telefon 66 76 61 00 Faks 66 76 61 01 -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Dirk Rieger Sent: 1. juni 2005 16:18 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Take 2: MailScanner children dying and not picking up new mail thx for your hint - I'll try this if the 4hour bug still occures with the 4.42.9-version... - ruffly in 2 hours ;) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Wed Jun 1 15:25:37 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:52 2006 Subject: System load is very high because of MailScanner Message-ID: BG Mahesh wrote: >> Ugo draws the same conclusion. How many child process do you have >> configured? >> > > # As a rough guide, try 5 children per CPU. But read the notes above. > Max Children = 5 > > I guess I have to change it to 10 and see how things work as we have > a dual processor > > -- > B.G. Mahesh > bg.mahesh@indiainfo.com > http://www.indiainfo.com/ Might be a good idea, yes.... But your system isn't exactly "struggling under the load", now is it? Or do you have "large-ish" batches? If not, you perhaps shouldn't bust your guts to "solve the problem", since it really isn't there. Does the system ... "feel responsive"? -- Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Wed Jun 1 15:27:07 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:52 2006 Subject: MailScanner ANNOUNCE: 4.42.9 released Message-ID: Michael H. Martel wrote: > --On June 1, 2005 4:20:42 PM +0200 "Steen, Glenn" > wrote: > >> Pipe the head command into od or hexdump... I'm sure you'll see an >> extra ^M (CR) character on the end of each line;-). > > How right you are. Now I wonder who put those there. > > > > Michael Probably the MUA, or copy'n'paste thing...? :-) -- Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From chuck.foster at STREAMSHIELD.COM Wed Jun 1 15:28:44 2005 From: chuck.foster at STREAMSHIELD.COM (Chuck Foster) Date: Thu Jan 12 21:29:52 2006 Subject: MailScanner ANNOUNCE: 4.42.9 released Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Yup, that worked much better! The only other aesthetic observation I had from its output is that my empty strings have now all got an extra space on the end of them, which wasn't present in the distribution MailScanner.conf as well as my original either. Eg. Run As User= is now Rus As User= Oh, and the spacing for the options were blatted as well, but that isn't so important :-) C:> -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Julian Field Sent: 01 June 2005 14:25 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: MailScanner ANNOUNCE: 4.42.9 released Definite bug. Please try the attached version of upgrade_MailScanner_conf and let me know how you get on. ? On 1 Jun 2005, at 11:20, Chuck Foster wrote: > Not sure if it should be considered a bug or now, but I thought I'd > try upgrade_MailScanner_conf for a change rather than making the > manual inpection, and noticed that it changed my local %variables% > like %ss-report-dir% to %ssreportdir% - this meant that any of the > rules files that referred to my original version would no longer > work, and also that the use of these variables within the > configuration file itself were unmodified, too! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and potentially harmful content by StreamShield Protector. This message should be regarded as confidential. If you have received this email in error please notify the sender and destroy it immediately. Statements of intent shall only become binding when confirmed in hard copy by an authorized signatory. -- This message has been scanned for viruses and potentially harmful content by StreamShield Protector. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Wed Jun 1 15:21:24 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:29:52 2006 Subject: System load is very high because of MailScanner Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] BG Mahesh wrote: >>Ugo draws the same conclusion. How many child process do you have >>configured? >> > > > # As a rough guide, try 5 children per CPU. But read the notes above. > Max Children = 5 > > I guess I have to change it to 10 and see how things work as we have a dual processor You can try it out, it might help or not though, depending on many factors. As other said, the message delay is the only factor that's always a good indication. Is this a dedicated MailScanner machine? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Wed Jun 1 15:50:13 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:29:52 2006 Subject: MailScanner ANNOUNCE: 4.42.9 released - bug not fixed Message-ID: Julian The Spam and MCP actions are shown below. I have interpolated parts of the contents of the two spam "Actions" rules file between the "cut here" lines. The logged MCP scores are all >= 10. Spam Actions = %rules-dir%/Spam_Actions.rules ------------ cut here To: *@unn.ac.uk deliver To: *@northumbria.ac.uk deliver To: *@qeliz.ac.uk deliver attachment To: *@stmarys-sfc.ac.uk deliver attachment To: cccc.dddd@newdur.ac.uk deliver attachment To: *@newdur.ac.uk deliver striphtml To: /aaaa.bbbb\@(ncl|newcastle)\.ac\.uk$/ deliver ## DO NOT EDIT BELOW THIS LINE - CHANGES WILL BE LOST To: xxxx.yyyy@ncl.ac.uk delete To: xxxx.yyyy@newcastle.ac.uk delete [hundreds of addresses of the above form] To: *@* deliver attachment ------------ cut here High Scoring Spam Actions = %rules-dir%/High_Scoring_Spam_Actions.rules ------------ cut here [similar records to contents of Spam_Actions.rules] ------------ cut here Non Spam Actions = deliver MCP Checks = yes First Check = mcp MCP Required SpamAssassin Score = 1 MCP High SpamAssassin Score = 10 MCP Error Score = 1 MCP Header = X-%org-name%-MailScanner-MCPCheck: Non MCP Actions = deliver MCP Actions = deliver High Scoring MCP Actions = delete Bounce MCP As Attachment = no MCP Modify Subject = yes MCP Subject Text = {MCP?} High Scoring MCP Modify Subject = yes High Scoring MCP Subject Text = {MCP?!} Is Definitely MCP = no Is Definitely Not MCP = no Definite MCP Is High Scoring = no Always Include MCP Report = yes Detailed MCP Report = yes Include Scores In MCP Report = yes Log MCP = yes Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." >-----Original Message----- >From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >Sent: 01 June 2005 15:09 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: MailScanner ANNOUNCE: 4.42.9 released - bug not fixed > >According to the code, it should work for MCP but not for spam. >This is weird. > >What are your MCP actions? And your Spam actions? > >On 1 Jun 2005, at 14:59, Quentin Campbell wrote: > >> Julian >> >> Have installed 4.42.9 but the fix you announced for the "Delete" MCP >> action is not working. >> >> Test messages are being caught by MCP and are not delivered >> according to >> the logs but there is no explicit MCP "Delete" action record being >> logged. >> >> Quentin >> --- >> PHONE: +44 191 222 8209 Information Systems and Services (ISS), >> University of Newcastle, >> Newcastle upon Tyne, >> FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >> >---------------------------------------------------------------------- >> -- >> "Any opinion expressed above is mine. The University can get >its own." >> >> >> >> >> ________________________________ >> >> From: MailScanner mailing list >> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >> Sent: 01 June 2005 10:08 >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: MailScanner ANNOUNCE: 4.42.9 released >> >> >> I have just released the latest stable release of MailScanner. >> >> The major new features this month are >> >> - Panda support completely rewritten (thanks to Rick Cooper!). >> - New options to tag Subject: line of HTML mail that has been >> disarmed. >> - Can now set the number of "Spam Lists" that are hit before the >> message is treated as spam. >> - Now passes the testvirus.org "null MIME-boundary" test. >> >> You can download as usual from www.mailscanner.info. >> >> The full Change Log is this: >> >> * New Features and Improvements * >> - Now automatically detects and warns if the "Incoming Work >> Directory" >> setting contains any links. It also corrects the path (but not >> in the >> MailScanner.conf file) and continues to work properly. >> - Added support for Sophos 3.93.2. You must use the >> sophos-autoupdate from >> this version if you want Sophos to work (both the sophos and >> sophossavi >> scanner settings). >> - Tar and RPM distribution installation scripts now look for >> gtar if GNU >> tar was not found, and is happy if /usr/local/bin/perl and >> /usr/bin/perl >> point to the same place. >> - SophosSAVI errors are detected as if they were viruses, and >> are not >> ignored. >> - Panda support completely reimplemented a lot better by Rick >> Cooper. >> - Upgraded File::Temp, Compress::Zlib and ExtUtils-MakeMaker to >> latest >> releases. >> - New options "Disarmed Modify Subject" and "Disarmed Subject >> Text" now >> provide the ability to alter the Subject: line if any HTML >> tags in the >> body of the message were disarmed (by having their "Allow .... >> Tags" set >> to "disarm". This is switched on by default. >> - New option "Spam Lists To Be Spam" now provides the ability to >> set how >> many Spam Lists a message must appear in before it is >> considered to be >> spam. The default is 1 as that mimics the previous behaviour. >> - Improved output of SuSE MailScanner init.d script. >> - Reversed spam and disarm tags to leave spam tag at start of >> Subject:. >> >> * Fixes* >> - Fixed problem that could cause harmless header files to be >> left in the >> temporary working directories when using Postfix. >> - Fixed problem where attachment size checks were made on the >> contents of >> zip files and not just the zip files themselves. >> - Hopefully fixed problem with ClamAV missing Worm.Sober.P >> occasionally. >> - No longer import missing whine method from MIME-tools. >> - Fixed problems with incomplete reporting of viruses in zip >> files. >> - Fixed problem with "Delete" MCP action not being logged in >> syslog. >> - Fixed problem with the "null MIME boundary" vulnerability >> test. >> - Added check to upgrade_MailScanner_conf and >> upgrade_langages_conf so they >> check to ensure all input files have content before starting. >> - Fixed bug where clean header was being applied to unscanned >> mail when using >> virus scanning rulesets. >> - Fixed wrong build number for 1 Perl module in install.sh >> scripts. >> - Fixed typo in upgrade_MailScanner_conf. >> - Made significant changes to child worker process management >> and re-spawning, >> to try to avoid problems reported by a few users with >> MailScanner "slowly >> stopping working" over the space of several hours. >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> ------------------------ MailScanner list >> ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) >> and the archives >> (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> > >-- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bg.mahesh at INDIAINFO.COM Wed Jun 1 16:23:38 2005 From: bg.mahesh at INDIAINFO.COM (BG Mahesh) Date: Thu Jan 12 21:29:52 2006 Subject: System load is very high because of MailScanner Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > > > > > > # As a rough guide, try 5 children per CPU. But read the notes above. > > Max Children = 5 > > > > I guess I have to change it to 10 and see how things work as we > > have a dual processor > > You can try it out, it might help or not though, depending on many > factors. As other said, the message delay is the only factor that's > always a good indication. > > Is this a dedicated MailScanner machine? > Yes..the system is used as our mailserver. No other development work etc goes on this machine. It process mail and just mail -- B.G. Mahesh bg.mahesh@indiainfo.com http://www.indiainfo.com/ -- ______________________________________________ IndiaInfo Mail - the free e-mail service with a difference! www.indiainfo.com Check out our value-added Premium features, such as an extra 20MB for mail storage, POP3, e-mail forwarding, and ads-free mailboxes! Powered by Outblaze ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jun 1 16:24:49 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:52 2006 Subject: MailScanner ANNOUNCE: 4.42.9 released - bug not fixed Message-ID: On 1 Jun 2005, at 15:50, Quentin Campbell wrote: > Julian > > The Spam and MCP actions are shown below. I have interpolated parts of > the contents of the two spam "Actions" rules file between the "cut > here" > lines. > > The logged MCP scores are all >= 10. > > > Spam Actions = %rules-dir%/Spam_Actions.rules > ------------ cut here > To: *@unn.ac.uk deliver > To: *@northumbria.ac.uk deliver > To: *@qeliz.ac.uk deliver > attachment > To: *@stmarys-sfc.ac.uk deliver > attachment > To: cccc.dddd@newdur.ac.uk deliver > attachment > To: *@newdur.ac.uk deliver > striphtml > To: /aaaa.bbbb\@(ncl|newcastle)\.ac\.uk$/ deliver > ## DO NOT EDIT BELOW THIS LINE - CHANGES WILL BE LOST > To: xxxx.yyyy@ncl.ac.uk delete > To: xxxx.yyyy@newcastle.ac.uk delete > [hundreds of addresses of the above form] You can shortcut this by using To: /etc/MailScanner/newcastle.addresses delete and then put the newcastle addresses, 1 per line into the newcastle.addresses file. That should make maintenance rather easier. > To: *@* deliver attachment > ------------ cut here > High Scoring Spam Actions = %rules-dir%/ > High_Scoring_Spam_Actions.rules > ------------ cut here > [similar records to contents of Spam_Actions.rules] > ------------ cut here > Non Spam Actions = deliver > > MCP Checks = yes > First Check = mcp > MCP Required SpamAssassin Score = 1 > MCP High SpamAssassin Score = 10 > MCP Error Score = 1 > MCP Header = X-%org-name%-MailScanner-MCPCheck: > Non MCP Actions = deliver > MCP Actions = deliver > High Scoring MCP Actions = delete Your High-scoring MCP threshold is 10, but what are the scores of the MCP rules you are using? Are they 10 or above, or below? I haven't yet seen evidence that the High-scoring MCP threshold is actually reached. > Bounce MCP As Attachment = no > > MCP Modify Subject = yes > MCP Subject Text = {MCP?} > High Scoring MCP Modify Subject = yes > High Scoring MCP Subject Text = {MCP?!} > > Is Definitely MCP = no > Is Definitely Not MCP = no > Definite MCP Is High Scoring = no > Always Include MCP Report = yes > Detailed MCP Report = yes > Include Scores In MCP Report = yes > Log MCP = yes > > > Quentin > --- > PHONE: +44 191 222 8209 Information Systems and Services (ISS), > University of Newcastle, > Newcastle upon Tyne, > FAX: +44 191 222 8765 United Kingdom, NE1 7RU. > ---------------------------------------------------------------------- > -- > "Any opinion expressed above is mine. The University can get its own." > > >> -----Original Message----- >> From: MailScanner mailing list >> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >> Sent: 01 June 2005 15:09 >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: MailScanner ANNOUNCE: 4.42.9 released - bug not fixed >> >> According to the code, it should work for MCP but not for spam. >> This is weird. >> >> What are your MCP actions? And your Spam actions? >> >> On 1 Jun 2005, at 14:59, Quentin Campbell wrote: >> >> >>> Julian >>> >>> Have installed 4.42.9 but the fix you announced for the "Delete" MCP >>> action is not working. >>> >>> Test messages are being caught by MCP and are not delivered >>> according to >>> the logs but there is no explicit MCP "Delete" action record being >>> logged. >>> >>> Quentin >>> --- >>> PHONE: +44 191 222 8209 Information Systems and Services (ISS), >>> University of Newcastle, >>> Newcastle upon Tyne, >>> FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >>> >>> >> --------------------------------------------------------------------- >> - >> >>> -- >>> "Any opinion expressed above is mine. The University can get >>> >> its own." >> >>> >>> >>> >>> >>> ________________________________ >>> >>> From: MailScanner mailing list >>> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>> Sent: 01 June 2005 10:08 >>> To: MAILSCANNER@JISCMAIL.AC.UK >>> Subject: MailScanner ANNOUNCE: 4.42.9 released >>> >>> >>> I have just released the latest stable release of MailScanner. >>> >>> The major new features this month are >>> >>> - Panda support completely rewritten (thanks to Rick Cooper!). >>> - New options to tag Subject: line of HTML mail that has been >>> disarmed. >>> - Can now set the number of "Spam Lists" that are hit before the >>> message is treated as spam. >>> - Now passes the testvirus.org "null MIME-boundary" test. >>> >>> You can download as usual from www.mailscanner.info. >>> >>> The full Change Log is this: >>> >>> * New Features and Improvements * >>> - Now automatically detects and warns if the "Incoming Work >>> Directory" >>> setting contains any links. It also corrects the path (but not >>> in the >>> MailScanner.conf file) and continues to work properly. >>> - Added support for Sophos 3.93.2. You must use the >>> sophos-autoupdate from >>> this version if you want Sophos to work (both the sophos and >>> sophossavi >>> scanner settings). >>> - Tar and RPM distribution installation scripts now look for >>> gtar if GNU >>> tar was not found, and is happy if /usr/local/bin/perl and >>> /usr/bin/perl >>> point to the same place. >>> - SophosSAVI errors are detected as if they were viruses, and >>> are not >>> ignored. >>> - Panda support completely reimplemented a lot better by Rick >>> Cooper. >>> - Upgraded File::Temp, Compress::Zlib and ExtUtils-MakeMaker to >>> latest >>> releases. >>> - New options "Disarmed Modify Subject" and "Disarmed Subject >>> Text" now >>> provide the ability to alter the Subject: line if any HTML >>> tags in the >>> body of the message were disarmed (by having their "Allow .... >>> Tags" set >>> to "disarm". This is switched on by default. >>> - New option "Spam Lists To Be Spam" now provides the ability to >>> set how >>> many Spam Lists a message must appear in before it is >>> considered to be >>> spam. The default is 1 as that mimics the previous behaviour. >>> - Improved output of SuSE MailScanner init.d script. >>> - Reversed spam and disarm tags to leave spam tag at start of >>> Subject:. >>> >>> * Fixes* >>> - Fixed problem that could cause harmless header files to be >>> left in the >>> temporary working directories when using Postfix. >>> - Fixed problem where attachment size checks were made on the >>> contents of >>> zip files and not just the zip files themselves. >>> - Hopefully fixed problem with ClamAV missing Worm.Sober.P >>> occasionally. >>> - No longer import missing whine method from MIME-tools. >>> - Fixed problems with incomplete reporting of viruses in zip >>> files. >>> - Fixed problem with "Delete" MCP action not being logged in >>> syslog. >>> - Fixed problem with the "null MIME boundary" vulnerability >>> test. >>> - Added check to upgrade_MailScanner_conf and >>> upgrade_langages_conf so they >>> check to ensure all input files have content before starting. >>> - Fixed bug where clean header was being applied to unscanned >>> mail when using >>> virus scanning rulesets. >>> - Fixed wrong build number for 1 Perl module in install.sh >>> scripts. >>> - Fixed typo in upgrade_MailScanner_conf. >>> - Made significant changes to child worker process management >>> and re-spawning, >>> to try to avoid problems reported by a few users with >>> MailScanner "slowly >>> stopping working" over the space of several hours. >>> >>> -- >>> Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> ------------------------ MailScanner list >>> ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) >>> and the archives >>> (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >>> >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Wed Jun 1 16:54:31 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:29:52 2006 Subject: sa-learn Message-ID: Yes, I see it every day on my sa-learn. Haven't figured it out. Jeff Earickson Colby College On Wed, 1 Jun 2005, ius wrote: > Date: Wed, 1 Jun 2005 14:21:16 +0700 > From: ius > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: sa-learn > > Hi, > > i'm trying to train the bayes with spam and ham. The spam was successful, but > the ham showed some errors (i think) : > > [root@alpha mail]# sa-learn --showdots --mbox --spam spam > ........................................................................................ > Learned from 87 message(s) (88 message(s) examined). > [root@alpha mail]# sa-learn --showdots --mbox --ham archive > .....Parsing of undecoded UTF-8 will give garbage when decoding entities at > /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/HTML.pm line 182. > .........................................................................Parsing > of undecoded UTF-8 will give garbage when decoding entities at > /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/HTML.pm line 182. > ..................................................................................................................................................................................................................Parsing > of undecoded UTF-8 will give garbage when decoding entities at > /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/HTML.pm line 182. > .....................................................................................Parsing > of undecoded UTF-8 will give garbage when decoding entities at > /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/HTML.pm line 182. > .......................................................................Parsing > of undecoded UTF-8 will give garbage when decoding entities at > /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/HTML.pm line 182. > ................................................................................... > Learned from 508 message(s) (527 message(s) examined). > [root@alpha mail]# > > anybody has seen these errors before ? > > > Thanks > ius > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Wed Jun 1 16:58:10 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:29:52 2006 Subject: MailScanner ANNOUNCE: 4.42.9 released - bug not fixed Message-ID: >-----Original Message----- >From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >Sent: 01 June 2005 16:25 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: MailScanner ANNOUNCE: 4.42.9 released - bug not fixed > [snip] >Your High-scoring MCP threshold is 10, but what are the scores of the >MCP rules you are using? Are they 10 or above, or below? I haven't >yet seen evidence that the High-scoring MCP threshold is actually >reached. Julian Appended are the log records (there are just 3) for a message caught by MCP on a 4.42.9 system and which, because it scored 10, should be deleted. There are no further Sendmail records because MailScanner deleted it although it has not logged that fact. That is the bug! I am seeing the same bug when the score is 20 or 30. Jun 1 14:46:29 cheviot4 sendmail[14718]: j51DkTbp014718: from=, size=538, class=0, nrcpts=1, msgid=<200506011346.j51DkSeI030356@ucsnew2.ncl.ac.uk>, proto=ESMTP, daemon=MTA, relay=ucsnew2.ncl.ac.uk [128.240.233.6] Jun 1 14:46:29 cheviot4 sendmail[14718]: j51DkTbp014718: to=, delay=00:00:00, mailer=esmtp, pri=30538, stat=queued Jun 1 14:46:29 cheviot4 MailScanner[14321]: Message j51DkTbp014718 from 128.240.233.6 (root@ucsnew2.ncl.ac.uk) to cpx.ncl.ac.uk is MCP, MCP-Checker (score=10, required 1, NCL_TESTMCP01 10.00) Quentin ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Wed Jun 1 16:41:02 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:29:52 2006 Subject: System load is very high because of MailScanner Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] BG Mahesh wrote: >>> >>># As a rough guide, try 5 children per CPU. But read the notes above. >>>Max Children = 5 >>> >>>I guess I have to change it to 10 and see how things work as we >>>have a dual processor >> >>You can try it out, it might help or not though, depending on many >>factors. As other said, the message delay is the only factor that's >>always a good indication. >> >>Is this a dedicated MailScanner machine? >> > > > Yes..the system is used as our mailserver. No other development work etc goes on this machine. It process mail and just mail Cool, then don't worry too much about the load. I've seen systems with very high load running perfectly. Just make sure your delay is not too long and that your load isn't continuously going up. Cheers, Ugo > > -- > B.G. Mahesh > bg.mahesh@indiainfo.com > http://www.indiainfo.com/ > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jun 1 17:11:06 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:52 2006 Subject: MailScanner ANNOUNCE: 4.42.9 released - bug not fixed Message-ID: On 1 Jun 2005, at 16:58, Quentin Campbell wrote: >> -----Original Message----- >> From: MailScanner mailing list >> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >> Sent: 01 June 2005 16:25 >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: MailScanner ANNOUNCE: 4.42.9 released - bug not fixed >> >> > [snip] > >> Your High-scoring MCP threshold is 10, but what are the scores of the >> MCP rules you are using? Are they 10 or above, or below? I haven't >> yet seen evidence that the High-scoring MCP threshold is actually >> reached. >> > > Julian > > Appended are the log records (there are just 3) for a message > caught by > MCP on a 4.42.9 system and which, because it scored 10, should be > deleted. There are no further Sendmail records because MailScanner > deleted it although it has not logged that fact. That is the bug! > > I am seeing the same bug when the score is 20 or 30. > > Jun 1 14:46:29 cheviot4 sendmail[14718]: j51DkTbp014718: > from=, size=538, class=0, nrcpts=1, > msgid=<200506011346.j51DkSeI030356@ucsnew2.ncl.ac.uk>, proto=ESMTP, > daemon=MTA, relay=ucsnew2.ncl.ac.uk [128.240.233.6] > Jun 1 14:46:29 cheviot4 sendmail[14718]: j51DkTbp014718: > to=, delay=00:00:00, mailer=esmtp, pri=30538, > stat=queued > Jun 1 14:46:29 cheviot4 MailScanner[14321]: Message j51DkTbp014718 > from > 128.240.233.6 (root@ucsnew2.ncl.ac.uk) to cpx.ncl.ac.uk is MCP, > MCP-Checker (score=10, required 1, NCL_TESTMCP01 10.00) Do you get the "delete" spam action logged at all? Clearly the "delete" mcp action isn't being logged how I intended. I will have to take a look at that bit. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Wed Jun 1 17:05:44 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:52 2006 Subject: "No space left on device" Which device? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Anthony Peacock wrote: > Hi Julian, > > Thanks for the response. I have already checked that, which is how I > know that there is ~3Gb free space there at the moment. > > I guess it would be possible for enough email to arrive at one time > to fill that partition, but I have never seen it happen before now. > > But now that you have confirmed that is defintely the area that was > full during that processing run, I can keep an eye on it and look > into throwing some more disk at it. > Do you have /var/spool/MailScanner/incoming mapped to tmpfs? This could cause this if too large a batch is done at once. -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Wed Jun 1 17:53:06 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:52 2006 Subject: MailScanner ANNOUNCE: 4.42.9 released Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Michael H. Martel wrote: > --On June 1, 2005 3:05:50 PM +0100 Julian Field > wrote: > >> Sounds like either my or your email app has done something screwy. > > > Ahha! I see that when I look at it in BBEdit on my Mac, that it has DOS > line breaks. Changing those to Unix line breaks works. > > We'll assume it was something that I did to the file. The copy I got from the e-mail has dos line breaks also. -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Wed Jun 1 18:06:25 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:29:52 2006 Subject: sa-learn Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] It's a nuisance, but it's a non-issue and doesn't affect accuracy or normal operation of SA. It's been fixed in the devel trunk, but the fix is just to catch the warning and prevent it from being printed. http://bugzilla.spamassassin.org/show_bug.cgi?id=4046 Jeff A. Earickson wrote: > Yes, I see it every day on my sa-learn. Haven't figured it out. > >> i'm trying to train the bayes with spam and ham. The spam was >> successful, but the ham showed some errors (i think) : >> >> [root@alpha mail]# sa-learn --showdots --mbox --spam spam >> ........................................................................................ >> >> Learned from 87 message(s) (88 message(s) examined). >> [root@alpha mail]# sa-learn --showdots --mbox --ham archive >> .....Parsing of undecoded UTF-8 will give garbage when decoding >> entities at /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/HTML.pm >> line 182. >> >> anybody has seen these errors before ? >> ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Wed Jun 1 17:57:28 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:52 2006 Subject: MailScanner ANNOUNCE: 4.42.9 released Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] BG Mahesh wrote: > The following line never gets updated when I use upgrade_MailScanner_conf command > > MailScanner Version Number = 4.36.1 > > I think upgrade utility is missing out in updating the above value. It doesn't hurt the working of MailScanner but it would be nice to see the correct value > I think that is intentional. It tells you the version you installed, not the version you upgraded to. I don't know why, but I'm sure Julian has his reasons. I usually just fix it anytime I manually change something in the config. -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jun 1 18:21:30 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:52 2006 Subject: MailScanner ANNOUNCE: 4.42.9 released Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Scott Silva wrote: >Michael H. Martel wrote: > > >>--On June 1, 2005 3:05:50 PM +0100 Julian Field >> wrote: >> >> >> >>>Sounds like either my or your email app has done something screwy. >>> >>> >>Ahha! I see that when I look at it in BBEdit on my Mac, that it has DOS >>line breaks. Changing those to Unix line breaks works. >> >>We'll assume it was something that I did to the file. >> >> >The copy I got from the e-mail has dos line breaks also. > > See my gzipped repost. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jun 1 18:38:10 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:52 2006 Subject: MailScanner ANNOUNCE: 4.42.9 released Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Scott Silva wrote: >BG Mahesh wrote: > > >>The following line never gets updated when I use upgrade_MailScanner_conf command >> >>MailScanner Version Number = 4.36.1 >> >>I think upgrade utility is missing out in updating the above value. It doesn't hurt the working of MailScanner but it would be nice to see the correct value >> >> >> >I think that is intentional. It tells you the version you installed, not >the version you upgraded to. I don't know why, but I'm sure Julian has >his reasons. >I usually just fix it anytime I manually change something in the config. > > It's actually a bug. The "MailScanner Version Number" setting is the only one that should *not* be copied over from the old version of the file. Attached is a fixed version. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/X-GZIP 3.8KB. ] [ Unable to print this part. ] From rpoe at PLATTESHERIFF.ORG Wed Jun 1 21:12:25 2005 From: rpoe at PLATTESHERIFF.ORG (Rob Poe) Date: Thu Jan 12 21:29:52 2006 Subject: William Kwan/Elegance is out of the office. Message-ID: Hey...I think William Kwan is going to ... nevermind .. you know. ;) (I couldn't resist .. sorry!) >>> MailScanner@ECS.SOTON.AC.UK 5/26/2005 9:09 AM >>> For info, I have just suspended his membership. On 26 May 2005, at 15:03, William Kwan wrote: > I will be out of the office starting 13/05/2005 and will not return > until 30/05/2005. > > I will respond to your message when I return. > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From spamtrap71892316634 at ANIME.NET Wed Jun 1 23:10:55 2005 From: spamtrap71892316634 at ANIME.NET (Dan Hollis) Date: Thu Jan 12 21:29:52 2006 Subject: MailScanner ANNOUNCE: 4.42.9 released Message-ID: On Wed, 1 Jun 2005, Julian Field wrote: > It's actually a bug. The "MailScanner Version Number" setting is the > only one that should *not* be copied over from the old version of the file. > Attached is a fixed version. I'll wait for 4.42.10 :-) -Dan ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Wed Jun 1 23:59:13 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:52 2006 Subject: MailScanner ANNOUNCE: 4.42.9 released Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > Scott Silva wrote: > >> BG Mahesh wrote: >> >> >>> The following line never gets updated when I use >>> upgrade_MailScanner_conf command >>> >>> MailScanner Version Number = 4.36.1 >>> >>> I think upgrade utility is missing out in updating the above value. >>> It doesn't hurt the working of MailScanner but it would be nice to >>> see the correct value >>> >>> >> >> I think that is intentional. It tells you the version you installed, not >> the version you upgraded to. I don't know why, but I'm sure Julian has >> his reasons. >> I usually just fix it anytime I manually change something in the config. >> >> > It's actually a bug. The "MailScanner Version Number" setting is the > only one that should *not* be copied over from the old version of the file. > > Attached is a fixed version. > It has been there so long, I thought it was a "feature". I guess it isn't broken until someone trips over it and says something. -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From richard.gray at DNS.CO.UK Thu Jun 2 08:01:05 2005 From: richard.gray at DNS.CO.UK (Gray, Richard) Date: Thu Jan 12 21:29:52 2006 Subject: Feature Requests Message-ID: > >> > >> > > > > > > Can I add to this? :) > > > > I'd really like to have multiple MCP matches. You mention using A > > custom function, and if you could point me in the right direction I > > would happily go and see what I can see. > > What do you mean? I would like to be able to use several different rulesets and get back a Separate MCP score for each. Basically, I have a list of pornographic swearwords, and a list of racial Swearwords and I would like to get a separate score for each message with Respect to the content. I imagine I would need to find the MCP function and variables and just Repeat those for however many different sets needed, but at the minute I'm Strictly a mailscanner user, and haven't looked at the code at all. Richard --------------------------------------------------- This email from dns has been validated by dnsMSS Managed Email Security and is free from all known viruses. For further information contact email-integrity@dns.co.uk ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Thu Jun 2 08:25:54 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:29:52 2006 Subject: MailScanner ANNOUNCE: 4.42.9 released - bug not fixed Message-ID: [snip] >> Appended are the log records (there are just 3) for a message >> caught by >> MCP on a 4.42.9 system and which, because it scored 10, should be >> deleted. There are no further Sendmail records because MailScanner >> deleted it although it has not logged that fact. That is the bug! >> >> I am seeing the same bug when the score is 20 or 30. >> >> Jun 1 14:46:29 cheviot4 sendmail[14718]: j51DkTbp014718: >> from=, size=538, class=0, nrcpts=1, >> msgid=<200506011346.j51DkSeI030356@ucsnew2.ncl.ac.uk>, proto=ESMTP, >> daemon=MTA, relay=ucsnew2.ncl.ac.uk [128.240.233.6] >> Jun 1 14:46:29 cheviot4 sendmail[14718]: j51DkTbp014718: >> to=, delay=00:00:00, mailer=esmtp, pri=30538, >> stat=queued >> Jun 1 14:46:29 cheviot4 MailScanner[14321]: Message j51DkTbp014718 >> from >> 128.240.233.6 (root@ucsnew2.ncl.ac.uk) to cpx.ncl.ac.uk is MCP, >> MCP-Checker (score=10, required 1, NCL_TESTMCP01 10.00) > >Do you get the "delete" spam action logged at all? >Clearly the "delete" mcp action isn't being logged how I intended. I >will have to take a look at that bit. Julian I am not seeing the MCP delete action being logged with the rest of the MailScanner and Sendmail records. The message has clearly been deleted however. Those three records above are all the records logged for message ID j51DkTbp014718. Quentin ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dri at B-W-COMPUTER.DE Thu Jun 2 09:04:04 2005 From: dri at B-W-COMPUTER.DE (Dirk Rieger) Date: Thu Jan 12 21:29:52 2006 Subject: Take 2: MailScanner children dying and not picking up new mail Message-ID: after removing the razor-agent.log from the postfix-hold-queue the MailScanner doesn't hang anymore. - But now I see an other question: Since I first updated MailScanner a few days ago to a version > 4.40 razor doesn't seem to run anymore at all. At least I don't get new entries to the razor-agent.log or better a new razor-agent.log at all somewhere. Is razor called with the user MailScanner is running with or as root ? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jun 2 09:14:35 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:52 2006 Subject: Take 2: MailScanner children dying and not picking up new mail Message-ID: On 2 Jun 2005, at 09:04, Dirk Rieger wrote: > after removing the razor-agent.log from the postfix-hold-queue the > MailScanner doesn't hang anymore. - But now I see an other question: > Since I first updated MailScanner a few days ago to a version > > 4.40 razor > doesn't seem to run anymore at all. At least I don't get new > entries to the > razor-agent.log or better a new razor-agent.log at all somewhere. > > Is razor called with the user MailScanner is running with or as root ? The user MailScanner is running as. It will by default have a .razor directory in that user's home directory. Run it in Debug mode with Debug SpamAssassin as well and see what is going on. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From a.peacock at CHIME.UCL.AC.UK Thu Jun 2 09:12:58 2005 From: a.peacock at CHIME.UCL.AC.UK (Anthony Peacock) Date: Thu Jan 12 21:29:52 2006 Subject: "No space left on device" Which device? Message-ID: Hi, > Anthony Peacock wrote: > > Hi Julian, > > > > Thanks for the response. I have already checked that, which is how > > I know that there is ~3Gb free space there at the moment. > > > > I guess it would be possible for enough email to arrive at one time > > to fill that partition, but I have never seen it happen before now. > > > > But now that you have confirmed that is defintely the area that was > > full during that processing run, I can keep an eye on it and look > > into throwing some more disk at it. > > > > Do you have /var/spool/MailScanner/incoming mapped to tmpfs? > This could cause this if too large a batch is done at once. No, it is on a disk partition. It does share the same disk partition as the mail queues etc, so there could have been an event that temporarily filled that partition. However, see my other email about the error in the system log about /tmp being full. I suspect, but haven't had the time to check, that somewhere in the MIME:Parser stuff it uses a temporary file, and that filled the /tmp area. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "It is easy to be blinded to the essential uselessness of computers by the sense of accomplishment you get from getting them to work at all." -- Douglas Adams ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From john at OMEGADATA.NO Thu Jun 2 09:15:16 2005 From: john at OMEGADATA.NO (John Berntsen) Date: Thu Jan 12 21:29:52 2006 Subject: Take 2: MailScanner children dying and not picking up new mail Message-ID: If you are running postfix it is running as user postfix at least on my suse box, make sure that razor2 finds the config file you have created and that user postfix has the rights to write to it. Do a lint test with spamassassin and see where razor expects to find it's config file. Med vennlig hilsen / Regards John Berntsen Omegadata AS Leangbukta 31 1392 Vettre Mobil 99 43 07 79 Telefon 66 76 61 00 Faks 66 76 61 01 -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Dirk Rieger Sent: 2. juni 2005 10:04 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Take 2: MailScanner children dying and not picking up new mail after removing the razor-agent.log from the postfix-hold-queue the MailScanner doesn't hang anymore. - But now I see an other question: Since I first updated MailScanner a few days ago to a version > 4.40 razor doesn't seem to run anymore at all. At least I don't get new entries to the razor-agent.log or better a new razor-agent.log at all somewhere. Is razor called with the user MailScanner is running with or as root ? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu Jun 2 09:15:35 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:52 2006 Subject: Take 2: MailScanner children dying and not picking up new mail Message-ID: Dirk I gue razor will be called via the user MS is running as, as it will be called from SA... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Dirk Rieger wrote: > after removing the razor-agent.log from the postfix-hold-queue the > MailScanner doesn't hang anymore. - But now I see an other question: > Since I first updated MailScanner a few days ago to a version > 4.40 razor > doesn't seem to run anymore at all. At least I don't get new entries to the > razor-agent.log or better a new razor-agent.log at all somewhere. > > Is razor called with the user MailScanner is running with or as root ? > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Thu Jun 2 09:23:03 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:52 2006 Subject: Take 2: MailScanner children dying and not picking up new mail Message-ID: Julian Field wrote: > On 2 Jun 2005, at 09:04, Dirk Rieger wrote: > >> after removing the razor-agent.log from the postfix-hold-queue the >> MailScanner doesn't hang anymore. - But now I see an other question: >> Since I first updated MailScanner a few days ago to a version > >> 4.40 razor >> doesn't seem to run anymore at all. At least I don't get new >> entries to the >> razor-agent.log or better a new razor-agent.log at all somewhere. >> >> Is razor called with the user MailScanner is running with or as root >> ? > > The user MailScanner is running as. It will by default have a .razor > directory in that user's home directory. Run it in Debug mode with > Debug SpamAssassin as well and see what is going on. With postfix running in a chroot jail, your postfix user usually don't have write permission to its $HOME (and here is where the razor log error arises from too). There are several ways to rectify this, most have been covered on this list before... Simply create the dirs and make them owned by the user, or perhaps better do su - postfix -s /bin/bash and then run through discoveries for razor, pyzor and dcc (if you use 'em all:). If you'd like to cron the discoveries, just make sure they're run as the postfix user. -- Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dri at B-W-COMPUTER.DE Thu Jun 2 10:31:26 2005 From: dri at B-W-COMPUTER.DE (Dirk Rieger) Date: Thu Jan 12 21:29:52 2006 Subject: Take 2: MailScanner children dying and not picking up new mail Message-ID: I reconfigured Razor2 to run as the MailScanner-user. Now everything works. It was a bit weird because when implementig the server Postfix was configured to run with SpamAssassin/Razor2 without MailScanner. After implementing MailScanner Razor wasn't reconfigured but still running without any complains over months - as the agent-log says. So without having the configuration-files for razor, razor wrote it's log to the postfix-hold-queue...and at least blocked MailScanner after 4 hours ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jun 2 11:48:06 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:52 2006 Subject: Take 2: MailScanner children dying and not picking up new mail Message-ID: Make sure you do a razor-admin -discover every night too. Otherwise it may break at some random point in the future. On 2 Jun 2005, at 10:31, Dirk Rieger wrote: > I reconfigured Razor2 to run as the MailScanner-user. Now > everything works. > It was a bit weird because when implementig the server Postfix was > configured to run with SpamAssassin/Razor2 without MailScanner. > After implementing MailScanner Razor wasn't reconfigured but still > running > without any complains over months - as the agent-log says. So without > having the configuration-files for razor, razor wrote it's log to the > postfix-hold-queue...and at least blocked MailScanner after 4 hours -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From combs at magnet.fsu.edu Thu Jun 2 13:43:15 2005 From: combs at magnet.fsu.edu (Tom Combs) Date: Thu Jan 12 21:29:52 2006 Subject: McAfee uvscan libary oddity Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, I'm in the process of upgrading my uvscan engine to 4400 from 4320 on a RHEL 3.0 box. The new engine wants libstdc++.so.2.8 which is a very old version. The old 4320 engine looks for libstdc++.so.5. Would someone who is runing uvscan engine 4400 kindly do a 'strings uvscan | grep libstdc++' and let me know what you get? TIA, Tom -- Tom Combs E-mail: combs@magnet.fsu.edu National High Magnetic Field Laboratory Phone: (850) 644-1657 1800 E. Paul Dirac Drive Tallahassee, FL 32310 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Thu Jun 2 14:04:38 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:52 2006 Subject: SV: McAfee uvscan libary oddity Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On a mandrake 10.1, but anyway....: # strings uvscan | grep libstdc++ libstdc++.so.5 # ldd uvscan linux-gate.so.1 => (0xffffe000) liblnxfv.so.4 => /usr/local/lib/liblnxfv.so.4 (0x40016000) libstdc++.so.5 => /usr/lib/libstdc++.so.5 (0x40270000) libm.so.6 => /lib/tls/libm.so.6 (0x40330000) libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x40353000) libc.so.6 => /lib/tls/libc.so.6 (0x4035d000) /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000) # uvscan --version Virus Scan for Linux v4.40.0 Copyright (c) 1992-2004 Networks Associates Technology Inc. All rights reserved. (408) 988-3832 LICENSED COPY - Sep 23 2004 Scan engine v4.4.00 for Linux. Virus data file v4504 created Jun 01 2005 Scanning for 129164 viruses, trojans and variants. # .... installed fron the vlnxp4400.tar.Z package. If you use the other package (which is for 2.2 and 2.4 kernel) you have the stdc++-2.8 requirement, not if you use the "p" package;). A somewhat obtuse note about this is actually in the wiki (well, the diff between the packages, which would then lead to deducung that this isn't a requirement other than on really old systems...:-). -- Glenn -----Ursprungligt meddelande----- Från: MailScanner mailing list genom Tom Combs Skickat: to 2005-06-02 14:43 Till: MAILSCANNER@JISCMAIL.AC.UK Kopia: Ämne: McAfee uvscan libary oddity Hi, I'm in the process of upgrading my uvscan engine to 4400 from 4320 on a RHEL 3.0 box. The new engine wants libstdc++.so.2.8 which is a very old version. The old 4320 engine looks for libstdc++.so.5. Would someone who is runing uvscan engine 4400 kindly do a 'strings uvscan | grep libstdc++' and let me know what you get? TIA, Tom -- Tom Combs E-mail: combs@magnet.fsu.edu National High Magnetic Field Laboratory Phone: (850) 644-1657 1800 E. Paul Dirac Drive Tallahassee, FL 32310 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Thu Jun 2 14:13:35 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:52 2006 Subject: SV: McAfee uvscan libary oddity Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Here's a wiki ref: http://wiki.mailscanner.info/doku.php?id=documentation:anti_virus:mcafee:install (all on one line of course) -- Glenn -----Ursprungligt meddelande----- Från: MailScanner mailing list genom Steen, Glenn Skickat: to 2005-06-02 15:04 Till: MAILSCANNER@JISCMAIL.AC.UK Kopia: Ämne: SV: McAfee uvscan libary oddity On a mandrake 10.1, but anyway....: # strings uvscan | grep libstdc++ libstdc++.so.5 # ldd uvscan linux-gate.so.1 => (0xffffe000) liblnxfv.so.4 => /usr/local/lib/liblnxfv.so.4 (0x40016000) libstdc++.so.5 => /usr/lib/libstdc++.so.5 (0x40270000) libm.so.6 => /lib/tls/libm.so.6 (0x40330000) libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x40353000) libc.so.6 => /lib/tls/libc.so.6 (0x4035d000) /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000) # uvscan --version Virus Scan for Linux v4.40.0 Copyright (c) 1992-2004 Networks Associates Technology Inc. All rights reserved. (408) 988-3832 LICENSED COPY - Sep 23 2004 Scan engine v4.4.00 for Linux. Virus data file v4504 created Jun 01 2005 Scanning for 129164 viruses, trojans and variants. # .... installed fron the vlnxp4400.tar.Z package. If you use the other package (which is for 2.2 and 2.4 kernel) you have the stdc++-2.8 requirement, not if you use the "p" package;). A somewhat obtuse note about this is actually in the wiki (well, the diff between the packages, which would then lead to deducung that this isn't a requirement other than on really old systems...:-). -- Glenn -----Ursprungligt meddelande----- Från: MailScanner mailing list genom Tom Combs Skickat: to 2005-06-02 14:43 Till: MAILSCANNER@JISCMAIL.AC.UK Kopia: Ämne: McAfee uvscan libary oddity Hi, I'm in the process of upgrading my uvscan engine to 4400 from 4320 on a RHEL 3.0 box. The new engine wants libstdc++.so.2.8 which is a very old version. The old 4320 engine looks for libstdc++.so.5. Would someone who is runing uvscan engine 4400 kindly do a 'strings uvscan | grep libstdc++' and let me know what you get? TIA, Tom -- Tom Combs E-mail: combs@magnet.fsu.edu National High Magnetic Field Laboratory Phone: (850) 644-1657 1800 E. Paul Dirac Drive Tallahassee, FL 32310 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mail at wozenilek.de Thu Jun 2 14:13:50 2005 From: mail at wozenilek.de (Martin Wozenilek) Date: Thu Jan 12 21:29:52 2006 Subject: McAfee uvscan libary oddity Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] There are two different downloads from mcafee: - McAfee VirusScan Command Line Scanner for Linux - McAfee VirusScan Command Line Scanner for RedHat 9 and Suse 8.x Linux http://www.mcafeesecurity.com/de/downloads/evals/default.asp Bye, -- Martin Wozenilek Am Langberg 91a 21033 Hamburg mailto: mail@wozenilek.de PGP-Key-ID: 0x00105C52 > ----- Original Message ----- > Subject: McAfee uvscan libary oddity > From: Tom Combs > To: MAILSCANNER@JISCMAIL.AC.UK > Date: 02-06-2005 14:43 > > > Hi, > > I'm in the process of upgrading my uvscan engine to 4400 from 4320 on > a RHEL 3.0 box. The new engine wants libstdc++.so.2.8 which is a very > old version. The old 4320 engine looks for libstdc++.so.5. > > Would someone who is runing uvscan engine 4400 kindly do a 'strings > uvscan | grep libstdc++' and let me know what you get? TIA, Tom > > -- > Tom Combs E-mail: combs@magnet.fsu.edu > National High Magnetic Field Laboratory Phone: (850) 644-1657 > 1800 E. Paul Dirac Drive Tallahassee, FL 32310 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From chuck.foster at STREAMSHIELD.COM Thu Jun 2 15:13:33 2005 From: chuck.foster at STREAMSHIELD.COM (Chuck Foster) Date: Thu Jan 12 21:29:52 2006 Subject: Newlines in language strings Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, One of the patches I need to apply to each new version of MailScanner is a notification message that I wish to place at the top of each message generated in the MessageBatch::WarnLocalPostmaster function. Now, in principle I could get around having to patch the code by using the 'noticeprefix' language string instead; however, that doesn't allow interpret newlines so I couldn't use this in the way I wanted for that. Now, how much pain could it cause elsewhere to have the string returned checked for newlines and subsequently used in output? Indeed, what if that is taken a step further for %percent% and ENV vars too? I was thinking something like: sub DoLineExpansion { # like DoPercentVars but with ENV too my ($string) = @_; $string =~ s/\%([^%]+)\%/$PercentVars{lc($1)}/g; $string =~ s/\$\{?(\w+)\}?/$ENV{$1}/g; $string =~ s/\\n/\n/g; $string; } sub LanguageValue { return &DoLineExpansion( FindLanguageValue( @_ ) ); } ... where the original LanguageValue function is renamed FindLanguageValue; thus, I could then have a line in languages.conf like: Notice Prefix: This is a line blah blah\nwith text on another line\nFrom %org-long-name% What could go horribly wrong ... ?!!! (I guess this expansion could probably be extended to Value() and QuickPeek() too at some point ...) Chuck This message should be regarded as confidential. If you have received this email in error please notify the sender and destroy it immediately. Statements of intent shall only become binding when confirmed in hard copy by an authorized signatory. -- This message has been scanned for viruses and potentially harmful content by StreamShield Protector. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Thu Jun 2 16:35:28 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:29:52 2006 Subject: Sophos killing protected Excel spreadsheets Message-ID: Julian, Setup: Solaris 9, MS 4.42.3, Sophos 3.93 (sophossavi), clamav 0.85.1 (clamavmodule). A password protected Excel spreadsheet is getting stopped by Sophos with the MailScanner report saying: SophosSAVI: 94237001F.xls caused an error: File was encrypted (530) and the user is howling because they can't email their spreadsheet. I ran the Excel file thru sweep by hand, eg: === Checking 94237001F.xls with Sophos sweep SWEEP virus detection utility Version 3.94.0 [Solaris/SPARC] Virus data version 3.94, June 2005 Includes detection for 105167 viruses, trojans and worms Copyright (c) 1989-2005 Sophos Plc, www.sophos.com System time 11:03:52, System date 02 June 2005 Command line qualifiers are: -sc -f -all -rec -archive -loopback --no-follow-symlinks --no-reset-atime -tnef (BTW, do these settings match MS? Where to find them in MS?) IDE directory is: /opt/sophos/ide ..... Full Sweeping Password protected file 94237001F.xls 1 file swept in 3 seconds. 1 error was encountered. No viruses were discovered. 1 encrypted file was not checked. End of Sweep. And sweep gives back a return code of 2. This problem just started in the last month, eg Sophos 3.93.2 and 3.94 releases. The user has a spreadsheet where the Tools -> Protection -> Protect Sheet feature of Excel has been used and a password was entered here. She doesn't know the password. We cracked it and an unprotected version of the file gets a zero return code from Sophos. ClamAV has no problems with either version of the file. I have "Block Encrypted Messages = no" in the MailScanner.conf file. Suggestions please? Anything that could be done with MailScanner? Does MS only look at zero/non-zero return codes from the virus scanners to determine virus or not? Or does it consider non-zero return codes, eg "2 means encrypted" (I'm guessing here)? Jeff Earickson Colby College ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jun 2 16:38:31 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:52 2006 Subject: Newlines in language strings Message-ID: Please try the attached Config.pm. I have implemented \n everywhere. I did it differently from your version, mine should be very slightly faster. Please let me know how you get on. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/X-GZIP 26KB. ] [ Unable to print this part. ] [ Part 3: "Attached Text" ] On 2 Jun 2005, at 15:13, Chuck Foster wrote: > Hi, > > One of the patches I need to apply to each new version of > MailScanner is a > notification message that I wish to place at the top of each message > generated in the MessageBatch::WarnLocalPostmaster function. Now, in > principle I could get around having to patch the code by using the > 'noticeprefix' language string instead; however, that doesn't allow > interpret newlines so I couldn't use this in the way I wanted for > that. > > Now, how much pain could it cause elsewhere to have the string > returned > checked for newlines and subsequently used in output? Indeed, what > if that > is taken a step further for %percent% and ENV vars too? I was thinking > something like: > > > sub DoLineExpansion { # like DoPercentVars but with ENV too > my ($string) = @_; > $string =~ s/\%([^%]+)\%/$PercentVars{lc($1)}/g; > $string =~ s/\$\{?(\w+)\}?/$ENV{$1}/g; > $string =~ s/\\n/\n/g; > $string; > } > > sub LanguageValue { return &DoLineExpansion( FindLanguageValue > ( @_ ) ); } > > > ... where the original LanguageValue function is renamed > FindLanguageValue; > thus, I could then have a line in languages.conf like: > > Notice Prefix: This is a line blah blah\nwith text on another > line\nFrom %org-long-name% > > What could go horribly wrong ... ?!!! > > (I guess this expansion could probably be extended to Value() and > QuickPeek() too at some point ...) > > Chuck > > > This message should be regarded as confidential. If you have > received this > email in error please notify the sender and destroy it immediately. > Statements of intent shall only become binding when confirmed in > hard copy > by an authorized signatory. > > > -- > This message has been scanned for viruses and potentially > harmful content by StreamShield Protector. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From a.peacock at CHIME.UCL.AC.UK Thu Jun 2 16:43:51 2005 From: a.peacock at CHIME.UCL.AC.UK (Anthony Peacock) Date: Thu Jan 12 21:29:52 2006 Subject: Sophos killing protected Excel spreadsheets Message-ID: Hi, I would first have a look at the following MailScanner configuration setting: "Allowed Sophos Error Messages =" > Julian, > > Setup: Solaris 9, MS 4.42.3, Sophos 3.93 (sophossavi), clamav 0.85.1 > (clamavmodule). > > A password protected Excel spreadsheet is getting stopped by Sophos > with the MailScanner report saying: > > SophosSAVI: 94237001F.xls caused an error: File was encrypted > (530) > > and the user is howling because they can't email their spreadsheet. I > ran the Excel file thru sweep by hand, eg: > > === Checking 94237001F.xls with Sophos sweep > SWEEP virus detection utility > Version 3.94.0 [Solaris/SPARC] > Virus data version 3.94, June 2005 > Includes detection for 105167 viruses, trojans and worms > Copyright (c) 1989-2005 Sophos Plc, www.sophos.com > > System time 11:03:52, System date 02 June 2005 > Command line qualifiers are: -sc -f -all -rec -archive -loopback > --no-follow-symlinks --no-reset-atime -tnef > > (BTW, do these settings match MS? Where to find them in MS?) > > IDE directory is: /opt/sophos/ide > ..... > Full Sweeping > > Password protected file 94237001F.xls > > 1 file swept in 3 seconds. > 1 error was encountered. > No viruses were discovered. > 1 encrypted file was not checked. > End of Sweep. > > And sweep gives back a return code of 2. This problem just started in > the last month, eg Sophos 3.93.2 and 3.94 releases. > > The user has a spreadsheet where the Tools -> Protection -> Protect > Sheet feature of Excel has been used and a password was entered here. > She doesn't know the password. We cracked it and an unprotected > version of the file gets a zero return code from Sophos. ClamAV has > no problems with either version of the file. > > I have "Block Encrypted Messages = no" in the MailScanner.conf file. > > Suggestions please? Anything that could be done with MailScanner? > Does MS only look at zero/non-zero return codes from the virus > scanners to determine virus or not? Or does it consider non-zero > return codes, eg "2 means encrypted" (I'm guessing here)? > > Jeff Earickson > Colby College > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > mailscanner' in the body of the email. Before posting, read the Wiki > (http://wiki.mailscanner.info/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "It is easy to be blinded to the essential uselessness of computers by the sense of accomplishment you get from getting them to work at all." -- Douglas Adams ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jun 2 16:50:52 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:52 2006 Subject: Sophos killing protected Excel spreadsheets Message-ID: The Sophos command-line switches (for the 'sophos' scanner) are -sc -f -all -rec -ss -archive -loopback --no-follow-symlinks --no- reset-atime -TNEF You find them from the "ScanOptions" + "CommonOptions" in SweepViruses.pm + whatever may be specified in addition in /usr/lib/ MailScanner/sophos-wrapper. For the sophossavi scanner, the options are set by this bit of code: my @options = qw( FullSweep DynamicDecompression FullMacroSweep OLE2Handling IgnoreTemplateBit VBA3Handling VBA5Handling OF95DecryptHandling HelpHandling DecompressVBA5 Emulation PEHandling ExcelFormulaHandling PowerPointMacroHandling PowerPointEmbeddedHandling ProjectHandling ZipDecompression ArjDecompression RarDecompression UueDecompression GZipDecompression TarDecompression CmzDecompression HqxDecompression MbinDecompression !LoopBackEnabled Lha SfxArchives MSCabinet TnefAttachmentHandling MSCompress !DeleteAllMacros Vbe !ExecFileDisinfection VisioFileHandling Mime ActiveMimeHandling !DelVBA5Project ScrapObjectHandling SrpStreamHandling Office2001Handling Upx PalmPilotHandling HqxDecompression Pdf Rtf Html Elf WordB OutlookExpress ); my $error = $SAVI->set('MaxRecursionDepth', 30, 1); The "Encrypted Messages" options in MailScanner are designed to pick up things like SMIME messages and PGP encrypted messages. They are not relevant to your problem here. What I suspect you are looking for is the "Allowed Sophos Error Messages" option in MailScanner.conf. The doc for this is: # Anything on the next line that appears in brackets at the end of a line # of output from Sophos will cause the error/infection to be ignored. # Use of this option is dangerous, and should only be used if you are having # trouble with lots of corrupt PDF files, for example. # If you need to specify more than 1 string to find in the error message, # then put each string in quotes and separate them with a comma. # For example: #Allowed Sophos Error Messages = "corrupt", "format not supported" Let me know if this helps or whether you actually need a change in the MailScanner code. The allowed-error-messages code was written quite a long time ago, and Sophos may have changed their output since, making this option useless to you. On 2 Jun 2005, at 16:35, Jeff A. Earickson wrote: > Julian, > > Setup: Solaris 9, MS 4.42.3, Sophos 3.93 (sophossavi), clamav 0.85.1 > (clamavmodule). > > A password protected Excel spreadsheet is getting stopped by Sophos > with the MailScanner report saying: > > SophosSAVI: 94237001F.xls caused an error: File was encrypted (530) > > and the user is howling because they can't email their spreadsheet. > I ran the Excel file thru sweep by hand, eg: > > === Checking 94237001F.xls with Sophos sweep > SWEEP virus detection utility > Version 3.94.0 [Solaris/SPARC] > Virus data version 3.94, June 2005 > Includes detection for 105167 viruses, trojans and worms > Copyright (c) 1989-2005 Sophos Plc, www.sophos.com > > System time 11:03:52, System date 02 June 2005 > Command line qualifiers are: -sc -f -all -rec -archive -loopback > --no-follow-symlinks --no-reset-atime -tnef > > (BTW, do these settings match MS? Where to find them in MS?) > > IDE directory is: /opt/sophos/ide > ..... > Full Sweeping > > Password protected file 94237001F.xls > > 1 file swept in 3 seconds. > 1 error was encountered. > No viruses were discovered. > 1 encrypted file was not checked. > End of Sweep. > > And sweep gives back a return code of 2. This problem just started > in the last month, eg Sophos 3.93.2 and 3.94 releases. > > The user has a spreadsheet where the Tools -> Protection -> Protect > Sheet > feature of Excel has been used and a password was entered here. She > doesn't know the password. We cracked it and an unprotected version > of the file gets a zero return code from Sophos. ClamAV has no > problems with either version of the file. > > I have "Block Encrypted Messages = no" in the MailScanner.conf file. > > Suggestions please? Anything that could be done with MailScanner? > Does MS only look at zero/non-zero return codes from the virus > scanners > to determine virus or not? Or does it consider non-zero return codes, > eg "2 means encrypted" (I'm guessing here)? > > Jeff Earickson > Colby College > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Thu Jun 2 16:49:20 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:29:52 2006 Subject: Sophos killing protected Excel spreadsheets Message-ID: Oh happy day! Would I just set this to: Allowed Sophos Error Messages = "File was encrypted" That's it?? Jeff On Thu, 2 Jun 2005, Anthony Peacock wrote: > Date: Thu, 2 Jun 2005 16:43:51 +0100 > From: Anthony Peacock > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Sophos killing protected Excel spreadsheets > > Hi, > > I would first have a look at the following MailScanner configuration > setting: > > "Allowed Sophos Error Messages =" > >> Julian, >> >> Setup: Solaris 9, MS 4.42.3, Sophos 3.93 (sophossavi), clamav 0.85.1 >> (clamavmodule). >> >> A password protected Excel spreadsheet is getting stopped by Sophos >> with the MailScanner report saying: >> >> SophosSAVI: 94237001F.xls caused an error: File was encrypted >> (530) >> >> and the user is howling because they can't email their spreadsheet. I >> ran the Excel file thru sweep by hand, eg: >> >> === Checking 94237001F.xls with Sophos sweep >> SWEEP virus detection utility >> Version 3.94.0 [Solaris/SPARC] >> Virus data version 3.94, June 2005 >> Includes detection for 105167 viruses, trojans and worms >> Copyright (c) 1989-2005 Sophos Plc, www.sophos.com >> >> System time 11:03:52, System date 02 June 2005 >> Command line qualifiers are: -sc -f -all -rec -archive -loopback >> --no-follow-symlinks --no-reset-atime -tnef >> >> (BTW, do these settings match MS? Where to find them in MS?) >> >> IDE directory is: /opt/sophos/ide >> ..... >> Full Sweeping >> >> Password protected file 94237001F.xls >> >> 1 file swept in 3 seconds. >> 1 error was encountered. >> No viruses were discovered. >> 1 encrypted file was not checked. >> End of Sweep. >> >> And sweep gives back a return code of 2. This problem just started in >> the last month, eg Sophos 3.93.2 and 3.94 releases. >> >> The user has a spreadsheet where the Tools -> Protection -> Protect >> Sheet feature of Excel has been used and a password was entered here. >> She doesn't know the password. We cracked it and an unprotected >> version of the file gets a zero return code from Sophos. ClamAV has >> no problems with either version of the file. >> >> I have "Block Encrypted Messages = no" in the MailScanner.conf file. >> >> Suggestions please? Anything that could be done with MailScanner? >> Does MS only look at zero/non-zero return codes from the virus >> scanners to determine virus or not? Or does it consider non-zero >> return codes, eg "2 means encrypted" (I'm guessing here)? >> >> Jeff Earickson >> Colby College >> >> ------------------------ MailScanner list ------------------------ To >> unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >> mailscanner' in the body of the email. Before posting, read the Wiki >> (http://wiki.mailscanner.info/) and the archives >> (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > > -- > Anthony Peacock > CHIME, Royal Free & University College Medical School > WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ > "It is easy to be blinded to the essential uselessness of > computers by the sense of accomplishment you get from > getting them to work at all." -- Douglas Adams > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From a.peacock at CHIME.UCL.AC.UK Thu Jun 2 16:55:05 2005 From: a.peacock at CHIME.UCL.AC.UK (Anthony Peacock) Date: Thu Jan 12 21:29:52 2006 Subject: Sophos killing protected Excel spreadsheets Message-ID: Hi, > Oh happy day! Would I just set this to: > > Allowed Sophos Error Messages = "File was encrypted" > > That's it?? I haven't used it for this particular error message, but did use it a while back for "Corrupt". What you have above would fit the documented behaviour of that setting. > > Jeff > > On Thu, 2 Jun 2005, Anthony Peacock wrote: > > > Date: Thu, 2 Jun 2005 16:43:51 +0100 > > From: Anthony Peacock > > Reply-To: MailScanner mailing list To: > > MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Sophos killing protected > > Excel spreadsheets > > > > Hi, > > > > I would first have a look at the following MailScanner configuration > > setting: > > > > "Allowed Sophos Error Messages =" > > > >> Julian, > >> > >> Setup: Solaris 9, MS 4.42.3, Sophos 3.93 (sophossavi), clamav > >> 0.85.1 (clamavmodule). > >> > >> A password protected Excel spreadsheet is getting stopped by Sophos > >> with the MailScanner report saying: > >> > >> SophosSAVI: 94237001F.xls caused an error: File was encrypted > >> (530) > >> > >> and the user is howling because they can't email their spreadsheet. > >> I ran the Excel file thru sweep by hand, eg: > >> > >> === Checking 94237001F.xls with Sophos sweep > >> SWEEP virus detection utility > >> Version 3.94.0 [Solaris/SPARC] > >> Virus data version 3.94, June 2005 > >> Includes detection for 105167 viruses, trojans and worms > >> Copyright (c) 1989-2005 Sophos Plc, www.sophos.com > >> > >> System time 11:03:52, System date 02 June 2005 > >> Command line qualifiers are: -sc -f -all -rec -archive > >> -loopback > >> --no-follow-symlinks --no-reset-atime -tnef > >> > >> (BTW, do these settings match MS? Where to find them in > >> MS?) > >> > >> IDE directory is: /opt/sophos/ide > >> ..... > >> Full Sweeping > >> > >> Password protected file 94237001F.xls > >> > >> 1 file swept in 3 seconds. > >> 1 error was encountered. > >> No viruses were discovered. > >> 1 encrypted file was not checked. > >> End of Sweep. > >> > >> And sweep gives back a return code of 2. This problem just started > >> in the last month, eg Sophos 3.93.2 and 3.94 releases. > >> > >> The user has a spreadsheet where the Tools -> Protection -> Protect > >> Sheet feature of Excel has been used and a password was entered > >> here. She doesn't know the password. We cracked it and an > >> unprotected version of the file gets a zero return code from > >> Sophos. ClamAV has no problems with either version of the file. > >> > >> I have "Block Encrypted Messages = no" in the MailScanner.conf > >> file. > >> > >> Suggestions please? Anything that could be done with MailScanner? > >> Does MS only look at zero/non-zero return codes from the virus > >> scanners to determine virus or not? Or does it consider non-zero > >> return codes, eg "2 means encrypted" (I'm guessing here)? > >> > >> Jeff Earickson > >> Colby College > >> > >> ------------------------ MailScanner list ------------------------ > >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >> 'leave mailscanner' in the body of the email. Before posting, read > >> the Wiki (http://wiki.mailscanner.info/) and the archives > >> (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> > >> Support MailScanner development - buy the book off the website! > >> > > > > > > -- > > Anthony Peacock > > CHIME, Royal Free & University College Medical School > > WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ > > "It is easy to be blinded to the essential uselessness of > > computers by the sense of accomplishment you get from > > getting them to work at all." -- Douglas Adams > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > > mailscanner' in the body of the email. Before posting, read the Wiki > > (http://wiki.mailscanner.info/) and the archives > > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > mailscanner' in the body of the email. Before posting, read the Wiki > (http://wiki.mailscanner.info/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "In the beginning of a change, the patriot is a brave and scarce man, hated and scorned. When the cause succeeds, however, the timid join him...for then it costs nothing to be a patriot." -Mark Twain ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jun 2 17:04:47 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:53 2006 Subject: Sophos killing protected Excel spreadsheets Message-ID: On 2 Jun 2005, at 16:55, Anthony Peacock wrote: > Hi, > > >> Oh happy day! Would I just set this to: >> >> Allowed Sophos Error Messages = "File was encrypted" >> >> That's it?? >> > > I haven't used it for this particular error message, but did use it a > while back for "Corrupt". > > What you have above would fit the documented behaviour of that > setting. The "Allowed Sophos Error Messages" is currently not applied to the sophossavi scanner, only the sophos scanner. Would you like me to add some code to implement the same support in sophossavi? >> On Thu, 2 Jun 2005, Anthony Peacock wrote: >>> Date: Thu, 2 Jun 2005 16:43:51 +0100 >>> From: Anthony Peacock >>> Reply-To: MailScanner mailing list To: >>> MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Sophos killing protected >>> Excel spreadsheets >>> >>> Hi, >>> >>> I would first have a look at the following MailScanner configuration >>> setting: >>> >>> "Allowed Sophos Error Messages =" >>> >>> >>>> Julian, >>>> >>>> Setup: Solaris 9, MS 4.42.3, Sophos 3.93 (sophossavi), clamav >>>> 0.85.1 (clamavmodule). >>>> >>>> A password protected Excel spreadsheet is getting stopped by Sophos >>>> with the MailScanner report saying: >>>> >>>> SophosSAVI: 94237001F.xls caused an error: File was encrypted >>>> (530) >>>> >>>> and the user is howling because they can't email their spreadsheet. >>>> I ran the Excel file thru sweep by hand, eg: >>>> >>>> === Checking 94237001F.xls with Sophos sweep >>>> SWEEP virus detection utility >>>> Version 3.94.0 [Solaris/SPARC] >>>> Virus data version 3.94, June 2005 >>>> Includes detection for 105167 viruses, trojans and worms >>>> Copyright (c) 1989-2005 Sophos Plc, www.sophos.com >>>> >>>> System time 11:03:52, System date 02 June 2005 >>>> Command line qualifiers are: -sc -f -all -rec -archive >>>> -loopback >>>> --no-follow-symlinks --no-reset-atime -tnef >>>> >>>> (BTW, do these settings match MS? Where to find them in >>>> MS?) >>>> >>>> IDE directory is: /opt/sophos/ide >>>> ..... >>>> Full Sweeping >>>> >>>> Password protected file 94237001F.xls >>>> >>>> 1 file swept in 3 seconds. >>>> 1 error was encountered. >>>> No viruses were discovered. >>>> 1 encrypted file was not checked. >>>> End of Sweep. >>>> >>>> And sweep gives back a return code of 2. This problem just started >>>> in the last month, eg Sophos 3.93.2 and 3.94 releases. >>>> >>>> The user has a spreadsheet where the Tools -> Protection -> Protect >>>> Sheet feature of Excel has been used and a password was entered >>>> here. She doesn't know the password. We cracked it and an >>>> unprotected version of the file gets a zero return code from >>>> Sophos. ClamAV has no problems with either version of the file. >>>> >>>> I have "Block Encrypted Messages = no" in the MailScanner.conf >>>> file. >>>> >>>> Suggestions please? Anything that could be done with MailScanner? >>>> Does MS only look at zero/non-zero return codes from the virus >>>> scanners to determine virus or not? Or does it consider non-zero >>>> return codes, eg "2 means encrypted" (I'm guessing here)? >>>> >>>> Jeff Earickson >>>> Colby College >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. Before posting, read >>>> the Wiki (http://wiki.mailscanner.info/) and the archives >>>> (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>> >>> >>> -- >>> Anthony Peacock >>> CHIME, Royal Free & University College Medical School >>> WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ >>> "It is easy to be blinded to the essential uselessness of >>> computers by the sense of accomplishment you get from >>> getting them to work at all." -- Douglas Adams >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >>> mailscanner' in the body of the email. Before posting, read the Wiki >>> (http://wiki.mailscanner.info/) and the archives >>> (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >> >> ------------------------ MailScanner list ------------------------ To >> unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >> mailscanner' in the body of the email. Before posting, read the Wiki >> (http://wiki.mailscanner.info/) and the archives >> (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> > > > -- > Anthony Peacock > CHIME, Royal Free & University College Medical School > WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ > "In the beginning of a change, the patriot is a brave and scarce man, > hated and scorned. When the cause succeeds, however, the timid join > him...for then it costs nothing to be a patriot." -Mark Twain > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From amoore at DEKALBMEMORIAL.COM Thu Jun 2 17:09:05 2005 From: amoore at DEKALBMEMORIAL.COM (Aaron K. Moore) Date: Thu Jan 12 21:29:53 2006 Subject: Sophos killing protected Excel spreadsheets Message-ID: I think that it would be a good addition to add the functionality for SophosSAVI. -- Aaron Kent Moore Information Technology Services DeKalb Memorial Hospital, Inc. Auburn, IN Phone: 260.920.2808 E-mail: amoore@dekalbmemorial.com Julian Field wrote: > On 2 Jun 2005, at 16:55, Anthony Peacock wrote: >> Hi, >> >> >>> Oh happy day! Would I just set this to: >>> >>> Allowed Sophos Error Messages = "File was encrypted" >>> >>> That's it?? >>> >> >> I haven't used it for this particular error message, but did use it >> a while back for "Corrupt". >> >> What you have above would fit the documented behaviour of that >> setting. > > The "Allowed Sophos Error Messages" is currently not applied to the > sophossavi scanner, only the sophos scanner. > Would you like me to add some code to implement the same support in > sophossavi? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jun 2 17:50:16 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:53 2006 Subject: Sophos killing protected Excel spreadsheets Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Consider it done. Patch attached. Aaron K. Moore wrote: >I think that it would be a good addition to add the functionality for >SophosSAVI. > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/X-GZIP 1KB. ] [ Unable to print this part. ] From martinh at SOLID-STATE-LOGIC.COM Thu Jun 2 16:40:46 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:53 2006 Subject: Sophos killing protected Excel spreadsheets Message-ID: Jeff try ammending the Allowed Sophos Error Messages = "corrupt", "format not supported" In MailScanner.conf to Allowed Sophos Error Messages = "corrupt", "format not supported", "Password protected file" -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Jeff A. Earickson wrote: > Julian, > > Setup: Solaris 9, MS 4.42.3, Sophos 3.93 (sophossavi), clamav 0.85.1 > (clamavmodule). > > A password protected Excel spreadsheet is getting stopped by Sophos > with the MailScanner report saying: > > SophosSAVI: 94237001F.xls caused an error: File was encrypted (530) > > and the user is howling because they can't email their spreadsheet. > I ran the Excel file thru sweep by hand, eg: > > === Checking 94237001F.xls with Sophos sweep > SWEEP virus detection utilityPassword protected file > Version 3.94.0 [Solaris/SPARC] > Virus data version 3.94, June 2005 > Includes detection for 105167 viruses, trojans and worms > Copyright (c) 1989-2005 Sophos Plc, www.sophos.com > > System time 11:03:52, System date 02 June 2005 > Command line qualifiers are: -sc -f -all -rec -archive -loopback > --no-follow-symlinks --no-reset-atime -tnef > > (BTW, do these settings match MS? Where to find them in MS?) > > IDE directory is: /opt/sophos/ide > ..... > Full Sweeping > > Password protected file 94237001F.xls > > 1 file swept in 3 seconds. > 1 error was encountered. > No viruses were discovered. > 1 encrypted file was not checked. > End of Sweep. > > And sweep gives back a return code of 2. This problem just started in > the last month, eg Sophos 3.93.2 and 3.94 releases. > > The user has a spreadsheet where the Tools -> Protection -> Protect Sheet > feature of Excel has been used and a password was entered here. She > doesn't know the password. We cracked it and an unprotected version > of the file gets a zero return code from Sophos. ClamAV has no problems > with either version of the file. > > I have "Block Encrypted Messages = no" in the MailScanner.conf file. > > Suggestions please? Anything that could be done with MailScanner? > Does MS only look at zero/non-zero return codes from the virus scanners > to determine virus or not? Or does it consider non-zero return codes, > eg "2 means encrypted" (I'm guessing here)? > > Jeff Earickson > Colby College > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu Jun 2 17:14:49 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:53 2006 Subject: Sophos killing protected Excel spreadsheets Message-ID: Julian Field wrote: > On 2 Jun 2005, at 16:55, Anthony Peacock wrote: > >> Hi, >> >> >>> Oh happy day! Would I just set this to: >>> >>> Allowed Sophos Error Messages = "File was encrypted" >>> >>> That's it?? >>> >> >> I haven't used it for this particular error message, but did use it a >> while back for "Corrupt". >> >> What you have above would fit the documented behaviour of that >> setting. > > > The "Allowed Sophos Error Messages" is currently not applied to the > sophossavi scanner, only the sophos scanner. > Would you like me to add some code to implement the same support in > sophossavi? > > Julian yes please... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Thu Jun 2 18:00:27 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:29:53 2006 Subject: Sophos killing protected Excel spreadsheets Message-ID: Julian, I've set Allowed Sophos Error Messages = "File was encrypted", changed from sophossavi to sophos, and asked the howling user to send me an encrypted Excel spreadsheet to see if this fixes the issue. Then I'll upgrade to 4.42.9, apply patch, go back to sophossavi, try again. Since there have two or three patches emailed out re 4.42.9, maybe it is time to slap 4.43.x beta out there, and I'll just go to that... Jeff Earickson Colby College On Thu, 2 Jun 2005, Julian Field wrote: > Date: Thu, 2 Jun 2005 17:50:16 +0100 > From: Julian Field > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Sophos killing protected Excel spreadsheets > > Consider it done. > Patch attached. > > Aaron K. Moore wrote: > >> I think that it would be a good addition to add the functionality for >> SophosSAVI. >> >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jun 2 18:05:54 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:53 2006 Subject: Sophos killing protected Excel spreadsheets Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I would like confirmation that my patches for Config.pm (\n in settings) and SweepViruses.pm (Allowed Sophos Error Messages implemented for SophosSAVI scanner) both work as intended before I publish a beta. But maybe that is slightly self-defeating. Sod it, I'll put out a beta for you. 4.43.1 on its way. Jeff A. Earickson wrote: > Julian, > > I've set Allowed Sophos Error Messages = "File was encrypted", changed > from sophossavi to sophos, and asked the howling user to send me > an encrypted Excel spreadsheet to see if this fixes the issue. Then > I'll upgrade to 4.42.9, apply patch, go back to sophossavi, try again. > > Since there have two or three patches emailed out re 4.42.9, maybe it > is time to slap 4.43.x beta out there, and I'll just go to that... > > Jeff Earickson > Colby College > > On Thu, 2 Jun 2005, Julian Field wrote: > >> Date: Thu, 2 Jun 2005 17:50:16 +0100 >> From: Julian Field >> Reply-To: MailScanner mailing list >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: Sophos killing protected Excel spreadsheets >> >> Consider it done. >> Patch attached. >> >> Aaron K. Moore wrote: >> >>> I think that it would be a good addition to add the functionality for >>> SophosSAVI. >>> >>> >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jun 2 18:24:54 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:53 2006 Subject: Beta 4.43.1 released Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have just released the first beta release of next month's version, 4.43.1. Download as usual from www.mailscanner.info. Please can you give it a try and let me know how you get on. The Change Log is: * New Features and Improvements * - "Allowed Sophos Error Messages" now works for SophosSAVI scanner as well as the command-line Sophos scanner. - "\n" can be used to insert line breaks in just about any configuration setting or languages.conf string. * Fixes * - Fixed bug in upgrade_MailScanner_conf so that it puts in the new value of "MailScanner Version Number" rather than copying it over from the old one. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From denis at CROOMBS.ORG Thu Jun 2 19:09:47 2005 From: denis at CROOMBS.ORG (Denis Croombs) Date: Thu Jan 12 21:29:53 2006 Subject: Clamav, MailScanner & Ensim server Message-ID: I have been using this for many years now but this is causing me a BIG problem, I have tried chaging the compression ratio up to 1000, but I still get same error as below in /var/log/maillog and it removes the zip files. Report: ClamAV: Apr2003-Mar2004v2.zip contains Oversized Zip ClamAV: Load test from Globix Results.zip contains Oversized Zip Report: ClamAV: Load test from Globix Results.zip contains Oversized Zip Any clues ? Thanks Denis ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Thu Jun 2 19:29:44 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:29:53 2006 Subject: Sophos killing protected Excel spreadsheets Message-ID: Julian, My howling user could successfully email her spreadsheet with the tweaks below. Now to upgrade to 4.43.1 and repeat the test. Stay tuned. Jeff On Thu, 2 Jun 2005, Julian Field wrote: > Date: Thu, 2 Jun 2005 18:05:54 +0100 > From: Julian Field > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Sophos killing protected Excel spreadsheets > > I would like confirmation that my patches for Config.pm (\n in settings) and > SweepViruses.pm (Allowed Sophos Error Messages implemented for SophosSAVI > scanner) both work as intended before I publish a beta. > > But maybe that is slightly self-defeating. Sod it, I'll put out a beta for > you. 4.43.1 on its way. > > Jeff A. Earickson wrote: > >> Julian, >> >> I've set Allowed Sophos Error Messages = "File was encrypted", changed >> from sophossavi to sophos, and asked the howling user to send me >> an encrypted Excel spreadsheet to see if this fixes the issue. Then >> I'll upgrade to 4.42.9, apply patch, go back to sophossavi, try again. >> >> Since there have two or three patches emailed out re 4.42.9, maybe it >> is time to slap 4.43.x beta out there, and I'll just go to that... >> >> Jeff Earickson >> Colby College >> >> On Thu, 2 Jun 2005, Julian Field wrote: >> >>> Date: Thu, 2 Jun 2005 17:50:16 +0100 >>> From: Julian Field >>> Reply-To: MailScanner mailing list >>> To: MAILSCANNER@JISCMAIL.AC.UK >>> Subject: Re: Sophos killing protected Excel spreadsheets >>> >>> Consider it done. >>> Patch attached. >>> >>> Aaron K. Moore wrote: >>> >>>> I think that it would be a good addition to add the functionality for >>>> SophosSAVI. >>>> >>>> >>> >>> -- >>> Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> Professional Support Services at www.MailScanner.biz >>> MailScanner thanks transtec Computers for their support >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Thu Jun 2 20:14:55 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:29:53 2006 Subject: Beta 4.43.1 released Message-ID: Julian, When I ran upgrade_MailScanner_conf and then looked at the outputs of new and old side-by-side, the version number fix did: # This is the version number of the MailScanner distribution that created # this configuration file. Please do not change this value. MailScanner Version Number = 4.43.1 # This is the version number of the MailScanner distribution that created # this configuration file. Please do not change this value. in the new output. The last three lines got duplicated, which is probably not what you wanted. BTW, I wasn't aware of upgrade_MailScanner_conf. Don't know how I missed this gem. Jeff Earickson Colby College On Thu, 2 Jun 2005, Julian Field wrote: > Date: Thu, 2 Jun 2005 18:24:54 +0100 > From: Julian Field > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Beta 4.43.1 released > > I have just released the first beta release of next month's version, 4.43.1. > Download as usual from www.mailscanner.info. > > Please can you give it a try and let me know how you get on. > > The Change Log is: > > * New Features and Improvements * > - "Allowed Sophos Error Messages" now works for SophosSAVI scanner as well > as the command-line Sophos scanner. > - "\n" can be used to insert line breaks in just about any configuration > setting or languages.conf string. > > * Fixes * > - Fixed bug in upgrade_MailScanner_conf so that it puts in the new value of > "MailScanner Version Number" rather than copying it over from the old one. > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jun 2 20:37:52 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:53 2006 Subject: Beta 4.43.1 released Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jeff A. Earickson wrote: > Julian, > When I ran upgrade_MailScanner_conf and then looked at the outputs > of new and old side-by-side, the version number fix did: > > # This is the version number of the MailScanner distribution that created > # this configuration file. Please do not change this value. > MailScanner Version Number = 4.43.1 > > # This is the version number of the MailScanner distribution that created > # this configuration file. Please do not change this value. > > in the new output. The last three lines got duplicated, which is > probably > not what you wanted. Doesn't seem to do it with my copy of the script. Can you mail me (off-list) the MailScanner.conf and MailScanner.conf.rpmnew files (or equivalents) you have to see if I can reproduce it please? > BTW, I wasn't aware of upgrade_MailScanner_conf. > Don't know how I missed this gem. It's been around for a very long time now, it makes upgrading a 5 minute job instead of a 1 hour job. :-) > On Thu, 2 Jun 2005, Julian Field wrote: > >> Date: Thu, 2 Jun 2005 18:24:54 +0100 >> From: Julian Field >> Reply-To: MailScanner mailing list >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Beta 4.43.1 released >> >> I have just released the first beta release of next month's version, >> 4.43.1. >> Download as usual from www.mailscanner.info. >> >> Please can you give it a try and let me know how you get on. >> >> The Change Log is: >> >> * New Features and Improvements * >> - "Allowed Sophos Error Messages" now works for SophosSAVI scanner as >> well >> as the command-line Sophos scanner. >> - "\n" can be used to insert line breaks in just about any configuration >> setting or languages.conf string. >> >> * Fixes * >> - Fixed bug in upgrade_MailScanner_conf so that it puts in the new >> value of >> "MailScanner Version Number" rather than copying it over from the old >> one. >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Thu Jun 2 20:52:41 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:29:53 2006 Subject: 4.43.1 sophossavi testing Message-ID: Julian, My testing of the sophossavi tweak: 1) Email encrypted xls file, settings are: Allowed Sophos Error Messages = "File was encrypted" Virus Scanners = sophos clamavmodule Email delivered, no complaints in syslog (OK) 2) Email encrypted xls file, settings are: Allowed Sophos Error Messages = "File was encrypted" Virus Scanners = sophossavi clamavmodule Email delivered, but MailScanner syslogged: SophosSAVI::ERROR:: File was encrypted (530):: ./j52JOpu2020635/94237001F.xls I would expect MailScanner to be quiet like the "sophos" setting. People will think that a bad file had slipped thru. 3) Email encrypted xls file, settings are: Allowed Sophos Error Messages = Virus Scanners = sophos clamavmodule THE MESSAGE GOT DELIVERED!! No complaints in syslog, landed in the recipient's mail. A bad file DID slip thru. 3) Email encrypted xls file, settings are: Allowed Sophos Error Messages = Virus Scanners = sophossavi clamavmodule Properly blocked, noted in syslog, not delivered (OK). Jeff Earickson Colby College ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Thu Jun 2 21:02:45 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:29:53 2006 Subject: Beta 4.43.1 released Message-ID: Julian, Attached is my MailScanner.conf from version 4.42.3 (old version). I did the following: 1) untar MailScanner-4.43.1-1.tar.gz into /opt, so the install ends up as /opt/MailScanner-4.43.1. 2) cd /opt/MailScanner-4.43.1/etc 3) ../bin/upgrade_MailScanner_conf --keep-comments \ /opt/MailScanner/etc/MailScanner.conf /opt/MailScanner-4.43.1/etc/MailScanner.conf > MailScanner.new where the /opt/MailScanner/etc/MailScanner.conf points to the attached file. Jeff On Thu, 2 Jun 2005, Julian Field wrote: > Date: Thu, 2 Jun 2005 20:37:52 +0100 > From: Julian Field > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Beta 4.43.1 released > > Jeff A. Earickson wrote: > >> Julian, >> When I ran upgrade_MailScanner_conf and then looked at the outputs >> of new and old side-by-side, the version number fix did: >> >> # This is the version number of the MailScanner distribution that created >> # this configuration file. Please do not change this value. >> MailScanner Version Number = 4.43.1 >> >> # This is the version number of the MailScanner distribution that created >> # this configuration file. Please do not change this value. >> >> in the new output. The last three lines got duplicated, which is probably >> not what you wanted. > > Doesn't seem to do it with my copy of the script. Can you mail me (off-list) > the MailScanner.conf and MailScanner.conf.rpmnew files (or equivalents) you > have to see if I can reproduce it please? > >> BTW, I wasn't aware of upgrade_MailScanner_conf. >> Don't know how I missed this gem. > > It's been around for a very long time now, it makes upgrading a 5 minute job > instead of a 1 hour job. > :-) > >> On Thu, 2 Jun 2005, Julian Field wrote: >> >>> Date: Thu, 2 Jun 2005 18:24:54 +0100 >>> From: Julian Field >>> Reply-To: MailScanner mailing list >>> To: MAILSCANNER@JISCMAIL.AC.UK >>> Subject: Beta 4.43.1 released >>> >>> I have just released the first beta release of next month's version, >>> 4.43.1. >>> Download as usual from www.mailscanner.info. >>> >>> Please can you give it a try and let me know how you get on. >>> >>> The Change Log is: >>> >>> * New Features and Improvements * >>> - "Allowed Sophos Error Messages" now works for SophosSAVI scanner as well >>> as the command-line Sophos scanner. >>> - "\n" can be used to insert line breaks in just about any configuration >>> setting or languages.conf string. >>> >>> * Fixes * >>> - Fixed bug in upgrade_MailScanner_conf so that it puts in the new value >>> of >>> "MailScanner Version Number" rather than copying it over from the old one. >>> >>> -- >>> Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> Professional Support Services at www.MailScanner.biz >>> MailScanner thanks transtec Computers for their support >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jun 2 21:23:38 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:53 2006 Subject: 4.43.1 sophossavi testing Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Please try the attached patch to see if it helps problem 3. The syslogging should be fixed. Jeff A. Earickson wrote: > Julian, > > My testing of the sophossavi tweak: > > 1) Email encrypted xls file, settings are: > Allowed Sophos Error Messages = "File was encrypted" > Virus Scanners = sophos clamavmodule > > Email delivered, no complaints in syslog (OK) > > 2) Email encrypted xls file, settings are: > Allowed Sophos Error Messages = "File was encrypted" > Virus Scanners = sophossavi clamavmodule > > Email delivered, but MailScanner syslogged: > > SophosSAVI::ERROR:: File was encrypted (530):: > ./j52JOpu2020635/94237001F.xls > > I would expect MailScanner to be quiet like the "sophos" > setting. People will think that a bad file had slipped thru. > > 3) Email encrypted xls file, settings are: > Allowed Sophos Error Messages = Virus Scanners = sophos clamavmodule > > THE MESSAGE GOT DELIVERED!! No complaints in syslog, > landed in the recipient's mail. A bad file DID slip thru. > > 3) Email encrypted xls file, settings are: > Allowed Sophos Error Messages = Virus Scanners = sophossavi clamavmodule > > Properly blocked, noted in syslog, not delivered (OK). > > Jeff Earickson > Colby College > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/X-GZIP 1.1KB. ] [ Unable to print this part. ] From lhaig at HAIGMAIL.COM Thu Jun 2 21:25:53 2005 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:29:53 2006 Subject: Trouble downloading Bitdefender? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Anyone else having trouble downloading from their site? Lance ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jun 2 21:38:47 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:53 2006 Subject: Beta 4.43.1 released Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Attached is a new upgrade_MailScanner_conf which keeps the comments around the MailScanner Version Number setting when --keep-comments is used. Jeff A. Earickson wrote: > Julian, > Attached is my MailScanner.conf from version 4.42.3 (old version). > I did the following: > > 1) untar MailScanner-4.43.1-1.tar.gz into /opt, so the install ends up as > /opt/MailScanner-4.43.1. > > 2) cd /opt/MailScanner-4.43.1/etc > > 3) ../bin/upgrade_MailScanner_conf --keep-comments \ > /opt/MailScanner/etc/MailScanner.conf > /opt/MailScanner-4.43.1/etc/MailScanner.conf > MailScanner.new > > where the /opt/MailScanner/etc/MailScanner.conf points to the attached > file. > > Jeff > > On Thu, 2 Jun 2005, Julian Field wrote: > >> Date: Thu, 2 Jun 2005 20:37:52 +0100 >> From: Julian Field >> Reply-To: MailScanner mailing list >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: Beta 4.43.1 released >> >> Jeff A. Earickson wrote: >> >>> Julian, >>> When I ran upgrade_MailScanner_conf and then looked at the outputs >>> of new and old side-by-side, the version number fix did: >>> >>> # This is the version number of the MailScanner distribution that >>> created >>> # this configuration file. Please do not change this value. >>> MailScanner Version Number = 4.43.1 >>> >>> # This is the version number of the MailScanner distribution that >>> created >>> # this configuration file. Please do not change this value. >>> >>> in the new output. The last three lines got duplicated, which is >>> probably >>> not what you wanted. >> >> >> Doesn't seem to do it with my copy of the script. Can you mail me >> (off-list) the MailScanner.conf and MailScanner.conf.rpmnew files (or >> equivalents) you have to see if I can reproduce it please? >> >>> BTW, I wasn't aware of upgrade_MailScanner_conf. >>> Don't know how I missed this gem. >> >> >> It's been around for a very long time now, it makes upgrading a 5 >> minute job instead of a 1 hour job. >> :-) >> >>> On Thu, 2 Jun 2005, Julian Field wrote: >>> >>>> Date: Thu, 2 Jun 2005 18:24:54 +0100 >>>> From: Julian Field >>>> Reply-To: MailScanner mailing list >>>> To: MAILSCANNER@JISCMAIL.AC.UK >>>> Subject: Beta 4.43.1 released >>>> >>>> I have just released the first beta release of next month's >>>> version, 4.43.1. >>>> Download as usual from www.mailscanner.info. >>>> >>>> Please can you give it a try and let me know how you get on. >>>> >>>> The Change Log is: >>>> >>>> * New Features and Improvements * >>>> - "Allowed Sophos Error Messages" now works for SophosSAVI scanner >>>> as well >>>> as the command-line Sophos scanner. >>>> - "\n" can be used to insert line breaks in just about any >>>> configuration >>>> setting or languages.conf string. >>>> >>>> * Fixes * >>>> - Fixed bug in upgrade_MailScanner_conf so that it puts in the new >>>> value of >>>> "MailScanner Version Number" rather than copying it over from the >>>> old one. >>>> >>>> -- >>>> Julian Field >>>> www.MailScanner.info >>>> Buy the MailScanner book at www.MailScanner.info/store >>>> Professional Support Services at www.MailScanner.biz >>>> MailScanner thanks transtec Computers for their support >>>> >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/X-GZIP 3.8KB. ] [ Unable to print this part. ] From jaearick at COLBY.EDU Thu Jun 2 21:42:44 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:29:53 2006 Subject: 4.43.1 sophossavi testing Message-ID: Julian, Nope, same result for 3. I'll test more in the morning when I'm fresh. Do you need the encrypted xls file? And what is your off-list email address? I fumbled that one and accidently posted to the list. Doh. Jeff Earickson Colby College On Thu, 2 Jun 2005, Julian Field wrote: > Date: Thu, 2 Jun 2005 21:23:38 +0100 > From: Julian Field > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: 4.43.1 sophossavi testing > > Please try the attached patch to see if it helps problem 3. The syslogging > should be fixed. > > Jeff A. Earickson wrote: > >> Julian, >> >> My testing of the sophossavi tweak: >> >> 1) Email encrypted xls file, settings are: >> Allowed Sophos Error Messages = "File was encrypted" >> Virus Scanners = sophos clamavmodule >> >> Email delivered, no complaints in syslog (OK) >> >> 2) Email encrypted xls file, settings are: >> Allowed Sophos Error Messages = "File was encrypted" >> Virus Scanners = sophossavi clamavmodule >> >> Email delivered, but MailScanner syslogged: >> >> SophosSAVI::ERROR:: File was encrypted (530):: >> ./j52JOpu2020635/94237001F.xls >> >> I would expect MailScanner to be quiet like the "sophos" >> setting. People will think that a bad file had slipped thru. >> >> 3) Email encrypted xls file, settings are: >> Allowed Sophos Error Messages = Virus Scanners = sophos clamavmodule >> >> THE MESSAGE GOT DELIVERED!! No complaints in syslog, >> landed in the recipient's mail. A bad file DID slip thru. >> >> 3) Email encrypted xls file, settings are: >> Allowed Sophos Error Messages = Virus Scanners = sophossavi clamavmodule >> >> Properly blocked, noted in syslog, not delivered (OK). >> >> Jeff Earickson >> Colby College >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jun 2 21:45:41 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:53 2006 Subject: 4.43.1 sophossavi testing Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] The encrypted xls file would really help, then I can actually test it myself :-) mailscanner@ecs.soton.ac.uk. Jeff A. Earickson wrote: > Julian, > Nope, same result for 3. I'll test more in the morning when I'm fresh. > Do you need the encrypted xls file? And what is your off-list email > address? I fumbled that one and accidently posted to the list. Doh. > > Jeff Earickson > Colby College > > On Thu, 2 Jun 2005, Julian Field wrote: > >> Date: Thu, 2 Jun 2005 21:23:38 +0100 >> From: Julian Field >> Reply-To: MailScanner mailing list >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: 4.43.1 sophossavi testing >> >> Please try the attached patch to see if it helps problem 3. The >> syslogging should be fixed. >> >> Jeff A. Earickson wrote: >> >>> Julian, >>> >>> My testing of the sophossavi tweak: >>> >>> 1) Email encrypted xls file, settings are: >>> Allowed Sophos Error Messages = "File was encrypted" >>> Virus Scanners = sophos clamavmodule >>> >>> Email delivered, no complaints in syslog (OK) >>> >>> 2) Email encrypted xls file, settings are: >>> Allowed Sophos Error Messages = "File was encrypted" >>> Virus Scanners = sophossavi clamavmodule >>> >>> Email delivered, but MailScanner syslogged: >>> >>> SophosSAVI::ERROR:: File was encrypted (530):: >>> ./j52JOpu2020635/94237001F.xls >>> >>> I would expect MailScanner to be quiet like the "sophos" >>> setting. People will think that a bad file had slipped thru. >>> >>> 3) Email encrypted xls file, settings are: >>> Allowed Sophos Error Messages = Virus Scanners = sophos clamavmodule >>> >>> THE MESSAGE GOT DELIVERED!! No complaints in syslog, >>> landed in the recipient's mail. A bad file DID slip thru. >>> >>> 3) Email encrypted xls file, settings are: >>> Allowed Sophos Error Messages = Virus Scanners = sophossavi >>> clamavmodule >>> >>> Properly blocked, noted in syslog, not delivered (OK). >>> >>> Jeff Earickson >>> Colby College >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jun 2 21:50:53 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:53 2006 Subject: 4.43.1 sophossavi testing Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] By the way, you might need to put it on a www server and mail me a url to it. Also, what happens if you do cd wherever-it-is-stored /usr/lib/MailScanner/sophos-wrapper /usr/local/sophos -sc -f -all -rec -ss -archive -loopback --no-follow-symlinks --no-reset-atime -TNEF . (all that last bit on 1 line, and don't forget the "." on the end) What is the output? This will help me a lot to track it down. Julian Field wrote: > The encrypted xls file would really help, then I can actually test it > myself :-) > mailscanner@ecs.soton.ac.uk. > > Jeff A. Earickson wrote: > >> Julian, >> Nope, same result for 3. I'll test more in the morning when I'm >> fresh. >> Do you need the encrypted xls file? And what is your off-list email >> address? I fumbled that one and accidently posted to the list. Doh. >> >> Jeff Earickson >> Colby College >> >> On Thu, 2 Jun 2005, Julian Field wrote: >> >>> Date: Thu, 2 Jun 2005 21:23:38 +0100 >>> From: Julian Field >>> Reply-To: MailScanner mailing list >>> To: MAILSCANNER@JISCMAIL.AC.UK >>> Subject: Re: 4.43.1 sophossavi testing >>> >>> Please try the attached patch to see if it helps problem 3. The >>> syslogging should be fixed. >>> >>> Jeff A. Earickson wrote: >>> >>>> Julian, >>>> >>>> My testing of the sophossavi tweak: >>>> >>>> 1) Email encrypted xls file, settings are: >>>> Allowed Sophos Error Messages = "File was encrypted" >>>> Virus Scanners = sophos clamavmodule >>>> >>>> Email delivered, no complaints in syslog (OK) >>>> >>>> 2) Email encrypted xls file, settings are: >>>> Allowed Sophos Error Messages = "File was encrypted" >>>> Virus Scanners = sophossavi clamavmodule >>>> >>>> Email delivered, but MailScanner syslogged: >>>> >>>> SophosSAVI::ERROR:: File was encrypted (530):: >>>> ./j52JOpu2020635/94237001F.xls >>>> >>>> I would expect MailScanner to be quiet like the "sophos" >>>> setting. People will think that a bad file had slipped thru. >>>> >>>> 3) Email encrypted xls file, settings are: >>>> Allowed Sophos Error Messages = Virus Scanners = sophos clamavmodule >>>> >>>> THE MESSAGE GOT DELIVERED!! No complaints in syslog, >>>> landed in the recipient's mail. A bad file DID slip thru. >>>> >>>> 3) Email encrypted xls file, settings are: >>>> Allowed Sophos Error Messages = Virus Scanners = sophossavi >>>> clamavmodule >>>> >>>> Properly blocked, noted in syslog, not delivered (OK). >>>> >>>> Jeff Earickson >>>> Colby College >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>> >>> -- >>> Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> Professional Support Services at www.MailScanner.biz >>> MailScanner thanks transtec Computers for their support >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ellis at KAZAKCOMPOSITES.COM Thu Jun 2 21:54:30 2005 From: ellis at KAZAKCOMPOSITES.COM (Steve Ellis) Date: Thu Jan 12 21:29:53 2006 Subject: High Scoring Spam and Virus scanning Message-ID: Since upgrading to MailScanner 4.42.8-1 from 4.35.11 messages that were previously deleted due to High scoring spam action are now also being virus scanned. Is this the result of a design change that I missed, or a bug? If it's from a design change is there any setting which would give the previous behavior? I have Silent Viruses = All-Viruses Quarantine Silent Viruses = no Keep Spam And MCP Archive Clean = no Example Log entry: Jun 2 07:52:38 ben MailScanner[29854]: Message j52BqPBf030435 from 70.106.83.54 (tchen@tplinc.com) to kazakcomposites.com is spam, SpamAssassin (score=36.958, required 5, autolearn=spam, .... Jun 2 07:52:38 ben MailScanner[29854]: Spam Actions: message j52BqPBf030435 actions are delete Jun 2 07:52:39 ben MailScanner[29854]: ClamAVModule::INFECTED:: Worm.SomeFool.Gen-1:: ./j52BqPBf030435/your_document.pif Steve Ellis Sr. Engineer KaZaK Composites, Inc 781.932.5667 x105 *********** KaZaK Composites, Inc CONFIDENTIAL *********** Unless otherwise specified, the information contained in this e-mail message should be considered: privileged, confidential, and protected from disclosure. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jun 2 22:00:08 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:53 2006 Subject: High Scoring Spam and Virus scanning Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Steve Ellis wrote: > Since upgrading to MailScanner 4.42.8-1 from 4.35.11 messages that > were previously deleted due to High scoring spam action are now also > being virus scanned. Is this the result of a design change that I > missed, or a bug? If it's from a design change is there any setting > which would give the previous behavior? They may be virus scanned, but is this fact actually reflected in what happens to the message? > > I have > Silent Viruses = All-Viruses > Quarantine Silent Viruses = no > Keep Spam And MCP Archive Clean = no > > Example Log entry: > Jun 2 07:52:38 ben MailScanner[29854]: Message j52BqPBf030435 from > 70.106.83.54 (tchen@tplinc.com) to kazakcomposites.com is spam, > SpamAssassin (score=36.958, required 5, autolearn=spam, .... > Jun 2 07:52:38 ben MailScanner[29854]: Spam Actions: message > j52BqPBf030435 actions are delete > Jun 2 07:52:39 ben MailScanner[29854]: ClamAVModule::INFECTED:: > Worm.SomeFool.Gen-1:: ./j52BqPBf030435/your_document.pif > > > > > Steve Ellis > Sr. Engineer > KaZaK Composites, Inc > > 781.932.5667 x105 > > *********** KaZaK Composites, Inc CONFIDENTIAL *********** > Unless otherwise specified, the information contained in this > e-mail message should be considered: privileged, confidential, > and protected from disclosure. > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Thu Jun 2 21:53:22 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:29:53 2006 Subject: Beta 4.43.1 released Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jeff A. Earickson wrote: > Julian, > When I ran upgrade_MailScanner_conf and then looked at the outputs > of new and old side-by-side, the version number fix did: > > # This is the version number of the MailScanner distribution that created > # this configuration file. Please do not change this value. > MailScanner Version Number = 4.43.1 > > # This is the version number of the MailScanner distribution that created > # this configuration file. Please do not change this value. > > in the new output. The last three lines got duplicated, which is probably > not what you wanted. BTW, I wasn't aware of upgrade_MailScanner_conf. > Don't know how I missed this gem. Then you've probably not seen the MAQ page... there are many other gems in there... have a look :). http://wiki.mailscanner.info/doku.php?id=maq:index ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu Jun 2 21:57:51 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:53 2006 Subject: Trouble downloading Bitdefender? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Lance Haig wrote: > Anyone else having trouble downloading from their site? > > Lance > Not at all. Just downloaded again. Quite speedy actually. -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jun 2 22:14:57 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:53 2006 Subject: High Scoring Spam and Virus scanning Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] It is partly a design change, but you have pointed out a common case where my current version is inefficient. If "Keep Spam And MCP Archive Clean" is no then there is no need to keep processing messages that won't be delivered. Please try the attached patch for MessageBatch.pm and let me know how you get on. Steve Ellis wrote: > Since upgrading to MailScanner 4.42.8-1 from 4.35.11 messages that > were previously deleted due to High scoring spam action are now also > being virus scanned. Is this the result of a design change that I > missed, or a bug? If it's from a design change is there any setting > which would give the previous behavior? > > I have > Silent Viruses = All-Viruses > Quarantine Silent Viruses = no > Keep Spam And MCP Archive Clean = no > > Example Log entry: > Jun 2 07:52:38 ben MailScanner[29854]: Message j52BqPBf030435 from > 70.106.83.54 (tchen@tplinc.com) to kazakcomposites.com is spam, > SpamAssassin (score=36.958, required 5, autolearn=spam, .... > Jun 2 07:52:38 ben MailScanner[29854]: Spam Actions: message > j52BqPBf030435 actions are delete > Jun 2 07:52:39 ben MailScanner[29854]: ClamAVModule::INFECTED:: > Worm.SomeFool.Gen-1:: ./j52BqPBf030435/your_document.pif > > > > > Steve Ellis > Sr. Engineer > KaZaK Composites, Inc > > 781.932.5667 x105 > > *********** KaZaK Composites, Inc CONFIDENTIAL *********** > Unless otherwise specified, the information contained in this > e-mail message should be considered: privileged, confidential, > and protected from disclosure. > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/X-GZIP 818bytes. ] [ Unable to print this part. ] From ellis at KAZAKCOMPOSITES.COM Thu Jun 2 22:18:46 2005 From: ellis at KAZAKCOMPOSITES.COM (Steve Ellis) Date: Thu Jan 12 21:29:53 2006 Subject: High Scoring Spam and Virus scanning Message-ID: Julian wrote: >They may be virus scanned, but is this fact actually reflected in what >happens to the message? The message does get virus scanned, followed by filename and type checked. Then the message is deleted. Steve Ellis Sr. Engineer KaZaK Composites, Inc 781.932.5667 x105 *********** KaZaK Composites, Inc CONFIDENTIAL *********** Unless otherwise specified, the information contained in this e-mail message should be considered: privileged, confidential, and protected from disclosure. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jun 2 22:22:36 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:53 2006 Subject: High Scoring Spam and Virus scanning Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Steve Ellis wrote: > Julian wrote: > > >> They may be virus scanned, but is this fact actually reflected in >> what happens to the message? > > > The message does get virus scanned, followed by filename and type > checked. Then the message is deleted. With my patch the messages should get deleted after they are MCP and spam scanned. The other tests would have been necessary if any part of the spam+mcp archive was being kept clean. The patch optimises the simple case when it is "no" for all messages. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From james_gray at OCS.COM Fri Jun 3 00:18:30 2005 From: james_gray at OCS.COM (James Gray) Date: Thu Jan 12 21:29:53 2006 Subject: McAfee uvscan libary oddity Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Thu, 2 Jun 2005 11:13 pm, Martin Wozenilek wrote: > There are two different downloads from mcafee: > > - McAfee VirusScan Command Line Scanner for Linux > - McAfee VirusScan Command Line Scanner for RedHat 9 and Suse 8.x Linux > > http://www.mcafeesecurity.com/de/downloads/evals/default.asp And don't forget the Pentium optimised versions for Linux too. We've seen big improvements in scanning speed (20-30% on some compressed files for example) over the standard i386 version. Don't try to run the Pentium optimised versions on Pentium-classic (ie, pre PPro/PII) - you need a "686" class processor or better. The "586" doesn't cut it :) Cheers, James ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From taz at TAZ-MANIA.COM Fri Jun 3 01:36:44 2005 From: taz at TAZ-MANIA.COM (Dennis Willson) Date: Thu Jan 12 21:29:53 2006 Subject: Feature Requests Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: However many levels I provide, people always ask for another one :-) This is pretty easy to implement with a Custom Function. I will have to look at Custom Functions... thanks If you effectively want to score blacklists, then do it in SpamAssassin, that provides a system to do all this. If something is on a Blacklist... I don't want SpamAssassin to look at it at all. I want to either mark as high level Spam or Delete it. There is a generic virus scanner module, but not a generic spam scanner module. I will take a look at this one. Thanks! -- ________________________________________________________________________________ [IMAGE]Dennis Willson taz@taz-mania.com taz@scubatech.org www.taz-mania.com Ham: KA6LSW GMRS: WPSJ953 SCUBA: Rescue, Wreck, Night, EANx, Nitrox Blender, UW Photographer, Equip, Altitude Life should not be a journey to the grave with the intention of arriving safely in a nice looking and well preserved body, but rather to skid in broadside, thoroughly used up, totally worn out, and loudly proclaiming, "WOW! WHAT A RIDE!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2.2, Image/GIF 866bytes. ] [ Unable to print this part. ] From taz at TAZ-MANIA.COM Fri Jun 3 01:46:33 2005 From: taz at TAZ-MANIA.COM (Dennis Willson) Date: Thu Jan 12 21:29:53 2006 Subject: Feature Requests 2 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Another thing that would be great is in the rules being able to set a separate To: and From: for the same rule. I have two mail hubs that receive email, scan it and send it on to another mail server where the users reside. Actually depending on the domain that could be one of many destination mail servers. So the Hub has no knowledge of what a valid end user email address is. However I do occasionally get requests from users to whitelist certain from addresses, but I would like to say on some of them to whitelist From:xxx@example.com To:yyy@domain.net. So the whitelist doesn't effect other users. There are many times where I have and need to whitelist anything From:xxx@example.com to anyone or to whitelist everything To:yyy@domain.net as well. Thank you -- ________________________________________________________________________________ [IMAGE]Dennis Willson taz@taz-mania.com taz@scubatech.org www.taz-mania.com Ham: KA6LSW GMRS: WPSJ953 SCUBA: Rescue, Wreck, Night, EANx, Nitrox Blender, UW Photographer, Equip, Altitude Life should not be a journey to the grave with the intention of arriving safely in a nice looking and well preserved body, but rather to skid in broadside, thoroughly used up, totally worn out, and loudly proclaiming, "WOW! WHAT A RIDE!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2.2, Image/GIF 866bytes. ] [ Unable to print this part. ] From SJCJonker at SJC.NL Fri Jun 3 07:11:23 2005 From: SJCJonker at SJC.NL (Stijn Jonker) Date: Thu Jan 12 21:29:53 2006 Subject: Heads UP: Suspicious file not detected by most virusscanners. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello all, I just received 2 copies of an mail containing a text that Osama Bin Laden was captured, with an attachment of pics.zip (900 bytes). Virustotal.com didn't report anything really usefull back, will be doing my rounds through the submissions sites of mcafee,norman, symantec and clamav. Output of virustotal.com: Antivirus Version Update Result AntiVir 6.30.0.15 06.02.2005 Heuristic/Trojan.Downloader AVG 718 06.02.2005 no virus found Avira 6.30.0.15 06.02.2005 Heuristic/Trojan.Downloader BitDefender 7.0 06.02.2005 BehavesLike:Trojan.Downloader ClamAV devel-20050501 06.02.2005 Trojan.Downloader.Small-561 DrWeb 4.32b 06.02.2005 no virus found eTrust-Iris 7.1.194.0 06.02.2005 no virus found eTrust-Vet 11.9.1.0 06.02.2005 no virus found Fortinet 2.27.0.0 06.03.2005 W32/Gifget.A-tr Ikarus 2.32 06.03.2005 no virus found Kaspersky 4.0.2.24 06.03.2005 Trojan-Downloader.Win32.Small.axr McAfee 4505 06.02.2005 no virus found NOD32v2 1.1124 06.02.2005 probably unknown NewHeur_PE virus Norman 5.70.10 06.03.2005 W32/Downloader Panda 8.02.00 06.02.2005 no virus found Sybari 7.5.1314 06.03.2005 W32/Downloade Symantec 8.0 06.02.2005 no virus found VBA32 3.10.3 06.02.2005 no virus found - -- Met Vriendelijke groet/Yours Sincerely Stijn Jonker -----BEGIN PGP SIGNATURE----- iD8DBQFCn/SLjU9r45tKnOARAoMyAJ9ojcSzzpMctIV7DWNUgveUhImfqwCfW5Mt 7MMBmTHfBqYwZ6RgQWdecIU= =0Qxy -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From SJCJonker at SJC.NL Fri Jun 3 07:13:23 2005 From: SJCJonker at SJC.NL (Stijn Jonker) Date: Thu Jan 12 21:29:53 2006 Subject: Heads UP: Suspicious file not detected by most virusscanners. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Oeps forgot to mention, it's detected on the extension and the heuristics checks. Stijn Jonker said the following on 03/06/2005 08:11: > Hello all, > > I just received 2 copies of an mail containing a text that Osama Bin > Laden was captured, with an attachment of pics.zip (900 bytes). > > Virustotal.com didn't report anything really usefull back, will be doing > my rounds through the submissions sites of mcafee,norman, symantec and > clamav. > > Output of virustotal.com: > Antivirus Version Update Result > AntiVir 6.30.0.15 06.02.2005 Heuristic/Trojan.Downloader > AVG 718 06.02.2005 no virus found > Avira 6.30.0.15 06.02.2005 Heuristic/Trojan.Downloader > BitDefender 7.0 06.02.2005 BehavesLike:Trojan.Downloader > ClamAV devel-20050501 06.02.2005 Trojan.Downloader.Small-561 > DrWeb 4.32b 06.02.2005 no virus found > eTrust-Iris 7.1.194.0 06.02.2005 no virus found > eTrust-Vet 11.9.1.0 06.02.2005 no virus found > Fortinet 2.27.0.0 06.03.2005 W32/Gifget.A-tr > Ikarus 2.32 06.03.2005 no virus found > Kaspersky 4.0.2.24 06.03.2005 Trojan-Downloader.Win32.Small.axr > McAfee 4505 06.02.2005 no virus found > NOD32v2 1.1124 06.02.2005 probably unknown NewHeur_PE virus > Norman 5.70.10 06.03.2005 W32/Downloader > Panda 8.02.00 06.02.2005 no virus found > Sybari 7.5.1314 06.03.2005 W32/Downloade > Symantec 8.0 06.02.2005 no virus found > VBA32 3.10.3 06.02.2005 no virus found > > -- Met Vriendelijke groet/Yours Sincerely Stijn Jonker ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dnwilson at bigpond.com Fri Jun 3 06:47:55 2005 From: dnwilson at bigpond.com (David Wilson) Date: Thu Jan 12 21:29:53 2006 Subject: Scanning Encapsulated Messages Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I am the moderator of several discussion lists. The list system sends me the messages to moderate as Encapsulated Messaged in the request email. I get a lot of spam to these lists but Mailscanner & SpamAssassin do not seem to be picking up the spam when it is in the Encapsulated Messages. It marks the same spam message as spam correctly when it is sent direct to me as an ordinary email. Are there some settings in Mailscanner I could set to improve the filtering ? regards David Wilson ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Fri Jun 3 09:10:19 2005 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:29:53 2006 Subject: Trouble downloading Bitdefender? Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Scott, can you send me the link you are using? It just times out when I try Thanks Lance -----Original Message----- From: Scott Silva To: MAILSCANNER@JISCMAIL.AC.UK Date: Thu, 2 Jun 2005 13:57:51 -0700 Subject: Re: Trouble downloading Bitdefender? Lance Haig wrote: > Anyone else having trouble downloading from their site? > > Lance > Not at all. Just downloaded again. Quite speedy actually. -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Jun 3 09:31:01 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:53 2006 Subject: Feature Requests 2 Message-ID: Dennis AFAIK you can do that already - have a look at the EXAMPLES file in the rules dir. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Dennis Willson wrote: > Another thing that would be great is in the rules being able to set a > separate To: and From: for the same rule. > > I have two mail hubs that receive email, scan it and send it on to > another mail server where the users reside. Actually depending on the > domain that could be one of many destination mail servers. So the Hub > has no knowledge of what a valid > end user email address is. However I do occasionally get requests from > users to whitelist certain from addresses, but I would like to say on > some of them to whitelist From:xxx@example.com To:yyy@domain.net. So the > whitelist doesn't effect other users. There are many times where I have > and need to whitelist anything From:xxx@example.com to anyone or to > whitelist everything To:yyy@domain.net as well. > > Thank you > -- > ------------------------------------------------------------------------ > */Dennis Willson/* > taz@taz-mania.com > taz@scubatech.org > > www.taz-mania.com > > Ham: KA6LSW > GMRS: WPSJ953 > SCUBA: Rescue, Wreck, Night, EANx, Nitrox Blender, UW Photographer, > Equip, Altitude > > Life should not be a journey to the grave with the intention of arriving > safely in a nice looking and well preserved body, but rather to skid in > broadside, thoroughly used up, totally worn out, and loudly proclaiming, > "WOW! WHAT A RIDE!" > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Jun 3 09:36:45 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:53 2006 Subject: Feature Requests 2 Message-ID: Or else use the per-domain and per-user white/black lists implemented in CustomConfig.pm. They are dead simple to use. On 3 Jun 2005, at 09:31, Martin Hepworth wrote: > Dennis > > AFAIK you can do that already - have a look at the EXAMPLES file in > the rules dir. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Dennis Willson wrote: > >> Another thing that would be great is in the rules being able to >> set a separate To: and From: for the same rule. >> I have two mail hubs that receive email, scan it and send it on to >> another mail server where the users reside. Actually depending on >> the domain that could be one of many destination mail servers. So >> the Hub has no knowledge of what a valid >> end user email address is. However I do occasionally get requests >> from users to whitelist certain from addresses, but I would like >> to say on some of them to whitelist From:xxx@example.com >> To:yyy@domain.net. So the whitelist doesn't effect other users. >> There are many times where I have and need to whitelist anything >> From:xxx@example.com to anyone or to whitelist everything >> To:yyy@domain.net as well. >> Thank you >> -- >> --------------------------------------------------------------------- >> --- >> */Dennis Willson/* >> taz@taz-mania.com >> taz@scubatech.org >> www.taz-mania.com >> Ham: KA6LSW >> GMRS: WPSJ953 >> SCUBA: Rescue, Wreck, Night, EANx, Nitrox Blender, UW >> Photographer, Equip, Altitude >> Life should not be a journey to the grave with the intention of >> arriving safely in a nice looking and well preserved body, but >> rather to skid in broadside, thoroughly used up, totally worn out, >> and loudly proclaiming, "WOW! WHAT A RIDE!" >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) >> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> *Support MailScanner development - buy the book off the website!* >> > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Jun 3 09:39:31 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:53 2006 Subject: 4.43.1 sophossavi testing Message-ID: A new SweepViruses.pm is attached which implements the "Allowed Sophos Error Messages" for the SophosSAVI virus scanner. Let me know if there is still anything you want to change in this. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/X-GZIP 33KB. ] [ Unable to print this part. ] [ Part 3: "Attached Text" ] On 2 Jun 2005, at 21:50, Julian Field wrote: > By the way, you might need to put it on a www server and mail me a > url to it. > > Also, what happens if you do > cd wherever-it-is-stored > /usr/lib/MailScanner/sophos-wrapper /usr/local/sophos -sc -f -all - > rec -ss -archive -loopback --no-follow-symlinks --no-reset-atime - > TNEF . > (all that last bit on 1 line, and don't forget the "." on the end) > > What is the output? This will help me a lot to track it down. > > Julian Field wrote: > > >> The encrypted xls file would really help, then I can actually test >> it myself :-) >> mailscanner@ecs.soton.ac.uk. >> >> Jeff A. Earickson wrote: >> >> >>> Julian, >>> Nope, same result for 3. I'll test more in the morning when >>> I'm fresh. >>> Do you need the encrypted xls file? And what is your off-list email >>> address? I fumbled that one and accidently posted to the list. >>> Doh. >>> >>> Jeff Earickson >>> Colby College >>> >>> On Thu, 2 Jun 2005, Julian Field wrote: >>> >>> >>>> Date: Thu, 2 Jun 2005 21:23:38 +0100 >>>> From: Julian Field >>>> Reply-To: MailScanner mailing list >>>> To: MAILSCANNER@JISCMAIL.AC.UK >>>> Subject: Re: 4.43.1 sophossavi testing >>>> >>>> Please try the attached patch to see if it helps problem 3. The >>>> syslogging should be fixed. >>>> >>>> Jeff A. Earickson wrote: >>>> >>>> >>>>> Julian, >>>>> >>>>> My testing of the sophossavi tweak: >>>>> >>>>> 1) Email encrypted xls file, settings are: >>>>> Allowed Sophos Error Messages = "File was encrypted" >>>>> Virus Scanners = sophos clamavmodule >>>>> >>>>> Email delivered, no complaints in syslog (OK) >>>>> >>>>> 2) Email encrypted xls file, settings are: >>>>> Allowed Sophos Error Messages = "File was encrypted" >>>>> Virus Scanners = sophossavi clamavmodule >>>>> >>>>> Email delivered, but MailScanner syslogged: >>>>> >>>>> SophosSAVI::ERROR:: File was encrypted (530):: ./ >>>>> j52JOpu2020635/94237001F.xls >>>>> >>>>> I would expect MailScanner to be quiet like the "sophos" >>>>> setting. People will think that a bad file had slipped thru. >>>>> >>>>> 3) Email encrypted xls file, settings are: >>>>> Allowed Sophos Error Messages = Virus Scanners = sophos >>>>> clamavmodule >>>>> >>>>> THE MESSAGE GOT DELIVERED!! No complaints in syslog, >>>>> landed in the recipient's mail. A bad file DID slip thru. >>>>> >>>>> 3) Email encrypted xls file, settings are: >>>>> Allowed Sophos Error Messages = Virus Scanners = sophossavi >>>>> clamavmodule >>>>> >>>>> Properly blocked, noted in syslog, not delivered (OK). >>>>> >>>>> Jeff Earickson >>>>> Colby College -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Jan-Peter.Koopmann at SECEIDOS.DE Fri Jun 3 09:46:28 2005 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:29:53 2006 Subject: Clamav, MailScanner & Ensim server Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, > me a BIG problem, I have tried chaging the compression ratio > up to 1000, but I still get same error as below in > /var/log/maillog and it removes the zip files. are you using clamav or clamavmodule? If you use clamav you need to tewak clamav-wrapper and add an extra scan option. man clamav will help. Regards, JP ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Jun 3 09:45:49 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:53 2006 Subject: Heads UP: Suspicious file not detected by most virusscanners. Message-ID: Steve got my first one 23.11 (GMT) last night - clamav picked it up as the name below. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Stijn Jonker wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hello all, > > I just received 2 copies of an mail containing a text that Osama Bin > Laden was captured, with an attachment of pics.zip (900 bytes). > > Virustotal.com didn't report anything really usefull back, will be doing > my rounds through the submissions sites of mcafee,norman, symantec and > clamav. > > Output of virustotal.com: > Antivirus Version Update Result > AntiVir 6.30.0.15 06.02.2005 Heuristic/Trojan.Downloader > AVG 718 06.02.2005 no virus found > Avira 6.30.0.15 06.02.2005 Heuristic/Trojan.Downloader > BitDefender 7.0 06.02.2005 BehavesLike:Trojan.Downloader > ClamAV devel-20050501 06.02.2005 Trojan.Downloader.Small-561 > DrWeb 4.32b 06.02.2005 no virus found > eTrust-Iris 7.1.194.0 06.02.2005 no virus found > eTrust-Vet 11.9.1.0 06.02.2005 no virus found > Fortinet 2.27.0.0 06.03.2005 W32/Gifget.A-tr > Ikarus 2.32 06.03.2005 no virus found > Kaspersky 4.0.2.24 06.03.2005 Trojan-Downloader.Win32.Small.axr > McAfee 4505 06.02.2005 no virus found > NOD32v2 1.1124 06.02.2005 probably unknown NewHeur_PE virus > Norman 5.70.10 06.03.2005 W32/Downloader > Panda 8.02.00 06.02.2005 no virus found > Sybari 7.5.1314 06.03.2005 W32/Downloade > Symantec 8.0 06.02.2005 no virus found > VBA32 3.10.3 06.02.2005 no virus found > > > - -- > Met Vriendelijke groet/Yours Sincerely > Stijn Jonker > -----BEGIN PGP SIGNATURE----- > > iD8DBQFCn/SLjU9r45tKnOARAoMyAJ9ojcSzzpMctIV7DWNUgveUhImfqwCfW5Mt > 7MMBmTHfBqYwZ6RgQWdecIU= > =0Qxy > -----END PGP SIGNATURE----- > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Fri Jun 3 10:16:37 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:29:53 2006 Subject: Installing ClamAV for the first time Message-ID: After McAfee and Sophos let us down over the Mytob.gen worm, have decided to install ClamAV as a third A-V engine to be used by MS. Am running Red Hat AS3 + Sendmail + MailScanner + SpamAssassin + A-V engines. Normally do MS install from RPM version downloaded from Julian's site. Where is best source of info/how-to for installing Clam in the above environment? Is it better to do a source install (and subsequent upgrades) or find a suitable RPM from a third party? Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Jun 3 10:24:40 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:53 2006 Subject: Installing ClamAV for the first time Message-ID: Quentin uses the source, but then I don't run a RPM based systems so.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Quentin Campbell wrote: > After McAfee and Sophos let us down over the Mytob.gen worm, have > decided to install ClamAV as a third A-V engine to be used by MS. > > Am running Red Hat AS3 + Sendmail + MailScanner + SpamAssassin + A-V > engines. > > Normally do MS install from RPM version downloaded from Julian's site. > > Where is best source of info/how-to for installing Clam in the above > environment? Is it better to do a source install (and subsequent > upgrades) or find a suitable RPM from a third party? > > Quentin > --- > PHONE: +44 191 222 8209 Information Systems and Services (ISS), > University of Newcastle, > Newcastle upon Tyne, > FAX: +44 191 222 8765 United Kingdom, NE1 7RU. > ------------------------------------------------------------------------ > "Any opinion expressed above is mine. The University can get its own." > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From res at AUSICS.NET Fri Jun 3 10:28:36 2005 From: res at AUSICS.NET (Res) Date: Thu Jan 12 21:29:53 2006 Subject: Installing ClamAV for the first time Message-ID: Hi Quentin, On Fri, 3 Jun 2005, Quentin Campbell wrote: > Am running Red Hat AS3 + Sendmail + MailScanner + SpamAssassin + A-V > engines. > > Where is best source of info/how-to for installing Clam in the above > environment? Is it better to do a source install (and subsequent > upgrades) or find a suitable RPM from a third party? I would grab the source... also once you've done that, run freshclam manually, then cpan -i Mail::ClamAV check /etc/MailScanner/virus.scanners.conf and ensure clamav /usr/lib/MailScanner/clamav-wrapper /usr/local clamavmodule /bin/false /tmp THen just check the clamav-wrapper to make sure freshclam can update, you will have to make a change vi|pico|mcedit /usr/local/etc/clamd.conf and comment out the Example line and maybe change other things to suite your taste. Of course tell MS to use clamavmodule (it's claimed to be faster than just clamscan on its own, and I would tend to agree) It's all pretty painless :) If i've forgotten somthing I'm sure someone else will throw it in... -- Cheers Res ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailing_lists+mailscanner at caleotech.com Fri Jun 3 10:45:28 2005 From: mailing_lists+mailscanner at caleotech.com (Jens Ahlin) Date: Thu Jan 12 21:29:53 2006 Subject: Installing ClamAV for the first time Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, We are running the rpm from Dag Wieers repository. You can set up yum to download and install from his directory. Check clamav.net web site under binary ports section. Using Dag's rpm's sets you back about 24 hours after a new release before it's available as rpm. Jens > After McAfee and Sophos let us down over the Mytob.gen worm, have > decided to install ClamAV as a third A-V engine to be used by MS. > > Am running Red Hat AS3 + Sendmail + MailScanner + SpamAssassin + A-V > engines. > > Normally do MS install from RPM version downloaded from Julian's site. > > Where is best source of info/how-to for installing Clam in the above > environment? Is it better to do a source install (and subsequent > upgrades) or find a suitable RPM from a third party? > > Quentin > --- > PHONE: +44 191 222 8209 Information Systems and Services (ISS), > University of Newcastle, > Newcastle upon Tyne, > FAX: +44 191 222 8765 United Kingdom, NE1 7RU. > ------------------------------------------------------------------------ > "Any opinion expressed above is mine. The University can get its own." > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Fri Jun 3 11:09:08 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:53 2006 Subject: Trouble downloading Bitdefender? Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] They seem to be "hiding" a small farm behind ftp.bitdefender.com, and at least westpoint.bitdefender.com was very responsive... If you've got transient problems, perhaps try a few times (in the hope you'd reach another mirror that isn't missbehaving... A bit like it used to be/still is with mcafees FTP servers:-). -- Glenn -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Lance Haig Sent: den 3 juni 2005 10:10 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Trouble downloading Bitdefender? Hi Scott, can you send me the link you are using? It just times out when I try Thanks Lance -----Original Message----- From: Scott Silva To: MAILSCANNER@JISCMAIL.AC.UK Date: Thu, 2 Jun 2005 13:57:51 -0700 Subject: Re: Trouble downloading Bitdefender? Lance Haig wrote: > Anyone else having trouble downloading from their site? > > Lance > Not at all. Just downloaded again. Quite speedy actually. -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Fri Jun 3 11:24:22 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:53 2006 Subject: Installing ClamAV for the first time Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] http://wiki.mailscanner.info/doku.php?id=documentation:anti_virus:clamav:install:tarball (slightly rudimentary, but covers how simple it is:-). I do run on an otherwise (mostly) rpm-installed system, but prefer source since I don't want to wait for someone else to package it first (although Dag seems to be very alert... I don't use RH/FC, so that's not relevant to me though:). -- Glenn -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Quentin Campbell Sent: den 3 juni 2005 11:17 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Installing ClamAV for the first time After McAfee and Sophos let us down over the Mytob.gen worm, have decided to install ClamAV as a third A-V engine to be used by MS. Am running Red Hat AS3 + Sendmail + MailScanner + SpamAssassin + A-V engines. Normally do MS install from RPM version downloaded from Julian's site. Where is best source of info/how-to for installing Clam in the above environment? Is it better to do a source install (and subsequent upgrades) or find a suitable RPM from a third party? Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From hywel.burris at COMTEC-EUROPE.CO.UK Fri Jun 3 12:20:50 2005 From: hywel.burris at COMTEC-EUROPE.CO.UK (Hywel Burris) Date: Thu Jan 12 21:29:53 2006 Subject: Heads UP: Suspicious file not detected by most virusscanners. Message-ID: > -----Original Message----- > From: Stijn Jonker [mailto:SJCJonker@SJC.NL] > Sent: 03 June 2005 07:11 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Heads UP: Suspicious file not detected by most virusscanners. > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hello all, > > I just received 2 copies of an mail containing a text that > Osama Bin Laden was captured, with an attachment of pics.zip > (900 bytes). > > Virustotal.com didn't report anything really usefull back, > will be doing my rounds through the submissions sites of > mcafee,norman, symantec and clamav. > > Output of virustotal.com: > Antivirus Version Update Result > AntiVir 6.30.0.15 06.02.2005 > Heuristic/Trojan.Downloader > AVG 718 06.02.2005 no virus found > Avira 6.30.0.15 06.02.2005 Heuristic/Trojan.Downloader > BitDefender 7.0 06.02.2005 BehavesLike:Trojan.Downloader > ClamAV devel-20050501 06.02.2005 > Trojan.Downloader.Small-561 > DrWeb 4.32b 06.02.2005 no virus found > eTrust-Iris 7.1.194.0 06.02.2005 no virus found > eTrust-Vet 11.9.1.0 06.02.2005 no virus found > Fortinet 2.27.0.0 06.03.2005 W32/Gifget.A-tr > Ikarus 2.32 06.03.2005 no virus found > Kaspersky 4.0.2.24 06.03.2005 > Trojan-Downloader.Win32.Small.axr > McAfee 4505 06.02.2005 no virus found > NOD32v2 1.1124 06.02.2005 probably unknown > NewHeur_PE virus > Norman 5.70.10 06.03.2005 W32/Downloader > Panda 8.02.00 06.02.2005 no virus found > Sybari 7.5.1314 06.03.2005 W32/Downloade > Symantec 8.0 06.02.2005 no virus found > VBA32 3.10.3 06.02.2005 no virus found I had F-Prot pick this up first along with trusty old MailScanner..Bitdefender would have as it picked it up as suspicious but MailScanner allowed it through where do I change this behaviour? I had a look in bitdefender-wrapper but couldn't see any config there. Thanks ************************************************************************ This e-mail and any attachments are strictly confidential and intended solely for the addressee. They may contain information which is covered by legal, professional or other privilege. If you are not the intended addressee, you must not copy the e-mail or the attachments, or use them for any purpose or disclose their contents to any other person. To do so may be unlawful. If you have received this transmission in error, please notify us as soon as possible and delete the message and attachments from all places in your computer where they are stored. Although we have scanned this e-mail and any attachments for viruses, it is your responsibility to ensure that they are actually virus free. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From fred at EZCOMPUTERS.CO.UK Fri Jun 3 12:20:30 2005 From: fred at EZCOMPUTERS.CO.UK (Steve Spiller) Date: Thu Jan 12 21:29:53 2006 Subject: html-script attachment checking Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I'm new to MailScanner configuration, and want to check something before I make changes to our working email server after a bad experience with a slight change to our Firewall. MailScanner is currently configured to reject all emails which have an attachment with html scripting (which I understand to be a Good Thing). Except one of our suppliers insists that they send their RMA form unzipped, with loads of scripting. They say that their system does not allow them to compress/rename the form prior to sending. From reading the archives and manuals, I gather I need to do something like the following: 1. create a htmlscript.allow.rules (or other name) with the following contents: From: 127.0.0.1 no From: *@awkwardsupplier.com no FromOrTo: default yes 2. Change MailScanner.conf from: Allow Script Tags = no to: Allow Script Tags = /opt/MailScanner/etc/rules/htmlscript.allow.rules Am I correct in believing this will allow virus scanning on their emails, but allow the RMA Form to be received? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Fri Jun 3 12:40:19 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:29:53 2006 Subject: Heads UP: Suspicious file not detected by most virusscanners. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I'm receiving a lot of them... Only clamav was detecting it on my server in the begining... Now bitdefender is detecting it to. But mcafee does not... ----- Original Message ----- From: "Hywel Burris" To: Sent: Friday, June 03, 2005 8:20 AM Subject: Re: Heads UP: Suspicious file not detected by most virusscanners. > > > > -----Original Message----- > > From: Stijn Jonker [mailto:SJCJonker@SJC.NL] > > Sent: 03 June 2005 07:11 > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Heads UP: Suspicious file not detected by most virusscanners. > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > Hello all, > > > > I just received 2 copies of an mail containing a text that > > Osama Bin Laden was captured, with an attachment of pics.zip > > (900 bytes). > > > > Virustotal.com didn't report anything really usefull back, > > will be doing my rounds through the submissions sites of > > mcafee,norman, symantec and clamav. > > > > Output of virustotal.com: > > Antivirus Version Update Result > > AntiVir 6.30.0.15 06.02.2005 > > Heuristic/Trojan.Downloader > > AVG 718 06.02.2005 no virus found > > Avira 6.30.0.15 06.02.2005 Heuristic/Trojan.Downloader > > BitDefender 7.0 06.02.2005 BehavesLike:Trojan.Downloader > > ClamAV devel-20050501 06.02.2005 > > Trojan.Downloader.Small-561 > > DrWeb 4.32b 06.02.2005 no virus found > > eTrust-Iris 7.1.194.0 06.02.2005 no virus found > > eTrust-Vet 11.9.1.0 06.02.2005 no virus found > > Fortinet 2.27.0.0 06.03.2005 W32/Gifget.A-tr > > Ikarus 2.32 06.03.2005 no virus found > > Kaspersky 4.0.2.24 06.03.2005 > > Trojan-Downloader.Win32.Small.axr > > McAfee 4505 06.02.2005 no virus found > > NOD32v2 1.1124 06.02.2005 probably unknown > > NewHeur_PE virus > > Norman 5.70.10 06.03.2005 W32/Downloader > > Panda 8.02.00 06.02.2005 no virus found > > Sybari 7.5.1314 06.03.2005 W32/Downloade > > Symantec 8.0 06.02.2005 no virus found > > VBA32 3.10.3 06.02.2005 no virus found > > > I had F-Prot pick this up first along with trusty old > MailScanner..Bitdefender would have as it picked it up as suspicious but > MailScanner allowed it through where do I change this behaviour? I had a > look in bitdefender-wrapper but couldn't see any config there. > > Thanks > > ************************************************************************ > This e-mail and any attachments are strictly confidential and intended solely for the addressee. They may contain information which is covered by legal, professional or other privilege. If you are not the intended addressee, you must not copy the e-mail or the attachments, or use them for any purpose or disclose their contents to any other person. To do so may be unlawful. If you have received this transmission in error, please notify us as soon as possible and delete the message and attachments from all places in your computer where they are stored. > > Although we have scanned this e-mail and any attachments for viruses, it is your responsibility to ensure that they are actually virus free. > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Fri Jun 3 12:40:39 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:29:53 2006 Subject: Heads UP: Suspicious file not detected by most virusscanners. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Sorry. Mcafee is detecting it too now... ----- Original Message ----- From: "Roger Jochem" To: "MailScanner mailing list" Sent: Friday, June 03, 2005 8:40 AM Subject: Re: Heads UP: Suspicious file not detected by most virusscanners. > I'm receiving a lot of them... Only clamav was detecting it on my server in > the begining... Now bitdefender is detecting it to. But mcafee does not... > > ----- Original Message ----- > From: "Hywel Burris" > To: > Sent: Friday, June 03, 2005 8:20 AM > Subject: Re: Heads UP: Suspicious file not detected by most virusscanners. > > > > > > > > > -----Original Message----- > > > From: Stijn Jonker [mailto:SJCJonker@SJC.NL] > > > Sent: 03 June 2005 07:11 > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > Subject: Heads UP: Suspicious file not detected by most virusscanners. > > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > > Hash: SHA1 > > > > > > Hello all, > > > > > > I just received 2 copies of an mail containing a text that > > > Osama Bin Laden was captured, with an attachment of pics.zip > > > (900 bytes). > > > > > > Virustotal.com didn't report anything really usefull back, > > > will be doing my rounds through the submissions sites of > > > mcafee,norman, symantec and clamav. > > > > > > Output of virustotal.com: > > > Antivirus Version Update Result > > > AntiVir 6.30.0.15 06.02.2005 > > > Heuristic/Trojan.Downloader > > > AVG 718 06.02.2005 no virus found > > > Avira 6.30.0.15 06.02.2005 Heuristic/Trojan.Downloader > > > BitDefender 7.0 06.02.2005 BehavesLike:Trojan.Downloader > > > ClamAV devel-20050501 06.02.2005 > > > Trojan.Downloader.Small-561 > > > DrWeb 4.32b 06.02.2005 no virus found > > > eTrust-Iris 7.1.194.0 06.02.2005 no virus found > > > eTrust-Vet 11.9.1.0 06.02.2005 no virus found > > > Fortinet 2.27.0.0 06.03.2005 W32/Gifget.A-tr > > > Ikarus 2.32 06.03.2005 no virus found > > > Kaspersky 4.0.2.24 06.03.2005 > > > Trojan-Downloader.Win32.Small.axr > > > McAfee 4505 06.02.2005 no virus found > > > NOD32v2 1.1124 06.02.2005 probably unknown > > > NewHeur_PE virus > > > Norman 5.70.10 06.03.2005 W32/Downloader > > > Panda 8.02.00 06.02.2005 no virus found > > > Sybari 7.5.1314 06.03.2005 W32/Downloade > > > Symantec 8.0 06.02.2005 no virus found > > > VBA32 3.10.3 06.02.2005 no virus found > > > > > > I had F-Prot pick this up first along with trusty old > > MailScanner..Bitdefender would have as it picked it up as suspicious but > > MailScanner allowed it through where do I change this behaviour? I had a > > look in bitdefender-wrapper but couldn't see any config there. > > > > Thanks > > > > ************************************************************************ > > This e-mail and any attachments are strictly confidential and intended > solely for the addressee. They may contain information which is covered by > legal, professional or other privilege. If you are not the intended > addressee, you must not copy the e-mail or the attachments, or use them for > any purpose or disclose their contents to any other person. To do so may be > unlawful. If you have received this transmission in error, please notify us > as soon as possible and delete the message and attachments from all places > in your computer where they are stored. > > > > Although we have scanned this e-mail and any attachments for viruses, it > is your responsibility to ensure that they are actually virus free. > > > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From adrik at SALESMANAGER.NL Fri Jun 3 12:55:36 2005 From: adrik at SALESMANAGER.NL (Adri Koppes) Date: Thu Jan 12 21:29:53 2006 Subject: 4.43.1 sophossavi testing Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Julian Field > Sent: 03 June, 2005 10:40 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: 4.43.1 sophossavi testing > > > A new SweepViruses.pm is attached which implements the "Allowed > Sophos Error Messages" for the SophosSAVI virus scanner. Let me know > if there is still anything you want to change in this. Julian, Is this only for version 4.43 or can we also use it with 4.42? Regards, Adri. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Fri Jun 3 13:29:03 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:29:53 2006 Subject: Installing ClamAV for the first time - thanks for replies - working! Message-ID: Thanks to all who replied. Did install from tar ball. It is working although not in production yet. Neeed to review clamd.conf options and MailScanner.conf changes that are needed. Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." >-----Original Message----- >From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Quentin Campbell >Sent: 03 June 2005 10:17 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Installing ClamAV for the first time > >After McAfee and Sophos let us down over the Mytob.gen worm, have >decided to install ClamAV as a third A-V engine to be used by MS. > >Am running Red Hat AS3 + Sendmail + MailScanner + SpamAssassin + A-V >engines. > >Normally do MS install from RPM version downloaded from Julian's site. > >Where is best source of info/how-to for installing Clam in the above >environment? Is it better to do a source install (and subsequent >upgrades) or find a suitable RPM from a third party? > >Quentin >--- >PHONE: +44 191 222 8209 Information Systems and Services (ISS), > University of Newcastle, > Newcastle upon Tyne, >FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >--------------------------------------------------------------- >--------- >"Any opinion expressed above is mine. The University can get its own." > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Jun 3 13:51:59 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:53 2006 Subject: html-script attachment checking Message-ID: You have your yes and no the wrong way round. For mail from localhost and from awkwardsupplier.com you want to allow scripts (i.e. yes), but other mail you want to disallow scripts (i.e. no). The symptom you might have noticed, which indicates you have done something wrong, is that you were changing a setting of "no" to a ruleset for which the default value is "yes". On 3 Jun 2005, at 12:20, Steve Spiller wrote: > I'm new to MailScanner configuration, and want to check something > before I make changes to our working email server after a bad > experience with a slight change to our Firewall. > MailScanner is currently configured to reject all emails which have > an attachment with html scripting (which I understand to be a Good > Thing). Except one of our suppliers insists that they send their > RMA form unzipped, with loads of scripting. They say that their > system does not allow them to compress/rename the form prior to > sending. From reading the archives and manuals, I gather I need to > do something like the following: > > 1. create a htmlscript.allow.rules (or other name) with the > following contents: > From: 127.0.0.1 no > From: *@awkwardsupplier.com no > FromOrTo: default yes > > 2. Change MailScanner.conf from: > Allow Script Tags = no > to: > Allow Script Tags = /opt/MailScanner/etc/rules/htmlscript.allow.rules > > Am I correct in believing this will allow virus scanning on their > emails, but allow the RMA Form to be received? > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Jun 3 13:52:47 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:53 2006 Subject: 4.43.1 sophossavi testing Message-ID: On 3 Jun 2005, at 12:55, Adri Koppes wrote: >> -----Original Message----- >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >> Behalf Of Julian Field >> Sent: 03 June, 2005 10:40 >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: 4.43.1 sophossavi testing >> >> >> A new SweepViruses.pm is attached which implements the "Allowed >> Sophos Error Messages" for the SophosSAVI virus scanner. Let me know >> if there is still anything you want to change in this. >> > > Julian, > > Is this only for version 4.43 or can we also use it with 4.42? Should work fine with 4.42. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Fri Jun 3 13:53:31 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:53 2006 Subject: SV: Installing ClamAV for the first time - thanks for replies - working! Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Don't forget to look at/set freshclam.conf (the DNS thing and the "close" Databasemirror things) too. If I understand things correctly, clamd.conf only matters if you use clamavmodule. But you're perhaps going that way? -- Glenn -----Ursprungligt meddelande----- Från: MailScanner mailing list genom Quentin Campbell Skickat: fr 2005-06-03 14:29 Till: MAILSCANNER@JISCMAIL.AC.UK Kopia: Ämne: Re: Installing ClamAV for the first time - thanks for replies - working! Thanks to all who replied. Did install from tar ball. It is working although not in production yet. Neeed to review clamd.conf options and MailScanner.conf changes that are needed. Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." >-----Original Message----- >From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Quentin Campbell >Sent: 03 June 2005 10:17 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Installing ClamAV for the first time > >After McAfee and Sophos let us down over the Mytob.gen worm, have >decided to install ClamAV as a third A-V engine to be used by MS. > >Am running Red Hat AS3 + Sendmail + MailScanner + SpamAssassin + A-V >engines. > >Normally do MS install from RPM version downloaded from Julian's site. > >Where is best source of info/how-to for installing Clam in the above >environment? Is it better to do a source install (and subsequent >upgrades) or find a suitable RPM from a third party? > >Quentin >--- >PHONE: +44 191 222 8209 Information Systems and Services (ISS), > University of Newcastle, > Newcastle upon Tyne, >FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >--------------------------------------------------------------- >--------- >"Any opinion expressed above is mine. The University can get its own." > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Fri Jun 3 15:55:59 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:29:53 2006 Subject: Heads UP: Suspicious file not detected by most virusscanners. Message-ID: Stijn Jonker wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hello all, > > I just received 2 copies of an mail containing a text that Osama Bin > Laden was captured, with an attachment of pics.zip (900 bytes). Just an FYI. Trend Micro sent this out this morning. Looks like having double extension checking on will help filter them out too, if the name.1.zip pattern is consistant... ...Kevin ======================================================= Dear Trend Micro customer, As of June 3, 2005, 1:38 AM PDT (Pacific Daylight Time/GMT -7:00), TrendLabs has declared a Medium Risk Virus Alert to control the spread of WORM_BOBAX.P. TrendLabs has received several infection reports indicating that this malware is spreading in Australia, India, Ireland, Japan, Peru, Singapore, and the United States. This memory-resident worm usually arrives on a system as a downloaded file of TROJ_SMALL.AHE. It spreads by sending a copy of TROJ_SMALL.AHE as an attachment to an email message that it sends using its own Simple Mail Transfer Protocol (SMTP) engine. The message it sends out contains the following details: Subject: {blank} Message body: (any of the following) * Attached some pics that i found * Check this out :-) * Hello, * I was going through my album, and look what I found.. * Long time! Check this out! * Osama Bin Laden Captured. * Remember this? * Saddam Hussein - Attempted Escape, Shot dead * Secret! * Testing (followed by any of the following strings) * +++ Attachment: No Virus found * +++ F-Secure AntiVirus - You are protected * +++ Norman AntiVirus - You are protected * +++ Norton AntiVirus - You are protected * +++ Panda AntiVirus - You are protected * +++ www.f-secure.com * +++ www.norman.com * +++ www.pandasoftware.com * +++ www.symantec.com Attachment: (any of the following names followed by a .ZIP extension) * bush.1 * funny.1 * joke.1 * pics.1 * secret.2 When an unsuspecting user executes the Trojan attachment, TROJ_SMALL.AHE downloads WORM_BOBAX.P, and the vicious worm-Trojan cycle continues. It also propagates by taking advantage of the Windows LSASS vulnerability. Furthermore, it is capable of modifying the system's HOSTS file in order to prevent users from accessing certain Web sites. TrendLabs will be releasing the following EPS deliverables: TMCM Outbreak Prevention Policy 179 -- already uploaded Official Pattern Release 2.663.00 Damage Cleanup Template 612 For more information on WORM_BOBAX.P, you can visit our Web site at: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BOBAX.P You can modify subscription settings for Trend Micro newsletters at: http://www.trendmicro.com/subscriptions/default.asp ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Fri Jun 3 16:09:15 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:29:53 2006 Subject: FW: Your email requires verification verify#gJxMNtnqNg35xBxN7GuOK 236xoVud1bR Message-ID: steve@yurmail.com wrote: > The message you sent requires that you verify that you > are a real live human being and not a spam source. > > To complete this verification, simply reply to this message and leave > the subject line intact. > > The headers of the message sent from your address are show below: > > From owner-mailscanner@jiscmail.ac.uk Fri Jun 03 09:52:44 2005 > Received: from [206.123.69.170] (helo=yurhost4.yurhost.com) > by yurhost5.yurhost.com with esmtp (Exim 4.50) > id 1DeDXP-0007FQ-Sg > for steve@yurmail.com; Fri, 03 Jun 2005 09:52:43 -0500 snip Can someone hit this guy with a clue-by-4? Or at least suspend his account on the MailScanner list until he whitelists the list server? Thanks... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mauriciopcavalcanti at HOTMAIL.COM Fri Jun 3 16:17:06 2005 From: mauriciopcavalcanti at HOTMAIL.COM (Mauricio Cavalcanti) Date: Thu Jan 12 21:29:53 2006 Subject: ClamV updates Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I put this in yum.conf: [crash-hat] name=Fedora Core $releasever - $basearch - CrashHat baseurl=http://crash.fce.vutbr.cz/crash-hat/$releasever enabled=1 gpgcheck=1 It working with no problems... Mauricio. >From: Ugo Bellavance >Reply-To: MailScanner mailing list >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: ClamV updates >Date: Wed, 25 May 2005 15:24:24 -0400 > >Billy A. Pumphrey wrote: >>Thank you for the replies. I am still a little lost on how I should/can >>do the updates. >> >>Looking at the clamv site (http://www.clamav.net/binary.html) I do not >>know which package to use for CentOS. > >There is no rpm compiled specifically for CentOS (RHEL). Maybe another >would, maybe not. I can't tell. > >> >>Also, do you know how that I can update using the Dag yum? > >2 choices: > >1- manually download & install http://dag.wieers.com/packages/clamav/ >2- Use dag's repository using apt, yum or up2date(beware of the >implications). http://dag.wieers.com/home-made/apt/FAQ.php#B. Be >careful, this may update other packages when you do system updates. > >> >>Billy Pumphrey >>IT Manager >>Wooden & McLaughlin >> > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From fred at EZCOMPUTERS.CO.UK Fri Jun 3 15:06:23 2005 From: fred at EZCOMPUTERS.CO.UK (Steve Spiller) Date: Thu Jan 12 21:29:53 2006 Subject: html-script attachment checking Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > You have your yes and no the wrong way round. > For mail from localhost and from awkwardsupplier.com you want to > allow scripts (i.e. yes), but other mail you want to disallow scripts > (i.e. no). > > The symptom you might have noticed, which indicates you have done > something wrong, is that you were changing a setting of "no" to a > ruleset for which the default value is "yes". > > > On 3 Jun 2005, at 12:20, Steve Spiller wrote: > >> I'm new to MailScanner configuration, and want to check something >> before I make changes to our working email server after a bad >> experience with a slight change to our Firewall. >> MailScanner is currently configured to reject all emails which have >> an attachment with html scripting (which I understand to be a Good >> Thing). Except one of our suppliers insists that they send their RMA >> form unzipped, with loads of scripting. They say that their system >> does not allow them to compress/rename the form prior to sending. >> From reading the archives and manuals, I gather I need to do >> something like the following: >> >> 1. create a htmlscript.allow.rules (or other name) with the >> following contents: >> From: 127.0.0.1 no >> From: *@awkwardsupplier.com no >> FromOrTo: default yes >> >> 2. Change MailScanner.conf from: >> Allow Script Tags = no >> to: >> Allow Script Tags = /opt/MailScanner/etc/rules/htmlscript.allow.rules >> >> Am I correct in believing this will allow virus scanning on their >> emails, but allow the RMA Form to be received? >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> > Thanks for pointing that out - that solved the problem. I didn't beleive that the answer could be so simple and so obvious! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Jun 3 16:47:31 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:53 2006 Subject: Your MailScanner mailing list subscription Message-ID: Steve (steve@yurmail.com), I have suspended your MailScanner mailing list subscription until you tell your stupid email challenge-response system to accept mail from the mailing list server. You asked to be sent the mail. You should at least configure your system to accept mail that you asked for in the first place. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Fri Jun 3 16:49:49 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:53 2006 Subject: Installing ClamAV for the first time Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Quentin Campbell wrote: > After McAfee and Sophos let us down over the Mytob.gen worm, have > decided to install ClamAV as a third A-V engine to be used by MS. > > Am running Red Hat AS3 + Sendmail + MailScanner + SpamAssassin + A-V > engines. > > Normally do MS install from RPM version downloaded from Julian's site. > > Where is best source of info/how-to for installing Clam in the above > environment? Is it better to do a source install (and subsequent > upgrades) or find a suitable RPM from a third party? Even BitDefender caught this one before McAfee. I haven't taken actual data, but it seems Clam is way above the others I use in detection. Lets hear it for open source!! -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Fri Jun 3 16:54:43 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:53 2006 Subject: Heads UP: Suspicious file not detected by most virusscanners. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Roger Jochem wrote: > I'm receiving a lot of them... Only clamav was detecting it on my server in > the begining... Now bitdefender is detecting it to. But mcafee does not... > Todays update for McAfee now gets it. I really hate McAfee's policy of one update a day, unless it is a higher risk. -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Fri Jun 3 17:24:02 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:53 2006 Subject: Heads UP: Suspicious file not detected by most virusscanners. Message-ID: Scott Silva wrote: > Roger Jochem wrote: >> I'm receiving a lot of them... Only clamav was detecting it on my >> server in the begining... Now bitdefender is detecting it to. But >> mcafee does not... >> > Todays update for McAfee now gets it. I really hate McAfee's policy of > one update a day, unless it is a higher risk. > What I hate isn't the dailys... It's the extra.dats... Don't seem to be as common any more (due to the shift to daily updates, but still... They should look'n'learn from clam;) -- Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Fri Jun 3 17:07:18 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:53 2006 Subject: Trouble downloading Bitdefender? Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Lance Haig wrote: > Hi Scott, > > can you send me the link you are using? > ftp://ftp.bitdefender.com/pub/linux/free/bitdefender-console/en/BitDefender-Console-Antivirus-7.0.1-3.linux-gcc3x.i586.rpm or .deb or .run if you need the Debian file or the self installer > It just times out when I try > > Thanks > > Lance > > -----Original Message----- > From: Scott Silva > To: MAILSCANNER@JISCMAIL.AC.UK > Date: Thu, 2 Jun 2005 13:57:51 -0700 > Subject: Re: Trouble downloading Bitdefender? > > Lance Haig wrote: > >>Anyone else having trouble downloading from their site? >> >>Lance >> > > Not at all. Just downloaded again. Quite speedy actually. > -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Jun 3 17:27:36 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:53 2006 Subject: Heads UP: Suspicious file not detected by most virusscanners. Message-ID: lots of new mytobs today.....CA recon we're up for a massive zombie break out (again) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Steen, Glenn wrote: > Scott Silva wrote: > >>Roger Jochem wrote: >> >>>I'm receiving a lot of them... Only clamav was detecting it on my >>>server in the begining... Now bitdefender is detecting it to. But >>>mcafee does not... >>> >> >>Todays update for McAfee now gets it. I really hate McAfee's policy of >>one update a day, unless it is a higher risk. >> > > What I hate isn't the dailys... It's the extra.dats... Don't seem to be > as common any more (due to the shift to daily updates, but still... They > should look'n'learn from clam;) > > -- Glenn > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jhiggins at KENNESAW.EDU Fri Jun 3 19:31:39 2005 From: jhiggins at KENNESAW.EDU (Jonathan Higgins) Date: Thu Jan 12 21:29:53 2006 Subject: SA userprefs stored in SQL Message-ID: I looked through the customconfig, and found the section talking about white/black lists per domain.... which is not what im looking for. global storage of user preferences. thats what I need. Spamassassin provides it only in thier client server configuration. I want to continue to use spamassassin the way that MailScanner wants to. anyone else out there doing this?.. are you running spamd/spamc? and so on.. >I am using the CustomConfig to do that, I had it working great on an old >server until a little hitch with MailScanner maintaining mysql connections >on the new one... haven't had time to figure out the issue, but look at >CustomConfig.pm, I am using it to obtain if the domain should want mail >scanned, the score, actions, etc... > >------------------------- >Brian Taber >Manager/IT Specialist >Diverse Computer Group >Office: 508-758-4402 >Cell: 508-496-9221 > > This apparently has come up a few times in the past. I may be asking > this in the wrong place, so if I need to post this question on the > spamassassin list please let me know. > > I even found a piece of information on the Faq-O-matic... here is an > excerpt. > > "..... problem is that SpamAssassin, according to what I've read at the > following http://spamassassin.apache.org/full/3.0.x/dist/sql/README, > will only use the DB for getting the user preferences if it's running in > client/server mode, i.e., as spamc and spamd. So this means that if I > want to let end users manage their own whitelists, I would have to get > SpamAssassin running the old slow way. Thoughts or suggestions? " > > After searching, I have not found a solution to this. I am already > using a mysql bayes for my lvs mail cluster system.. I need a way to > store SA user preferences globally.. and i would rather not go back to > using spamc/spamd. > > thanks. > > > > Jonathan Higgins > IT R&D Project Manager > Kennesaw State University ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bpumphrey at WOODMACLAW.COM Fri Jun 3 19:50:07 2005 From: bpumphrey at WOODMACLAW.COM (Billy A. Pumphrey) Date: Thu Jan 12 21:29:54 2006 Subject: ClamV updates Message-ID: I about have it figured out (your email gave it to me). I figured out how it works, sort of. I did this. I have clamav-0.84rc1 installed. I got yum to use the dap repository. I do a yum search clam and it returns results for clamav.i386 and others. Yum update clamav does not work. Yum update clamav.i386 did not work. I did yum install clamav.i386 and it appeared to install the latest version. Then I ran freshclam and it still says that I am updated. Any thoughts? Billy Pumphrey IT Manager Wooden & McLaughlin > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Mauricio Cavalcanti > Sent: Friday, June 03, 2005 10:17 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: ClamV updates > > I put this in yum.conf: > > [crash-hat] > name=Fedora Core $releasever - $basearch - CrashHat > baseurl=http://crash.fce.vutbr.cz/crash-hat/$releasever > enabled=1 > gpgcheck=1 > > It working with no problems... > > Mauricio. > > >From: Ugo Bellavance > >Reply-To: MailScanner mailing list > >To: MAILSCANNER@JISCMAIL.AC.UK > >Subject: Re: ClamV updates > >Date: Wed, 25 May 2005 15:24:24 -0400 > > > >Billy A. Pumphrey wrote: > >>Thank you for the replies. I am still a little lost on how I should/can > >>do the updates. > >> > >>Looking at the clamv site (http://www.clamav.net/binary.html) I do not > >>know which package to use for CentOS. > > > >There is no rpm compiled specifically for CentOS (RHEL). Maybe another > >would, maybe not. I can't tell. > > > >> > >>Also, do you know how that I can update using the Dag yum? > > > >2 choices: > > > >1- manually download & install http://dag.wieers.com/packages/clamav/ > >2- Use dag's repository using apt, yum or up2date(beware of the > >implications). http://dag.wieers.com/home-made/apt/FAQ.php#B. Be > >careful, this may update other packages when you do system updates. > > > >> > >>Billy Pumphrey > >>IT Manager > >>Wooden & McLaughlin > >> > > > >------------------------ MailScanner list ------------------------ > >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >'leave mailscanner' in the body of the email. > >Before posting, read the Wiki (http://wiki.mailscanner.info/) and > >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > >Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Fri Jun 3 20:14:08 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:29:54 2006 Subject: ClamV updates Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Billy A. Pumphrey wrote: > I about have it figured out (your email gave it to me). I figured out > how it works, sort of. I did this. > > I have clamav-0.84rc1 installed. > > I got yum to use the dap repository. I do a yum search clam and it > returns results for clamav.i386 and others. > > Yum update clamav does not work. Yum update clamav.i386 did not work. > > I did yum install clamav.i386 and it appeared to install the latest > version. Then I ran freshclam and it still says that I am updated. > > Any thoughts? Must be a problem with your yum config. 'yum install clamav' should work. You'll probably need clamav-db as well. > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Fri Jun 3 21:32:06 2005 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:29:54 2006 Subject: Trouble downloading Bitdefender? Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Scott, Thanks that link worked. Seems strange :-) Lance Scott Silva wrote: Lance Haig wrote: Hi Scott, can you send me the link you are using? ftp://ftp.bitdefender.com/pub/linux/free/bitdefender-console/en/BitDefender-Console-Antivirus-7.0.1-3.linux-gcc3x.i586.rpm or .deb or .run if you need the Debian file or the self installer It just times out when I try Thanks Lance -----Original Message----- From: Scott Silva To: MAILSCANNER@JISCMAIL.AC.UK Date: Thu, 2 Jun 2005 13:57:51 -0700 Subject: Re: Trouble downloading Bitdefender? Lance Haig wrote: Anyone else having trouble downloading from their site? Lance Not at all. Just downloaded again. Quite speedy actually. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Fri Jun 3 21:42:51 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:29:54 2006 Subject: bayes.lock files haunting me... Message-ID: I got the bayes.lock file blues again. Read the MAQ, read the FAQ, read the book. I must be slow. Sendmail Suse 9.3 spamassassin 3.03 MailScanner 4.41.3 spam.assassin.prefs.conf bayes_auto_expire 0 MailScanner.conf Rebuild Bayes Every = 86400 Wait During Bayes Build = yes Lock Type = posix Root's crontab: 0 5 * * * /usr/bin/sa-learn --force-expire > /dev/null 2>&1 I don't stop MailScanner to run the force-expire. I don't get any bayes_expiry files anymore, but every day I get a couple bayes.lock* files. The timestamp is a couple minutes apart up to about 10 minutes apart and they all fall w/in a half hour up to about an hour and a half. I think around the same time of day that I last started MailScanner, which makes me suspect the rebuild process. In this case the times range from 9:04 up to 9:48 am. Should I set "Rebuild Bayes Every = 0" and the Wait back to no? I would have thought that telling it to wait would have solved the problem. Thanks... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Jun 3 21:54:04 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:54 2006 Subject: bayes.lock files haunting me... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Why are you rebuilding the Bayes db from MailScanner and from cron? You should do either 1 or the other. I would recommend (of course) doing it from MailScanner.conf, so just comment out your crontab entry. Kevin Miller wrote: >I got the bayes.lock file blues again. Read the MAQ, read the FAQ, read the >book. I must be slow. > >Sendmail >Suse 9.3 >spamassassin 3.03 >MailScanner 4.41.3 > >spam.assassin.prefs.conf > bayes_auto_expire 0 > >MailScanner.conf > Rebuild Bayes Every = 86400 > Wait During Bayes Build = yes > Lock Type = posix > >Root's crontab: > 0 5 * * * /usr/bin/sa-learn --force-expire > /dev/null 2>&1 > >I don't stop MailScanner to run the force-expire. > >I don't get any bayes_expiry files anymore, but every day I get a couple >bayes.lock* files. The timestamp is a couple minutes apart up to about 10 >minutes apart and they all fall w/in a half hour up to about an hour and a >half. I think around the same time of day that I last started MailScanner, >which makes me suspect the rebuild process. In this case the times range >from 9:04 up to 9:48 am. > >Should I set "Rebuild Bayes Every = 0" and the Wait back to no? I would >have thought that telling it to wait would have solved the problem. > >Thanks... > >...Kevin > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Fri Jun 3 22:24:41 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:29:54 2006 Subject: bayes.lock files haunting me... Message-ID: Julian Field wrote: > Why are you rebuilding the Bayes db from MailScanner and from cron? > You should do either 1 or the other. I would recommend (of course) > doing it from MailScanner.conf, so just comment out your crontab > entry. Well, I was having the lock file troubles so I added the cron job yesterday to see if it would make any difference and forgot to turn it off in MailScanner. Senior moment I guess. I'll kill it and see how things go over the weekend. Should I leave the wait on? ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Fri Jun 3 23:30:13 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:54 2006 Subject: Your MailScanner mailing list subscription Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > Steve (steve@yurmail.com), > > I have suspended your MailScanner mailing list subscription until you > tell your stupid email challenge-response system to accept mail from > the mailing list server. > > You asked to be sent the mail. You should at least configure your > system to accept mail that you asked for in the first place. > I second that emotion! Seems a little over the top to ask for help, and then fight the answer. -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Jun 3 23:40:44 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:54 2006 Subject: bayes.lock files haunting me... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Kevin Miller wrote: >Julian Field wrote: > > >>Why are you rebuilding the Bayes db from MailScanner and from cron? >>You should do either 1 or the other. I would recommend (of course) >>doing it from MailScanner.conf, so just comment out your crontab >>entry. >> >> > >Well, I was having the lock file troubles so I added the cron job yesterday >to see if it would make any difference and forgot to turn it off in >MailScanner. Senior moment I guess. I'll kill it and see how things go >over the weekend. > >Should I leave the wait on? > > The wait only applies to MailScanner's rebuilds, it has no effect on your cron job's operation. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Sat Jun 4 00:30:26 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:29:54 2006 Subject: bayes.lock files haunting me... Message-ID: Julian Field wrote: > Kevin Miller wrote: > >> Julian Field wrote: >> >> >>> Why are you rebuilding the Bayes db from MailScanner and from cron? >>> You should do either 1 or the other. I would recommend (of course) >>> doing it from MailScanner.conf, so just comment out your crontab >>> entry. >>> >>> >> >> Well, I was having the lock file troubles so I added the cron job >> yesterday to see if it would make any difference and forgot to turn >> it off in MailScanner. Senior moment I guess. I'll kill it and see >> how things go over the weekend. >> >> Should I leave the wait on? >> >> > The wait only applies to MailScanner's rebuilds, it has no effect on > your cron job's operation. Yeah, I understand that. If I kill the cron job, and leave the rebuild at 86400, should the wait be enabled? Default is no, but in this case what does wisdom dictate? TIA... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From iron999mike at YAHOO.COM Sat Jun 4 03:04:59 2005 From: iron999mike at YAHOO.COM (michael irons) Date: Thu Jan 12 21:29:54 2006 Subject: postfix+mailscanner+procmail Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I know that there has to be a howto somewhere, but after several hours I can not find it. I am running mailscanner with postfix and want to do my filtering through procmail. When I change my mailbox_command = /usr/bin/procmail it just bypasses mailscanner and I get no checks. The best information i can come up with is that there are actually 2 postfix/main.cf files (postfix and postfix.in). The problem is that I do not have these files (postfix.in). Do I need to copy them from somewhere. If somebody could point me to a tutorial that would be great thanks Mike __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Sat Jun 4 05:15:21 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:29:54 2006 Subject: postfix+mailscanner+procmail Message-ID: Johnny Hughes just released this guide a few days ago. I found it to be informative for me, a sendmail guy: http://www.hughesjr.com/content/view/42/2/Site_News Mike -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of michael irons Sent: Friday, June 03, 2005 9:05 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: postfix+mailscanner+procmail I know that there has to be a howto somewhere, but after several hours I can not find it. I am running mailscanner with postfix and want to do my filtering through procmail. When I change my mailbox_command = /usr/bin/procmail it just bypasses mailscanner and I get no checks. The best information i can come up with is that there are actually 2 postfix/main.cf files (postfix and postfix.in). The problem is that I do not have these files (postfix.in). Do I need to copy them from somewhere. If somebody could point me to a tutorial that would be great thanks Mike __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From iron999mike at YAHOO.COM Sat Jun 4 05:40:52 2005 From: iron999mike at YAHOO.COM (michael irons) Date: Thu Jan 12 21:29:54 2006 Subject: postfix+mailscanner+procmail Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] yeah I saw that site in my searches. I have Mailscanner up and running along with postfix. Itworks when I send mail to /var/spool... and directly to my Maildir. But I wasnt to use procmail to filter out spam to a users spam folder. My understanding from all of the sites I have read mailscanner works like this incoming postfix server -> mailscanner -> outgoing postfix -> final destination (Maildir, spool, or mda). but if I use mailbox_command = /usr/bin/procmail in postfix/main.cf it goes striaght to procmail, bypassing mailscanner. Do I need to configure the second postfix server and how do I do that, or am I completely confused. thanks Mike --- Mike Kercher wrote: > Johnny Hughes just released this guide a few days > ago. I found it to be > informative for me, a sendmail guy: > > http://www.hughesjr.com/content/view/42/2/Site_News > > Mike > > > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf > Of michael irons > Sent: Friday, June 03, 2005 9:05 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: postfix+mailscanner+procmail > > I know that there has to be a howto somewhere, but > after several hours I can > not find it. I am running mailscanner with postfix > and want to do my > filtering through procmail. When I change my > mailbox_command = > /usr/bin/procmail it just bypasses mailscanner and I > get no checks. The best > information i can come up with is that there are > actually 2 postfix/main.cf > files (postfix and postfix.in). The problem is that > I do not have these > files (postfix.in). Do I need to copy them from > somewhere. If somebody could > point me to a tutorial that would be great > > thanks > Mike > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pz at CHRIST-NET.SK Sat Jun 4 08:02:08 2005 From: pz at CHRIST-NET.SK (Peter Zimen) Date: Thu Jan 12 21:29:54 2006 Subject: sophossavi Message-ID: Hello, after upgrade on 4-43.1 version sophossavi not scan for viruses. After start i see: SophosSAVI 3.94 (engine 2.30) recognizing 105215 viruses Jun 4 08:54:50 sandman MailScanner[395]: SophosSAVI using 75 IDE files but mails from testvirus.org are not scannet. When in MailScanner.conf i switch to sophos - scan is o.k. Peter ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/PKCS7-SIGNATURE 3.2KB. ] [ Unable to print this part. ] From bg.mahesh at INDIAINFO.COM Sat Jun 4 08:39:00 2005 From: bg.mahesh at INDIAINFO.COM (BG Mahesh) Date: Thu Jan 12 21:29:54 2006 Subject: tag found in message j4UA2wNj002975 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] hi I see the following type of messages in /var/log/maillog tag found in message j4UA2wNj002975 I found out about this when a friend's email was never reaching me. In that email his signature has a URL. What should I do to receive this email or atleast for MailScanner to bounce back the email to the sender warning him about the error -- B.G. Mahesh bg.mahesh@indiainfo.com http://www.indiainfo.com/ -- ______________________________________________ IndiaInfo Mail - the free e-mail service with a difference! www.indiainfo.com Check out our value-added Premium features, such as an extra 20MB for mail storage, POP3, e-mail forwarding, and ads-free mailboxes! Powered by Outblaze ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Sat Jun 4 09:45:42 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:54 2006 Subject: Trouble downloading Bitdefender? Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Uh, Lance.... that's the exact link you get by following their link on the download page.... I guess that's one more to chalk up on the "temporary problem" account:-) -- Glenn -----Original Message----- From: MailScanner mailing list on behalf of Lance Haig Sent: fr 2005-06-03 22:32 To: MAILSCANNER@JISCMAIL.AC.UK Cc: Subject: Re: Trouble downloading Bitdefender? Hi Scott, Thanks that link worked. Seems strange :-) Lance Scott Silva wrote: >Lance Haig wrote: > > >> Hi Scott, >> >>can you send me the link you are using? >> >> >> > >ftp://ftp.bitdefender.com/pub/linux/free/bitdefender-console/en/BitDefender-Console-Antivirus-7.0.1-3.linux-gcc3x.i586.rpm >or .deb or .run if you need the Debian file or the self installer > > >>It just times out when I try >> >>Thanks >> >>Lance >> >>-----Original Message----- >>From: Scott Silva >>To: MAILSCANNER@JISCMAIL.AC.UK >>Date: Thu, 2 Jun 2005 13:57:51 -0700 >>Subject: Re: Trouble downloading Bitdefender? >> >>Lance Haig wrote: >> >> >> >>>Anyone else having trouble downloading from their site? >>> >>>Lance >>> >>> >>> >>Not at all. Just downloaded again. Quite speedy actually. >> >> >> > > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Sat Jun 4 09:50:34 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:54 2006 Subject: Your MailScanner mailing list subscription Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I bet we're all silently cheering Jules for this action... Or (as in your and my case Scott) not-so-silently:-) -- Glenn -----Original Message----- From: MailScanner mailing list on behalf of Scott Silva Sent: lö 2005-06-04 00:30 To: MAILSCANNER@JISCMAIL.AC.UK Cc: Subject: Re: Your MailScanner mailing list subscription Julian Field wrote: > Steve (steve@yurmail.com), > > I have suspended your MailScanner mailing list subscription until you > tell your stupid email challenge-response system to accept mail from > the mailing list server. > > You asked to be sent the mail. You should at least configure your > system to accept mail that you asked for in the first place. > I second that emotion! Seems a little over the top to ask for help, and then fight the answer. -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Sat Jun 4 10:31:50 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:54 2006 Subject: postfix+mailscanner+procmail Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Sounds like the deprecated "2 postfix setup via deferral". You should be using "1 postfix with the HOLD feature" (Joshua will disagree:-). Look at the wiki, there's quite a lot about PF there: http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:installation AFAICS, you must be doing something slightly strange, since the mailbox_command is used by the local delivery agent.... which should be way after MS is finished. Tell us a bit more about the specific setup, and I'm sure will be able to give some pointers. -- Glenn -----Original Message----- From: MailScanner mailing list on behalf of michael irons Sent: lö 2005-06-04 06:40 To: MAILSCANNER@JISCMAIL.AC.UK Cc: Subject: Re: postfix+mailscanner+procmail yeah I saw that site in my searches. I have Mailscanner up and running along with postfix. Itworks when I send mail to /var/spool... and directly to my Maildir. But I wasnt to use procmail to filter out spam to a users spam folder. My understanding from all of the sites I have read mailscanner works like this incoming postfix server -> mailscanner -> outgoing postfix -> final destination (Maildir, spool, or mda). but if I use mailbox_command = /usr/bin/procmail in postfix/main.cf it goes striaght to procmail, bypassing mailscanner. Do I need to configure the second postfix server and how do I do that, or am I completely confused. thanks Mike --- Mike Kercher wrote: > Johnny Hughes just released this guide a few days > ago. I found it to be > informative for me, a sendmail guy: > > http://www.hughesjr.com/content/view/42/2/Site_News > > Mike > > > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf > Of michael irons > Sent: Friday, June 03, 2005 9:05 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: postfix+mailscanner+procmail > > I know that there has to be a howto somewhere, but > after several hours I can > not find it. I am running mailscanner with postfix > and want to do my > filtering through procmail. When I change my > mailbox_command = > /usr/bin/procmail it just bypasses mailscanner and I > get no checks. The best > information i can come up with is that there are > actually 2 postfix/main.cf > files (postfix and postfix.in). The problem is that > I do not have these > files (postfix.in). Do I need to copy them from > somewhere. If somebody could > point me to a tutorial that would be great > > thanks > Mike > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jun 4 12:48:40 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:54 2006 Subject: bayes.lock files haunting me... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Kevin Miller wrote: >Julian Field wrote: > > >>Kevin Miller wrote: >> >> >> >>>Julian Field wrote: >>> >>> >>> >>> >>>>Why are you rebuilding the Bayes db from MailScanner and from cron? >>>>You should do either 1 or the other. I would recommend (of course) >>>>doing it from MailScanner.conf, so just comment out your crontab >>>>entry. >>>> >>>> >>>> >>>> >>>Well, I was having the lock file troubles so I added the cron job >>>yesterday to see if it would make any difference and forgot to turn >>>it off in MailScanner. Senior moment I guess. I'll kill it and see >>>how things go over the weekend. >>> >>>Should I leave the wait on? >>> >>> >>> >>> >>The wait only applies to MailScanner's rebuilds, it has no effect on >>your cron job's operation. >> >> > >Yeah, I understand that. If I kill the cron job, and leave the rebuild at >86400, should the wait be enabled? Default is no, but in this case what >does wisdom dictate? > > It depends a bit on the mail traffic through your site. If the rebuild takes a long time, then you probably want to continue delivering while it goes on (wait=no). If it only takes a minute or two, and your server can catch up fairly quickly, you probably want to wait for it to complete (wait=yes). I would go for wait=yes and change it if it causes a problem. Otherwise spam will get through during the rebuild. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jun 4 13:11:09 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:54 2006 Subject: sophossavi Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Can someone check this please? I can't get the SAVI module to install on my RHEL systems. Peter, please can you do a "MailScanner -v" and post the output. Peter Zimen wrote: > * PGP Bad Signature, Signed by a unverified key > Hello, > after upgrade on 4-43.1 version sophossavi not scan for viruses. > After start i see: > > SophosSAVI 3.94 (engine 2.30) recognizing 105215 viruses > Jun 4 08:54:50 sandman MailScanner[395]: SophosSAVI using 75 IDE files > > but mails from testvirus.org are not scannet. When in > MailScanner.conf i switch to sophos - scan is o.k. > > > > Peter > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > * Thawte Freemail Member > * Issuer: Thawte Consulting (Pty) Ltd. - Unverified > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Sat Jun 4 13:26:33 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:29:54 2006 Subject: sophossavi Message-ID: Running 4.43.2 on Solaris 9 with sophossavi (perl module for savi = 0.25). Sophos is detecting viruses, but not near as much as ClamAV. But I goofed in my adjustment of sophos-autoupdate yesterday, so I wasn't getting Sophos updates for a few hours. Jeff Earickson Colby College On Sat, 4 Jun 2005, Julian Field wrote: > Date: Sat, 4 Jun 2005 13:11:09 +0100 > From: Julian Field > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: sophossavi > > Can someone check this please? I can't get the SAVI module to install on my > RHEL systems. > > Peter, please can you do a "MailScanner -v" and post the output. > > Peter Zimen wrote: > >> * PGP Bad Signature, Signed by a unverified key >> Hello, >> after upgrade on 4-43.1 version sophossavi not scan for viruses. After >> start i see: >> >> SophosSAVI 3.94 (engine 2.30) recognizing 105215 viruses >> Jun 4 08:54:50 sandman MailScanner[395]: SophosSAVI using 75 IDE files >> >> but mails from testvirus.org are not scannet. When in MailScanner.conf i >> switch to sophos - scan is o.k. >> >> >> >> Peter >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> * Thawte Freemail Member >> * Issuer: Thawte Consulting (Pty) Ltd. - Unverified >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jun 4 13:32:38 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:54 2006 Subject: sophossavi Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have just tested this on SuSE 9.3 and it works fine. Try doing a test with eicar (www.eicar.org) and see if that gets detected. Also what does the maillog say about a scan where is misses a virus? Julian Field wrote: > Can someone check this please? I can't get the SAVI module to install > on my RHEL systems. > > Peter, please can you do a "MailScanner -v" and post the output. > > Peter Zimen wrote: > >> > Old Bad Signature, Signed by a unverified key >> Hello, >> after upgrade on 4-43.1 version sophossavi not scan for viruses. >> After start i see: >> >> SophosSAVI 3.94 (engine 2.30) recognizing 105215 viruses >> Jun 4 08:54:50 sandman MailScanner[395]: SophosSAVI using 75 IDE files >> >> but mails from testvirus.org are not scannet. When in >> MailScanner.conf i switch to sophos - scan is o.k. >> >> >> >> Peter >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> * Thawte Freemail Member >> * Issuer: Thawte Consulting (Pty) Ltd. - Unverified >> > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jun 4 13:35:39 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:54 2006 Subject: tag found in message j4UA2wNj002975 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] This is it just showing that it found a link in the message, which it will have to check for phishing attacks. It doesn't mean it will actually alter the message, just that it needs to look at it further. Check out the "notify senders" options. But do *NOT* switch on Notify Senders of Viruses as that will just spam people who didn't send you viruses, as all modern viruses fake the senders address, so that you cannot trace who really sent the message. BG Mahesh wrote: >hi > >I see the following type of messages in /var/log/maillog > > tag found in message j4UA2wNj002975 > >I found out about this when a friend's email was never reaching me. In that email his signature has a URL. What should I do to receive this email or atleast for MailScanner to bounce back the email to the sender warning him about the error > >-- >B.G. Mahesh >bg.mahesh@indiainfo.com >http://www.indiainfo.com/ > > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pz at CHRIST-NET.SK Sat Jun 4 13:59:52 2005 From: pz at CHRIST-NET.SK (Peter Zimen) Date: Thu Jan 12 21:29:54 2006 Subject: sophossavi Message-ID: This is Perl version 5.008006 (5.8.6) This is MailScanner version 4.43.2 Module versions are: 1.00 AnyDBM_File 1.14 Archive::Zip 1.03 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.16 File::Temp 1.29 HTML::Entities 3.45 HTML::Parser 2.30 HTML::TokeParser 1.21 IO 1.10 IO::File 1.123 IO::Pipe 1.50 Mail::Header 3.05 MIME::Base64 5.417 MIME::Decoder 5.417 MIME::Decoder::UU 5.417 MIME::Head 5.417 MIME::Parser 3.03 MIME::QuotedPrint 5.417 MIME::Tools 0.10 Net::CIDR 1.08 POSIX 1.77 Socket 0.05 Sys::Syslog 1.02 Time::localtime Optional module versions are: 1.810 DB_File 1.08 Digest 1.01 Digest::HMAC 2.33 Digest::MD5 2.10 Digest::SHA1 missing Inline missing Mail::ClamAV 3.000003 Mail::SpamAssassin missing Mail::SPF::Query missing Net::CIDR::Lite 0.49 Net::DNS missing Net::LDAP missing Parse::RecDescent 0.30 SAVI missing Sys::Hostname::Long 2.42 Test::Harness 0.47 Test::Simple 1.95 Text::Balanced missing URI --- S pozdravom Peter Zimen On 4.6.2005, at 14:11, Julian Field wrote: > Can someone check this please? I can't get the SAVI module to > install on my RHEL systems. > > Peter, please can you do a "MailScanner -v" and post the output. > > Peter Zimen wrote: > > >> * PGP Bad Signature, Signed by a unverified key >> Hello, >> after upgrade on 4-43.1 version sophossavi not scan for viruses. >> After start i see: >> >> SophosSAVI 3.94 (engine 2.30) recognizing 105215 viruses >> Jun 4 08:54:50 sandman MailScanner[395]: SophosSAVI using 75 IDE >> files >> >> but mails from testvirus.org are not scannet. When in >> MailScanner.conf i switch to sophos - scan is o.k. >> >> >> >> Peter >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> * Thawte Freemail Member >> * Issuer: Thawte Consulting (Pty) Ltd. - Unverified >> >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/PKCS7-SIGNATURE 3.2KB. ] [ Unable to print this part. ] From mailscanner at MCKERRS.NET Sat Jun 4 14:10:55 2005 From: mailscanner at MCKERRS.NET (Mailscanner) Date: Thu Jan 12 21:29:54 2006 Subject: bayes.lock files haunting me... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > Kevin Miller wrote: > >> Julian Field wrote: >> >> >>> Kevin Miller wrote: >>> >>> >>> >>>> Julian Field wrote: >>>> >>>> >>>> >>>> >>>>> Why are you rebuilding the Bayes db from MailScanner and from cron? >>>>> You should do either 1 or the other. I would recommend (of course) >>>>> doing it from MailScanner.conf, so just comment out your crontab >>>>> entry. >>>>> >>>>> >>>> >>>> Well, I was having the lock file troubles so I added the cron job >>>> yesterday to see if it would make any difference and forgot to turn >>>> it off in MailScanner. Senior moment I guess. I'll kill it and see >>>> how things go over the weekend. >>>> Should I leave the wait on? >>>> >>>> >>>> >>> >>> The wait only applies to MailScanner's rebuilds, it has no effect on >>> your cron job's operation. >>> >> >> >> Yeah, I understand that. If I kill the cron job, and leave the >> rebuild at >> 86400, should the wait be enabled? Default is no, but in this case what >> does wisdom dictate? >> >> > It depends a bit on the mail traffic through your site. If the rebuild > takes a long time, then you probably want to continue delivering while > it goes on (wait=no). If it only takes a minute or two, and your > server can catch up fairly quickly, you probably want to wait for it > to complete (wait=yes). > > I would go for wait=yes and change it if it causes a problem. > Otherwise spam will get through during the rebuild. > Hi Julian, on a related note, is the 'minute or two' rebuild process a CPU bound task ? I have a dual PII-450 machine and it takes 3 minutes plus to rebuild the database (I'd assume this is a single threaded task ?). Will this improve if I move my mail server to a P4 1.6ghz for example ? are you aware of any benchmarks for this spamassassin rebuild ? Cheers, Brian. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jun 4 14:35:25 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:54 2006 Subject: bayes.lock files haunting me... Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mailscanner wrote: > Julian Field wrote: > >> Kevin Miller wrote: >> >>> Julian Field wrote: >>> >>> >>>> Kevin Miller wrote: >>>> >>>> >>>> >>>>> Julian Field wrote: >>>>> >>>>> >>>>> >>>>> >>>>>> Why are you rebuilding the Bayes db from MailScanner and from cron? >>>>>> You should do either 1 or the other. I would recommend (of course) >>>>>> doing it from MailScanner.conf, so just comment out your crontab >>>>>> entry. >>>>>> >>>>>> >>>>> >>>>> >>>>> Well, I was having the lock file troubles so I added the cron job >>>>> yesterday to see if it would make any difference and forgot to turn >>>>> it off in MailScanner. Senior moment I guess. I'll kill it and see >>>>> how things go over the weekend. >>>>> Should I leave the wait on? >>>>> >>>>> >>>>> >>>> >>>> >>>> The wait only applies to MailScanner's rebuilds, it has no effect on >>>> your cron job's operation. >>>> >>> >>> >>> >>> Yeah, I understand that. If I kill the cron job, and leave the >>> rebuild at >>> 86400, should the wait be enabled? Default is no, but in this case >>> what >>> does wisdom dictate? >>> >>> >> It depends a bit on the mail traffic through your site. If the >> rebuild takes a long time, then you probably want to continue >> delivering while it goes on (wait=no). If it only takes a minute or >> two, and your server can catch up fairly quickly, you probably want >> to wait for it to complete (wait=yes). >> >> I would go for wait=yes and change it if it causes a problem. >> Otherwise spam will get through during the rebuild. >> > Hi Julian, > > on a related note, is the 'minute or two' rebuild process a CPU bound > task ? I have a dual PII-450 machine and it takes 3 minutes plus to > rebuild the database (I'd assume this is a single threaded task ?). > Will this improve if I move my mail server to a P4 1.6ghz for example > ? are you aware of any benchmarks for this spamassassin rebuild ? Yes, I think it is quite heavy on CPU. Haven't seen any benchmarks of this at all, sorry. A 1.6Ghz box should definitely do it a lot faster than a P2/450 box. The second CPU won't help you though, it's a single-threaded program. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQqGuJhH2WUcUFbZUEQKncwCgmddlHksn+rTgnx86fGev7eElmMMAn1nX AwSpmwAYVORYzciXkYCKcVOc =EmOY -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at MCKERRS.NET Sat Jun 4 14:49:57 2005 From: mailscanner at MCKERRS.NET (Mailscanner) Date: Thu Jan 12 21:29:54 2006 Subject: bayes.lock files haunting me... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >Mailscanner wrote: > > > >>Julian Field wrote: >> >> >> >>>Kevin Miller wrote: >>> >>> >>> >>>>Julian Field wrote: >>>> >>>> >>>> >>>> >>>>>Kevin Miller wrote: >>>>> >>>>> >>>>> >>>>> >>>>> >>>>>>Julian Field wrote: >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>>Why are you rebuilding the Bayes db from MailScanner and from cron? >>>>>>>You should do either 1 or the other. I would recommend (of course) >>>>>>>doing it from MailScanner.conf, so just comment out your crontab >>>>>>>entry. >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>Well, I was having the lock file troubles so I added the cron job >>>>>>yesterday to see if it would make any difference and forgot to turn >>>>>>it off in MailScanner. Senior moment I guess. I'll kill it and see >>>>>>how things go over the weekend. >>>>>>Should I leave the wait on? >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>The wait only applies to MailScanner's rebuilds, it has no effect on >>>>>your cron job's operation. >>>>> >>>>> >>>>> >>>> >>>>Yeah, I understand that. If I kill the cron job, and leave the >>>>rebuild at >>>>86400, should the wait be enabled? Default is no, but in this case >>>>what >>>>does wisdom dictate? >>>> >>>> >>>> >>>> >>>It depends a bit on the mail traffic through your site. If the >>>rebuild takes a long time, then you probably want to continue >>>delivering while it goes on (wait=no). If it only takes a minute or >>>two, and your server can catch up fairly quickly, you probably want >>>to wait for it to complete (wait=yes). >>> >>>I would go for wait=yes and change it if it causes a problem. >>>Otherwise spam will get through during the rebuild. >>> >>> >>> >>Hi Julian, >> >>on a related note, is the 'minute or two' rebuild process a CPU bound >>task ? I have a dual PII-450 machine and it takes 3 minutes plus to >>rebuild the database (I'd assume this is a single threaded task ?). >>Will this improve if I move my mail server to a P4 1.6ghz for example >>? are you aware of any benchmarks for this spamassassin rebuild ? >> >> > >Yes, I think it is quite heavy on CPU. Haven't seen any benchmarks of >this at all, sorry. A 1.6Ghz box should definitely do it a lot faster >than a P2/450 box. The second CPU won't help you though, it's a >single-threaded program. > >- -- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > >-----BEGIN PGP SIGNATURE----- >Version: PGP Desktop 9.0.1 (Build 2185) > >iQA/AwUBQqGuJhH2WUcUFbZUEQKncwCgmddlHksn+rTgnx86fGev7eElmMMAn1nX >AwSpmwAYVORYzciXkYCKcVOc >=EmOY >-----END PGP SIGNATURE----- > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > Thanks Julian, this thread has been very useful for me as I was previously running my own cron job to rebuild the database. Much neater to have MS do it for me and much easier for my migration as I wont have to remember that particular cron entry. Cheers, Brian. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rakesh at NETCORE.CO.IN Sat Jun 4 14:56:30 2005 From: rakesh at NETCORE.CO.IN (Rakesh) Date: Thu Jan 12 21:29:54 2006 Subject: SA userprefs stored in SQL Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jonathan Higgins wrote: >I looked through the customconfig, and found the section talking about >white/black lists per domain.... which is not what im looking for. > >global storage of user preferences. thats what I need. Spamassassin >provides it only in thier client server configuration. I want to continue >to use spamassassin the way that MailScanner wants to. > >anyone else out there doing this?.. are you running spamd/spamc? and so on.. > > > > Unfortunately its not possible to use userwise prefs in Mysql for SA (I realised this recently) if you are using MailScanner. SA needs to switch user its is running as to load the prefs of the user from SQL, but incase of MailScanner SA is always invoked as the user which is running the MailScanner processes, also since MailScanner processes mails in batches and compiles (i.e. loads rulesets and other params) SA modules once per batch its not possible to switch user and invoke SA from within MailScanner. One time compilation of SA (per batch) in MailScanner makes anti-spam checks more efficient. Things would become worse if MailScanner had to compile SA per message. -- Regards, Rakesh B. Pal Netcore Solutions Pvt. Ltd. ======================================================== Success is how high you reach after you hit the bottom. ======================================================== ---------------------------------------------------------- Netcore Solutions Pvt. Ltd. Website: http://www.netcore.co.in Spamtraps: http://cleanmail.netcore.co.in/directory.html ---------------------------------------------------------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jun 4 15:15:47 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:54 2006 Subject: SA userprefs stored in SQL Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rakesh wrote: > Jonathan Higgins wrote: > >> I looked through the customconfig, and found the section talking about >> white/black lists per domain.... which is not what im looking for. >> >> global storage of user preferences. thats what I need. Spamassassin >> provides it only in thier client server configuration. I want to >> continue >> to use spamassassin the way that MailScanner wants to. >> >> anyone else out there doing this?.. are you running spamd/spamc? and >> so on.. >> >> >> >> > Unfortunately its not possible to use userwise prefs in Mysql for SA > (I realised this recently) if you are using MailScanner. SA needs to > switch user its is running as to load the prefs of the user from SQL, > but incase of MailScanner SA is always invoked as the user which is > running the MailScanner processes, also since MailScanner processes > mails in batches and compiles (i.e. loads rulesets and other params) > SA modules once per batch its not possible to switch user and invoke > SA from within MailScanner. One time compilation of SA (per batch) in > MailScanner makes anti-spam checks more efficient. Things would become > worse if MailScanner had to compile SA per message. It doesn't even load rulesets and SA modules once per batch (though it has to do that for MCP). It loads the rulesets and SA modules once every restart (by default every 4 hours, see "Restart Every") so that it is as fast as I can make it. If you have to compile SA for every message, things get really slow. The same sort of lack of speed that most of my competitors have. :-) - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQqG3lBH2WUcUFbZUEQJyqgCgwiZtcHs19FWs7uakK0i362VDXtYAn1tJ ugBPVuZUcYvkjcgVzfZOQvLG =xCpI -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rakesh at NETCORE.CO.IN Sat Jun 4 15:18:09 2005 From: rakesh at NETCORE.CO.IN (Rakesh) Date: Thu Jan 12 21:29:54 2006 Subject: System load is very high because of MailScanner Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] BG Mahesh wrote: >>># As a rough guide, try 5 children per CPU. But read the notes above. >>>Max Children = 5 >>> >>>I guess I have to change it to 10 and see how things work as we >>>have a dual processor >>> >>> >>You can try it out, it might help or not though, depending on many >>factors. As other said, the message delay is the only factor that's >>always a good indication. >> >>Is this a dedicated MailScanner machine? >> >> >> > >Yes..the system is used as our mailserver. No other development work etc goes on this machine. It process mail and just mail > > > I have recently faced a similar problem especially during the sober and mytob outbreak, Servers were slow in processing the mails, I receive about 2 lac of mails per day on individual servers and the mail hit rate on the servers were high than the processing rate and usually at a given point of time there used to be 1 K of mails waiting in the queue to be processed by MailScanner. Here is what I did to optimise my setup and thought this might help you. Reduced the number of Max Children to 5 from 10 (Although I have dual Xeon and 2 gigs of RAM) Kept a decent batch size not too high and not too low : 20 from vmstat and iostat outputs I found tht IO was a prob for me so I mounted /tmp (area where SA and clamav decomposes mail ) on tmpfs. Many would say tht its a bad idea to put /tmp on tmpfs as chances are there tht it might grow up and hog up all the memory so I put a size cap on it using -size option in mount and did some tests on dummy machines to ensure tht its not spilling over the specified limit and since this server is just an Anti-Spam/Anti-Virus gateway it was easy for me to ensure tht no other apps create their dummy files in /tmp. This has reduced the disk IO on the system and increased the processing to some extent. Now its usually 50 mails at a given time waiting in the queue to be processed by MS, while the mail hit rate remains the same. -- Regards, Rakesh B. Pal Netcore Solutions Pvt. Ltd. ======================================================== Success is how high you reach after you hit the bottom. ======================================================== ---------------------------------------------------------- Netcore Solutions Pvt. Ltd. Website: http://www.netcore.co.in Spamtraps: http://cleanmail.netcore.co.in/directory.html ---------------------------------------------------------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rakesh at NETCORE.CO.IN Sat Jun 4 15:30:38 2005 From: rakesh at NETCORE.CO.IN (Rakesh) Date: Thu Jan 12 21:29:54 2006 Subject: Release a quarantined file (postfix) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rabie van der Merwe wrote: >Hi Ed, > >I also had issues with releasing mail, here is what I did and posted to the >group: > >Regards >Rabie > >PS This should release anything. > >----snip---- >Thanx too all, it works, herewith all the changes that where required for >MailScanner 4.39. Also to make this more foolproof, one could add a 'AND >From: quarantine@mydomain.com' to the 'From: 127.0.0.1' (or whatever the >email address is of the sender of the quarantine proccess and should do this >if you have users on the local box who send mail. >Changes to MailScanner.conf: >Virus Scanning = %rules-dir%/virus.scan.rules Dangerous Content Scanning = >%rules-dir%/dangerous.content.scan.rules >Filename Rules = %rules-dir%/filename.rules Filetype Rules = >%rules-dir%/filetype.rules Spam Checks = %rules-dir%/spam.check.rules > >Files: >virus.scan.rules: >From: 127.0.0.1 no >FromOrTo: default yes > >dangerous.content.scan.rules: >From: 127.0.0.1 no >FromOrTo: default yes > >spam.check.rules >From: 127.0.0.1 no >FromOrTo: default yes > >filename.rules >From: 127.0.0.1 /etc/MailScanner/filename.rules.allowall.conf >FromOrTo: default /etc/MailScanner/filename.rules.conf > >filetype.rules: >From: 127.0.0.1 /etc/MailScanner/filetype.rules.allowall.conf >FromOrTo: default /etc/MailScanner/filetype.rules.conf > >filename.rules.allowall.conf: >allow .* - - > >filetype.rules.allowall.conf: >allow .* - - > >Regards >Rabie >----snip---- > > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf >Of Ed Bruce >Sent: 26 May 2005 17:52 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Release a quarantined file (postfix) > >I tried this and the email was just quarantined again for the same reason. >So this doesn't release the email from quarantine. I'll try the save message >as a Queue Files option and see if the other option works to bypass >MailScanner. > >Martin Hepworth wrote: > > > >>Kenneth >> >>Assuming Postfix still pretends to be sendmail try >> >>sendmail -ti < message >> >>-- >>Martin Hepworth >>Snr Systems Administrator >>Solid State Logic >>Tel: +44 (0)1865 842300 >> >> >>Kenneth Kalmer wrote: >> >> >> Reprocessing of the mail happens if you release it from quarantine because the mail goes back to hold as it gets processed by cleanup (assuming tht ur using postfix) . In postfix it usually follows a path something like this Internet -> SMTPD -> cleanup --> HOLD Queue When a mail is released from quarantine using the sendmail command it follows like this Sendmail command invokation --> pickup --> cleanup --> HOLD Queue So instead of writing so many rulesets to allow all the mails from the the local machine its easier if u put override options for pickup in your master.cf pickup fifo n - n 60 1 pickup -o receive_override_options=no_header_body_checks This will cause all those mails queued due to pickup not to go on hold, so the mails wont un-necessarily go in for MailScanner processing. Also with this setup the notifications tht MailScanner generates will not go into HOLD queue as well and will save MailScanner from doing some un-necessary stuff. -- Regards, Rakesh B. Pal Netcore Solutions Pvt. Ltd. ======================================================== Success is how high you reach after you hit the bottom. ======================================================== ---------------------------------------------------------- Netcore Solutions Pvt. Ltd. Website: http://www.netcore.co.in Spamtraps: http://cleanmail.netcore.co.in/directory.html ---------------------------------------------------------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Sat Jun 4 15:54:41 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:29:54 2006 Subject: Release a quarantined file (postfix) Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Rakesh > Sent: Saturday, June 04, 2005 10:31 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Release a quarantined file (postfix) > > Rabie van der Merwe wrote: > > >Hi Ed, > > > >I also had issues with releasing mail, here is what I did and posted to > the > >group: > > > >Regards > >Rabie > > > >PS This should release anything. > > > >----snip---- > >Thanx too all, it works, herewith all the changes that where required for > >MailScanner 4.39. Also to make this more foolproof, one could add a 'AND > >From: quarantine@mydomain.com' to the 'From: 127.0.0.1' (or whatever the > >email address is of the sender of the quarantine proccess and should do > this > >if you have users on the local box who send mail. > >Changes to MailScanner.conf: > >Virus Scanning = %rules-dir%/virus.scan.rules Dangerous Content Scanning > = > >%rules-dir%/dangerous.content.scan.rules > >Filename Rules = %rules-dir%/filename.rules Filetype Rules = > >%rules-dir%/filetype.rules Spam Checks = %rules-dir%/spam.check.rules > > > >Files: > >virus.scan.rules: > >From: 127.0.0.1 no > >FromOrTo: default yes > > > >dangerous.content.scan.rules: > >From: 127.0.0.1 no > >FromOrTo: default yes > > > >spam.check.rules > >From: 127.0.0.1 no > >FromOrTo: default yes > > > >filename.rules > >From: 127.0.0.1 /etc/MailScanner/filename.rules.allowall.conf > >FromOrTo: default /etc/MailScanner/filename.rules.conf > > > >filetype.rules: > >From: 127.0.0.1 /etc/MailScanner/filetype.rules.allowall.conf > >FromOrTo: default /etc/MailScanner/filetype.rules.conf > > > >filename.rules.allowall.conf: > >allow .* - - > > > >filetype.rules.allowall.conf: > >allow .* - - > > > >Regards > >Rabie > >----snip---- > > > > > >-----Original Message----- > >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf > >Of Ed Bruce > >Sent: 26 May 2005 17:52 PM > >To: MAILSCANNER@JISCMAIL.AC.UK > >Subject: Re: Release a quarantined file (postfix) > > > >I tried this and the email was just quarantined again for the same > reason. > >So this doesn't release the email from quarantine. I'll try the save > message > >as a Queue Files option and see if the other option works to bypass > >MailScanner. > > > >Martin Hepworth wrote: > > > > > > > >>Kenneth > >> > >>Assuming Postfix still pretends to be sendmail try > >> > >>sendmail -ti < message > >> > >>-- > >>Martin Hepworth > >>Snr Systems Administrator > >>Solid State Logic > >>Tel: +44 (0)1865 842300 > >> > >> > >>Kenneth Kalmer wrote: > >> > >> > >> > Reprocessing of the mail happens if you release it from quarantine > because the mail goes back to hold as it gets processed by cleanup > (assuming tht ur using postfix) . In postfix it usually follows a path > something like this > > Internet -> SMTPD -> cleanup --> HOLD Queue > > When a mail is released from quarantine using the sendmail command it > follows like this > > Sendmail command invokation --> pickup --> cleanup --> HOLD Queue > > So instead of writing so many rulesets to allow all the mails from the > the local machine its easier if u put override options for pickup in > your master.cf > > pickup fifo n - n 60 1 pickup > -o receive_override_options=no_header_body_checks > > This will cause all those mails queued due to pickup not to go on hold, > so the mails wont un-necessarily go in for MailScanner processing. Also > with this setup the notifications tht MailScanner generates will not go > into HOLD queue as well and will save MailScanner from doing some > un-necessary stuff. > > -- > Regards, > Rakesh B. Pal > Netcore Solutions Pvt. Ltd. > I think dropping quarantined messages directly in the outbound queue will really release everything - even viruses. While it's more cumbersome, the advantage of setting up rulesets to allow skipping of certain checks for 127.0.0.1 is that you can always force virus checks :) Steve Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rakesh at NETCORE.CO.IN Sat Jun 4 15:59:58 2005 From: rakesh at NETCORE.CO.IN (Rakesh) Date: Thu Jan 12 21:29:54 2006 Subject: Release a quarantined file (postfix) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Stephen Swaney wrote: >>Reprocessing of the mail happens if you release it from quarantine >>because the mail goes back to hold as it gets processed by cleanup >>(assuming tht ur using postfix) . In postfix it usually follows a path >>something like this >> >>Internet -> SMTPD -> cleanup --> HOLD Queue >> >>When a mail is released from quarantine using the sendmail command it >>follows like this >> >>Sendmail command invokation --> pickup --> cleanup --> HOLD Queue >> >>So instead of writing so many rulesets to allow all the mails from the >>the local machine its easier if u put override options for pickup in >>your master.cf >> >>pickup fifo n - n 60 1 pickup >> -o receive_override_options=no_header_body_checks >> >>This will cause all those mails queued due to pickup not to go on hold, >>so the mails wont un-necessarily go in for MailScanner processing. Also >>with this setup the notifications tht MailScanner generates will not go >>into HOLD queue as well and will save MailScanner from doing some >>un-necessary stuff. >> >> >> >I think dropping quarantined messages directly in the outbound queue will >really release everything - even viruses. > >While it's more cumbersome, the advantage of setting up rulesets to allow >skipping of certain checks for 127.0.0.1 is that you can always force virus >checks :) > >Steve > > > Right Agreed on that, but our dear friend Julian has kept an option in MailScanner.conf "Keep Spam And MCP Archive Clean" turning it on will ensure that we don't quarantine Virus Mails in the first process itself :-) -- Regards, Rakesh B. Pal Netcore Solutions Pvt. Ltd. ======================================================== Success is how high you reach after you hit the bottom. ======================================================== ---------------------------------------------------------- Netcore Solutions Pvt. Ltd. Website: http://www.netcore.co.in Spamtraps: http://cleanmail.netcore.co.in/directory.html ---------------------------------------------------------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Sat Jun 4 16:14:12 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:29:54 2006 Subject: Release a quarantined file (postfix) Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Rakesh > Sent: Saturday, June 04, 2005 11:00 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Release a quarantined file (postfix) > > Stephen Swaney wrote: > > >>Reprocessing of the mail happens if you release it from quarantine > >>because the mail goes back to hold as it gets processed by cleanup > >>(assuming tht ur using postfix) . In postfix it usually follows a path > >>something like this > >> > >>Internet -> SMTPD -> cleanup --> HOLD Queue > >> > >>When a mail is released from quarantine using the sendmail command it > >>follows like this > >> > >>Sendmail command invokation --> pickup --> cleanup --> HOLD Queue > >> > >>So instead of writing so many rulesets to allow all the mails from the > >>the local machine its easier if u put override options for pickup in > >>your master.cf > >> > >>pickup fifo n - n 60 1 pickup > >> -o receive_override_options=no_header_body_checks > >> > >>This will cause all those mails queued due to pickup not to go on hold, > >>so the mails wont un-necessarily go in for MailScanner processing. Also > >>with this setup the notifications tht MailScanner generates will not go > >>into HOLD queue as well and will save MailScanner from doing some > >>un-necessary stuff. > >> > >> > >> > >I think dropping quarantined messages directly in the outbound queue will > >really release everything - even viruses. > > > >While it's more cumbersome, the advantage of setting up rulesets to allow > >skipping of certain checks for 127.0.0.1 is that you can always force > virus > >checks :) > > > >Steve > > > > > > > Right Agreed on that, but our dear friend Julian has kept an option in > MailScanner.conf > > "Keep Spam And MCP Archive Clean" > > turning it on will ensure that we don't quarantine Virus Mails in the > first process itself :-) > > -- > Regards, > Rakesh B. Pal > Netcore Solutions Pvt. Ltd. Absolutely correct but "Keep Spam And MCP Archive Clean": # . . . is set to no by default as it causes a small hit in performance, and # many people don't allow users to access the spam quarantine, so don't # need it. Make sure you set this to yes if you or users are dropping mail directly in the outbound queue :) Steve Steve Swaney President Fort Systems Ltd. www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jun 4 16:17:34 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:54 2006 Subject: sophossavi Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have just tested this on a CentOS (RHEL clone) system, and it works fine. Something is definitely wrong with your setup. That helps me, though it doesn't help you :-( Incidentally, from your output below, you need to install my combined ClamAV and SA package, as you are missing some of the optional modules for SpamAssassin. Peter Zimen wrote: > * PGP Bad Signature, Signed by a unverified key > This is Perl version 5.008006 (5.8.6) > > This is MailScanner version 4.43.2 > Module versions are: > 1.00 AnyDBM_File > 1.14 Archive::Zip > 1.03 Carp > 1.119 Convert::BinHex > 1.00 DirHandle > 1.05 Fcntl > 2.73 File::Basename > 2.08 File::Copy > 2.01 FileHandle > 1.06 File::Path > 0.16 File::Temp > 1.29 HTML::Entities > 3.45 HTML::Parser > 2.30 HTML::TokeParser > 1.21 IO > 1.10 IO::File > 1.123 IO::Pipe > 1.50 Mail::Header > 3.05 MIME::Base64 > 5.417 MIME::Decoder > 5.417 MIME::Decoder::UU > 5.417 MIME::Head > 5.417 MIME::Parser > 3.03 MIME::QuotedPrint > 5.417 MIME::Tools > 0.10 Net::CIDR > 1.08 POSIX > 1.77 Socket > 0.05 Sys::Syslog > 1.02 Time::localtime > > Optional module versions are: > 1.810 DB_File > 1.08 Digest > 1.01 Digest::HMAC > 2.33 Digest::MD5 > 2.10 Digest::SHA1 > missing Inline > missing Mail::ClamAV > 3.000003 Mail::SpamAssassin > missing Mail::SPF::Query > missing Net::CIDR::Lite > 0.49 Net::DNS > missing Net::LDAP > missing Parse::RecDescent > 0.30 SAVI > missing Sys::Hostname::Long > 2.42 Test::Harness > 0.47 Test::Simple > 1.95 Text::Balanced > missing URI > > > --- > > S pozdravom > > Peter Zimen > > On 4.6.2005, at 14:11, Julian Field wrote: > >> Can someone check this please? I can't get the SAVI module to >> install on my RHEL systems. >> >> Peter, please can you do a "MailScanner -v" and post the output. >> >> Peter Zimen wrote: >> >> >>> > Old Bad Signature, Signed by a unverified key >>> Hello, >>> after upgrade on 4-43.1 version sophossavi not scan for viruses. >>> After start i see: >>> >>> SophosSAVI 3.94 (engine 2.30) recognizing 105215 viruses >>> Jun 4 08:54:50 sandman MailScanner[395]: SophosSAVI using 75 IDE >>> files >>> >>> but mails from testvirus.org are not scannet. When in >>> MailScanner.conf i switch to sophos - scan is o.k. >>> >>> >>> >>> Peter >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> * Thawte Freemail Member >>> * Issuer: Thawte Consulting (Pty) Ltd. - Unverified >>> >>> >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > * Thawte Freemail Member > * Issuer: Thawte Consulting (Pty) Ltd. - Unverified > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQqHGDxH2WUcUFbZUEQITjACdGtE/Ul1Ikx+ZQKFPW9WJCxUtH0kAoLVB hDiu3Bi9n/W1tsZkKYa6r+AQ =urhR -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jun 4 16:18:35 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:54 2006 Subject: Release a quarantined file (postfix) Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rakesh wrote: > Stephen Swaney wrote: > >>> Reprocessing of the mail happens if you release it from quarantine >>> because the mail goes back to hold as it gets processed by cleanup >>> (assuming tht ur using postfix) . In postfix it usually follows a path >>> something like this >>> >>> Internet -> SMTPD -> cleanup --> HOLD Queue >>> >>> When a mail is released from quarantine using the sendmail command it >>> follows like this >>> >>> Sendmail command invokation --> pickup --> cleanup --> HOLD Queue >>> >>> So instead of writing so many rulesets to allow all the mails from the >>> the local machine its easier if u put override options for pickup in >>> your master.cf >>> >>> pickup fifo n - n 60 1 pickup >>> -o receive_override_options=no_header_body_checks >>> >>> This will cause all those mails queued due to pickup not to go on hold, >>> so the mails wont un-necessarily go in for MailScanner processing. Also >>> with this setup the notifications tht MailScanner generates will not go >>> into HOLD queue as well and will save MailScanner from doing some >>> un-necessary stuff. >>> >>> >> >> I think dropping quarantined messages directly in the outbound queue >> will >> really release everything - even viruses. >> >> While it's more cumbersome, the advantage of setting up rulesets to >> allow >> skipping of certain checks for 127.0.0.1 is that you can always force >> virus >> checks :) >> >> Steve >> >> >> > Right Agreed on that, but our dear friend Julian has kept an option in > MailScanner.conf > > "Keep Spam And MCP Archive Clean" > > turning it on will ensure that we don't quarantine Virus Mails in the > first process itself :-) > You cannot guarantee that this option will be switched on. It does have an overhead (all spam has to be virus-scanned, which will double your virus scanning load). - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQqHGTBH2WUcUFbZUEQLl7gCeJwAhjtWdRWEzpIYNom1GEH8T10IAnitb FVQJyKJsvGP2AH80AnL9ipTF =ebDb -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jun 4 16:46:06 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:54 2006 Subject: sophossavi Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Can you tell me what your maillog says around the missed virus? Also, try running an infected batch through MailScanner with it in Debug mode, and tell me if it says anything unlikely. (Ignore EOCD signature fails, they are just zip file scans that didn't find a zip file). Julian Field wrote: > * PGP Signed: 06/04/05 at 16:17:35 > > I have just tested this on a CentOS (RHEL clone) system, and it works > fine. Something is definitely wrong with your setup. That helps me, > though it doesn't help you :-( > > Incidentally, from your output below, you need to install my combined > ClamAV and SA package, as you are missing some of the optional modules > for SpamAssassin. > > Peter Zimen wrote: > >> > Old Bad Signature, Signed by a unverified key >> This is Perl version 5.008006 (5.8.6) >> >> This is MailScanner version 4.43.2 >> Module versions are: >> 1.00 AnyDBM_File >> 1.14 Archive::Zip >> 1.03 Carp >> 1.119 Convert::BinHex >> 1.00 DirHandle >> 1.05 Fcntl >> 2.73 File::Basename >> 2.08 File::Copy >> 2.01 FileHandle >> 1.06 File::Path >> 0.16 File::Temp >> 1.29 HTML::Entities >> 3.45 HTML::Parser >> 2.30 HTML::TokeParser >> 1.21 IO >> 1.10 IO::File >> 1.123 IO::Pipe >> 1.50 Mail::Header >> 3.05 MIME::Base64 >> 5.417 MIME::Decoder >> 5.417 MIME::Decoder::UU >> 5.417 MIME::Head >> 5.417 MIME::Parser >> 3.03 MIME::QuotedPrint >> 5.417 MIME::Tools >> 0.10 Net::CIDR >> 1.08 POSIX >> 1.77 Socket >> 0.05 Sys::Syslog >> 1.02 Time::localtime >> >> Optional module versions are: >> 1.810 DB_File >> 1.08 Digest >> 1.01 Digest::HMAC >> 2.33 Digest::MD5 >> 2.10 Digest::SHA1 >> missing Inline >> missing Mail::ClamAV >> 3.000003 Mail::SpamAssassin >> missing Mail::SPF::Query >> missing Net::CIDR::Lite >> 0.49 Net::DNS >> missing Net::LDAP >> missing Parse::RecDescent >> 0.30 SAVI >> missing Sys::Hostname::Long >> 2.42 Test::Harness >> 0.47 Test::Simple >> 1.95 Text::Balanced >> missing URI >> >> >> --- >> >> S pozdravom >> >> Peter Zimen >> >> On 4.6.2005, at 14:11, Julian Field wrote: >> >>> Can someone check this please? I can't get the SAVI module to >>> install on my RHEL systems. >>> >>> Peter, please can you do a "MailScanner -v" and post the output. >>> >>> Peter Zimen wrote: >>> >>> >>>> > Old Bad Signature, Signed by a unverified key >>>> Hello, >>>> after upgrade on 4-43.1 version sophossavi not scan for viruses. >>>> After start i see: >>>> >>>> SophosSAVI 3.94 (engine 2.30) recognizing 105215 viruses >>>> Jun 4 08:54:50 sandman MailScanner[395]: SophosSAVI using 75 IDE >>>> files >>>> >>>> but mails from testvirus.org are not scannet. When in >>>> MailScanner.conf i switch to sophos - scan is o.k. >>>> >>>> >>>> >>>> Peter >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>>> * Thawte Freemail Member >>>> * Issuer: Thawte Consulting (Pty) Ltd. - Unverified >>>> >>>> >>> >>> -- >>> Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> Professional Support Services at www.MailScanner.biz >>> MailScanner thanks transtec Computers for their support >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> * Thawte Freemail Member >> * Issuer: Thawte Consulting (Pty) Ltd. - Unverified >> > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQqHMvxH2WUcUFbZUEQItEgCgsCkDo8TCX3CRI2U2FjyDItvnkO0An24V Tmuejl4lE8l8dowIcTSNHBXr =2SSv -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jun 4 19:01:33 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:54 2006 Subject: Generic spam plug-in Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 If I write you folks a generic way of adding in a spam-processing plugin, how would you like it to work? A command-line or a function call? How do you want the envelope data? (client ip, sender, recipients) Returns a spam yes/no flag, or a score to add to SpamAssassin? Or a yes/no flag with a configurable score in MailScanner.conf? How do you actually want this interface to work? P.S. Do my PGP-signed list postings look okay? - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQqHsfhH2WUcUFbZUEQKwFQCfWsqhGU1ygJCbIpArZKL7ZcugOVYAn3RC dMdSQsxMGcrL51Ei8fikXSaM =a9hr -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Sat Jun 4 20:09:43 2005 From: michele at BLACKNIGHT.IE (Michele Neylon:: Blacknight) Date: Thu Jan 12 21:29:54 2006 Subject: Generic spam plug-in Message-ID: Julian Field wrote: > P.S. Do my PGP-signed list postings look okay? > Thunderbird says it is partially signed ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at ZANKER.ORG Sat Jun 4 20:13:23 2005 From: mike at ZANKER.ORG (Mike Zanker) Date: Thu Jan 12 21:29:54 2006 Subject: Generic spam plug-in Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 4/6/05 20:09, Michele Neylon:: Blacknight wrote: > Julian Field wrote: > > P.S. Do my PGP-signed list postings look okay? > > Thunderbird says it is partially signed That's because JISCMail adds its own signature. The signed part verifies correctly. Mike. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jun 4 20:32:59 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:54 2006 Subject: Generic spam plug-in Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Possibly just because it is a key you don't trust or know about? Sync it with keyserver.pgp.com and you should pick up a whole shed load of email addresses for it. Michele Neylon:: Blacknight wrote: >Julian Field wrote: > > P.S. Do my PGP-signed list postings look okay? > > >Thunderbird says it is partially signed > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQqIB7BH2WUcUFbZUEQJ1YgCgvCYv0zDAGhPSUwfNzkHQk70jNg0AoNKk ym1IPV8JnrVzJ142h1YY6jp1 =CNOB -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jun 4 20:33:32 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:54 2006 Subject: Generic spam plug-in Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mike Zanker wrote: >On 4/6/05 20:09, Michele Neylon:: Blacknight wrote: > > > >>Julian Field wrote: >> > P.S. Do my PGP-signed list postings look okay? >> >>Thunderbird says it is partially signed >> >> > >That's because JISCMail adds its own signature. The signed part verifies >correctly. > Cool. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQqICDRH2WUcUFbZUEQLQ3gCgjwrMSpaDFBTZ7AiQrjyF+EMJulIAn1or NYciv8AHnZEbsTLwLXNZ6gh6 =Kb3J -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Sat Jun 4 21:03:23 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:29:54 2006 Subject: Generic spam plug-in Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > If I write you folks a generic way of adding in a spam-processing > plugin, how would you like it to work? > A command-line or a function call? > How do you want the envelope data? (client ip, sender, recipients) > > Returns a spam yes/no flag, or a score to add to SpamAssassin? > Or a yes/no flag with a configurable score in MailScanner.conf? > > How do you actually want this interface to work? > Command lines sound easier compared to functions for a non-programmer like me. My opinion (which mostly doesn't count) being that since most 3rd party engines would either use a yes/no combination OR a number OR a %age, the generic plugin ought to use a generic input method. Though that could complicate matters and code exponentially. Situation one (as already proposed by Julian) ============= The 3rd party engine outputs SPAM / NOTSPAM, in which case use the following flags a. NO (surely not spam) b. YES (surely spam) c. SKIPPED (if no output is found) Situation two ============= The 3rd party engine outputs a %age or a number (say -100 to +100) then the input filter will watch for a number and based on that give the following flag a. NO (surely not spam) b. MOSTLY_NO (mostly not spam) c. MOSTLY_YES (probably spam) d. YES (surely spam) e. SKIPPED (if no number is found) Flag Action: (again as recommended by Julian) The above flags NO,(MOSTLY_NO),(MOSTLY_YES),YES,SKIPPED with a configurable score in MailScanner.conf seem most flexible to me. regards, - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pz at CHRIST-NET.SK Sat Jun 4 22:23:19 2005 From: pz at CHRIST-NET.SK (Peter Zimen) Date: Thu Jan 12 21:29:54 2006 Subject: sophossavi Message-ID: Nothing. Virus scanning and mail was delivered as normal clean email. --- S pozdravom Peter Zimen On 4.6.2005, at 17:46, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Can you tell me what your maillog says around the missed virus? > > Also, try running an infected batch through MailScanner with it in > Debug > mode, and tell me if it says anything unlikely. (Ignore EOCD signature > fails, they are just zip file scans that didn't find a zip file). > > Julian Field wrote: > > >> * PGP Signed: 06/04/05 at 16:17:35 >> >> I have just tested this on a CentOS (RHEL clone) system, and it works >> fine. Something is definitely wrong with your setup. That helps me, >> though it doesn't help you :-( >> >> Incidentally, from your output below, you need to install my combined >> ClamAV and SA package, as you are missing some of the optional >> modules >> for SpamAssassin. >> >> Peter Zimen wrote: >> >> >>>> Old Bad Signature, Signed by a unverified key >>>> >>> This is Perl version 5.008006 (5.8.6) >>> >>> This is MailScanner version 4.43.2 >>> Module versions are: >>> 1.00 AnyDBM_File >>> 1.14 Archive::Zip >>> 1.03 Carp >>> 1.119 Convert::BinHex >>> 1.00 DirHandle >>> 1.05 Fcntl >>> 2.73 File::Basename >>> 2.08 File::Copy >>> 2.01 FileHandle >>> 1.06 File::Path >>> 0.16 File::Temp >>> 1.29 HTML::Entities >>> 3.45 HTML::Parser >>> 2.30 HTML::TokeParser >>> 1.21 IO >>> 1.10 IO::File >>> 1.123 IO::Pipe >>> 1.50 Mail::Header >>> 3.05 MIME::Base64 >>> 5.417 MIME::Decoder >>> 5.417 MIME::Decoder::UU >>> 5.417 MIME::Head >>> 5.417 MIME::Parser >>> 3.03 MIME::QuotedPrint >>> 5.417 MIME::Tools >>> 0.10 Net::CIDR >>> 1.08 POSIX >>> 1.77 Socket >>> 0.05 Sys::Syslog >>> 1.02 Time::localtime >>> >>> Optional module versions are: >>> 1.810 DB_File >>> 1.08 Digest >>> 1.01 Digest::HMAC >>> 2.33 Digest::MD5 >>> 2.10 Digest::SHA1 >>> missing Inline >>> missing Mail::ClamAV >>> 3.000003 Mail::SpamAssassin >>> missing Mail::SPF::Query >>> missing Net::CIDR::Lite >>> 0.49 Net::DNS >>> missing Net::LDAP >>> missing Parse::RecDescent >>> 0.30 SAVI >>> missing Sys::Hostname::Long >>> 2.42 Test::Harness >>> 0.47 Test::Simple >>> 1.95 Text::Balanced >>> missing URI >>> >>> >>> --- >>> >>> S pozdravom >>> >>> Peter Zimen >>> >>> On 4.6.2005, at 14:11, Julian Field wrote: >>> >>> >>>> Can someone check this please? I can't get the SAVI module to >>>> install on my RHEL systems. >>>> >>>> Peter, please can you do a "MailScanner -v" and post the output. >>>> >>>> Peter Zimen wrote: >>>> >>>> >>>> >>>>>> Old Bad Signature, Signed by a unverified key >>>>>> >>>>> Hello, >>>>> after upgrade on 4-43.1 version sophossavi not scan for viruses. >>>>> After start i see: >>>>> >>>>> SophosSAVI 3.94 (engine 2.30) recognizing 105215 viruses >>>>> Jun 4 08:54:50 sandman MailScanner[395]: SophosSAVI using 75 IDE >>>>> files >>>>> >>>>> but mails from testvirus.org are not scannet. When in >>>>> MailScanner.conf i switch to sophos - scan is o.k. >>>>> >>>>> >>>>> >>>>> Peter >>>>> >>>>> ------------------------ MailScanner list ------------------------ >>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>> 'leave mailscanner' in the body of the email. >>>>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>>> * Thawte Freemail Member >>>>> * Issuer: Thawte Consulting (Pty) Ltd. - Unverified >>>>> >>>>> >>>>> >>>> >>>> -- >>>> Julian Field >>>> www.MailScanner.info >>>> Buy the MailScanner book at www.MailScanner.info/store >>>> Professional Support Services at www.MailScanner.biz >>>> MailScanner thanks transtec Computers for their support >>>> >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>> >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> * Thawte Freemail Member >>> * Issuer: Thawte Consulting (Pty) Ltd. - Unverified >>> >>> >> >> > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.1 (Build 2185) > > iQA/AwUBQqHMvxH2WUcUFbZUEQItEgCgsCkDo8TCX3CRI2U2FjyDItvnkO0An24V > Tmuejl4lE8l8dowIcTSNHBXr > =2SSv > -----END PGP SIGNATURE----- > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/PKCS7-SIGNATURE 3.2KB. ] [ Unable to print this part. ] From bg.mahesh at INDIAINFO.COM Sun Jun 5 02:41:47 2005 From: bg.mahesh at INDIAINFO.COM (BG Mahesh) Date: Thu Jan 12 21:29:54 2006 Subject: tag found in message j4UA2wNj002975 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > > This is it just showing that it found a link in the message, which > it will have to check for phishing attacks. It doesn't mean it will > actually alter the message, just that it needs to look at it > further. > So the message is not being blocked? I am not getting that message in my email box > Check out the "notify senders" options. But do *NOT* switch on > Notify Senders of Viruses as that will just spam people who didn't > send you viruses, as all modern viruses fake the senders address, > so that you cannot trace who really sent the message. > Looks correct. Notify Senders = yes Notify Senders Of Viruses = no Notify Senders Of Blocked Filenames Or Filetypes = yes Notify Senders Of Other Blocked Content = yes Never Notify Senders Of Precedence = list bulk > BG Mahesh wrote: > > > hi > > > > I see the following type of messages in /var/log/maillog > > > > tag found in message j4UA2wNj002975 > > > > I found out about this when a friend's email was never reaching > > me. In that email his signature has a URL. What should I do to > > receive this email or atleast for MailScanner to bounce back the > > email to the sender warning him about the error > > > > -- > > B.G. Mahesh -- B.G. Mahesh bg.mahesh@indiainfo.com http://www.indiainfo.com/ -- ______________________________________________ IndiaInfo Mail - the free e-mail service with a difference! www.indiainfo.com Check out our value-added Premium features, such as an extra 20MB for mail storage, POP3, e-mail forwarding, and ads-free mailboxes! Powered by Outblaze ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From iron999mike at YAHOO.COM Sun Jun 5 04:37:36 2005 From: iron999mike at YAHOO.COM (michael irons) Date: Thu Jan 12 21:29:54 2006 Subject: postfix+mailscanner+procmail Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ok, this is starting to make sense. I am pretty sure I am using 1 postfix with the hold feature. That is why I was so confused when I came upon directions for the 2 postfix server. I have my own howto file, that is a collection of other howto files I have found. I posted it online at: http://www.electricmonk.us/postfix-mailscanner/ maybe you could take a look and see if it was something obvious. I put it on the webpage to keep people from having to read all my conf files here. Thanks Mike --- "Steen, Glenn" wrote: > Sounds like the deprecated "2 postfix setup via > deferral". You should be using "1 postfix with the > HOLD feature" (Joshua will disagree:-). > Look at the wiki, there's quite a lot about PF > there: > http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:installation > > AFAICS, you must be doing something slightly > strange, since the mailbox_command is used by the > local delivery agent.... which should be way after > MS is finished. > > Tell us a bit more about the specific setup, and I'm > sure will be able to give some pointers. > > -- Glenn > > -----Original Message----- > From: MailScanner mailing list on behalf of michael > irons > Sent: lö 2005-06-04 06:40 > To: MAILSCANNER@JISCMAIL.AC.UK > Cc: > Subject: Re: postfix+mailscanner+procmail > yeah I saw that site in my searches. I have > Mailscanner up and running along with postfix. > Itworks > when I send mail to /var/spool... and directly to my > Maildir. But I wasnt to use procmail to filter out > spam to a users spam folder. My understanding from > all > of the sites I have read mailscanner works like this > incoming postfix server -> mailscanner -> outgoing > postfix -> final destination (Maildir, spool, or > mda). > but if I use mailbox_command = /usr/bin/procmail in > postfix/main.cf it goes striaght to procmail, > bypassing mailscanner. Do I need to configure the > second postfix server and how do I do that, or am I > completely confused. > > thanks > Mike > > --- Mike Kercher wrote: > > > Johnny Hughes just released this guide a few days > > ago. I found it to be > > informative for me, a sendmail guy: > > > > > http://www.hughesjr.com/content/view/42/2/Site_News > > > > Mike > > > > > > -----Original Message----- > > From: MailScanner mailing list > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf > > Of michael irons > > Sent: Friday, June 03, 2005 9:05 PM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: postfix+mailscanner+procmail > > > > I know that there has to be a howto somewhere, but > > after several hours I can > > not find it. I am running mailscanner with postfix > > and want to do my > > filtering through procmail. When I change my > > mailbox_command = > > /usr/bin/procmail it just bypasses mailscanner and > I > > get no checks. The best > > information i can come up with is that there are > > actually 2 postfix/main.cf > > files (postfix and postfix.in). The problem is > that > > I do not have these > > files (postfix.in). Do I need to copy them from > > somewhere. If somebody could > > point me to a tutorial that would be great > > > > thanks > > Mike > > > > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam > protection around > http://mail.yahoo.com > > ------------------------ MailScanner list > ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with > the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki > (http://wiki.mailscanner.info/) and > the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off > the website! > > ------------------------ MailScanner list > ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with > the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki > (http://wiki.mailscanner.info/) and > the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off > the website! > __________________________________ Discover Yahoo! Get on-the-go sports scores, stock quotes, news and more. Check it out! http://discover.yahoo.com/mobile.html ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Sun Jun 5 09:16:12 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:54 2006 Subject: SV: postfix+mailscanner+procmail Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] That looks pretty straightforward. I do things a bit different, but that stems from me not running RHEL, not doing rbls in the MTA (and a very very few in MS) .... and running my setup as a pure MX/GW. I find having the mail-gateway and the mailstore separate is good for my logics centres... A whole lot easier to deduce _what_ should happen _where_:-) Hm. I'll have to run some tests on this. In the mean time, what happens if you set MS to run in debug mode _and_ with the procmail mailbox_command... This should run one batch through MS, then stop. Does it get called for an incoming batch? -- Glenn -----Ursprungligt meddelande----- Från: MailScanner mailing list genom michael irons Skickat: sö 2005-06-05 05:37 Till: MAILSCANNER@JISCMAIL.AC.UK Kopia: Ämne: Re: postfix+mailscanner+procmail Ok, this is starting to make sense. I am pretty sure I am using 1 postfix with the hold feature. That is why I was so confused when I came upon directions for the 2 postfix server. I have my own howto file, that is a collection of other howto files I have found. I posted it online at: http://www.electricmonk.us/postfix-mailscanner/ maybe you could take a look and see if it was something obvious. I put it on the webpage to keep people from having to read all my conf files here. Thanks Mike --- "Steen, Glenn" wrote: > Sounds like the deprecated "2 postfix setup via > deferral". You should be using "1 postfix with the > HOLD feature" (Joshua will disagree:-). > Look at the wiki, there's quite a lot about PF > there: > http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:installation > > AFAICS, you must be doing something slightly > strange, since the mailbox_command is used by the > local delivery agent.... which should be way after > MS is finished. > > Tell us a bit more about the specific setup, and I'm > sure will be able to give some pointers. > > -- Glenn > > -----Original Message----- > From: MailScanner mailing list on behalf of michael > irons > Sent: lö 2005-06-04 06:40 > To: MAILSCANNER@JISCMAIL.AC.UK > Cc: > Subject: Re: postfix+mailscanner+procmail > yeah I saw that site in my searches. I have > Mailscanner up and running along with postfix. > Itworks > when I send mail to /var/spool... and directly to my > Maildir. But I wasnt to use procmail to filter out > spam to a users spam folder. My understanding from > all > of the sites I have read mailscanner works like this > incoming postfix server -> mailscanner -> outgoing > postfix -> final destination (Maildir, spool, or > mda). > but if I use mailbox_command = /usr/bin/procmail in > postfix/main.cf it goes striaght to procmail, > bypassing mailscanner. Do I need to configure the > second postfix server and how do I do that, or am I > completely confused. > > thanks > Mike > > --- Mike Kercher wrote: > > > Johnny Hughes just released this guide a few days > > ago. I found it to be > > informative for me, a sendmail guy: > > > > > http://www.hughesjr.com/content/view/42/2/Site_News > > > > Mike > > > > > > -----Original Message----- > > From: MailScanner mailing list > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf > > Of michael irons > > Sent: Friday, June 03, 2005 9:05 PM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: postfix+mailscanner+procmail > > > > I know that there has to be a howto somewhere, but > > after several hours I can > > not find it. I am running mailscanner with postfix > > and want to do my > > filtering through procmail. When I change my > > mailbox_command = > > /usr/bin/procmail it just bypasses mailscanner and > I > > get no checks. The best > > information i can come up with is that there are > > actually 2 postfix/main.cf > > files (postfix and postfix.in). The problem is > that > > I do not have these > > files (postfix.in). Do I need to copy them from > > somewhere. If somebody could > > point me to a tutorial that would be great > > > > thanks > > Mike > > > > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam > protection around > http://mail.yahoo.com > > ------------------------ MailScanner list > ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with > the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki > (http://wiki.mailscanner.info/) and > the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off > the website! > > ------------------------ MailScanner list > ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with > the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki > (http://wiki.mailscanner.info/) and > the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off > the website! > __________________________________ Discover Yahoo! Get on-the-go sports scores, stock quotes, news and more. Check it out! http://discover.yahoo.com/mobile.html ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Sun Jun 5 16:41:55 2005 From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:29:54 2006 Subject: OT: DNSBL checking script Message-ID: Does anybody know where I can find a php or perl script for checking URLs/Ips against multiple DNSBLs? The only one I've found so far refuses to work for me :( I know of hosted ones, but I'm looking for one I can use on a new site/project I'm working on TIA Michele Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location & domains http://www.blacknight.ie/ Tel. +353 59 9137101 | Fax. +353 59 9146970 Tired of your current host? Save 15% when you move to us! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun Jun 5 16:49:21 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:54 2006 Subject: OT: DNSBL checking script Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 www.dnsstuff.com Michele Neylon :: Blacknight Solutions wrote: >Does anybody know where I can find a php or perl script for checking >URLs/Ips against multiple DNSBLs? >The only one I've found so far refuses to work for me :( > >I know of hosted ones, but I'm looking for one I can use on a new >site/project I'm working on > >TIA > >Michele > >Mr Michele Neylon >Blacknight Internet Solutions Ltd >Hosting, co-location & domains >http://www.blacknight.ie/ >Tel. +353 59 9137101 | Fax. +353 59 9146970 >Tired of your current host? Save 15% when you move to us! > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQqMfAhH2WUcUFbZUEQJxqACg9ipiOFC1bCJUeJ+7uASuLmPZsOIAoK1G hravjgLLOelfRV9C3hoZQqQt =Jt7r -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Sun Jun 5 17:38:21 2005 From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:29:54 2006 Subject: OT: DNSBL checking script Message-ID: > > www.dnsstuff.com That's hosted :) Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location & domains http://www.blacknight.ie/ Tel. +353 59 9137101 | Fax. +353 59 9146970 Tired of your current host? Save 15% when you move to us! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun Jun 5 18:45:38 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:54 2006 Subject: Spam then Disarmed or Disarmed then Spam? Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Which order are you getting your Subject line tags in? They should have Spam on the front, followed by Disarmed (if it applied, obviously). Which order are you getting them in? - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQqM6ZBH2WUcUFbZUEQIDwACgpBYePBwkGKyrx4f79VFtb+4PW6IAoNqC wy4ESasWItMi8akGtnOi15Fs =g3DU -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Felix.Schwarz at WEB.DE Sun Jun 5 20:14:46 2005 From: Felix.Schwarz at WEB.DE (Felix Schwarz) Date: Thu Jan 12 21:29:54 2006 Subject: Generic spam plug-in Message-ID: Hi Julian, Julian Field wrote: > If I write you folks a generic way of adding in a spam-processing > plugin, how would you like it to work? VERY cool btw! Currently I'm using DSPAM for spam detection and there were some many situations where I wished that it would be integrated into MailScanner... > A command-line or a function call? function call because I have separate user profiles for spam scanning and I have to do some mysql lookups. If I could save the overhead of starting a external interpreter script that would be nice. > How do you want the envelope data? (client ip, sender, recipients) Hash? Or maybe a 'request object'? > Returns a spam yes/no flag, or a score to add to SpamAssassin? I think it should be possible to completely replace SpamAssassin but an additional SpamAssassin score may be helpful too. One thing I would like to have control over is changing the message headers and/or the message content. DSPAM for example adds an ID into the mail body and the header so that should be possible using the plugin interface. > How do you actually want this interface to work? Definitely! -- Felix ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Sun Jun 5 20:08:39 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:54 2006 Subject: SV: DNSBL checking script Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Would http://moensted.dk/spam/drbcheck.txt be useful? -- Glenn -----Ursprungligt meddelande----- Från: MailScanner mailing list genom Michele Neylon :: Blacknight Solutions Skickat: sö 2005-06-05 17:41 Till: MAILSCANNER@JISCMAIL.AC.UK Kopia: Ämne: OT: DNSBL checking script Does anybody know where I can find a php or perl script for checking URLs/Ips against multiple DNSBLs? The only one I've found so far refuses to work for me :( I know of hosted ones, but I'm looking for one I can use on a new site/project I'm working on TIA Michele Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location & domains http://www.blacknight.ie/ Tel. +353 59 9137101 | Fax. +353 59 9146970 Tired of your current host? Save 15% when you move to us! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Sun Jun 5 22:46:37 2005 From: michele at BLACKNIGHT.IE (Michele Neylon:: Blacknight) Date: Thu Jan 12 21:29:54 2006 Subject: SV: DNSBL checking script Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Steen, Glenn wrote: > Would http://moensted.dk/spam/drbcheck.txt be useful? > Glenn You are a lifesaver! Thanks Michele ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Felix.Schwarz at WEB.DE Mon Jun 6 00:38:16 2005 From: Felix.Schwarz at WEB.DE (Felix Schwarz) Date: Thu Jan 12 21:29:54 2006 Subject: Generic spam plug-in Message-ID: Hi Julian, just one addition to my mail: I just thought of a problem that a message may be addressed to several recipients that use different spam profiles. Therefore it may be possible that the mail is considered as spam for one recipient and as ham for the other. One possible solution I can think of is that it should be possible to "multiply" a message. Another thing I would like to see is a more flexible action system so that spam mails may be quarantined on a per user basis. fs ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Sun Jun 5 23:41:39 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:29:54 2006 Subject: Generic spam plug-in Message-ID: You can already have mails quarantined on a per-user basis using the very flexible rulesets. Mike -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Felix Schwarz Sent: Sunday, June 05, 2005 6:38 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Generic spam plug-in Hi Julian, just one addition to my mail: I just thought of a problem that a message may be addressed to several recipients that use different spam profiles. Therefore it may be possible that the mail is considered as spam for one recipient and as ham for the other. One possible solution I can think of is that it should be possible to "multiply" a message. Another thing I would like to see is a more flexible action system so that spam mails may be quarantined on a per user basis. fs ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Mon Jun 6 02:28:23 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:29:54 2006 Subject: Mailheader question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] MailScanner add the Found to be clean message The network guys managed to wrongly enter an MX record causing a message to bounce between the servers a couple of times. Should mailscanner add the header many times, or just once? It doesnt really bother me, but i was curious - i would ahve thought that header got replaced rather appended to? It seems to be the only one that does it Thanks Pete X-companyname-MailScanner: Found to be clean, Found to be clean, Found to be clean, Found to be clean, Found to be clean, Found to be clean, Found to be clean, Found to be clean, Found to be clean, Found to be clean, Found to be clean, Found to be clean, Found to be clean, Found to be clean, Found to be clean, Found to be clean ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From andrew at DONEHUE.NET Mon Jun 6 04:44:51 2005 From: andrew at DONEHUE.NET (Andrew) Date: Thu Jan 12 21:29:54 2006 Subject: filename expansion variable question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Everyone, I am using the $filename expansion variable in the reports to specify a path to a 'stored virus' ... This works 99% of the time, however I have just noticed that some times the variable expands to the string "the entire message" (instead of the actual filename). I am running mailscanner version 4.28.6-1. I checked the changelog, but could not find anything specific about this problem. Can anyone tell me if it has been addressed? Kind Regards, Andrew. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Mon Jun 6 06:25:49 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:29:54 2006 Subject: OT: DNSBL checking script Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Michele Neylon :: Blacknight Solutions wrote: >>www.dnsstuff.com > > > That's hosted :) > See if this helps. http://phprbl.init1.nl/ - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Mon Jun 6 07:18:39 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:29:54 2006 Subject: Mailheader question Message-ID: Hi! > MailScanner add the Found to be clean message The network guys managed to > wrongly enter an MX record causing a message to bounce between the servers a > couple of times. Should mailscanner add the header many times, or just once? > > It doesnt really bother me, but i was curious - i would ahve thought that > header got replaced rather appended to? It seems to be the only one that does > it > > Thanks > Pete > > X-companyname-MailScanner: Found to be clean, Found to be clean, Found to be > clean, Found to be clean, Found to be clean, Found to be clean, Found to be > clean, Found to be clean, Found to be clean, Found to be clean, Found to be > clean, Found to be clean, Found to be clean, Found to be clean, Found to be > clean, Found to be clean Multiple Headers = replace Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rakesh at NETCORE.CO.IN Mon Jun 6 07:04:11 2005 From: rakesh at NETCORE.CO.IN (Rakesh) Date: Thu Jan 12 21:29:54 2006 Subject: Generic spam plug-in Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dhawal Doshy wrote: > Hi, > > Julian Field wrote: > >> >> If I write you folks a generic way of adding in a spam-processing >> plugin, how would you like it to work? >> A command-line or a function call? >> How do you want the envelope data? (client ip, sender, recipients) >> >> Returns a spam yes/no flag, or a score to add to SpamAssassin? >> Or a yes/no flag with a configurable score in MailScanner.conf? >> >> How do you actually want this interface to work? >> > > Command lines sound easier compared to functions for a non-programmer > like me. > > Situation one (as already proposed by Julian) > ============= > The 3rd party engine outputs SPAM / NOTSPAM, in which case use the > following flags > a. NO (surely not spam) > b. YES (surely spam) > c. SKIPPED (if no output is found) > > Situation two > ============= > The 3rd party engine outputs a %age or a number (say -100 to +100) > then the input filter will watch for a number and based on that give > the following flag > a. NO (surely not spam) > b. MOSTLY_NO (mostly not spam) > c. MOSTLY_YES (probably spam) > d. YES (surely spam) > e. SKIPPED (if no number is found) > > Flag Action: (again as recommended by Julian) > The above flags NO,(MOSTLY_NO),(MOSTLY_YES),YES,SKIPPED with a > configurable score in MailScanner.conf seem most flexible to me. > I agree with Dhawal on the Scoring mechanism of the plugin, which should be configurable in MailScanner.conf , however I feel that it should be invoked using function call instead of command line. A function call would be efficient in terms of processesing and since this plugin is going to be called from with in MailScanner, I think we need not bother much on its command line version. Rakesh ---------------------------------------------------------- Netcore Solutions Pvt. Ltd. Website: http://www.netcore.co.in Spamtraps: http://cleanmail.netcore.co.in/directory.html ---------------------------------------------------------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Mon Jun 6 07:38:28 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:29:54 2006 Subject: Mailheader question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Buggar - sorry to waste everyone's time. Pete > > Multiple Headers = replace > > Bye, > Raymond. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Felix.Schwarz at WEB.DE Mon Jun 6 09:40:28 2005 From: Felix.Schwarz at WEB.DE (Felix Schwarz) Date: Thu Jan 12 21:29:54 2006 Subject: Generic spam plug-in Message-ID: Hi Mike, Mike Kercher schrieb: > You can already have mails quarantined on a per-user basis using the > very flexible rulesets. Allthough I'm not 100% sure I don't think that the currently available rulesets can do everything I want. Mail to user1@domain.net and user2@domain.net is recognized as spam. Now it should be quarantined in /var/mail/quarantines/domain.net/user1 and /var/mail/quarantines/domain.net/user2. As I'm supporting more than 100 users I certainly don't want to hardcode the path so something as /var/mail/quarantines/%domain%/%localpart is needed. To make things more complicated the domain is only a lookup key in a database (okay, that can be done with user defined functions). Another thing is the storage format. I won't use any mbox at all. Maildir++ is definitely a must. AFAIK it is not possible with MailScanner. Or quarantining a virus mail with _all_ (even the infected) attachements. -- Felix ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From adrik at SALESMANAGER.NL Mon Jun 6 08:50:02 2005 From: adrik at SALESMANAGER.NL (Adri Koppes) Date: Thu Jan 12 21:29:54 2006 Subject: Generic spam plug-in Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Rakesh > Sent: 06 June, 2005 08:04 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Generic spam plug-in > > > Dhawal Doshy wrote: > > > Hi, > > > > Julian Field wrote: > > > >> > >> If I write you folks a generic way of adding in a spam-processing > >> plugin, how would you like it to work? > >> A command-line or a function call? > >> How do you want the envelope data? (client ip, sender, recipients) > >> > >> Returns a spam yes/no flag, or a score to add to SpamAssassin? > >> Or a yes/no flag with a configurable score in MailScanner.conf? > >> > >> How do you actually want this interface to work? > >> > > > > Command lines sound easier compared to functions for a > non-programmer > > like me. > > > > > > Situation one (as already proposed by Julian) > > ============= > > The 3rd party engine outputs SPAM / NOTSPAM, in which case use the > > following flags > > a. NO (surely not spam) > > b. YES (surely spam) > > c. SKIPPED (if no output is found) > > > > Situation two > > ============= > > The 3rd party engine outputs a %age or a number (say -100 to +100) > > then the input filter will watch for a number and based on > that give > > the following flag > > a. NO (surely not spam) > > b. MOSTLY_NO (mostly not spam) > > c. MOSTLY_YES (probably spam) > > d. YES (surely spam) > > e. SKIPPED (if no number is found) > > > > Flag Action: (again as recommended by Julian) > > The above flags NO,(MOSTLY_NO),(MOSTLY_YES),YES,SKIPPED with a > > configurable score in MailScanner.conf seem most flexible to me. > > > > I agree with Dhawal on the Scoring mechanism of the plugin, > which should > be configurable in MailScanner.conf , however I feel that it should be > invoked using function call instead of command line. A function call > would be efficient in terms of processesing and since this plugin is > going to be called from with in MailScanner, I think we need > not bother > much on its command line version. > > Rakesh I agree a function call might be more efficient, but since this is supposed to be a generic plug-in, I think we should always have to option to use a command line version and process the output via a pipe, exit code or temporary file. Using a function call would make the generic plug-in less generic, since you can then only use it for external programs which have a perl interface! Adri. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Felix.Schwarz at WEB.DE Mon Jun 6 09:52:44 2005 From: Felix.Schwarz at WEB.DE (Felix Schwarz) Date: Thu Jan 12 21:29:55 2006 Subject: Generic spam plug-in Message-ID: Hi, Adri Koppes schrieb: > I agree a function call might be more efficient, but since this is > supposed to be a generic plug-in, I think we should always have to > option to use a command line version and process the output via a > pipe, exit code or temporary file. > Using a function call would make the generic plug-in less generic, > since you can then only use it for external programs which have a > perl interface! It is extreamly easy writing a very small perl function that does a 'system' call to execute a command line script. -- Felix ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From adrik at SALESMANAGER.NL Mon Jun 6 08:58:30 2005 From: adrik at SALESMANAGER.NL (Adri Koppes) Date: Thu Jan 12 21:29:55 2006 Subject: Generic spam plug-in Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > Hi, > > Adri Koppes schrieb: > > I agree a function call might be more efficient, but since this is > > supposed to be a generic plug-in, I think we should always have to > > option to use a command line version and process the output via a > > pipe, exit code or temporary file. > > > Using a function call would make the generic plug-in less generic, > > since you can then only use it for external programs which have a > > perl interface! > > It is extreamly easy writing a very small perl function that does a > 'system' call to execute a command line script. > > -- > Felix Sure it's not to difficult to do a 'system' call. It gets a little more complicated when you have to add timeouts, setting up the pipe, processing the output etc. I wouldn't have too many problems, but I think there are many people who are using MailScanner without having knowing how to write a perl script. Adri. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Jun 6 09:16:02 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:55 2006 Subject: SA userprefs stored in SQL Message-ID: Jonathan Short answer is no. Long answer is... MS calls SA via a perl function call. Therefore SA will 'think' it's being called by the MS user (as defined in MailScanner.conf) as thats the UID of the process running SA. SHOULD there be any way of doing this you'd first have to split the emails into their unique recipients then pass off to SA. BUT so far we've only managed to do this in Sendmail and Exim. For other MTA's (Postfix/qmail etc) we've either not found a way (despite asking for help) or haven't looked. Also alot of MS systems are gateway systems, so the end user may not be found in the email as it gets redirected via aliases etc on the actual email server, so emails might not get the correct SA preferences anyway. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Jonathan Higgins wrote: > I looked through the customconfig, and found the section talking about > white/black lists per domain.... which is not what im looking for. > > global storage of user preferences. thats what I need. Spamassassin > provides it only in thier client server configuration. I want to continue > to use spamassassin the way that MailScanner wants to. > > anyone else out there doing this?.. are you running spamd/spamc? and so on.. > > > > >>I am using the CustomConfig to do that, I had it working great on an old >>server until a little hitch with MailScanner maintaining mysql connections >>on the new one... haven't had time to figure out the issue, but look at >>CustomConfig.pm, I am using it to obtain if the domain should want mail >>scanned, the score, actions, etc... >> >>------------------------- >>Brian Taber >>Manager/IT Specialist >>Diverse Computer Group >>Office: 508-758-4402 >>Cell: 508-496-9221 >> >>This apparently has come up a few times in the past. I may be asking >>this in the wrong place, so if I need to post this question on the >>spamassassin list please let me know. >> >>I even found a piece of information on the Faq-O-matic... here is an >>excerpt. >> >>"..... problem is that SpamAssassin, according to what I've read at the >>following http://spamassassin.apache.org/full/3.0.x/dist/sql/README, >>will only use the DB for getting the user preferences if it's running in >>client/server mode, i.e., as spamc and spamd. So this means that if I >>want to let end users manage their own whitelists, I would have to get >>SpamAssassin running the old slow way. Thoughts or suggestions? " >> >>After searching, I have not found a solution to this. I am already >>using a mysql bayes for my lvs mail cluster system.. I need a way to >>store SA user preferences globally.. and i would rather not go back to >>using spamc/spamd. >> >>thanks. >> >> >> >>Jonathan Higgins >>IT R&D Project Manager >>Kennesaw State University > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From richard.gray at DNS.CO.UK Mon Jun 6 10:42:19 2005 From: richard.gray at DNS.CO.UK (Gray, Richard) Date: Thu Jan 12 21:29:55 2006 Subject: Generic spam plug-in Message-ID: > Flag Action: (again as recommended by Julian) The above flags > NO,(MOSTLY_NO),(MOSTLY_YES),YES,SKIPPED with a configurable > score in MailScanner.conf seem most flexible to me. I think it would be useful for engines to return a 'DONT KNOW' as well, As the SKIPPED return could mean either that it didn't scan it or that It wasn't able to come up with an answer. Richard --------------------------------------------------- This email from dns has been validated by dnsMSS Managed Email Security and is free from all known viruses. For further information contact email-integrity@dns.co.uk ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From linux at LEUTE.SERVER.DE Mon Jun 6 10:49:22 2005 From: linux at LEUTE.SERVER.DE (Muenz, Michael) Date: Thu Jan 12 21:29:55 2006 Subject: MailScanner stops working after dying of old child Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, on 25.4.2005 I wrote a message to the list with the topic above. MailScanner stops working after instance dying of old age. I didn't see the error for 2 months now and it comes again. Now with more infos: Last messages in syslog: Jun 4 02:30:35 pns MailScanner[20452]: Uninfected: Delivered 1 messages Jun 4 02:30:35 pns MailScanner[20452]: MailScanner child dying of old age Jun 4 02:30:35 pns MailScanner[5471]: MailScanner E-Mail Virus Scanner version 4.42.9 starting... Jun 4 02:30:36 pns MailScanner[5471]: Using locktype = flock "ps aufx" showed me that all processes are "running", but nothing was scanned. New mails always get deferred, nothing more. After killing and restarting MailScanner this in log: Jun 4 12:15:15 pns MailScanner[18097]: MailScanner E-Mail Virus Scanner version 4.42.9 starting... Jun 4 12:15:16 pns MailScanner[18097]: Using locktype = flock Jun 4 12:15:17 pns MailScanner[18097]: New Batch: Found 3085 messages waiting Jun 4 12:15:17 pns MailScanner[18097]: New Batch: Scanning 80 messages, 319186 bytes Mail gets processed but MailScanner starts to many childs (set to 5): 18097 postfix 18 0 40160 39M 25716 R 10.3 4.4 0:39 MailScanner 17282 postfix 18 0 40048 39M 33056 R 11.5 4.4 0:37 MailScanner 7445 postfix 18 0 40000 39M 25092 R 12.3 4.4 0:31 MailScanner 15755 postfix 19 0 39748 38M 32956 R 0.3 4.3 0:00 MailScanner 25836 postfix 20 0 39664 38M 9836 R 6.7 4.3 0:32 MailScanner 28647 postfix 20 0 39588 38M 25616 R 1.1 4.3 0:00 MailScanner 29400 postfix 18 0 39576 38M 25768 R 12.1 4.3 0:33 MailScanner 29126 postfix 20 0 39428 38M 24988 R 1.3 4.3 0:00 MailScanner 12280 postfix 20 0 39004 38M 25668 R 1.1 4.3 0:00 MailScanner 3961 root 9 0 30856 28M 3156 S 0.0 3.1 57:40 perl 24285 named 9 0 23184 19M 4772 S 0.1 2.2 87:20 named 27324 postfix 9 0 15012 14M 8972 S 0.0 1.6 0:00 MailScanner I downgraded to another version, always the same. But it dies not every time a child is dying. I've now a cronjob restarting MailScanner every 4 hours. No errors until now. Another problem is that check_mailscanner script only checks if the process is running, so it doesn't detect the error wenn MailScanner stops because all processes are running. I searched all my logs, especially for HDA errors or something like that, but nothing found. My system is debian woody with postfix 2.0.20 (source), all perl modules newest version (source) and MailScanner also 4.42.9. The system is running with RAID1 (hardware). I think that's a problem with I/O but not sure a problem with RAID or MailScanner. Any ideas? Michael ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dri at B-W-COMPUTER.DE Mon Jun 6 11:01:16 2005 From: dri at B-W-COMPUTER.DE (Dirk Rieger) Date: Thu Jan 12 21:29:55 2006 Subject: MailScanner stops working after dying of old child Message-ID: please take a look at task 45 Take 2: MailScanner children dying and not picking up new mail as I had an similar error. check that you don't have any non-mail file in one of your mail queues as in my case it was the razor-agent.log I updated to the actual MailScanner version as there were some changes how MailScanner childs were handled. Assure Razor is configured to place it's log to a fixed-place outside a mail-queue and that razor is able to write to this dir At best check your settings with setting Debug to Yes for Spamassassin and Mailscanner inside your MailScanner.conf ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From linux at LEUTE.SERVER.DE Mon Jun 6 11:28:50 2005 From: linux at LEUTE.SERVER.DE (Muenz, Michael) Date: Thu Jan 12 21:29:55 2006 Subject: MailScanner stops working after dying of old child Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi again, > I searched all my logs, especially for HDA errors or something like that, > but nothing found. > > My system is debian woody with postfix 2.0.20 (source), all perl modules > newest version (source) and MailScanner also 4.42.9. The system is running > with RAID1 (hardware). > > I think that's a problem with I/O but not sure a problem > with RAID or MailScanner. > > Any ideas? I'm not sure, but in my logs I see after every scan a new instance of MailScanner is started (and killed): Jun 6 12:25:38 pns MailScanner[7603]: Uninfected: Delivered 1 messages Jun 6 12:25:45 pns MailScanner[3132]: MailScanner E-Mail Virus Scanner version 4.40.11 starting... Jun 6 12:25:46 pns MailScanner[12989]: New Batch: Scanning 1 messages, 1788 bytes Jun 6 12:25:46 pns MailScanner[12989]: Spam Checks: Starting Jun 6 12:25:46 pns MailScanner[12989]: Virus and Content Scanning: Starting Jun 6 12:25:46 pns MailScanner[12989]: Requeue: 3E71F58075.C413A to 7D5194C106 Jun 6 12:25:46 pns MailScanner[12989]: Uninfected: Delivered 1 messages Jun 6 12:25:47 pns MailScanner[3132]: Using locktype = flock Jun 6 12:26:02 pns MailScanner[3463]: MailScanner E-Mail Virus Scanner version 4.40.11 starting... Jun 6 12:26:03 pns MailScanner[3463]: Using locktype = flock Jun 6 12:26:03 pns MailScanner[3463]: New Batch: Scanning 2 messages, 6368 bytes Jun 6 12:26:03 pns MailScanner[3463]: Spam Checks: Starting Jun 6 12:26:03 pns MailScanner[3463]: Virus and Content Scanning: Starting Jun 6 12:26:04 pns MailScanner[3463]: Requeue: 07E8358078.8CF81 to 7CBBA4C106 Jun 6 12:26:04 pns MailScanner[3463]: Requeue: 2D8A158075.4C55D to A78244C107 Jun 6 12:26:04 pns MailScanner[3463]: Uninfected: Delivered 2 messages Jun 6 12:26:13 pns MailScanner[1439]: MailScanner E-Mail Virus Scanner version 4.40.11 starting... Jun 6 12:26:14 pns MailScanner[1439]: Using locktype = flock Jun 6 12:26:18 pns MailScanner[3463]: New Batch: Scanning 1 messages, 3950 bytes Jun 6 12:26:18 pns MailScanner[3463]: Spam Checks: Starting Jun 6 12:26:18 pns MailScanner[3463]: Virus and Content Scanning: Starting Jun 6 12:26:18 pns MailScanner[3463]: Requeue: 3B3B658075.A53C3 to 4DFF24C106 Jun 6 12:26:18 pns MailScanner[3463]: Uninfected: Delivered 1 messages Jun 6 12:26:24 pns MailScanner[3463]: New Batch: Scanning 2 messages, 6288 bytes Jun 6 12:26:24 pns MailScanner[3463]: Spam Checks: Starting Jun 6 12:26:24 pns MailScanner[2401]: MailScanner E-Mail Virus Scanner version 4.40.11 starting... Is that OK? Thanks, Michael ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From linux at LEUTE.SERVER.DE Mon Jun 6 11:36:51 2005 From: linux at LEUTE.SERVER.DE (Muenz, Michael) Date: Thu Jan 12 21:29:55 2006 Subject: MailScanner stops working after dying of old child Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > please take a look at task 45 > Take 2: MailScanner children dying and not picking up new mail > as I had an similar error. task 45? > check that you don't have any non-mail file in one of your mail queues > as in my case it was the razor-agent.log > I updated to the actual MailScanner version as there were some changes how > MailScanner childs were handled. > Assure Razor is configured to place it's log to a fixed-place outside a > mail-queue and that razor is able to write to this dir pns:/var/spool/postfix.in/deferred# ls -la insgesamt 1628 drwx------ 18 postfix root 4096 6. Jun 12:16 . drwxr-xr-x 14 root root 4096 12. Mär 2004 .. drwx------ 2 postfix postfix 12288 6. Jun 12:33 0 [...] drwx------ 2 postfix postfix 4096 6. Jun 12:30 F -rw------- 1 postfix postfix 1468635 3. Jun 16:13 tnef-6460-1.doc WTF is tnef-6460-1.doc? Could that be the problem? The errors occured with the newest version (4.42.9) > At best check your settings with setting Debug to Yes for Spamassassin and > Mailscanner inside your MailScanner.conf I'm not running SA, razor etc. Only MailScanner with clamavmodule and F-Prot. Thanks for you help. Michael ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From linux at LEUTE.SERVER.DE Mon Jun 6 11:55:30 2005 From: linux at LEUTE.SERVER.DE (Muenz, Michael) Date: Thu Jan 12 21:29:55 2006 Subject: MailScanner stops working after dying of old child Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > seems to be some documentation from the tnef-perl module. > I'm sure this is the problem - MS seems to have problems handling non-mail > files inside a mail-queue ok, I found the thread some days ago. I'll remove the doc and try it again with 4.42.9. Thanks, Michael ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dri at B-W-COMPUTER.DE Mon Jun 6 11:49:57 2005 From: dri at B-W-COMPUTER.DE (Dirk Rieger) Date: Thu Jan 12 21:29:55 2006 Subject: MailScanner stops working after dying of old child Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > please take a look at task 45 > Take 2: MailScanner children dying and not picking up new mail > as I had an similar error. task 45? > check that you don't have any non-mail file in one of your mail queues > as in my case it was the razor-agent.log > I updated to the actual MailScanner version as there were some changes how > MailScanner childs were handled. > Assure Razor is configured to place it's log to a fixed-place outside a > mail-queue and that razor is able to write to this dir > pns:/var/spool/postfix.in/deferred# ls -la > insgesamt 1628 > drwx------ 18 postfix root 4096 6. Jun 12:16 . > drwxr-xr-x 14 root root 4096 12. Mär 2004 .. > drwx------ 2 postfix postfix 12288 6. Jun 12:33 0 > [...] > drwx------ 2 postfix postfix 4096 6. Jun 12:30 F > -rw------- 1 postfix postfix 1468635 3. Jun 16:13 tnef-6460-1.doc > WTF is tnef-6460-1.doc? Could that be the problem? The errors occured > with the newest version (4.42.9) seems to be some documentation from the tnef-perl module. I'm sure this is the problem - MS seems to have problems handling non-mail files inside a mail-queue >> At best check your settings with setting Debug to Yes for Spamassassin >> and Mailscanner inside your MailScanner.conf > I'm not running SA, razor etc. Only MailScanner with clamavmodule and > F-Prot. sure you don't need to debug what you're not using ;) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martelm at QUARK.VSC.EDU Mon Jun 6 13:34:28 2005 From: martelm at QUARK.VSC.EDU (Michael H. Martel) Date: Thu Jan 12 21:29:55 2006 Subject: Latest Stable MailScanner Message-ID: hello! I just tried to upgrade to the latest stable version of MailScanner on my production box. When I launch MailScanner, everything seems to be fine. However, I start seeing defunct processes for MailScanner after a very short time (seconds). Using the last stable vesion I can do : [root@hemlock opt]# ps -eaf | grep Mail root 12265 1 0 08:29 ? 00:00:00 /usr/bin/perl -I/opt/MailScanner root 12266 12265 1 08:29 ? 00:00:02 /usr/bin/perl -I/opt/MailScanner root 12321 12265 1 08:29 ? 00:00:02 /usr/bin/perl -I/opt/MailScanner root 12339 12265 1 08:29 ? 00:00:03 /usr/bin/perl -I/opt/MailScanner root 12427 12265 1 08:30 ? 00:00:02 /usr/bin/perl -I/opt/MailScanner root 12558 12265 1 08:30 ? 00:00:02 /usr/bin/perl -I/opt/MailScanner root 12785 25309 0 08:32 pts/0 00:00:00 grep Mail Using the latest Stable version, almost everytime I do the same command I see the following : [root@hemlock log]# ps -eaf | grep Mail root 12013 1 0 08:27 ? 00:00:00 /usr/bin/perl -I/opt/MailScanner root 12014 12013 6 08:27 ? 00:00:02 [MailScanner ] root 12051 12013 8 08:27 ? 00:00:02 [MailScanner ] root 12067 12013 14 08:27 ? 00:00:02 /usr/bin/perl -I/opt/MailScanner root 12092 12013 52 08:27 ? 00:00:02 /usr/bin/perl -I/opt/MailScanner root 12095 25309 0 08:27 pts/0 00:00:00 grep Mail It looks like I start getting defunct processes almost immediately after launching it. MailScanner -v gives me the following. Thoughts ? [root@hemlock opt]# /opt/MailScanner-4.42.9/bin/MailScanner -v Running on Linux hemlock.vsc.edu 2.4.20-28.7smp #1 SMP Thu Dec 18 11:18:31 EST 2003 i686 unknown This is Red Hat Linux release 7.3 (Valhalla) This is Perl version 5.008006 (5.8.6) This is MailScanner version 4.42.9 Module versions are: 1.00 AnyDBM_File 1.14 Archive::Zip 1.03 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.16 File::Temp 1.29 HTML::Entities 3.45 HTML::Parser 2.30 HTML::TokeParser 1.21 IO 1.10 IO::File 1.123 IO::Pipe 1.50 Mail::Header 3.05 MIME::Base64 5.417 MIME::Decoder 5.417 MIME::Decoder::UU 5.417 MIME::Head 5.417 MIME::Parser 3.03 MIME::QuotedPrint 5.417 MIME::Tools 0.10 Net::CIDR 1.08 POSIX 1.77 Socket 0.05 Sys::Syslog 1.02 Time::localtime Optional module versions are: 1.811 DB_File 1.08 Digest 1.01 Digest::HMAC 2.33 Digest::MD5 2.10 Digest::SHA1 0.44 Inline missing Mail::ClamAV 3.000003 Mail::SpamAssassin 1.997 Mail::SPF::Query 0.15 Net::CIDR::Lite 0.48 Net::DNS 0.32 Net::LDAP 1.94 Parse::RecDescent missing SAVI 1.2 Sys::Hostname::Long 2.42 Test::Harness 0.47 Test::Simple 1.95 Text::Balanced 1.35 URI Michael -- --------------------------------o--------------------------------- Michael H. Martel | Systems Administrator michael.martel@vsc.edu | Vermont State Colleges http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rich at MAIL.WVNET.EDU Mon Jun 6 13:56:56 2005 From: rich at MAIL.WVNET.EDU (Richard Lynch) Date: Thu Jan 12 21:29:55 2006 Subject: Bug? in syslog infection messages Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I upgraded to the latest stable over the weekend. The infection messages in the syslog are now formatted like this... Jun 6 04:33:33 helen MailScanner[9301]: ./eyghn.zip->eyghn.htm Infection: W32/Mytob.EK@mm Prior to the upgrade the messages are formatted like this... Jun 4 04:16:30 barney MailScanner[18024]: /var/spool/MailScanner/incoming/18024/j548EsXL032151/tyve.scr Infection: W32/Mytob.CZ@mm Note that the full path is missing. Unfortunately, I'm counting on the old message format in order to tie an infected message back to the sending site and targeted user. I'm using the message-id to do that. This is used for reports which I send to customers. Is there an easy way to return to the old message format? Richard Lynch WVNET ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Mon Jun 6 14:16:06 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:29:55 2006 Subject: Spam then Disarmed or Disarmed then Spam? Message-ID: Julian, With 4.43.2, I am getting Subject: {Spam?} {Disarmed} blah blah Looks good to me. Jeff Earickson Colby College On Sun, 5 Jun 2005, Julian Field wrote: > Date: Sun, 5 Jun 2005 18:45:38 +0100 > From: Julian Field > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Spam then Disarmed or Disarmed then Spam? > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Which order are you getting your Subject line tags in? They should have > Spam on the front, followed by Disarmed (if it applied, obviously). > Which order are you getting them in? > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.1 (Build 2185) > > iQA/AwUBQqM6ZBH2WUcUFbZUEQIDwACgpBYePBwkGKyrx4f79VFtb+4PW6IAoNqC > wy4ESasWItMi8akGtnOi15Fs > =g3DU > -----END PGP SIGNATURE----- > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Mon Jun 6 14:17:47 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:29:55 2006 Subject: Latest Stable MailScanner Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Michael H. Martel > Sent: Monday, June 06, 2005 8:34 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Latest Stable MailScanner > > hello! > > I just tried to upgrade to the latest stable version of MailScanner on my > production box. When I launch MailScanner, everything seems to be fine. > However, I start seeing defunct processes for MailScanner after a very > short time (seconds). > > Using the last stable vesion I can do : > > [root@hemlock opt]# ps -eaf | grep Mail > root 12265 1 0 08:29 ? 00:00:00 /usr/bin/perl > -I/opt/MailScanner > root 12266 12265 1 08:29 ? 00:00:02 /usr/bin/perl > -I/opt/MailScanner > root 12321 12265 1 08:29 ? 00:00:02 /usr/bin/perl > -I/opt/MailScanner > root 12339 12265 1 08:29 ? 00:00:03 /usr/bin/perl > -I/opt/MailScanner > root 12427 12265 1 08:30 ? 00:00:02 /usr/bin/perl > -I/opt/MailScanner > root 12558 12265 1 08:30 ? 00:00:02 /usr/bin/perl > -I/opt/MailScanner > root 12785 25309 0 08:32 pts/0 00:00:00 grep Mail > > Using the latest Stable version, almost everytime I do the same command I > see the following : > > [root@hemlock log]# ps -eaf | grep Mail > root 12013 1 0 08:27 ? 00:00:00 /usr/bin/perl > -I/opt/MailScanner > root 12014 12013 6 08:27 ? 00:00:02 [MailScanner ] > root 12051 12013 8 08:27 ? 00:00:02 [MailScanner ] > root 12067 12013 14 08:27 ? 00:00:02 /usr/bin/perl > -I/opt/MailScanner > root 12092 12013 52 08:27 ? 00:00:02 /usr/bin/perl > -I/opt/MailScanner > root 12095 25309 0 08:27 pts/0 00:00:00 grep Mail > > > It looks like I start getting defunct processes almost immediately after > launching it. MailScanner -v gives me the following. > > Thoughts ? > You probably have a configuration error. Please set Debug = yes And if you are using SpamAssassin Debug SpamAssassin = yes In MailScanner.conf and restart MailScanner. The configuration error should show up in the screen output. If you have a problem finding the error, please post the output to the list. Steve Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From davidj at synaq.com Mon Jun 6 14:19:45 2005 From: davidj at synaq.com (David Jacobson) Date: Thu Jan 12 21:29:55 2006 Subject: Latest Stable MailScanner Message-ID: Hi Steve, The defunctional process behavior is normal, and is by design according to Julian. I doubt there's anything wrong with his configuration. Regards, David On Mon, 2005-06-06 at 09:17 -0400, Stephen Swaney wrote: > > -----Original Message----- > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > > Behalf Of Michael H. Martel > > Sent: Monday, June 06, 2005 8:34 AM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Latest Stable MailScanner > > > > hello! > > > > I just tried to upgrade to the latest stable version of MailScanner on my > > production box. When I launch MailScanner, everything seems to be fine. > > However, I start seeing defunct processes for MailScanner after a very > > short time (seconds). > > > > Using the last stable vesion I can do : > > > > [root@hemlock opt]# ps -eaf | grep Mail > > root 12265 1 0 08:29 ? 00:00:00 /usr/bin/perl > > -I/opt/MailScanner > > root 12266 12265 1 08:29 ? 00:00:02 /usr/bin/perl > > -I/opt/MailScanner > > root 12321 12265 1 08:29 ? 00:00:02 /usr/bin/perl > > -I/opt/MailScanner > > root 12339 12265 1 08:29 ? 00:00:03 /usr/bin/perl > > -I/opt/MailScanner > > root 12427 12265 1 08:30 ? 00:00:02 /usr/bin/perl > > -I/opt/MailScanner > > root 12558 12265 1 08:30 ? 00:00:02 /usr/bin/perl > > -I/opt/MailScanner > > root 12785 25309 0 08:32 pts/0 00:00:00 grep Mail > > > > Using the latest Stable version, almost everytime I do the same command I > > see the following : > > > > [root@hemlock log]# ps -eaf | grep Mail > > root 12013 1 0 08:27 ? 00:00:00 /usr/bin/perl > > -I/opt/MailScanner > > root 12014 12013 6 08:27 ? 00:00:02 [MailScanner ] > > root 12051 12013 8 08:27 ? 00:00:02 [MailScanner ] > > root 12067 12013 14 08:27 ? 00:00:02 /usr/bin/perl > > -I/opt/MailScanner > > root 12092 12013 52 08:27 ? 00:00:02 /usr/bin/perl > > -I/opt/MailScanner > > root 12095 25309 0 08:27 pts/0 00:00:00 grep Mail > > > > > > It looks like I start getting defunct processes almost immediately after > > launching it. MailScanner -v gives me the following. > > > > Thoughts ? > > > > You probably have a configuration error. Please set > > Debug = yes > > And if you are using SpamAssassin > > Debug SpamAssassin = yes > > In MailScanner.conf and restart MailScanner. The configuration error should > show up in the screen output. > > If you have a problem finding the error, please post the output to the list. > > Steve > > Steve Swaney > President > Fortress Systems Ltd. > Phone: 202 338-1670 > Cell: 202 352-3262 > www.fsl.com > steve.swaney@fsl.com > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- Regards, David Jacobson Technical Director SYNAQ (Pty) Ltd Tel: 0860 0 SYNAQ (79627) Direct: 011 290 6388 Fax: 011 290 6389 Cell: 083 235 0760 Mail: davidj@synaq.com Web: http://www.synaq.com Key Fingerprint 8246 FCE1 3C22 7EFB E61B 18DF 6E8B 65E8 BD50 78A1 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "This is a digitally signed message part" ] [ Application/PGP-SIGNATURE 196bytes. ] [ Unable to print this part. ] From ugob at CAMO-ROUTE.COM Mon Jun 6 14:11:45 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:29:55 2006 Subject: System load is very high because of MailScanner Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rakesh wrote: > BG Mahesh wrote: > >>>> # As a rough guide, try 5 children per CPU. But read the notes above. >>>> Max Children = 5 >>>> >>>> I guess I have to change it to 10 and see how things work as we have >>>> a dual processor >>>> >>> >>> You can try it out, it might help or not though, depending on many >>> factors. As other said, the message delay is the only factor that's >>> always a good indication. >>> >>> Is this a dedicated MailScanner machine? >>> >>> >> >> >> Yes..the system is used as our mailserver. No other development work >> etc goes on this machine. It process mail and just mail >> >> >> > I have recently faced a similar problem especially during the sober and > mytob outbreak, Servers were slow in processing the mails, I receive > about 2 lac of mails per day on individual servers and the mail hit > rate on the servers were high than the processing rate and usually at a > given point of time there used to be 1 K of mails waiting in the queue > to be processed by MailScanner. Here is what I did to optimise my setup > and thought this might help you. > > Reduced the number of Max Children to 5 from 10 (Although I have dual > Xeon and 2 gigs of RAM) > Kept a decent batch size not too high and not too low : 20 > > from vmstat and iostat outputs I found tht IO was a prob for me > so I mounted /tmp (area where SA and clamav decomposes mail ) on tmpfs. > Many would say tht its a bad idea to put /tmp on tmpfs as chances are > there tht it might grow up and hog up all the memory so I put a size cap > on it using -size option in mount and did some tests on dummy machines > to ensure tht its not spilling over the specified limit and since this > server is just an Anti-Spam/Anti-Virus gateway it was easy for me to > ensure tht no other apps create their dummy files in /tmp. > > This has reduced the disk IO on the system and increased the processing > to some extent. Now its usually 50 mails at a given time waiting in the > queue to be processed by MS, while the mail hit rate remains the same. > > > What OS are you running? It is fairly common to use tmpfs for working directory. http://wiki.mailscanner.info/doku.php?id=maq:index&s=tmpfs#optimization_tips ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Mon Jun 6 14:11:40 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:29:55 2006 Subject: Latest Stable MailScanner Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Michael H. Martel wrote: > hello! > > I just tried to upgrade to the latest stable version of MailScanner on > my production box. When I launch MailScanner, everything seems to be > fine. However, I start seeing defunct processes for MailScanner after a > very short time (seconds). > Please have a look at your logs and report what you find. Is mail processed at all? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drolland at KDINET.COM Mon Jun 6 14:55:35 2005 From: drolland at KDINET.COM (Diane Rolland) Date: Thu Jan 12 21:29:55 2006 Subject: whitelist and listed in RBL Message-ID: I had a strange one today and it caused me to wonder about the overwriting or applied order of some of the mailscanner rules. I had an authenticated user send an email from our smtp server. The authenticated user's domain is specified in the WhiteList. However, whatever internet connection he was using has the sending IP address blacklisted in SBL+XBL. I would like to let anything in the whitelist always go out. Is there somewhere that I can change the way that this is working? Regards, Diane ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martelm at QUARK.VSC.EDU Mon Jun 6 14:57:19 2005 From: martelm at QUARK.VSC.EDU (Michael H. Martel) Date: Thu Jan 12 21:29:55 2006 Subject: Latest Stable MailScanner Message-ID: --On June 6, 2005 9:11:40 AM -0400 Ugo Bellavance wrote: > Please have a look at your logs and report what you find. > > Is mail processed at all? Yes. I just figured it out. I forgot to update MailWatch when I updated MailScanner (you know, move MailWatch.pm and modify CustomConfig.pm). Now it all works fine. I need more Caffeine before I do updates. :-) Michael -- --------------------------------o--------------------------------- Michael H. Martel | Systems Administrator michael.martel@vsc.edu | Vermont State Colleges http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From amoore at DEKALBMEMORIAL.COM Mon Jun 6 15:01:37 2005 From: amoore at DEKALBMEMORIAL.COM (Aaron K. Moore) Date: Thu Jan 12 21:29:55 2006 Subject: sophossavi Message-ID: What OS are you running on? If you're running on Linux, what version of Sophos are you downloading? Some people, myself included, have had problems with the version for libc6 (glibc 2.2). I had to start using the plain libc6 version. -- Aaron Kent Moore Information Technology Services DeKalb Memorial Hospital, Inc. Auburn, IN Phone: 260.920.2808 E-mail: amoore@dekalbmemorial.com Peter Zimen wrote: > Hello, > after upgrade on 4-43.1 version sophossavi not scan for viruses. > After start i see: > > SophosSAVI 3.94 (engine 2.30) recognizing 105215 viruses > Jun 4 08:54:50 sandman MailScanner[395]: SophosSAVI using 75 IDE > files > > but mails from testvirus.org are not scannet. When in > MailScanner.conf i switch to sophos - scan is o.k. > > > > Peter > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Mon Jun 6 15:05:38 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:29:55 2006 Subject: SA userprefs stored in SQL Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Martin Hepworth wrote: > Jonathan > > Short answer is no. > - snip - >>> >>> This apparently has come up a few times in the past. I may be asking >>> this in the wrong place, so if I need to post this question on the >>> spamassassin list please let me know. >>> >>> I even found a piece of information on the Faq-O-matic... here is an >>> excerpt. >>> >>> "..... problem is that SpamAssassin, according to what I've read at the >>> following http://spamassassin.apache.org/full/3.0.x/dist/sql/README, >>> will only use the DB for getting the user preferences if it's running in >>> client/server mode, i.e., as spamc and spamd. So this means that if I >>> want to let end users manage their own whitelists, I would have to get >>> SpamAssassin running the old slow way. Thoughts or suggestions? " >>> >>> After searching, I have not found a solution to this. I am already >>> using a mysql bayes for my lvs mail cluster system.. I need a way to >>> store SA user preferences globally.. and i would rather not go back to >>> using spamc/spamd. >>> >>> thanks. >>> >>> Jonathan Higgins What preferences do you need to store in SQL? If you are purely looking at sql based whitelists / blacklists (and not SA preferences), here is something: http://filelister.linux-kernel.at/mod_perl?current=/tarballs/MailScanner Also if you can wait, mailwatch 0.6 when released (mailwatch.sf.net) will support sql based whitelists / blacklists. - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Jun 6 15:10:03 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:55 2006 Subject: whitelist and listed in RBL Message-ID: Diane Which whitelist - SA or MS? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Diane Rolland wrote: > I had a strange one today and it caused me to wonder about the overwriting > or applied order of some of the mailscanner rules. > > I had an authenticated user send an email from our smtp server. The > authenticated user's domain is specified in the WhiteList. > > However, whatever internet connection he was using has the sending IP > address blacklisted in SBL+XBL. > > I would like to let anything in the whitelist always go out. > > Is there somewhere that I can change the way that this is working? > > Regards, > Diane > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drolland at KDINET.COM Mon Jun 6 15:37:23 2005 From: drolland at KDINET.COM (Diane Rolland) Date: Thu Jan 12 21:29:55 2006 Subject: whitelist and listed in RBL Message-ID: I'm using MS rules. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth Sent: Monday, June 06, 2005 9:10 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: whitelist and listed in RBL Diane Which whitelist - SA or MS? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Diane Rolland wrote: > I had a strange one today and it caused me to wonder about the overwriting > or applied order of some of the mailscanner rules. > > I had an authenticated user send an email from our smtp server. The > authenticated user's domain is specified in the WhiteList. > > However, whatever internet connection he was using has the sending IP > address blacklisted in SBL+XBL. > > I would like to let anything in the whitelist always go out. > > Is there somewhere that I can change the way that this is working? > > Regards, > Diane > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Jun 6 15:44:27 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:55 2006 Subject: whitelist and listed in RBL Message-ID: Diane can you post how you've configure MS for both the whitelist and RBL section (+plus what version of MS as 4.42 had a new option to help with the RBL processing!). -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Diane Rolland wrote: > I'm using MS rules. > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf > Of Martin Hepworth > Sent: Monday, June 06, 2005 9:10 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: whitelist and listed in RBL > > Diane > > Which whitelist - SA or MS? > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Diane Rolland wrote: > >>I had a strange one today and it caused me to wonder about the overwriting >>or applied order of some of the mailscanner rules. >> >>I had an authenticated user send an email from our smtp server. The >>authenticated user's domain is specified in the WhiteList. >> >>However, whatever internet connection he was using has the sending IP >>address blacklisted in SBL+XBL. >> >>I would like to let anything in the whitelist always go out. >> >>Is there somewhere that I can change the way that this is working? >> >>Regards, >>Diane >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Mon Jun 6 15:56:00 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:29:55 2006 Subject: who is using require_rdns.m4? Message-ID: Gang, There was a thread a while back "block emails with no valid reverse DNS", and one of the options was Neil Rickert's require_rdns.m4 hack for sendmail. I'm wondering how many people out there use this successfully? Jeff Earickson Colby College ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drolland at KDINET.COM Mon Jun 6 15:55:02 2005 From: drolland at KDINET.COM (Diane Rolland) Date: Thu Jan 12 21:29:55 2006 Subject: whitelist and listed in RBL Message-ID: OK; when I went to post those configs I now see the problem... the domain I thought it was coming from is indeed NOT whitelisted... Thanks for the replies, and Sorry for the wasted bandwidth. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth Sent: Monday, June 06, 2005 9:44 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: whitelist and listed in RBL Diane can you post how you've configure MS for both the whitelist and RBL section (+plus what version of MS as 4.42 had a new option to help with the RBL processing!). -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Diane Rolland wrote: > I'm using MS rules. > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf > Of Martin Hepworth > Sent: Monday, June 06, 2005 9:10 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: whitelist and listed in RBL > > Diane > > Which whitelist - SA or MS? > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Diane Rolland wrote: > >>I had a strange one today and it caused me to wonder about the overwriting >>or applied order of some of the mailscanner rules. >> >>I had an authenticated user send an email from our smtp server. The >>authenticated user's domain is specified in the WhiteList. >> >>However, whatever internet connection he was using has the sending IP >>address blacklisted in SBL+XBL. >> >>I would like to let anything in the whitelist always go out. >> >>Is there somewhere that I can change the way that this is working? >> >>Regards, >>Diane >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From henker at S-H-COM.DE Mon Jun 6 15:57:20 2005 From: henker at S-H-COM.DE (Steffan Henke) Date: Thu Jan 12 21:29:55 2006 Subject: Header added to outgoing messages Message-ID: On Sun, 29 May 2005, Julian Field wrote: > Found and fixed. This is a bug I accidentally introduced recently as a > result of another change someone wanted. I think I have found them all > now. The scanning was working as intended, but the wrong header was > being put in. Julian, right now, I noticed that an "X-MailScanner: Found to be clean" is added if a domain gets a "Bcc:" of an email, is that an expected behaviour ? Let's say the ruleset for scans looks like this: To: a.com yes To: b.com yes To: default no Now I send an Email To: c.com with a Bcc: b.com . The email to c.com isn't actually scanned, nonetheless the header gets added. Regards, Steffan ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From henker at S-H-COM.DE Mon Jun 6 16:23:56 2005 From: henker at S-H-COM.DE (Steffan Henke) Date: Thu Jan 12 21:29:55 2006 Subject: who is using require_rdns.m4? Message-ID: On Mon, 6 Jun 2005, Jeff A. Earickson wrote: > There was a thread a while back "block emails with no valid reverse DNS", > and one of the options was Neil Rickert's require_rdns.m4 hack for > sendmail. I'm wondering how many people out there use this successfully? We are happily using it for a couple of months now. Mails from hosts without reverse DNS are rejected with an error message so the user knows that his email has not been received. I think this is a fair behaviour. When I look at the logs, most of the rejected hosts are spam sources from either Korea or Brazil. If I'm not mistaken, AOL dumps email from hosts w/o PTR records to /dev/null. Regards, Steffan ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Mon Jun 6 16:53:38 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:55 2006 Subject: Generic spam plug-in Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > If I write you folks a generic way of adding in a spam-processing > plugin, how would you like it to work? > A command-line or a function call? > How do you want the envelope data? (client ip, sender, recipients) > > Returns a spam yes/no flag, or a score to add to SpamAssassin? > Or a yes/no flag with a configurable score in MailScanner.conf? > > How do you actually want this interface to work? > > P.S. Do my PGP-signed list postings look okay? > Signing looks good through GMANE. I just need to set the trust on your key when I have time. -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Mon Jun 6 17:23:04 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:55 2006 Subject: who is using require_rdns.m4? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Steffan Henke wrote: > On Mon, 6 Jun 2005, Jeff A. Earickson wrote: > > >>There was a thread a while back "block emails with no valid reverse DNS", >>and one of the options was Neil Rickert's require_rdns.m4 hack for >>sendmail. I'm wondering how many people out there use this successfully? > > > We are happily using it for a couple of months now. Mails from hosts > without reverse DNS are rejected with an error message so the user knows > that his email has not been received. > I think this is a fair behaviour. When I look at the logs, most of the > rejected hosts are spam sources from either Korea or Brazil. > If I'm not mistaken, AOL dumps email from hosts w/o PTR records to > /dev/null. > > Regards, > > Steffan > The last time I got one, AOL still was notifying. Took me a week with MCI to get that straightened out. -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From brichter at INTERACCESS.COM Mon Jun 6 17:50:19 2005 From: brichter at INTERACCESS.COM (brichter) Date: Thu Jan 12 21:29:55 2006 Subject: Turning on Check SA If on Spam list directive.. (For bayes) Message-ID: 1. We mark messages that are blacklisted as High Scoring. (So we can change the subject to reflect it failed Spam Checks due to Black Listing) 2. Anything that is under high scoring that is over 7.0, the subject gets changed to indicate it's Spam that failed because of analasys of the message content. In our enviornment 95% of the Spam that hits our gateways are coming from Black Listed sources. We currently have set: Spam Lists To Reach High Score = 1 So 95% of our Spam never gets processed by Spam Assasin (Which I would like so that it can help the bayes DB train better for the Spam that comes in through non black listed sources) My question is if I set: Check SpamAssassin If On Spam List = from no to yes Will it no longer have the "High Scoring" functinality applied to it that Mail Scanner currently does in our enviornment? (Different changed subject line indicating that it's Black Listed) I would like to have Spam Assassin process these so that they get applied to the bayes DB, but still have the subject line changed as I currently do to indicate it's from a black listed source. We forward ALL spam through our email gateway, then the clients have rules to push the messages into a local Spam folder they can look through. Thanks ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From chris at scorpion.nl Mon Jun 6 19:33:24 2005 From: chris at scorpion.nl (Christiaan den Besten) Date: Thu Jan 12 21:29:55 2006 Subject: RFC: Useful or not ? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi all ! Couple of days ago I noticed our mailservers were blocking a large quantity or "HTML.Phishing.Bank-225'. Since some virusscanners have failed us a couple of times before I wanted to double check it was not blocking by mistake. Since we do not quarantine these virusses by default I had to enable this, restart MS, wait for an instance of this particular virus (/ phishing mail) to popup again, disable quarantine, restart MS etc .... e voila .. I had my sample. At that time I dediced it would be more relaxed if MailScanner could save a 'sample' of every 'new virus' (or other things our virusscanner blocks) it receives. Therefore I wrote a small patch for MailScanner which does just that. Would other people see this as a useful supplement to MailScanner, or is it just handy for me (/us). Any feedback is appreciated. You can download a patch (for SweepViruses.pm) at http://mailscanner.prolocation.net/MS-VirusSample-v2.patch. It currently supports virusses detected by ClamAVModule and f-prot. But adding support for other virusscanner is pretty trivial. The current patch also assumes you have made a directory /var/spool/MailScanner/VirusSamples/ which is chown'ed to same uid as the MailScanner processes. bye, Chris ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Mon Jun 6 20:11:10 2005 From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:29:55 2006 Subject: Useful or not ? Message-ID: It sounds like an interesting idea, but if it could alert you to them, apart from just putting it in the logs it would be more useful imho M Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location & domains http://www.blacknight.ie/ Tel. +353 59 9137101 | Fax. +353 59 9146970 Tired of your current host? Save 15% when you move to us! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Mon Jun 6 20:12:40 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:55 2006 Subject: SV: Latest Stable MailScanner Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Defunct processes are a normal occurence (harmless things at that, only "occupying" a PID until the "parent" reaps them by wait()... so that noone accidentally signals the wrong process or somesuch:), so unless you have any other problem indicators... I wouldn't worry too much:). -- Glenn -----Ursprungligt meddelande----- Från: MailScanner mailing list genom Michael H. Martel Skickat: må 2005-06-06 14:34 Till: MAILSCANNER@JISCMAIL.AC.UK Kopia: Ämne: Latest Stable MailScanner hello! I just tried to upgrade to the latest stable version of MailScanner on my production box. When I launch MailScanner, everything seems to be fine. However, I start seeing defunct processes for MailScanner after a very short time (seconds). Using the last stable vesion I can do : [root@hemlock opt]# ps -eaf | grep Mail root 12265 1 0 08:29 ? 00:00:00 /usr/bin/perl -I/opt/MailScanner root 12266 12265 1 08:29 ? 00:00:02 /usr/bin/perl -I/opt/MailScanner root 12321 12265 1 08:29 ? 00:00:02 /usr/bin/perl -I/opt/MailScanner root 12339 12265 1 08:29 ? 00:00:03 /usr/bin/perl -I/opt/MailScanner root 12427 12265 1 08:30 ? 00:00:02 /usr/bin/perl -I/opt/MailScanner root 12558 12265 1 08:30 ? 00:00:02 /usr/bin/perl -I/opt/MailScanner root 12785 25309 0 08:32 pts/0 00:00:00 grep Mail Using the latest Stable version, almost everytime I do the same command I see the following : [root@hemlock log]# ps -eaf | grep Mail root 12013 1 0 08:27 ? 00:00:00 /usr/bin/perl -I/opt/MailScanner root 12014 12013 6 08:27 ? 00:00:02 [MailScanner ] root 12051 12013 8 08:27 ? 00:00:02 [MailScanner ] root 12067 12013 14 08:27 ? 00:00:02 /usr/bin/perl -I/opt/MailScanner root 12092 12013 52 08:27 ? 00:00:02 /usr/bin/perl -I/opt/MailScanner root 12095 25309 0 08:27 pts/0 00:00:00 grep Mail It looks like I start getting defunct processes almost immediately after launching it. MailScanner -v gives me the following. Thoughts ? [root@hemlock opt]# /opt/MailScanner-4.42.9/bin/MailScanner -v Running on Linux hemlock.vsc.edu 2.4.20-28.7smp #1 SMP Thu Dec 18 11:18:31 EST 2003 i686 unknown This is Red Hat Linux release 7.3 (Valhalla) This is Perl version 5.008006 (5.8.6) This is MailScanner version 4.42.9 Module versions are: 1.00 AnyDBM_File 1.14 Archive::Zip 1.03 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.16 File::Temp 1.29 HTML::Entities 3.45 HTML::Parser 2.30 HTML::TokeParser 1.21 IO 1.10 IO::File 1.123 IO::Pipe 1.50 Mail::Header 3.05 MIME::Base64 5.417 MIME::Decoder 5.417 MIME::Decoder::UU 5.417 MIME::Head 5.417 MIME::Parser 3.03 MIME::QuotedPrint 5.417 MIME::Tools 0.10 Net::CIDR 1.08 POSIX 1.77 Socket 0.05 Sys::Syslog 1.02 Time::localtime Optional module versions are: 1.811 DB_File 1.08 Digest 1.01 Digest::HMAC 2.33 Digest::MD5 2.10 Digest::SHA1 0.44 Inline missing Mail::ClamAV 3.000003 Mail::SpamAssassin 1.997 Mail::SPF::Query 0.15 Net::CIDR::Lite 0.48 Net::DNS 0.32 Net::LDAP 1.94 Parse::RecDescent missing SAVI 1.2 Sys::Hostname::Long 2.42 Test::Harness 0.47 Test::Simple 1.95 Text::Balanced 1.35 URI Michael -- --------------------------------o--------------------------------- Michael H. Martel | Systems Administrator michael.martel@vsc.edu | Vermont State Colleges http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Mon Jun 6 20:16:32 2005 From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:29:55 2006 Subject: who is using require_rdns.m4? Message-ID: I'd love to do something with this, but I wouldn't like to drop the mail entirely, as I know that there would be a silly amount of valid mail dropped if I did. How does it handle shared IPs? I was reading somewhere that the reverse and forward records have to match, which would cause issues in some instances Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location & domains http://www.blacknight.ie/ Tel. +353 59 9137101 | Fax. +353 59 9146970 Tired of your current host? Save 15% when you move to us! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From chris at scorpion.nl Mon Jun 6 20:16:52 2005 From: chris at scorpion.nl (Christiaan den Besten) Date: Thu Jan 12 21:29:55 2006 Subject: Useful or not ? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] You think? Then again. A simple cron could look for changes in /var/spool/MailScanner/VirusSamples/ and notify you. But would you want to be notified for every new version of Mytob.xxx ? bye, Chris > It sounds like an interesting idea, but if it could alert you to them, apart > from just putting it in the logs it would be more useful imho > > M > > > > Mr Michele Neylon > Blacknight Internet Solutions Ltd > Hosting, co-location & domains > http://www.blacknight.ie/ > Tel. +353 59 9137101 | Fax. +353 59 9146970 > Tired of your current host? Save 15% when you move to us! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Mon Jun 6 20:39:02 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:29:55 2006 Subject: who is using require_rdns.m4? Message-ID: On Mon, 6 Jun 2005, Michele Neylon :: Blacknight Solutions wrote: > Date: Mon, 6 Jun 2005 20:16:32 +0100 > From: "Michele Neylon :: Blacknight Solutions" > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: who is using require_rdns.m4? > > I'd love to do something with this, but I wouldn't like to drop the mail > entirely, as I know that there would be a silly amount of valid mail dropped > if I did. I installed require_rdns.m4 into my sendmail config this morning, and I've been watching it closely today. In approx 6 hours, I've rejected (500 error) nearly 2200 emails, with another 1080 tempfails (400 error) for not resolving or A/PTR record mismatches. I've warned our helpdesk about what I did and why, and I'm waiting for the yelling to begin. So far, silence. The bulk of rejections are from APNIC numbers. I love watching spammers fail. > > How does it handle shared IPs? I've seen machines with multiple NICs and IPs, but never heard of two machines sharing the same IP. Hunh? > I was reading somewhere that the reverse and forward records have to match, > which would cause issues in some instances No reverse DNS = fatal 500 error. Resolution failures or A/PTR mismatch are 400 tempfail errors. In googling on require_rdns.m4, there is some opinion that A/PTR mismatches should be a 500 error too. I would agree, but I'm presently giving mismatches a tempfail error instead. Jeff Earickson Colby College ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jun 6 20:44:53 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:55 2006 Subject: SV: Latest Stable MailScanner Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 If you look at the process IDs of the defunct processes, you will find that they actually are constantly changing, and are therefore not the same defunct processes at all. MailScanner does generate defunct processes which live for a second or two before being reaped. It generates a steady stream of them, which it constantly reaps. This is all quite normal. Steen, Glenn wrote: >Defunct processes are a normal occurence (harmless things at that, only "occupying" a PID until the "parent" reaps them by wait()... so that noone accidentally signals the wrong process or somesuch:), so unless you have any other problem indicators... I wouldn't worry too much:). > >-- Glenn > >-----Ursprungligt meddelande----- >FrÃ¥n: MailScanner mailing list genom Michael H. Martel >Skickat: mÃ¥ 2005-06-06 14:34 >Till: MAILSCANNER@JISCMAIL.AC.UK >Kopia: >Ã^Ämne: Latest Stable MailScanner >hello! > >I just tried to upgrade to the latest stable version of MailScanner on my >production box. When I launch MailScanner, everything seems to be fine. >However, I start seeing defunct processes for MailScanner after a very >short time (seconds). > >Using the last stable vesion I can do : > >[root@hemlock opt]# ps -eaf | grep Mail >root 12265 1 0 08:29 ? 00:00:00 /usr/bin/perl >-I/opt/MailScanner >root 12266 12265 1 08:29 ? 00:00:02 /usr/bin/perl >-I/opt/MailScanner >root 12321 12265 1 08:29 ? 00:00:02 /usr/bin/perl >-I/opt/MailScanner >root 12339 12265 1 08:29 ? 00:00:03 /usr/bin/perl >-I/opt/MailScanner >root 12427 12265 1 08:30 ? 00:00:02 /usr/bin/perl >-I/opt/MailScanner >root 12558 12265 1 08:30 ? 00:00:02 /usr/bin/perl >-I/opt/MailScanner >root 12785 25309 0 08:32 pts/0 00:00:00 grep Mail > >Using the latest Stable version, almost everytime I do the same command I >see the following : > >[root@hemlock log]# ps -eaf | grep Mail >root 12013 1 0 08:27 ? 00:00:00 /usr/bin/perl >-I/opt/MailScanner >root 12014 12013 6 08:27 ? 00:00:02 [MailScanner ] >root 12051 12013 8 08:27 ? 00:00:02 [MailScanner ] >root 12067 12013 14 08:27 ? 00:00:02 /usr/bin/perl >-I/opt/MailScanner >root 12092 12013 52 08:27 ? 00:00:02 /usr/bin/perl >-I/opt/MailScanner >root 12095 25309 0 08:27 pts/0 00:00:00 grep Mail > > >It looks like I start getting defunct processes almost immediately after >launching it. MailScanner -v gives me the following. > >Thoughts ? > >[root@hemlock opt]# /opt/MailScanner-4.42.9/bin/MailScanner -v >Running on >Linux hemlock.vsc.edu 2.4.20-28.7smp #1 SMP Thu Dec 18 11:18:31 EST 2003 >i686 unknown >This is Red Hat Linux release 7.3 (Valhalla) >This is Perl version 5.008006 (5.8.6) > >This is MailScanner version 4.42.9 >Module versions are: >1.00 AnyDBM_File >1.14 Archive::Zip >1.03 Carp >1.119 Convert::BinHex >1.00 DirHandle >1.05 Fcntl >2.73 File::Basename >2.08 File::Copy >2.01 FileHandle >1.06 File::Path >0.16 File::Temp >1.29 HTML::Entities >3.45 HTML::Parser >2.30 HTML::TokeParser >1.21 IO >1.10 IO::File >1.123 IO::Pipe >1.50 Mail::Header >3.05 MIME::Base64 >5.417 MIME::Decoder >5.417 MIME::Decoder::UU >5.417 MIME::Head >5.417 MIME::Parser >3.03 MIME::QuotedPrint >5.417 MIME::Tools >0.10 Net::CIDR >1.08 POSIX >1.77 Socket >0.05 Sys::Syslog >1.02 Time::localtime > >Optional module versions are: >1.811 DB_File >1.08 Digest >1.01 Digest::HMAC >2.33 Digest::MD5 >2.10 Digest::SHA1 >0.44 Inline >missing Mail::ClamAV >3.000003 Mail::SpamAssassin >1.997 Mail::SPF::Query >0.15 Net::CIDR::Lite >0.48 Net::DNS >0.32 Net::LDAP >1.94 Parse::RecDescent >missing SAVI >1.2 Sys::Hostname::Long >2.42 Test::Harness >0.47 Test::Simple >1.95 Text::Balanced >1.35 URI > > >Michael > >-- > > --------------------------------o--------------------------------- > Michael H. Martel | Systems Administrator > michael.martel@vsc.edu | Vermont State Colleges > http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQqSnxRH2WUcUFbZUEQK8bgCfadfC1DPtQjDgOLn3D6eS+4HRKq8AoJ58 Sa3rHfggqdB2PteoTmzI++SQ =okMj -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ard at pergamentum.com Mon Jun 6 20:46:44 2005 From: ard at pergamentum.com (Alisdair Davey) Date: Thu Jan 12 21:29:55 2006 Subject: who is using require_rdns.m4? Message-ID: On Mon, 2005-06-06 at 13:39, Jeff A. Earickson wrote: > On Mon, 6 Jun 2005, Michele Neylon :: Blacknight Solutions wrote: > > > Date: Mon, 6 Jun 2005 20:16:32 +0100 > > From: "Michele Neylon :: Blacknight Solutions" > > Reply-To: MailScanner mailing list > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: who is using require_rdns.m4? > > > > I'd love to do something with this, but I wouldn't like to drop the mail > > entirely, as I know that there would be a silly amount of valid mail dropped > > if I did. > > I installed require_rdns.m4 into my sendmail config this morning, and I've > been watching it closely today. In approx 6 hours, I've rejected (500 error) > nearly 2200 emails, with another 1080 tempfails (400 error) for not resolving > or A/PTR record mismatches. I've warned our helpdesk about what I did and > why, and I'm waiting for the yelling to begin. So far, silence. The bulk > of rejections are from APNIC numbers. I love watching spammers fail. > > > > > How does it handle shared IPs? > > I've seen machines with multiple NICs and IPs, but never heard of two machines > sharing the same IP. Hunh? I think he is referring to the situation where multiple domain names resolve to the same ip, but the ip can only resolve to one name. I would have thought this is quite common especially among ISPs. Cheers Alisdair > > I was reading somewhere that the reverse and forward records have to match, > > which would cause issues in some instances > > No reverse DNS = fatal 500 error. Resolution failures or A/PTR mismatch > are 400 tempfail errors. In googling on require_rdns.m4, there is some > opinion that A/PTR mismatches should be a 500 error too. I would agree, > but I'm presently giving mismatches a tempfail error instead. > > Jeff Earickson > Colby College > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- Dr Alisdair Davey ard@pergamentum.com Pergamentum Solutions Tel: 1-406-581-6869 2066 Dailey Lane Superior, CO 80027 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jun 6 20:50:00 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:55 2006 Subject: Generic spam plug-in Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Adri Koppes wrote: >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >>Behalf Of Rakesh >>Sent: 06 June, 2005 08:04 >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: Generic spam plug-in >> >> >>Dhawal Doshy wrote: >> >> >> >>>Hi, >>> >>>Julian Field wrote: >>> >>> >>> >>>>If I write you folks a generic way of adding in a spam-processing >>>>plugin, how would you like it to work? >>>>A command-line or a function call? >>>>How do you want the envelope data? (client ip, sender, recipients) >>>> >>>>Returns a spam yes/no flag, or a score to add to SpamAssassin? >>>>Or a yes/no flag with a configurable score in MailScanner.conf? >>>> >>>>How do you actually want this interface to work? >>>> >>>> >>>> >>>Command lines sound easier compared to functions for a >>> >>> >>non-programmer >> >> >>>like me. >>> >>> >>> >> >> >> >> >>>Situation one (as already proposed by Julian) >>>============= >>>The 3rd party engine outputs SPAM / NOTSPAM, in which case use the >>>following flags >>>a. NO (surely not spam) >>>b. YES (surely spam) >>>c. SKIPPED (if no output is found) >>> >>>Situation two >>>============= >>>The 3rd party engine outputs a %age or a number (say -100 to +100) >>>then the input filter will watch for a number and based on >>> >>> >>that give >> >> >>>the following flag >>>a. NO (surely not spam) >>>b. MOSTLY_NO (mostly not spam) >>>c. MOSTLY_YES (probably spam) >>>d. YES (surely spam) >>>e. SKIPPED (if no number is found) >>> >>>Flag Action: (again as recommended by Julian) >>>The above flags NO,(MOSTLY_NO),(MOSTLY_YES),YES,SKIPPED with a >>>configurable score in MailScanner.conf seem most flexible to me. >>> >>> >>> >>I agree with Dhawal on the Scoring mechanism of the plugin, >>which should >>be configurable in MailScanner.conf , however I feel that it should be >>invoked using function call instead of command line. A function call >>would be efficient in terms of processesing and since this plugin is >>going to be called from with in MailScanner, I think we need >>not bother >>much on its command line version. >> >>Rakesh >> >> > >I agree a function call might be more efficient, but since this is supposed to be a generic plug-in, I think we should always have to option to use a command line version and process the output via a pipe, exit code or temporary file. >Using a function call would make the generic plug-in less generic, since you can then only use it for external programs which have a perl interface! > > If I provide it as a function call, I'm sure you are capable of writing a little bit of code to call an external program :-) - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQqSo6RH2WUcUFbZUEQKRhwCeLoW3/O9f6qeIY8f8s/gNN096sfUAoLUm F9RJInMUdDc2I7Ai9TinPLUe =/9X4 -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Mon Jun 6 20:37:48 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:55 2006 Subject: who is using require_rdns.m4? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Michele Neylon :: Blacknight Solutions wrote: > I'd love to do something with this, but I wouldn't like to drop the mail > entirely, as I know that there would be a silly amount of valid mail dropped > if I did. > > How does it handle shared IPs? > I was reading somewhere that the reverse and forward records have to match, > which would cause issues in some instances If only there was a SpamAssassin plugin for a plain no rdns lookup. At least I couldn't find one. They all seem to deal with forged headers of some kind. -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jun 6 20:52:16 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:55 2006 Subject: Generic spam plug-in Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Adri Koppes wrote: >>Hi, >> >>Adri Koppes schrieb: >> >> >>>I agree a function call might be more efficient, but since this is >>>supposed to be a generic plug-in, I think we should always have to >>>option to use a command line version and process the output via a >>>pipe, exit code or temporary file. >>> >>> >>>Using a function call would make the generic plug-in less generic, >>>since you can then only use it for external programs which have a >>>perl interface! >>> >>> >>It is extreamly easy writing a very small perl function that does a >>'system' call to execute a command line script. >> >>-- >>Felix >> >> > >Sure it's not to difficult to do a 'system' call. >It gets a little more complicated when you have to add timeouts, setting up the pipe, processing the output etc. >I wouldn't have too many problems, but I think there are many people who are using MailScanner without having knowing how to write a perl script. > > I was going to do all the timeout stuff for you anyway. Even if it's a function call, it will still need a timeout wrapper. And I can probably come up with some example code that uses an external program for you. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQqSpcRH2WUcUFbZUEQJQRgCdGbFYr6puRcePB9tjwwvrIjtm3gwAn1cw 7U11ZC/tj1xwpXItjHdaQyDm =8BJ0 -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jun 6 20:54:03 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:55 2006 Subject: Spam then Disarmed or Disarmed then Spam? Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thanks for confirming that, it's what I expected. For some reason someone at work is getting {Disarmed} {Spam?}. The only thing I can think is that the {Spam?} and {Disarmed} tags are being added by different servers (which is quite possible with my setup). Jeff A. Earickson wrote: > Julian, > > With 4.43.2, I am getting > > Subject: {Spam?} {Disarmed} blah blah > > Looks good to me. > > Jeff Earickson > Colby College > > On Sun, 5 Jun 2005, Julian Field wrote: > >> Date: Sun, 5 Jun 2005 18:45:38 +0100 >> From: Julian Field >> Reply-To: MailScanner mailing list >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Spam then Disarmed or Disarmed then Spam? >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Which order are you getting your Subject line tags in? They should have >> Spam on the front, followed by Disarmed (if it applied, obviously). >> Which order are you getting them in? >> >> - -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.0.1 (Build 2185) >> >> iQA/AwUBQqM6ZBH2WUcUFbZUEQIDwACgpBYePBwkGKyrx4f79VFtb+4PW6IAoNqC >> wy4ESasWItMi8akGtnOi15Fs >> =g3DU >> -----END PGP SIGNATURE----- >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQqSp3BH2WUcUFbZUEQJ+2QCgpnoYzutpp5UCYtN3pBn6yKYCACkAoO5s MYnhF1jQ4OHKA9Hr+52jFNTl =+OBI -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jun 6 21:05:52 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:55 2006 Subject: Generic spam plug-in Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Current thoughts are a function call (with timeout wrapper). It gets passed the smtp client ip, the sender and the list of recipients, and a ref to an array of lines holding the entire message. The function simply returns a number which is added to the spam score along with the SpamAssassin score. You can replace SpamAssassin completely by just using the generic wrapper and setting "Use SpamAssassin = no". If the timeout happens, the score contribution is just 0. I should also provide some sample code which calls an external program to produce the result score. My code will probably just output smtp client ip address (IPv4 or IPv6) sender address recipient address next recipient address... blank line message contents It will expect one line of input which will either be the return code from the program or the contents of the 1 line of output it produces which should be a number. I'll provide samples for both, up to you which you use. MailScanner.conf controls should be Use Custom Spam Detector = yes/no Custom Spam Detector Function = That should be all you need. What do you think? Dennis Willson wrote: > If I could only have one I would prefer command-line. However couldn't > there be a flag to indicate which mode a filter uses? > Also I'm hoping that multiple plug-ins are allowed... I want to write > one and I may find that billy-bob wrote one I would like to include as > well. > I also would prefer a score, That's the most flexible... If I want > pass/fail I just make it always return a super high score. > > THANKS!! > > > Julian Field wrote: > >>-----BEGIN PGP SIGNED MESSAGE----- >>Hash: SHA1 >> >>If I write you folks a generic way of adding in a spam-processing >>plugin, how would you like it to work? >>A command-line or a function call? >>How do you want the envelope data? (client ip, sender, recipients) >> >>Returns a spam yes/no flag, or a score to add to SpamAssassin? >>Or a yes/no flag with a configurable score in MailScanner.conf? >> >>How do you actually want this interface to work? >> >>P.S. Do my PGP-signed list postings look okay? >> >>- -- >>Julian Field >>www.MailScanner.info >>Buy the MailScanner book at www.MailScanner.info/store >>Professional Support Services at www.MailScanner.biz >>MailScanner thanks transtec Computers for their support >> >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >>-----BEGIN PGP SIGNATURE----- >>Version: PGP Desktop 9.0.1 (Build 2185) >> >>iQA/AwUBQqHsfhH2WUcUFbZUEQKwFQCfWsqhGU1ygJCbIpArZKL7ZcugOVYAn3RC >>dMdSQsxMGcrL51Ei8fikXSaM >>=a9hr >>-----END PGP SIGNATURE----- >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> > > -- > ------------------------------------------------------------------------ > */Dennis Willson/* > taz@taz-mania.com > taz@scubatech.org > > www.taz-mania.com > > Ham: KA6LSW > GMRS: WPSJ953 > SCUBA: Rescue, Wreck, Night, EANx, Nitrox Blender, UW Photographer, > Equip, Altitude > > Life should not be a journey to the grave with the intention of > arriving safely in a nice looking and well preserved body, but rather > to skid in broadside, thoroughly used up, totally worn out, and loudly > proclaiming, "WOW! WHAT A RIDE!" > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQqSsoRH2WUcUFbZUEQKyiwCgn2vDRab/O4Xhe2sOMxydr+Rlf5sAoIkx ZuXAewbiwgkyVRJU7QMRJdaH =e1fj -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cade.thacker at ONERINGGROUP.COM Mon Jun 6 22:09:16 2005 From: cade.thacker at ONERINGGROUP.COM (Cade Thacker) Date: Thu Jan 12 21:29:55 2006 Subject: TNEF - attach winmail.dat contents to original email ? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, my sincere apologies if this is a dead horse that is about to receive another beating, but I have looked through the email archives and my friends at Google were also not able to shed some light on my problem, so I finally thought I would turn to the experts. I will be happy to work with the powers that be to add this to the new Wiki, because I am sure somebody else has wondered the same thing. Here is the problem: We have some clients that continually receive winmail.dat files. Obviously, it be best if winmail.dat would just go away, but unfortunately that is not that case ;) What we would like to do, is to setup the MailScanner so that when the mail is processed it will go ahead and unpack the winmail.dat file, extract the actual attachment, scan it for viruses, and the re-attach that to the original email, thus discarding the original winmail.dat file. Thus the client does not have to bothered with the winmail.dat file. I looked through the MailScanner.conf and studied the TNEF settings, but my understanding of them is that they unpack the winmail.dat so that the file(s) can be scanned, then just sends the original email on it way with the winmail.dat still attached. I am just hoping to take this one step further. We are currently running MailScanner 4.41.3 on Fedora Core 3. Can this be accomplished through MailScanner, or should I even dive down into setting up a sendmail filter? I am open to any and all suggestions. Thanks for your help! -- - Cade Thacker - - One Ring Group - cade.thacker@oneringgroup.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dnwilson at bigpond.com Mon Jun 6 22:43:34 2005 From: dnwilson at bigpond.com (David Wilson) Date: Thu Jan 12 21:29:55 2006 Subject: Scanning Encapsulated Messages ? Message-ID: I am the moderator of several discussion lists. The list system sends me the messages to moderate as Encapsulated Messages in the request email. I get a lot of spam to these lists but Mailscanner & SpamAssassin do not seem to be picking up the spam when it is in the Encapsulated Messages. It marks the same spam message as spam correctly when it is sent direct to me as an ordinary email. Are there some settings in Mailscanner I could set to improve the filtering ? regards David Wilson ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Mon Jun 6 22:47:57 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:55 2006 Subject: SV: SV: Latest Stable MailScanner Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Indeed. And MS is not alone in this type of behaviour. It's when the parent _never_ reaps the defuncts that one should stop and pay attention... Like with the crummy AIX snmpd thing that I've got missbehaving ATM...:-). -- Glenn -----Ursprungligt meddelande----- Från: MailScanner mailing list genom Julian Field Skickat: må 2005-06-06 21:44 Till: MAILSCANNER@JISCMAIL.AC.UK Kopia: Ämne: Re: SV: Latest Stable MailScanner -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 If you look at the process IDs of the defunct processes, you will find that they actually are constantly changing, and are therefore not the same defunct processes at all. MailScanner does generate defunct processes which live for a second or two before being reaped. It generates a steady stream of them, which it constantly reaps. This is all quite normal. Steen, Glenn wrote: >Defunct processes are a normal occurence (harmless things at that, only "occupying" a PID until the "parent" reaps them by wait()... so that noone accidentally signals the wrong process or somesuch:), so unless you have any other problem indicators... I wouldn't worry too much:). > >-- Glenn > >-----Ursprungligt meddelande----- >Från: MailScanner mailing list genom Michael H. Martel >Skickat: må 2005-06-06 14:34 >Till: MAILSCANNER@JISCMAIL.AC.UK >Kopia: >Ämne: Latest Stable MailScanner >hello! > >I just tried to upgrade to the latest stable version of MailScanner on my >production box. When I launch MailScanner, everything seems to be fine. >However, I start seeing defunct processes for MailScanner after a very >short time (seconds). > >Using the last stable vesion I can do : > >[root@hemlock opt]# ps -eaf | grep Mail >root 12265 1 0 08:29 ? 00:00:00 /usr/bin/perl >-I/opt/MailScanner >root 12266 12265 1 08:29 ? 00:00:02 /usr/bin/perl >-I/opt/MailScanner >root 12321 12265 1 08:29 ? 00:00:02 /usr/bin/perl >-I/opt/MailScanner >root 12339 12265 1 08:29 ? 00:00:03 /usr/bin/perl >-I/opt/MailScanner >root 12427 12265 1 08:30 ? 00:00:02 /usr/bin/perl >-I/opt/MailScanner >root 12558 12265 1 08:30 ? 00:00:02 /usr/bin/perl >-I/opt/MailScanner >root 12785 25309 0 08:32 pts/0 00:00:00 grep Mail > >Using the latest Stable version, almost everytime I do the same command I >see the following : > >[root@hemlock log]# ps -eaf | grep Mail >root 12013 1 0 08:27 ? 00:00:00 /usr/bin/perl >-I/opt/MailScanner >root 12014 12013 6 08:27 ? 00:00:02 [MailScanner ] >root 12051 12013 8 08:27 ? 00:00:02 [MailScanner ] >root 12067 12013 14 08:27 ? 00:00:02 /usr/bin/perl >-I/opt/MailScanner >root 12092 12013 52 08:27 ? 00:00:02 /usr/bin/perl >-I/opt/MailScanner >root 12095 25309 0 08:27 pts/0 00:00:00 grep Mail > > >It looks like I start getting defunct processes almost immediately after >launching it. MailScanner -v gives me the following. > >Thoughts ? > >[root@hemlock opt]# /opt/MailScanner-4.42.9/bin/MailScanner -v >Running on >Linux hemlock.vsc.edu 2.4.20-28.7smp #1 SMP Thu Dec 18 11:18:31 EST 2003 >i686 unknown >This is Red Hat Linux release 7.3 (Valhalla) >This is Perl version 5.008006 (5.8.6) > >This is MailScanner version 4.42.9 >Module versions are: >1.00 AnyDBM_File >1.14 Archive::Zip >1.03 Carp >1.119 Convert::BinHex >1.00 DirHandle >1.05 Fcntl >2.73 File::Basename >2.08 File::Copy >2.01 FileHandle >1.06 File::Path >0.16 File::Temp >1.29 HTML::Entities >3.45 HTML::Parser >2.30 HTML::TokeParser >1.21 IO >1.10 IO::File >1.123 IO::Pipe >1.50 Mail::Header >3.05 MIME::Base64 >5.417 MIME::Decoder >5.417 MIME::Decoder::UU >5.417 MIME::Head >5.417 MIME::Parser >3.03 MIME::QuotedPrint >5.417 MIME::Tools >0.10 Net::CIDR >1.08 POSIX >1.77 Socket >0.05 Sys::Syslog >1.02 Time::localtime > >Optional module versions are: >1.811 DB_File >1.08 Digest >1.01 Digest::HMAC >2.33 Digest::MD5 >2.10 Digest::SHA1 >0.44 Inline >missing Mail::ClamAV >3.000003 Mail::SpamAssassin >1.997 Mail::SPF::Query >0.15 Net::CIDR::Lite >0.48 Net::DNS >0.32 Net::LDAP >1.94 Parse::RecDescent >missing SAVI >1.2 Sys::Hostname::Long >2.42 Test::Harness >0.47 Test::Simple >1.95 Text::Balanced >1.35 URI > > >Michael > >-- > > --------------------------------o--------------------------------- > Michael H. Martel | Systems Administrator > michael.martel@vsc.edu | Vermont State Colleges > http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQqSnxRH2WUcUFbZUEQK8bgCfadfC1DPtQjDgOLn3D6eS+4HRKq8AoJ58 Sa3rHfggqdB2PteoTmzI++SQ =okMj -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Mon Jun 6 22:59:30 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:29:55 2006 Subject: TNEF - attach winmail.dat contents to original email ? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > > Here is the problem: > We have some clients that continually receive winmail.dat files. > Obviously, it be best if winmail.dat would just go away, but > unfortunately that is not that case ;) What we would like to do, is to > setup the MailScanner so that when the mail is processed it will go > ahead and unpack the winmail.dat file, extract the actual attachment, > scan it for viruses, and the re-attach that to the original email, thus > discarding the original winmail.dat file. Thus the client does not have > to bothered with the winmail.dat file. Winmail.dat does not always mean that there is an attachment. It means that some one who has incorrectly configured their exchange server has allowed the iused of the Microsoft Rich Text for external emails and the formatting data is contained in the winmail.dat, not attachments. Formatting data like outlook stationery, and horizontal rules and other formatting data. You can safely delete them, but do it with a warning to the folks running exchange. If the email had an attachment and was send from an incorrectly configured exvchange environment you wouild see 2 attachments, not the winmail.dat containing the 2nd attachment. > > I looked through the MailScanner.conf and studied the TNEF settings, but > my understanding of them is that they unpack the winmail.dat so that the > file(s) can be scanned, then just sends the original email on it way > with the winmail.dat still attached. I am just hoping to take this one > step further. > > We are currently running MailScanner 4.41.3 on Fedora Core 3. > > Can this be accomplished through MailScanner, or should I even dive down > into setting up a sendmail filter? I am open to any and all suggestions. > Thanks for your help! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From max at KIPNESS.COM Mon Jun 6 23:01:42 2005 From: max at KIPNESS.COM (Max Kipness) Date: Thu Jan 12 21:29:55 2006 Subject: Store viruses as queue files? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I've currently got spam messages storing as queueu files so that they can be sent in case of a false/positive. I occasionally have file attachments that are named funny and need to be sent to the original recipient. Is there any way to have those stored as queue files as well? As it is, the file is just stored in a directory by the name of the message id and i have to copy it to the local webserver for download. Thanks, Max ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Mon Jun 6 23:06:54 2005 From: michele at BLACKNIGHT.IE (Michele Neylon:: Blacknight) Date: Thu Jan 12 21:29:55 2006 Subject: Store viruses as queue files? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Max Kipness wrote: > I've currently got spam messages storing as queueu files so that they can > be sent in case of a false/positive. > > I occasionally have file attachments that are named funny and need to be > sent to the original recipient. Is there any way to have those stored as > queue files as well? As it is, the file is just stored in a directory by > the name of the message id and i have to copy it to the local webserver > for download. > Which MTA? If it's sendmail you don't need to worry about the attachments as the the other files look after it for you ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Mon Jun 6 23:27:26 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:56 2006 Subject: TNEF - attach winmail.dat contents to original email ? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Peter Russell wrote: >> >> Here is the problem: >> We have some clients that continually receive winmail.dat files. >> Obviously, it be best if winmail.dat would just go away, but >> unfortunately that is not that case ;) What we would like to do, is to >> setup the MailScanner so that when the mail is processed it will go >> ahead and unpack the winmail.dat file, extract the actual attachment, >> scan it for viruses, and the re-attach that to the original email, >> thus discarding the original winmail.dat file. Thus the client does >> not have to bothered with the winmail.dat file. > > > Winmail.dat does not always mean that there is an attachment. It means > that some one who has incorrectly configured their exchange server has > allowed the iused of the Microsoft Rich Text for external emails and the > formatting data is contained in the winmail.dat, not attachments. > > Formatting data like outlook stationery, and horizontal rules and other > formatting data. > > You can safely delete them, but do it with a warning to the folks > running exchange. > > If the email had an attachment and was send from an incorrectly > configured exvchange environment you wouild see 2 attachments, not the > winmail.dat containing the 2nd attachment. > >> >> I looked through the MailScanner.conf and studied the TNEF settings, >> but my understanding of them is that they unpack the winmail.dat so >> that the file(s) can be scanned, then just sends the original email on >> it way with the winmail.dat still attached. I am just hoping to take >> this one step further. >> >> We are currently running MailScanner 4.41.3 on Fedora Core 3. >> >> Can this be accomplished through MailScanner, or should I even dive >> down into setting up a sendmail filter? I am open to any and all >> suggestions. >> Thanks for your help! >> > I have to dis-agree. winmail.dat can contain attachments as well as formatting. All packed up with the TNEF encoder. Another example of Microsoft's attempts at world domination. -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jwilliams at COURTESYMORTGAGE.COM Mon Jun 6 23:56:08 2005 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:29:56 2006 Subject: little off topic: Am I an open relay? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Something very odd is happening and im a little concerned and im turning to the boards here for some help. I have a mailgateway running here and so far, it has been perfect. All of the sudden, im seeing odd stuff from monster.com and yahoo.com. Here is a snip: Jun 6 15:47:56 mail sm-mta-in[34390]: j56Mlt20034390: from=, size=1333, class=0, nrcpts=1, msgid=<200506062245.j56Mjj3x084146@corpmail.courtesymortgage.com>, proto=ESMTP, daemon=MTA, relay=corpmail.courtesymortgage.com [xxx.xxx.xx.xx] Jun 6 15:47:56 mail sm-mta-in[34390]: j56Mlt20034390: to=, delay=00:00:01, mailer=esmtp, pri=31333, stat=queued Jun 6 15:47:59 mail MailScanner[33566]: New Batch: Scanning 1 messages, 1899 bytes Jun 6 15:47:59 mail MailScanner[33566]: Spam Checks: Starting Jun 6 15:47:59 mail MailScanner[33566]: Virus and Content Scanning: Starting Jun 6 15:48:00 mail MailScanner[33566]: Found ip-based phishing fraud from 205.138.199.146 in j56Mlt20034390 Jun 6 15:48:00 mail MailScanner[33566]: Content Checks: Detected and have disarmed HTML message in j56Mlt20034390 from support@monster.com Jun 6 15:48:00 mail MailScanner[33566]: Uninfected: Delivered 1 messages Jun 6 15:48:02 mail sendmail[34401]: j56Mlt20034390: to=, delay=00:00:07, xdelay=00:00:02, mailer=esmtp, pri=121333, relay=mailsorter.ma.tmpw.net. [63.112.169.25], dsn=2.0.0, stat=Sent (j56Mq3ei016306 Message accepted for delivery) I'm looking at this and it almost seems as if im an open relay!! Ok...great. here is my setup MS: 4-41.3 sendmail: 8.12.11 If I am an open relay, anyone here that can help me out. Email me at liquid.proxy@gmail.com while I determine what the hell is going on. Thanks Jason ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jwilliams at COURTESYMORTGAGE.COM Tue Jun 7 00:00:10 2005 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:29:56 2006 Subject: little off topic: Am I an open relay? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I ran a few quick open-relay tests and I am denying them. Either I am way too tired and im missing something blatantly obvious, or im just over-reacting. I appreciate the help. Jason Jason Williams wrote: > Something very odd is happening and im a little concerned and im > turning to the boards here for some help. > > I have a mailgateway running here and so far, it has been perfect. All > of the sudden, im seeing odd stuff from monster.com and yahoo.com. > > Here is a snip: > > Jun 6 15:47:56 mail sm-mta-in[34390]: j56Mlt20034390: > from=, size=1333, class=0, nrcpts=1, > msgid=<200506062245.j56Mjj3x084146@corpmail.courtesymortgage.com>, > proto=ESMTP, daemon=MTA, relay=corpmail.courtesymortgage.com > [xxx.xxx.xx.xx] > > Jun 6 15:47:56 mail sm-mta-in[34390]: j56Mlt20034390: > to=, delay=00:00:01, mailer=esmtp, pri=31333, > stat=queued > Jun 6 15:47:59 mail MailScanner[33566]: New Batch: Scanning 1 > messages, 1899 bytes > Jun 6 15:47:59 mail MailScanner[33566]: Spam Checks: Starting > Jun 6 15:47:59 mail MailScanner[33566]: Virus and Content Scanning: > Starting > Jun 6 15:48:00 mail MailScanner[33566]: Found ip-based phishing fraud > from 205.138.199.146 in j56Mlt20034390 > Jun 6 15:48:00 mail MailScanner[33566]: Content Checks: Detected and > have disarmed HTML message in j56Mlt20034390 from support@monster.com > Jun 6 15:48:00 mail MailScanner[33566]: Uninfected: Delivered 1 messages > Jun 6 15:48:02 mail sendmail[34401]: j56Mlt20034390: > to=, delay=00:00:07, xdelay=00:00:02, > mailer=esmtp, pri=121333, relay=mailsorter.ma.tmpw.net. > [63.112.169.25], dsn=2.0.0, stat=Sent (j56Mq3ei016306 Message accepted > for delivery) > > I'm looking at this and it almost seems as if im an open relay!! > > Ok...great. > > here is my setup > > MS: 4-41.3 > sendmail: 8.12.11 > > If I am an open relay, anyone here that can help me out. Email me at > liquid.proxy@gmail.com while I determine what the hell is going on. > > Thanks > > Jason > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jwilliams at COURTESYMORTGAGE.COM Tue Jun 7 00:09:32 2005 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:29:56 2006 Subject: little off topic: Am I an open relay? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Alright. Some additional information. This one just came in: Jun 6 15:58:20 mail sm-mta-in[36205]: j56MwKQx036205: from=, size=1380, class=0, nrcpts=1, msgid=<200506062256.j56MuA3x084356@corpmail.courtesymortgage.com>, proto=ESMTP, daemon=MTA, relay=corpmail.courtesymortgage.com [xxx.xxx.xx.xx] Jun 6 15:58:20 mail sm-mta-in[36205]: j56MwKQx036205: to=, delay=00:00:00, mailer=esmtp, pri=31380, stat=queued Jun 6 15:58:21 mail MailScanner[36016]: New Batch: Scanning 1 messages, 1964 bytes Jun 6 15:58:21 mail MailScanner[36016]: Spam Checks: Starting Jun 6 15:58:21 mail MailScanner[36016]: Virus and Content Scanning: Starting Jun 6 15:58:22 mail MailScanner[36016]: Found ip-based phishing fraud from 205.138.199.146 in j56MwKQx036205 Jun 6 15:58:22 mail MailScanner[36016]: Content Checks: Detected and have disarmed HTML message in j56MwKQx036205 from service@24hourfitness.com Jun 6 15:58:22 mail MailScanner[36016]: Uninfected: Delivered 1 messages Jun 6 15:58:23 mail sendmail[36216]: j56MwKQx036205: to=, delay=00:00:03, xdelay=00:00:00, mailer=esmtp, pri=121380, relay=24hourfitness.com.s7a1.psmtp.com. [64.18.6.10], dsn=5.1.1, stat=User unknown Uh, i'm really confused as to what is going on here. Why is it coming into my gateway and my gateway turnin around and relaying it? I just checked with www.ordb.org, ran their test as well as www.abuse.net to ensure I wasn't a open relay and i passed with flying colors. I'm confused right now. Anyone have any idea? Im annoyed but concerned right now. I appreciate it. Jason Jason Williams wrote: > I ran a few quick open-relay tests and I am denying them. > Either I am way too tired and im missing something blatantly obvious, > or im just over-reacting. > > I appreciate the help. > > Jason > > Jason Williams wrote: > >> Something very odd is happening and im a little concerned and im >> turning to the boards here for some help. >> >> I have a mailgateway running here and so far, it has been perfect. >> All of the sudden, im seeing odd stuff from monster.com and yahoo.com. >> >> Here is a snip: >> >> Jun 6 15:47:56 mail sm-mta-in[34390]: j56Mlt20034390: >> from=, size=1333, class=0, nrcpts=1, >> msgid=<200506062245.j56Mjj3x084146@corpmail.courtesymortgage.com>, >> proto=ESMTP, daemon=MTA, relay=corpmail.courtesymortgage.com >> [xxx.xxx.xx.xx] >> >> Jun 6 15:47:56 mail sm-mta-in[34390]: j56Mlt20034390: >> to=, delay=00:00:01, mailer=esmtp, pri=31333, >> stat=queued >> Jun 6 15:47:59 mail MailScanner[33566]: New Batch: Scanning 1 >> messages, 1899 bytes >> Jun 6 15:47:59 mail MailScanner[33566]: Spam Checks: Starting >> Jun 6 15:47:59 mail MailScanner[33566]: Virus and Content Scanning: >> Starting >> Jun 6 15:48:00 mail MailScanner[33566]: Found ip-based phishing >> fraud from 205.138.199.146 in j56Mlt20034390 >> Jun 6 15:48:00 mail MailScanner[33566]: Content Checks: Detected and >> have disarmed HTML message in j56Mlt20034390 from support@monster.com >> Jun 6 15:48:00 mail MailScanner[33566]: Uninfected: Delivered 1 >> messages >> Jun 6 15:48:02 mail sendmail[34401]: j56Mlt20034390: >> to=, delay=00:00:07, xdelay=00:00:02, >> mailer=esmtp, pri=121333, relay=mailsorter.ma.tmpw.net. >> [63.112.169.25], dsn=2.0.0, stat=Sent (j56Mq3ei016306 Message >> accepted for delivery) >> >> I'm looking at this and it almost seems as if im an open relay!! >> >> Ok...great. >> >> here is my setup >> >> MS: 4-41.3 >> sendmail: 8.12.11 >> >> If I am an open relay, anyone here that can help me out. Email me >> at liquid.proxy@gmail.com while I determine what the hell is going on. >> >> Thanks >> >> Jason >> ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raylund.lai at KANKANWOO.COM Tue Jun 7 00:12:31 2005 From: raylund.lai at KANKANWOO.COM (Raylund Lai) Date: Thu Jan 12 21:29:56 2006 Subject: little off topic: Am I an open relay? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] you should examine the email headers, not just the syslog. cheers raylund Jason Williams wrote: > Alright. Some additional information. This one just came in: > > Jun 6 15:58:20 mail sm-mta-in[36205]: j56MwKQx036205: > from=, size=1380, class=0, nrcpts=1, > msgid=<200506062256.j56MuA3x084356@corpmail.courtesymortgage.com>, > proto=ESMTP, daemon=MTA, relay=corpmail.courtesymortgage.com > [xxx.xxx.xx.xx] > Jun 6 15:58:20 mail sm-mta-in[36205]: j56MwKQx036205: > to=, delay=00:00:00, mailer=esmtp, pri=31380, > stat=queued > Jun 6 15:58:21 mail MailScanner[36016]: New Batch: Scanning 1 > messages, 1964 bytes > Jun 6 15:58:21 mail MailScanner[36016]: Spam Checks: Starting > Jun 6 15:58:21 mail MailScanner[36016]: Virus and Content Scanning: > Starting > Jun 6 15:58:22 mail MailScanner[36016]: Found ip-based phishing fraud > from 205.138.199.146 in j56MwKQx036205 > Jun 6 15:58:22 mail MailScanner[36016]: Content Checks: Detected and > have disarmed HTML message in j56MwKQx036205 from > service@24hourfitness.com > Jun 6 15:58:22 mail MailScanner[36016]: Uninfected: Delivered 1 messages > Jun 6 15:58:23 mail sendmail[36216]: j56MwKQx036205: > to=, delay=00:00:03, xdelay=00:00:00, > mailer=esmtp, pri=121380, relay=24hourfitness.com.s7a1.psmtp.com. > [64.18.6.10], dsn=5.1.1, stat=User unknown > > Uh, i'm really confused as to what is going on here. Why is it coming > into my gateway and my gateway turnin around and relaying it? > I just checked with www.ordb.org, ran their test as well as > www.abuse.net to ensure I wasn't a open relay and i passed with flying > colors. > > I'm confused right now. > > Anyone have any idea? Im annoyed but concerned right now. > > I appreciate it. > > Jason > > Jason Williams wrote: > >> I ran a few quick open-relay tests and I am denying them. >> Either I am way too tired and im missing something blatantly obvious, >> or im just over-reacting. >> >> I appreciate the help. >> >> Jason >> >> Jason Williams wrote: >> >>> Something very odd is happening and im a little concerned and im >>> turning to the boards here for some help. >>> >>> I have a mailgateway running here and so far, it has been perfect. >>> All of the sudden, im seeing odd stuff from monster.com and yahoo.com. >>> >>> Here is a snip: >>> >>> Jun 6 15:47:56 mail sm-mta-in[34390]: j56Mlt20034390: >>> from=, size=1333, class=0, nrcpts=1, >>> msgid=<200506062245.j56Mjj3x084146@corpmail.courtesymortgage.com>, >>> proto=ESMTP, daemon=MTA, relay=corpmail.courtesymortgage.com >>> [xxx.xxx.xx.xx] >>> >>> Jun 6 15:47:56 mail sm-mta-in[34390]: j56Mlt20034390: >>> to=, delay=00:00:01, mailer=esmtp, pri=31333, >>> stat=queued >>> Jun 6 15:47:59 mail MailScanner[33566]: New Batch: Scanning 1 >>> messages, 1899 bytes >>> Jun 6 15:47:59 mail MailScanner[33566]: Spam Checks: Starting >>> Jun 6 15:47:59 mail MailScanner[33566]: Virus and Content Scanning: >>> Starting >>> Jun 6 15:48:00 mail MailScanner[33566]: Found ip-based phishing >>> fraud from 205.138.199.146 in j56Mlt20034390 >>> Jun 6 15:48:00 mail MailScanner[33566]: Content Checks: Detected >>> and have disarmed HTML message in j56Mlt20034390 from >>> support@monster.com >>> Jun 6 15:48:00 mail MailScanner[33566]: Uninfected: Delivered 1 >>> messages >>> Jun 6 15:48:02 mail sendmail[34401]: j56Mlt20034390: >>> to=, delay=00:00:07, xdelay=00:00:02, >>> mailer=esmtp, pri=121333, relay=mailsorter.ma.tmpw.net. >>> [63.112.169.25], dsn=2.0.0, stat=Sent (j56Mq3ei016306 Message >>> accepted for delivery) >>> >>> I'm looking at this and it almost seems as if im an open relay!! >>> >>> Ok...great. >>> >>> here is my setup >>> >>> MS: 4-41.3 >>> sendmail: 8.12.11 >>> >>> If I am an open relay, anyone here that can help me out. Email me >>> at liquid.proxy@gmail.com while I determine what the hell is going >>> on. >>> >>> Thanks >>> >>> Jason >>> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jwilliams at COURTESYMORTGAGE.COM Tue Jun 7 00:17:17 2005 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:29:56 2006 Subject: little off topic: Am I an open relay? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I think I figured it out. This should be interesting. I think one of my users here put something on their computer and it was sending mail out. *SIGH* Raylund Lai wrote: > you should examine the email headers, not just the syslog. > > cheers > raylund > > Jason Williams wrote: > >> Alright. Some additional information. This one just came in: >> >> Jun 6 15:58:20 mail sm-mta-in[36205]: j56MwKQx036205: >> from=, size=1380, class=0, nrcpts=1, >> msgid=<200506062256.j56MuA3x084356@corpmail.courtesymortgage.com>, >> proto=ESMTP, daemon=MTA, relay=corpmail.courtesymortgage.com >> [xxx.xxx.xx.xx] >> Jun 6 15:58:20 mail sm-mta-in[36205]: j56MwKQx036205: >> to=, delay=00:00:00, mailer=esmtp, pri=31380, >> stat=queued >> Jun 6 15:58:21 mail MailScanner[36016]: New Batch: Scanning 1 >> messages, 1964 bytes >> Jun 6 15:58:21 mail MailScanner[36016]: Spam Checks: Starting >> Jun 6 15:58:21 mail MailScanner[36016]: Virus and Content Scanning: >> Starting >> Jun 6 15:58:22 mail MailScanner[36016]: Found ip-based phishing >> fraud from 205.138.199.146 in j56MwKQx036205 >> Jun 6 15:58:22 mail MailScanner[36016]: Content Checks: Detected and >> have disarmed HTML message in j56MwKQx036205 from >> service@24hourfitness.com >> Jun 6 15:58:22 mail MailScanner[36016]: Uninfected: Delivered 1 >> messages >> Jun 6 15:58:23 mail sendmail[36216]: j56MwKQx036205: >> to=, delay=00:00:03, xdelay=00:00:00, >> mailer=esmtp, pri=121380, relay=24hourfitness.com.s7a1.psmtp.com. >> [64.18.6.10], dsn=5.1.1, stat=User unknown >> >> Uh, i'm really confused as to what is going on here. Why is it coming >> into my gateway and my gateway turnin around and relaying it? >> I just checked with www.ordb.org, ran their test as well as >> www.abuse.net to ensure I wasn't a open relay and i passed with >> flying colors. >> >> I'm confused right now. >> >> Anyone have any idea? Im annoyed but concerned right now. >> >> I appreciate it. >> >> Jason >> >> Jason Williams wrote: >> >>> I ran a few quick open-relay tests and I am denying them. >>> Either I am way too tired and im missing something blatantly >>> obvious, or im just over-reacting. >>> >>> I appreciate the help. >>> >>> Jason >>> >>> Jason Williams wrote: >>> >>>> Something very odd is happening and im a little concerned and im >>>> turning to the boards here for some help. >>>> >>>> I have a mailgateway running here and so far, it has been perfect. >>>> All of the sudden, im seeing odd stuff from monster.com and yahoo.com. >>>> >>>> Here is a snip: >>>> >>>> Jun 6 15:47:56 mail sm-mta-in[34390]: j56Mlt20034390: >>>> from=, size=1333, class=0, nrcpts=1, >>>> msgid=<200506062245.j56Mjj3x084146@corpmail.courtesymortgage.com>, >>>> proto=ESMTP, daemon=MTA, relay=corpmail.courtesymortgage.com >>>> [xxx.xxx.xx.xx] >>>> >>>> Jun 6 15:47:56 mail sm-mta-in[34390]: j56Mlt20034390: >>>> to=, delay=00:00:01, mailer=esmtp, pri=31333, >>>> stat=queued >>>> Jun 6 15:47:59 mail MailScanner[33566]: New Batch: Scanning 1 >>>> messages, 1899 bytes >>>> Jun 6 15:47:59 mail MailScanner[33566]: Spam Checks: Starting >>>> Jun 6 15:47:59 mail MailScanner[33566]: Virus and Content >>>> Scanning: Starting >>>> Jun 6 15:48:00 mail MailScanner[33566]: Found ip-based phishing >>>> fraud from 205.138.199.146 in j56Mlt20034390 >>>> Jun 6 15:48:00 mail MailScanner[33566]: Content Checks: Detected >>>> and have disarmed HTML message in j56Mlt20034390 from >>>> support@monster.com >>>> Jun 6 15:48:00 mail MailScanner[33566]: Uninfected: Delivered 1 >>>> messages >>>> Jun 6 15:48:02 mail sendmail[34401]: j56Mlt20034390: >>>> to=, delay=00:00:07, xdelay=00:00:02, >>>> mailer=esmtp, pri=121333, relay=mailsorter.ma.tmpw.net. >>>> [63.112.169.25], dsn=2.0.0, stat=Sent (j56Mq3ei016306 Message >>>> accepted for delivery) >>>> >>>> I'm looking at this and it almost seems as if im an open relay!! >>>> >>>> Ok...great. >>>> >>>> here is my setup >>>> >>>> MS: 4-41.3 >>>> sendmail: 8.12.11 >>>> >>>> If I am an open relay, anyone here that can help me out. Email me >>>> at liquid.proxy@gmail.com while I determine what the hell is >>>> going on. >>>> >>>> Thanks >>>> >>>> Jason >>>> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From KGoods at AIAINSURANCE.COM Tue Jun 7 00:17:14 2005 From: KGoods at AIAINSURANCE.COM (Ken Goods) Date: Thu Jan 12 21:29:56 2006 Subject: Messages in log unseen before. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I've seen quite a few of these in the logs since late last week... Jun 6 14:30:06 gw-mail MailScanner[14436]: Commercial scanner clamav timed out! Jun 6 14:30:06 gw-mail MailScanner[14436]: Virus Scanning: Denial Of Service attack detected! Can anyone shed some light? Something I should be concerned about? TIA! Ken Goods Network Administrator AIA Insurance, Inc. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Tue Jun 7 00:36:37 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:29:56 2006 Subject: Messages in log unseen before. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ken Goods wrote: > I've seen quite a few of these in the logs since late last week... > > Jun 6 14:30:06 gw-mail MailScanner[14436]: Commercial scanner clamav timed > out! > Jun 6 14:30:06 gw-mail MailScanner[14436]: Virus Scanning: Denial Of > Service attack detected! > > Can anyone shed some light? Something I should be concerned about? What version of clamAV are you using? > > TIA! > > Ken Goods > Network Administrator > AIA Insurance, Inc. > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From KGoods at AIAINSURANCE.COM Tue Jun 7 00:59:12 2005 From: KGoods at AIAINSURANCE.COM (Ken Goods) Date: Thu Jan 12 21:29:56 2006 Subject: Messages in log unseen before. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ugo Bellavance wrote: > Ken Goods wrote: >> I've seen quite a few of these in the logs since late last week... >> >> Jun 6 14:30:06 gw-mail MailScanner[14436]: Commercial scanner >> clamav timed out! Jun 6 14:30:06 gw-mail MailScanner[14436]: Virus >> Scanning: Denial Of Service attack detected! >> >> Can anyone shed some light? Something I should be concerned about? > > What version of clamAV are you using? > MailScanner 4.40.11 ClamAV 0.83 Spamassassin 3.0.2 I know they are a little dated but would that cause the above messages? Thanks, Ken ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Tue Jun 7 02:17:08 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:29:56 2006 Subject: Messages in log unseen before. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ken Goods wrote: > Ugo Bellavance wrote: > >>Ken Goods wrote: >> >>>I've seen quite a few of these in the logs since late last week... >>> >>>Jun 6 14:30:06 gw-mail MailScanner[14436]: Commercial scanner >>>clamav timed out! Jun 6 14:30:06 gw-mail MailScanner[14436]: Virus >>>Scanning: Denial Of Service attack detected! >>> >>>Can anyone shed some light? Something I should be concerned about? >> >>What version of clamAV are you using? >> > > > MailScanner 4.40.11 > ClamAV 0.83 > Spamassassin 3.0.2 > > I know they are a little dated but would that cause the above messages? > Possibly for ClamAV. You should upgrade to 0.85.1. > Thanks, > Ken > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From campbell at CNPAPERS.COM Tue Jun 7 08:02:31 2005 From: campbell at CNPAPERS.COM (Steve Campbell) Date: Thu Jan 12 21:29:56 2006 Subject: little off topic: Am I an open relay? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jason, I had a similar situation just last week. It had to do with some kind of setup on a user's Thunderbird. A friend of this user told him how to set up Thunderbird to act as a relay for a different domain than ours, and for some reason, because it was being done from our IPs, sendmail would go merrily along and send it, even though it wasn't supposed to. I never did find out what the user had done to make this happen, and he wasn't savvy enough to be able to tell me. My only option I could think of before I found out what was happening, was to block the domain in MS, and the user finally called and complained. Quoting Jason Williams : > I think I figured it out. > This should be interesting. I think one of my users here put something > on their computer and it was sending mail out. > *SIGH* > > > I don't use Thunderbird yet, so if you find out what and how, I would like to know how your user did it. Thanks Steve Campbell ------------------------------------------------- This mail sent through IMP: http://horde.org/imp/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bj at GLUE.CH Tue Jun 7 08:14:58 2005 From: bj at GLUE.CH (Beat Jucker) Date: Thu Jan 12 21:29:56 2006 Subject: little off topic: Am I an open relay? Message-ID: > I had a similar situation just last week. It had to do with some kind of setup > on a user's Thunderbird. A friend of this user told him how to set up > Thunderbird to act as a relay for a different domain than ours, and for some > reason, because it was being done from our IPs, sendmail would go merrily along > and send it, even though it wasn't supposed to. In my opinion each domain (company) should take care that only well known mailservers in their domain should be able to take the role of a relay mailserver (eg controlled by firewall). This will prevent many virus/spam distributions Regards -- Beat ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cade.thacker at ONERINGGROUP.COM Mon Jun 6 22:09:16 2005 From: cade.thacker at ONERINGGROUP.COM (Cade Thacker) Date: Thu Jan 12 21:29:56 2006 Subject: TNEF - attach winmail.dat contents to original email ? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, my sincere apologies if this is a dead horse that is about to receive another beating, but I have looked through the email archives and my friends at Google were also not able to shed some light on my problem, so I finally thought I would turn to the experts. I will be happy to work with the powers that be to add this to the new Wiki, because I am sure somebody else has wondered the same thing. Here is the problem: We have some clients that continually receive winmail.dat files. Obviously, it be best if winmail.dat would just go away, but unfortunately that is not that case ;) What we would like to do, is to setup the MailScanner so that when the mail is processed it will go ahead and unpack the winmail.dat file, extract the actual attachment, scan it for viruses, and the re-attach that to the original email, thus discarding the original winmail.dat file. Thus the client does not have to bothered with the winmail.dat file. I looked through the MailScanner.conf and studied the TNEF settings, but my understanding of them is that they unpack the winmail.dat so that the file(s) can be scanned, then just sends the original email on it way with the winmail.dat still attached. I am just hoping to take this one step further. We are currently running MailScanner 4.41.3 on Fedora Core 3. Can this be accomplished through MailScanner, or should I even dive down into setting up a sendmail filter? I am open to any and all suggestions. Thanks for your help! -- - Cade Thacker - - One Ring Group - cade.thacker@oneringgroup.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dnwilson at bigpond.com Mon Jun 6 22:43:34 2005 From: dnwilson at bigpond.com (David Wilson) Date: Thu Jan 12 21:29:56 2006 Subject: Scanning Encapsulated Messages ? Message-ID: I am the moderator of several discussion lists. The list system sends me the messages to moderate as Encapsulated Messages in the request email. I get a lot of spam to these lists but Mailscanner & SpamAssassin do not seem to be picking up the spam when it is in the Encapsulated Messages. It marks the same spam message as spam correctly when it is sent direct to me as an ordinary email. Are there some settings in Mailscanner I could set to improve the filtering ? regards David Wilson ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Mon Jun 6 22:47:57 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:56 2006 Subject: SV: SV: Latest Stable MailScanner Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Indeed. And MS is not alone in this type of behaviour. It's when the parent _never_ reaps the defuncts that one should stop and pay attention... Like with the crummy AIX snmpd thing that I've got missbehaving ATM...:-). -- Glenn -----Ursprungligt meddelande----- Från: MailScanner mailing list genom Julian Field Skickat: må 2005-06-06 21:44 Till: MAILSCANNER@JISCMAIL.AC.UK Kopia: Ämne: Re: SV: Latest Stable MailScanner -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 If you look at the process IDs of the defunct processes, you will find that they actually are constantly changing, and are therefore not the same defunct processes at all. MailScanner does generate defunct processes which live for a second or two before being reaped. It generates a steady stream of them, which it constantly reaps. This is all quite normal. Steen, Glenn wrote: >Defunct processes are a normal occurence (harmless things at that, only "occupying" a PID until the "parent" reaps them by wait()... so that noone accidentally signals the wrong process or somesuch:), so unless you have any other problem indicators... I wouldn't worry too much:). > >-- Glenn > >-----Ursprungligt meddelande----- >Från: MailScanner mailing list genom Michael H. Martel >Skickat: må 2005-06-06 14:34 >Till: MAILSCANNER@JISCMAIL.AC.UK >Kopia: >Ämne: Latest Stable MailScanner >hello! > >I just tried to upgrade to the latest stable version of MailScanner on my >production box. When I launch MailScanner, everything seems to be fine. >However, I start seeing defunct processes for MailScanner after a very >short time (seconds). > >Using the last stable vesion I can do : > >[root@hemlock opt]# ps -eaf | grep Mail >root 12265 1 0 08:29 ? 00:00:00 /usr/bin/perl >-I/opt/MailScanner >root 12266 12265 1 08:29 ? 00:00:02 /usr/bin/perl >-I/opt/MailScanner >root 12321 12265 1 08:29 ? 00:00:02 /usr/bin/perl >-I/opt/MailScanner >root 12339 12265 1 08:29 ? 00:00:03 /usr/bin/perl >-I/opt/MailScanner >root 12427 12265 1 08:30 ? 00:00:02 /usr/bin/perl >-I/opt/MailScanner >root 12558 12265 1 08:30 ? 00:00:02 /usr/bin/perl >-I/opt/MailScanner >root 12785 25309 0 08:32 pts/0 00:00:00 grep Mail > >Using the latest Stable version, almost everytime I do the same command I >see the following : > >[root@hemlock log]# ps -eaf | grep Mail >root 12013 1 0 08:27 ? 00:00:00 /usr/bin/perl >-I/opt/MailScanner >root 12014 12013 6 08:27 ? 00:00:02 [MailScanner ] >root 12051 12013 8 08:27 ? 00:00:02 [MailScanner ] >root 12067 12013 14 08:27 ? 00:00:02 /usr/bin/perl >-I/opt/MailScanner >root 12092 12013 52 08:27 ? 00:00:02 /usr/bin/perl >-I/opt/MailScanner >root 12095 25309 0 08:27 pts/0 00:00:00 grep Mail > > >It looks like I start getting defunct processes almost immediately after >launching it. MailScanner -v gives me the following. > >Thoughts ? > >[root@hemlock opt]# /opt/MailScanner-4.42.9/bin/MailScanner -v >Running on >Linux hemlock.vsc.edu 2.4.20-28.7smp #1 SMP Thu Dec 18 11:18:31 EST 2003 >i686 unknown >This is Red Hat Linux release 7.3 (Valhalla) >This is Perl version 5.008006 (5.8.6) > >This is MailScanner version 4.42.9 >Module versions are: >1.00 AnyDBM_File >1.14 Archive::Zip >1.03 Carp >1.119 Convert::BinHex >1.00 DirHandle >1.05 Fcntl >2.73 File::Basename >2.08 File::Copy >2.01 FileHandle >1.06 File::Path >0.16 File::Temp >1.29 HTML::Entities >3.45 HTML::Parser >2.30 HTML::TokeParser >1.21 IO >1.10 IO::File >1.123 IO::Pipe >1.50 Mail::Header >3.05 MIME::Base64 >5.417 MIME::Decoder >5.417 MIME::Decoder::UU >5.417 MIME::Head >5.417 MIME::Parser >3.03 MIME::QuotedPrint >5.417 MIME::Tools >0.10 Net::CIDR >1.08 POSIX >1.77 Socket >0.05 Sys::Syslog >1.02 Time::localtime > >Optional module versions are: >1.811 DB_File >1.08 Digest >1.01 Digest::HMAC >2.33 Digest::MD5 >2.10 Digest::SHA1 >0.44 Inline >missing Mail::ClamAV >3.000003 Mail::SpamAssassin >1.997 Mail::SPF::Query >0.15 Net::CIDR::Lite >0.48 Net::DNS >0.32 Net::LDAP >1.94 Parse::RecDescent >missing SAVI >1.2 Sys::Hostname::Long >2.42 Test::Harness >0.47 Test::Simple >1.95 Text::Balanced >1.35 URI > > >Michael > >-- > > --------------------------------o--------------------------------- > Michael H. Martel | Systems Administrator > michael.martel@vsc.edu | Vermont State Colleges > http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQqSnxRH2WUcUFbZUEQK8bgCfadfC1DPtQjDgOLn3D6eS+4HRKq8AoJ58 Sa3rHfggqdB2PteoTmzI++SQ =okMj -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Mon Jun 6 22:59:30 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:29:56 2006 Subject: TNEF - attach winmail.dat contents to original email ? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > > Here is the problem: > We have some clients that continually receive winmail.dat files. > Obviously, it be best if winmail.dat would just go away, but > unfortunately that is not that case ;) What we would like to do, is to > setup the MailScanner so that when the mail is processed it will go > ahead and unpack the winmail.dat file, extract the actual attachment, > scan it for viruses, and the re-attach that to the original email, thus > discarding the original winmail.dat file. Thus the client does not have > to bothered with the winmail.dat file. Winmail.dat does not always mean that there is an attachment. It means that some one who has incorrectly configured their exchange server has allowed the iused of the Microsoft Rich Text for external emails and the formatting data is contained in the winmail.dat, not attachments. Formatting data like outlook stationery, and horizontal rules and other formatting data. You can safely delete them, but do it with a warning to the folks running exchange. If the email had an attachment and was send from an incorrectly configured exvchange environment you wouild see 2 attachments, not the winmail.dat containing the 2nd attachment. > > I looked through the MailScanner.conf and studied the TNEF settings, but > my understanding of them is that they unpack the winmail.dat so that the > file(s) can be scanned, then just sends the original email on it way > with the winmail.dat still attached. I am just hoping to take this one > step further. > > We are currently running MailScanner 4.41.3 on Fedora Core 3. > > Can this be accomplished through MailScanner, or should I even dive down > into setting up a sendmail filter? I am open to any and all suggestions. > Thanks for your help! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From max at KIPNESS.COM Mon Jun 6 23:01:42 2005 From: max at KIPNESS.COM (Max Kipness) Date: Thu Jan 12 21:29:56 2006 Subject: Store viruses as queue files? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I've currently got spam messages storing as queueu files so that they can be sent in case of a false/positive. I occasionally have file attachments that are named funny and need to be sent to the original recipient. Is there any way to have those stored as queue files as well? As it is, the file is just stored in a directory by the name of the message id and i have to copy it to the local webserver for download. Thanks, Max ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Mon Jun 6 23:06:54 2005 From: michele at BLACKNIGHT.IE (Michele Neylon:: Blacknight) Date: Thu Jan 12 21:29:56 2006 Subject: Store viruses as queue files? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Max Kipness wrote: > I've currently got spam messages storing as queueu files so that they can > be sent in case of a false/positive. > > I occasionally have file attachments that are named funny and need to be > sent to the original recipient. Is there any way to have those stored as > queue files as well? As it is, the file is just stored in a directory by > the name of the message id and i have to copy it to the local webserver > for download. > Which MTA? If it's sendmail you don't need to worry about the attachments as the the other files look after it for you ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Mon Jun 6 23:27:26 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:56 2006 Subject: TNEF - attach winmail.dat contents to original email ? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Peter Russell wrote: >> >> Here is the problem: >> We have some clients that continually receive winmail.dat files. >> Obviously, it be best if winmail.dat would just go away, but >> unfortunately that is not that case ;) What we would like to do, is to >> setup the MailScanner so that when the mail is processed it will go >> ahead and unpack the winmail.dat file, extract the actual attachment, >> scan it for viruses, and the re-attach that to the original email, >> thus discarding the original winmail.dat file. Thus the client does >> not have to bothered with the winmail.dat file. > > > Winmail.dat does not always mean that there is an attachment. It means > that some one who has incorrectly configured their exchange server has > allowed the iused of the Microsoft Rich Text for external emails and the > formatting data is contained in the winmail.dat, not attachments. > > Formatting data like outlook stationery, and horizontal rules and other > formatting data. > > You can safely delete them, but do it with a warning to the folks > running exchange. > > If the email had an attachment and was send from an incorrectly > configured exvchange environment you wouild see 2 attachments, not the > winmail.dat containing the 2nd attachment. > >> >> I looked through the MailScanner.conf and studied the TNEF settings, >> but my understanding of them is that they unpack the winmail.dat so >> that the file(s) can be scanned, then just sends the original email on >> it way with the winmail.dat still attached. I am just hoping to take >> this one step further. >> >> We are currently running MailScanner 4.41.3 on Fedora Core 3. >> >> Can this be accomplished through MailScanner, or should I even dive >> down into setting up a sendmail filter? I am open to any and all >> suggestions. >> Thanks for your help! >> > I have to dis-agree. winmail.dat can contain attachments as well as formatting. All packed up with the TNEF encoder. Another example of Microsoft's attempts at world domination. -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jwilliams at COURTESYMORTGAGE.COM Mon Jun 6 23:56:08 2005 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:29:56 2006 Subject: little off topic: Am I an open relay? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Something very odd is happening and im a little concerned and im turning to the boards here for some help. I have a mailgateway running here and so far, it has been perfect. All of the sudden, im seeing odd stuff from monster.com and yahoo.com. Here is a snip: Jun 6 15:47:56 mail sm-mta-in[34390]: j56Mlt20034390: from=, size=1333, class=0, nrcpts=1, msgid=<200506062245.j56Mjj3x084146@corpmail.courtesymortgage.com>, proto=ESMTP, daemon=MTA, relay=corpmail.courtesymortgage.com [xxx.xxx.xx.xx] Jun 6 15:47:56 mail sm-mta-in[34390]: j56Mlt20034390: to=, delay=00:00:01, mailer=esmtp, pri=31333, stat=queued Jun 6 15:47:59 mail MailScanner[33566]: New Batch: Scanning 1 messages, 1899 bytes Jun 6 15:47:59 mail MailScanner[33566]: Spam Checks: Starting Jun 6 15:47:59 mail MailScanner[33566]: Virus and Content Scanning: Starting Jun 6 15:48:00 mail MailScanner[33566]: Found ip-based phishing fraud from 205.138.199.146 in j56Mlt20034390 Jun 6 15:48:00 mail MailScanner[33566]: Content Checks: Detected and have disarmed HTML message in j56Mlt20034390 from support@monster.com Jun 6 15:48:00 mail MailScanner[33566]: Uninfected: Delivered 1 messages Jun 6 15:48:02 mail sendmail[34401]: j56Mlt20034390: to=, delay=00:00:07, xdelay=00:00:02, mailer=esmtp, pri=121333, relay=mailsorter.ma.tmpw.net. [63.112.169.25], dsn=2.0.0, stat=Sent (j56Mq3ei016306 Message accepted for delivery) I'm looking at this and it almost seems as if im an open relay!! Ok...great. here is my setup MS: 4-41.3 sendmail: 8.12.11 If I am an open relay, anyone here that can help me out. Email me at liquid.proxy@gmail.com while I determine what the hell is going on. Thanks Jason ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jwilliams at COURTESYMORTGAGE.COM Tue Jun 7 00:00:10 2005 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:29:56 2006 Subject: little off topic: Am I an open relay? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I ran a few quick open-relay tests and I am denying them. Either I am way too tired and im missing something blatantly obvious, or im just over-reacting. I appreciate the help. Jason Jason Williams wrote: > Something very odd is happening and im a little concerned and im > turning to the boards here for some help. > > I have a mailgateway running here and so far, it has been perfect. All > of the sudden, im seeing odd stuff from monster.com and yahoo.com. > > Here is a snip: > > Jun 6 15:47:56 mail sm-mta-in[34390]: j56Mlt20034390: > from=, size=1333, class=0, nrcpts=1, > msgid=<200506062245.j56Mjj3x084146@corpmail.courtesymortgage.com>, > proto=ESMTP, daemon=MTA, relay=corpmail.courtesymortgage.com > [xxx.xxx.xx.xx] > > Jun 6 15:47:56 mail sm-mta-in[34390]: j56Mlt20034390: > to=, delay=00:00:01, mailer=esmtp, pri=31333, > stat=queued > Jun 6 15:47:59 mail MailScanner[33566]: New Batch: Scanning 1 > messages, 1899 bytes > Jun 6 15:47:59 mail MailScanner[33566]: Spam Checks: Starting > Jun 6 15:47:59 mail MailScanner[33566]: Virus and Content Scanning: > Starting > Jun 6 15:48:00 mail MailScanner[33566]: Found ip-based phishing fraud > from 205.138.199.146 in j56Mlt20034390 > Jun 6 15:48:00 mail MailScanner[33566]: Content Checks: Detected and > have disarmed HTML message in j56Mlt20034390 from support@monster.com > Jun 6 15:48:00 mail MailScanner[33566]: Uninfected: Delivered 1 messages > Jun 6 15:48:02 mail sendmail[34401]: j56Mlt20034390: > to=, delay=00:00:07, xdelay=00:00:02, > mailer=esmtp, pri=121333, relay=mailsorter.ma.tmpw.net. > [63.112.169.25], dsn=2.0.0, stat=Sent (j56Mq3ei016306 Message accepted > for delivery) > > I'm looking at this and it almost seems as if im an open relay!! > > Ok...great. > > here is my setup > > MS: 4-41.3 > sendmail: 8.12.11 > > If I am an open relay, anyone here that can help me out. Email me at > liquid.proxy@gmail.com while I determine what the hell is going on. > > Thanks > > Jason > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jwilliams at COURTESYMORTGAGE.COM Tue Jun 7 00:09:32 2005 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:29:56 2006 Subject: little off topic: Am I an open relay? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Alright. Some additional information. This one just came in: Jun 6 15:58:20 mail sm-mta-in[36205]: j56MwKQx036205: from=, size=1380, class=0, nrcpts=1, msgid=<200506062256.j56MuA3x084356@corpmail.courtesymortgage.com>, proto=ESMTP, daemon=MTA, relay=corpmail.courtesymortgage.com [xxx.xxx.xx.xx] Jun 6 15:58:20 mail sm-mta-in[36205]: j56MwKQx036205: to=, delay=00:00:00, mailer=esmtp, pri=31380, stat=queued Jun 6 15:58:21 mail MailScanner[36016]: New Batch: Scanning 1 messages, 1964 bytes Jun 6 15:58:21 mail MailScanner[36016]: Spam Checks: Starting Jun 6 15:58:21 mail MailScanner[36016]: Virus and Content Scanning: Starting Jun 6 15:58:22 mail MailScanner[36016]: Found ip-based phishing fraud from 205.138.199.146 in j56MwKQx036205 Jun 6 15:58:22 mail MailScanner[36016]: Content Checks: Detected and have disarmed HTML message in j56MwKQx036205 from service@24hourfitness.com Jun 6 15:58:22 mail MailScanner[36016]: Uninfected: Delivered 1 messages Jun 6 15:58:23 mail sendmail[36216]: j56MwKQx036205: to=, delay=00:00:03, xdelay=00:00:00, mailer=esmtp, pri=121380, relay=24hourfitness.com.s7a1.psmtp.com. [64.18.6.10], dsn=5.1.1, stat=User unknown Uh, i'm really confused as to what is going on here. Why is it coming into my gateway and my gateway turnin around and relaying it? I just checked with www.ordb.org, ran their test as well as www.abuse.net to ensure I wasn't a open relay and i passed with flying colors. I'm confused right now. Anyone have any idea? Im annoyed but concerned right now. I appreciate it. Jason Jason Williams wrote: > I ran a few quick open-relay tests and I am denying them. > Either I am way too tired and im missing something blatantly obvious, > or im just over-reacting. > > I appreciate the help. > > Jason > > Jason Williams wrote: > >> Something very odd is happening and im a little concerned and im >> turning to the boards here for some help. >> >> I have a mailgateway running here and so far, it has been perfect. >> All of the sudden, im seeing odd stuff from monster.com and yahoo.com. >> >> Here is a snip: >> >> Jun 6 15:47:56 mail sm-mta-in[34390]: j56Mlt20034390: >> from=, size=1333, class=0, nrcpts=1, >> msgid=<200506062245.j56Mjj3x084146@corpmail.courtesymortgage.com>, >> proto=ESMTP, daemon=MTA, relay=corpmail.courtesymortgage.com >> [xxx.xxx.xx.xx] >> >> Jun 6 15:47:56 mail sm-mta-in[34390]: j56Mlt20034390: >> to=, delay=00:00:01, mailer=esmtp, pri=31333, >> stat=queued >> Jun 6 15:47:59 mail MailScanner[33566]: New Batch: Scanning 1 >> messages, 1899 bytes >> Jun 6 15:47:59 mail MailScanner[33566]: Spam Checks: Starting >> Jun 6 15:47:59 mail MailScanner[33566]: Virus and Content Scanning: >> Starting >> Jun 6 15:48:00 mail MailScanner[33566]: Found ip-based phishing >> fraud from 205.138.199.146 in j56Mlt20034390 >> Jun 6 15:48:00 mail MailScanner[33566]: Content Checks: Detected and >> have disarmed HTML message in j56Mlt20034390 from support@monster.com >> Jun 6 15:48:00 mail MailScanner[33566]: Uninfected: Delivered 1 >> messages >> Jun 6 15:48:02 mail sendmail[34401]: j56Mlt20034390: >> to=, delay=00:00:07, xdelay=00:00:02, >> mailer=esmtp, pri=121333, relay=mailsorter.ma.tmpw.net. >> [63.112.169.25], dsn=2.0.0, stat=Sent (j56Mq3ei016306 Message >> accepted for delivery) >> >> I'm looking at this and it almost seems as if im an open relay!! >> >> Ok...great. >> >> here is my setup >> >> MS: 4-41.3 >> sendmail: 8.12.11 >> >> If I am an open relay, anyone here that can help me out. Email me >> at liquid.proxy@gmail.com while I determine what the hell is going on. >> >> Thanks >> >> Jason >> ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raylund.lai at KANKANWOO.COM Tue Jun 7 00:12:31 2005 From: raylund.lai at KANKANWOO.COM (Raylund Lai) Date: Thu Jan 12 21:29:56 2006 Subject: little off topic: Am I an open relay? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] you should examine the email headers, not just the syslog. cheers raylund Jason Williams wrote: > Alright. Some additional information. This one just came in: > > Jun 6 15:58:20 mail sm-mta-in[36205]: j56MwKQx036205: > from=, size=1380, class=0, nrcpts=1, > msgid=<200506062256.j56MuA3x084356@corpmail.courtesymortgage.com>, > proto=ESMTP, daemon=MTA, relay=corpmail.courtesymortgage.com > [xxx.xxx.xx.xx] > Jun 6 15:58:20 mail sm-mta-in[36205]: j56MwKQx036205: > to=, delay=00:00:00, mailer=esmtp, pri=31380, > stat=queued > Jun 6 15:58:21 mail MailScanner[36016]: New Batch: Scanning 1 > messages, 1964 bytes > Jun 6 15:58:21 mail MailScanner[36016]: Spam Checks: Starting > Jun 6 15:58:21 mail MailScanner[36016]: Virus and Content Scanning: > Starting > Jun 6 15:58:22 mail MailScanner[36016]: Found ip-based phishing fraud > from 205.138.199.146 in j56MwKQx036205 > Jun 6 15:58:22 mail MailScanner[36016]: Content Checks: Detected and > have disarmed HTML message in j56MwKQx036205 from > service@24hourfitness.com > Jun 6 15:58:22 mail MailScanner[36016]: Uninfected: Delivered 1 messages > Jun 6 15:58:23 mail sendmail[36216]: j56MwKQx036205: > to=, delay=00:00:03, xdelay=00:00:00, > mailer=esmtp, pri=121380, relay=24hourfitness.com.s7a1.psmtp.com. > [64.18.6.10], dsn=5.1.1, stat=User unknown > > Uh, i'm really confused as to what is going on here. Why is it coming > into my gateway and my gateway turnin around and relaying it? > I just checked with www.ordb.org, ran their test as well as > www.abuse.net to ensure I wasn't a open relay and i passed with flying > colors. > > I'm confused right now. > > Anyone have any idea? Im annoyed but concerned right now. > > I appreciate it. > > Jason > > Jason Williams wrote: > >> I ran a few quick open-relay tests and I am denying them. >> Either I am way too tired and im missing something blatantly obvious, >> or im just over-reacting. >> >> I appreciate the help. >> >> Jason >> >> Jason Williams wrote: >> >>> Something very odd is happening and im a little concerned and im >>> turning to the boards here for some help. >>> >>> I have a mailgateway running here and so far, it has been perfect. >>> All of the sudden, im seeing odd stuff from monster.com and yahoo.com. >>> >>> Here is a snip: >>> >>> Jun 6 15:47:56 mail sm-mta-in[34390]: j56Mlt20034390: >>> from=, size=1333, class=0, nrcpts=1, >>> msgid=<200506062245.j56Mjj3x084146@corpmail.courtesymortgage.com>, >>> proto=ESMTP, daemon=MTA, relay=corpmail.courtesymortgage.com >>> [xxx.xxx.xx.xx] >>> >>> Jun 6 15:47:56 mail sm-mta-in[34390]: j56Mlt20034390: >>> to=, delay=00:00:01, mailer=esmtp, pri=31333, >>> stat=queued >>> Jun 6 15:47:59 mail MailScanner[33566]: New Batch: Scanning 1 >>> messages, 1899 bytes >>> Jun 6 15:47:59 mail MailScanner[33566]: Spam Checks: Starting >>> Jun 6 15:47:59 mail MailScanner[33566]: Virus and Content Scanning: >>> Starting >>> Jun 6 15:48:00 mail MailScanner[33566]: Found ip-based phishing >>> fraud from 205.138.199.146 in j56Mlt20034390 >>> Jun 6 15:48:00 mail MailScanner[33566]: Content Checks: Detected >>> and have disarmed HTML message in j56Mlt20034390 from >>> support@monster.com >>> Jun 6 15:48:00 mail MailScanner[33566]: Uninfected: Delivered 1 >>> messages >>> Jun 6 15:48:02 mail sendmail[34401]: j56Mlt20034390: >>> to=, delay=00:00:07, xdelay=00:00:02, >>> mailer=esmtp, pri=121333, relay=mailsorter.ma.tmpw.net. >>> [63.112.169.25], dsn=2.0.0, stat=Sent (j56Mq3ei016306 Message >>> accepted for delivery) >>> >>> I'm looking at this and it almost seems as if im an open relay!! >>> >>> Ok...great. >>> >>> here is my setup >>> >>> MS: 4-41.3 >>> sendmail: 8.12.11 >>> >>> If I am an open relay, anyone here that can help me out. Email me >>> at liquid.proxy@gmail.com while I determine what the hell is going >>> on. >>> >>> Thanks >>> >>> Jason >>> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jwilliams at COURTESYMORTGAGE.COM Tue Jun 7 00:17:17 2005 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:29:56 2006 Subject: little off topic: Am I an open relay? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I think I figured it out. This should be interesting. I think one of my users here put something on their computer and it was sending mail out. *SIGH* Raylund Lai wrote: > you should examine the email headers, not just the syslog. > > cheers > raylund > > Jason Williams wrote: > >> Alright. Some additional information. This one just came in: >> >> Jun 6 15:58:20 mail sm-mta-in[36205]: j56MwKQx036205: >> from=, size=1380, class=0, nrcpts=1, >> msgid=<200506062256.j56MuA3x084356@corpmail.courtesymortgage.com>, >> proto=ESMTP, daemon=MTA, relay=corpmail.courtesymortgage.com >> [xxx.xxx.xx.xx] >> Jun 6 15:58:20 mail sm-mta-in[36205]: j56MwKQx036205: >> to=, delay=00:00:00, mailer=esmtp, pri=31380, >> stat=queued >> Jun 6 15:58:21 mail MailScanner[36016]: New Batch: Scanning 1 >> messages, 1964 bytes >> Jun 6 15:58:21 mail MailScanner[36016]: Spam Checks: Starting >> Jun 6 15:58:21 mail MailScanner[36016]: Virus and Content Scanning: >> Starting >> Jun 6 15:58:22 mail MailScanner[36016]: Found ip-based phishing >> fraud from 205.138.199.146 in j56MwKQx036205 >> Jun 6 15:58:22 mail MailScanner[36016]: Content Checks: Detected and >> have disarmed HTML message in j56MwKQx036205 from >> service@24hourfitness.com >> Jun 6 15:58:22 mail MailScanner[36016]: Uninfected: Delivered 1 >> messages >> Jun 6 15:58:23 mail sendmail[36216]: j56MwKQx036205: >> to=, delay=00:00:03, xdelay=00:00:00, >> mailer=esmtp, pri=121380, relay=24hourfitness.com.s7a1.psmtp.com. >> [64.18.6.10], dsn=5.1.1, stat=User unknown >> >> Uh, i'm really confused as to what is going on here. Why is it coming >> into my gateway and my gateway turnin around and relaying it? >> I just checked with www.ordb.org, ran their test as well as >> www.abuse.net to ensure I wasn't a open relay and i passed with >> flying colors. >> >> I'm confused right now. >> >> Anyone have any idea? Im annoyed but concerned right now. >> >> I appreciate it. >> >> Jason >> >> Jason Williams wrote: >> >>> I ran a few quick open-relay tests and I am denying them. >>> Either I am way too tired and im missing something blatantly >>> obvious, or im just over-reacting. >>> >>> I appreciate the help. >>> >>> Jason >>> >>> Jason Williams wrote: >>> >>>> Something very odd is happening and im a little concerned and im >>>> turning to the boards here for some help. >>>> >>>> I have a mailgateway running here and so far, it has been perfect. >>>> All of the sudden, im seeing odd stuff from monster.com and yahoo.com. >>>> >>>> Here is a snip: >>>> >>>> Jun 6 15:47:56 mail sm-mta-in[34390]: j56Mlt20034390: >>>> from=, size=1333, class=0, nrcpts=1, >>>> msgid=<200506062245.j56Mjj3x084146@corpmail.courtesymortgage.com>, >>>> proto=ESMTP, daemon=MTA, relay=corpmail.courtesymortgage.com >>>> [xxx.xxx.xx.xx] >>>> >>>> Jun 6 15:47:56 mail sm-mta-in[34390]: j56Mlt20034390: >>>> to=, delay=00:00:01, mailer=esmtp, pri=31333, >>>> stat=queued >>>> Jun 6 15:47:59 mail MailScanner[33566]: New Batch: Scanning 1 >>>> messages, 1899 bytes >>>> Jun 6 15:47:59 mail MailScanner[33566]: Spam Checks: Starting >>>> Jun 6 15:47:59 mail MailScanner[33566]: Virus and Content >>>> Scanning: Starting >>>> Jun 6 15:48:00 mail MailScanner[33566]: Found ip-based phishing >>>> fraud from 205.138.199.146 in j56Mlt20034390 >>>> Jun 6 15:48:00 mail MailScanner[33566]: Content Checks: Detected >>>> and have disarmed HTML message in j56Mlt20034390 from >>>> support@monster.com >>>> Jun 6 15:48:00 mail MailScanner[33566]: Uninfected: Delivered 1 >>>> messages >>>> Jun 6 15:48:02 mail sendmail[34401]: j56Mlt20034390: >>>> to=, delay=00:00:07, xdelay=00:00:02, >>>> mailer=esmtp, pri=121333, relay=mailsorter.ma.tmpw.net. >>>> [63.112.169.25], dsn=2.0.0, stat=Sent (j56Mq3ei016306 Message >>>> accepted for delivery) >>>> >>>> I'm looking at this and it almost seems as if im an open relay!! >>>> >>>> Ok...great. >>>> >>>> here is my setup >>>> >>>> MS: 4-41.3 >>>> sendmail: 8.12.11 >>>> >>>> If I am an open relay, anyone here that can help me out. Email me >>>> at liquid.proxy@gmail.com while I determine what the hell is >>>> going on. >>>> >>>> Thanks >>>> >>>> Jason >>>> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From KGoods at AIAINSURANCE.COM Tue Jun 7 00:17:14 2005 From: KGoods at AIAINSURANCE.COM (Ken Goods) Date: Thu Jan 12 21:29:56 2006 Subject: Messages in log unseen before. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I've seen quite a few of these in the logs since late last week... Jun 6 14:30:06 gw-mail MailScanner[14436]: Commercial scanner clamav timed out! Jun 6 14:30:06 gw-mail MailScanner[14436]: Virus Scanning: Denial Of Service attack detected! Can anyone shed some light? Something I should be concerned about? TIA! Ken Goods Network Administrator AIA Insurance, Inc. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Tue Jun 7 00:36:37 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:29:56 2006 Subject: Messages in log unseen before. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ken Goods wrote: > I've seen quite a few of these in the logs since late last week... > > Jun 6 14:30:06 gw-mail MailScanner[14436]: Commercial scanner clamav timed > out! > Jun 6 14:30:06 gw-mail MailScanner[14436]: Virus Scanning: Denial Of > Service attack detected! > > Can anyone shed some light? Something I should be concerned about? What version of clamAV are you using? > > TIA! > > Ken Goods > Network Administrator > AIA Insurance, Inc. > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From KGoods at AIAINSURANCE.COM Tue Jun 7 00:59:12 2005 From: KGoods at AIAINSURANCE.COM (Ken Goods) Date: Thu Jan 12 21:29:56 2006 Subject: Messages in log unseen before. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ugo Bellavance wrote: > Ken Goods wrote: >> I've seen quite a few of these in the logs since late last week... >> >> Jun 6 14:30:06 gw-mail MailScanner[14436]: Commercial scanner >> clamav timed out! Jun 6 14:30:06 gw-mail MailScanner[14436]: Virus >> Scanning: Denial Of Service attack detected! >> >> Can anyone shed some light? Something I should be concerned about? > > What version of clamAV are you using? > MailScanner 4.40.11 ClamAV 0.83 Spamassassin 3.0.2 I know they are a little dated but would that cause the above messages? Thanks, Ken ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Tue Jun 7 02:17:08 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:29:56 2006 Subject: Messages in log unseen before. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ken Goods wrote: > Ugo Bellavance wrote: > >>Ken Goods wrote: >> >>>I've seen quite a few of these in the logs since late last week... >>> >>>Jun 6 14:30:06 gw-mail MailScanner[14436]: Commercial scanner >>>clamav timed out! Jun 6 14:30:06 gw-mail MailScanner[14436]: Virus >>>Scanning: Denial Of Service attack detected! >>> >>>Can anyone shed some light? Something I should be concerned about? >> >>What version of clamAV are you using? >> > > > MailScanner 4.40.11 > ClamAV 0.83 > Spamassassin 3.0.2 > > I know they are a little dated but would that cause the above messages? > Possibly for ClamAV. You should upgrade to 0.85.1. > Thanks, > Ken > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From campbell at CNPAPERS.COM Tue Jun 7 08:02:31 2005 From: campbell at CNPAPERS.COM (Steve Campbell) Date: Thu Jan 12 21:29:56 2006 Subject: little off topic: Am I an open relay? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jason, I had a similar situation just last week. It had to do with some kind of setup on a user's Thunderbird. A friend of this user told him how to set up Thunderbird to act as a relay for a different domain than ours, and for some reason, because it was being done from our IPs, sendmail would go merrily along and send it, even though it wasn't supposed to. I never did find out what the user had done to make this happen, and he wasn't savvy enough to be able to tell me. My only option I could think of before I found out what was happening, was to block the domain in MS, and the user finally called and complained. Quoting Jason Williams : > I think I figured it out. > This should be interesting. I think one of my users here put something > on their computer and it was sending mail out. > *SIGH* > > > I don't use Thunderbird yet, so if you find out what and how, I would like to know how your user did it. Thanks Steve Campbell ------------------------------------------------- This mail sent through IMP: http://horde.org/imp/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bj at GLUE.CH Tue Jun 7 08:14:58 2005 From: bj at GLUE.CH (Beat Jucker) Date: Thu Jan 12 21:29:56 2006 Subject: little off topic: Am I an open relay? Message-ID: > I had a similar situation just last week. It had to do with some kind of setup > on a user's Thunderbird. A friend of this user told him how to set up > Thunderbird to act as a relay for a different domain than ours, and for some > reason, because it was being done from our IPs, sendmail would go merrily along > and send it, even though it wasn't supposed to. In my opinion each domain (company) should take care that only well known mailservers in their domain should be able to take the role of a relay mailserver (eg controlled by firewall). This will prevent many virus/spam distributions Regards -- Beat ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Jun 7 09:20:35 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:56 2006 Subject: Spam then Disarmed or Disarmed then Spam? Message-ID: Jules works fine for me with 4.42.9 as well. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Thanks for confirming that, it's what I expected. For some reason > someone at work is getting {Disarmed} {Spam?}. The only thing I can > think is that the {Spam?} and {Disarmed} tags are being added by > different servers (which is quite possible with my setup). > > Jeff A. Earickson wrote: > > >>Julian, >> >>With 4.43.2, I am getting >> >>Subject: {Spam?} {Disarmed} blah blah >> >>Looks good to me. >> >>Jeff Earickson >>Colby College >> >>On Sun, 5 Jun 2005, Julian Field wrote: >> >> >>>Date: Sun, 5 Jun 2005 18:45:38 +0100 >>>From: Julian Field >>>Reply-To: MailScanner mailing list >>>To: MAILSCANNER@JISCMAIL.AC.UK >>>Subject: Spam then Disarmed or Disarmed then Spam? >>> >>>-----BEGIN PGP SIGNED MESSAGE----- >>>Hash: SHA1 >>> >>>Which order are you getting your Subject line tags in? They should have >>>Spam on the front, followed by Disarmed (if it applied, obviously). >>>Which order are you getting them in? >>> >>>- -- >>>Julian Field >>>www.MailScanner.info >>>Buy the MailScanner book at www.MailScanner.info/store >>>Professional Support Services at www.MailScanner.biz >>>MailScanner thanks transtec Computers for their support >>> >>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> >>>-----BEGIN PGP SIGNATURE----- >>>Version: PGP Desktop 9.0.1 (Build 2185) >>> >>>iQA/AwUBQqM6ZBH2WUcUFbZUEQIDwACgpBYePBwkGKyrx4f79VFtb+4PW6IAoNqC >>>wy4ESasWItMi8akGtnOi15Fs >>>=g3DU >>>-----END PGP SIGNATURE----- >>> >>>------------------------ MailScanner list ------------------------ >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>'leave mailscanner' in the body of the email. >>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>Support MailScanner development - buy the book off the website! >>> >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> > > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.1 (Build 2185) > > iQA/AwUBQqSp3BH2WUcUFbZUEQJ+2QCgpnoYzutpp5UCYtN3pBn6yKYCACkAoO5s > MYnhF1jQ4OHKA9Hr+52jFNTl > =+OBI > -----END PGP SIGNATURE----- > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Tue Jun 7 09:04:17 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:29:56 2006 Subject: Useful or not ? Message-ID: Hi! You could match the silent virus list to skip announcements then :) On Mon, 6 Jun 2005, Christiaan den Besten wrote: > You think? > > Then again. A simple cron could look for changes in > /var/spool/MailScanner/VirusSamples/ and notify you. But would you want to be > notified for every new version of Mytob.xxx ? > > bye, > Chris > >> It sounds like an interesting idea, but if it could alert you to them, >> apart >> from just putting it in the logs it would be more useful imho >> >> M >> >> >> >> Mr Michele Neylon >> Blacknight Internet Solutions Ltd >> Hosting, co-location & domains >> http://www.blacknight.ie/ >> Tel. +353 59 9137101 | Fax. +353 59 9146970 >> Tired of your current host? Save 15% when you move to us! >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From john at TRADOC.FR Tue Jun 7 09:49:28 2005 From: john at TRADOC.FR (John Wilcock) Date: Thu Jan 12 21:29:56 2006 Subject: SA 3.0.4 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Anthony Peacock wrote: > I have just upgraded. > > It all seemed to go smoothly. There were no obvious errors when I > restarted MailScanner, and it seems to be scanning and trapping as > normal. For once a "me too" is warranted... John. -- -- Over 2500 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From richard.gray at DNS.CO.UK Tue Jun 7 09:34:44 2005 From: richard.gray at DNS.CO.UK (Gray, Richard) Date: Thu Jan 12 21:29:56 2006 Subject: Generic spam plug-in Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field > Sent: 06 June 2005 21:06 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Generic spam plug-in > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Current thoughts are a function call (with timeout wrapper). > It gets passed the smtp client ip, the sender and the list of > recipients, and a ref to an array of lines holding the entire > message. The function simply returns a number which is added > to the spam score along with the SpamAssassin score. You can > replace SpamAssassin completely by just using the generic > wrapper and setting "Use SpamAssassin = no". If the timeout > happens, the score contribution is just 0. > > I should also provide some sample code which calls an > external program to produce the result score. My code will > probably just output > > smtp client ip address (IPv4 or IPv6) > sender address > recipient address > next recipient address... > blank line > message contents > > It will expect one line of input which will either be the > return code from the program or the contents of the 1 line of > output it produces which should be a number. I'll provide > samples for both, up to you which you use. > > MailScanner.conf controls should be > Use Custom Spam Detector = yes/no > Custom Spam Detector Function = > > That should be all you need. > What do you think? > It becomes difficult to judge between the efficiency of various spam filters if all that comes out at the end is a single score. The default scores provided on SA rules are created using a learning algorithm to choose the most effective weights, and as such would arguably need to be re-calculated if you were going to add another score to it. If you develop as described above you will arguably have produced a SpamAssassin plugin rather than a MailScanner plugin. (the kind of plugin that would be really useful too :) ) I would imagine in mailscanner the architecture would be similar to the RBL checks, where one could have a separate ruleset for responses to messsages flagged by this external agent. Richard --------------------------------------------------- This email from dns has been validated by dnsMSS Managed Email Security and is free from all known viruses. For further information contact email-integrity@dns.co.uk ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From a.peacock at CHIME.UCL.AC.UK Tue Jun 7 09:38:38 2005 From: a.peacock at CHIME.UCL.AC.UK (Anthony Peacock) Date: Thu Jan 12 21:29:56 2006 Subject: SA 3.0.4 Message-ID: Hi, I have just upgraded. It all seemed to go smoothly. There were no obvious errors when I restarted MailScanner, and it seems to be scanning and trapping as normal. > All > I see 3.0.4 is out, anyone tried it with MS yet? > > SpamAssassin 3.0.4 is released! SpamAssassin 3.0.4 contains several > important bug fixes and is highly recommended for use over previous > versions. > > SpamAssassin is a mail filter which uses advanced statistical and > heuristic tests to identify spam (also known as unsolicited bulk > email). > > Highlights of the release > ------------------------- > > - Certain invalid "Content-Type" headers would cause SpamAssassin to > incorrectly process parts of the message. > > - Certain long message headers could cause slowness when parsing the > > message. > > - Added in SURBL JP list. > > - URI anti-obfuscation updates. > > - Additional bug fixes. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > mailscanner' in the body of the email. Before posting, read the Wiki > (http://wiki.mailscanner.info/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "In the beginning of a change, the patriot is a brave and scarce man, hated and scorned. When the cause succeeds, however, the timid join him...for then it costs nothing to be a patriot." -Mark Twain ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Jun 7 09:33:36 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:56 2006 Subject: SA 3.0.4 Message-ID: All I see 3.0.4 is out, anyone tried it with MS yet? SpamAssassin 3.0.4 is released! SpamAssassin 3.0.4 contains several important bug fixes and is highly recommended for use over previous versions. SpamAssassin is a mail filter which uses advanced statistical and heuristic tests to identify spam (also known as unsolicited bulk email). Highlights of the release ------------------------- - Certain invalid "Content-Type" headers would cause SpamAssassin to incorrectly process parts of the message. - Certain long message headers could cause slowness when parsing the message. - Added in SURBL JP list. - URI anti-obfuscation updates. - Additional bug fixes. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jun 7 09:54:58 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:56 2006 Subject: SA 3.0.4 -- Clam+SA package updated Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have just updated the ClamAV + SpamAssassin package so it contains the new 3.0.4. You can download it from www.mailscanner.info as usual. On 7 Jun 2005, at 09:49, John Wilcock wrote: > Anthony Peacock wrote: > >> I have just upgraded. It all seemed to go smoothly. There were no >> obvious errors when I restarted MailScanner, and it seems to be >> scanning and trapping as normal. >> > > For once a "me too" is warranted... > > > John. > > -- > -- Over 2500 webcams from ski resorts around the world - > www.snoweye.com > -- Translate your technical documents and web pages - www.tradoc.fr > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQqVg4xH2WUcUFbZUEQJrjACgjqA/aOV/GfhmJ8SIHZW1XfoWIPIAoPYT OF5Juk9uGj91jvLFQUecBg3P =tC3f -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dannyh at aac-services.co.uk Tue Jun 7 10:03:27 2005 From: dannyh at aac-services.co.uk (Dan Harris) Date: Thu Jan 12 21:29:56 2006 Subject: who is using require_rdns.m4? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Alisdair Davey scribbled on 06 June 2005 20:47: > On Mon, 2005-06-06 at 13:39, Jeff A. Earickson wrote: >> On Mon, 6 Jun 2005, Michele Neylon :: Blacknight Solutions wrote: >> >>> Date: Mon, 6 Jun 2005 20:16:32 +0100 >>> From: "Michele Neylon :: Blacknight Solutions" >>> >>> I'd love to do something with this, but I wouldn't like to drop the >>> mail entirely, as I know that there would be a silly amount of >>> valid mail dropped if I did. >>> >>> How does it handle shared IPs? >> >> I've seen machines with multiple NICs and IPs, but never heard of >> two machines sharing the same IP. Hunh? > > I think he is referring to the situation where multiple domain names > resolve to the same ip, but the ip can only resolve to one name. I > would have thought this is quite common especially among ISPs. Filtering based on invalid reverse DNS is a _really bad_ idea IMHO. The situation described above will also happen where a company or individual hosts multiple domains on a standard ADSL service, as these often only have one IP address. How many potential customers do you want to loose by rejecting that first contact email? Our management would never allow it, and think what would happen to your job if you rejected an email that could have landed your company a £multi-million contract?!?! A much better way if you have to do something like this is to check that the sending email address actually exists at MTA level, before accepting the delivery. How to do this varies depending on the MTA, but has been discussed fairly recently if you search the archives. Rejecting mail for non-existent mailboxes also helps enormously, without annoying legitimate customers! Finally, before I get taken to task over this I'm sure that there will be occasional false positives generated by this configuration, but they will be far far fewer than would occur using reverse DNS lookups. And if the sender's MUA is that badly configured you'd not be able to respond to them anyway! Best Regards, Dan Harris Senior IT Systems Admin AAC Services Ltd. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Tue Jun 7 11:18:37 2005 From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:29:56 2006 Subject: who is using require_rdns.m4? Message-ID: >> >>> How does it handle shared IPs? >> >> I've seen machines with multiple NICs and IPs, but never heard of two >> machines sharing the same IP. Hunh? > > I think he is referring to the situation where multiple > domain names resolve to the same ip, but the ip can only > resolve to one name. I would have thought this is quite common > especially among ISPs. Cheers > Alisdair Alisdair - spot on - I am It would not be uncommon for there to be 300 domains on the one IP in a shared hosting environment Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location & domains http://www.blacknight.ie/ Tel. +353 59 9137101 | Fax. +353 59 9146970 Tired of your current host? Save 15% when you move to us! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Tue Jun 7 11:33:41 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:29:57 2006 Subject: 4.43.2-1 BETA has fixed MCP "Delete" action logging - Thanks! Message-ID: Julian Short note to confirm that 4.43.2-1 BETA has fixed the MCP "Delete" action logging bug that I reported. I am running this BETA release on one of our production MTAs and it seems to be OK. (Sendmail + 4.43.2-1 + SpamAssassin 3.0.2 + Sophos + McAfee + ClamAV) Thanks Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jun 7 11:49:34 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:57 2006 Subject: filename expansion variable question Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 If it has stored the whole message it is correct to say "the entire message". It should have quarantine the whole thing. On 6 Jun 2005, at 04:44, Andrew wrote: > Hi Everyone, > > I am using the $filename expansion variable in the reports to > specify a > path to a 'stored virus' ... This works 99% of the time, however I > have > just noticed that some times the variable expands to the string "the > entire message" (instead of the actual filename). > > > I am running mailscanner version 4.28.6-1. I checked the changelog, > but could not find anything specific about this problem. Can anyone > tell me if it has been addressed? > > > Kind Regards, > Andrew. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQqV7wRH2WUcUFbZUEQJ2SQCgtH6Gf2YJKBEEzdDEEGs4yEH5dbwAnRlx BWHv2nlCU+RkedirpeF8HKEz =aNwg -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jun 7 11:52:42 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:57 2006 Subject: Bug? in syslog infection messages Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 What virus scanner are you using? (And if it's Sophos or ClamAV then the module version or the command-line version?) On 6 Jun 2005, at 13:56, Richard Lynch wrote: > I upgraded to the latest stable over the weekend. The infection > messages in the syslog are now formatted like this... > > Jun 6 04:33:33 helen MailScanner[9301]: ./eyghn.zip->eyghn.htm > Infection: W32/Mytob.EK@mm > > Prior to the upgrade the messages are formatted like this... > > Jun 4 04:16:30 barney MailScanner[18024]: /var/spool/MailScanner/ > incoming/18024/j548EsXL032151/tyve.scr Infection: W32/Mytob.CZ@mm > > Note that the full path is missing. Unfortunately, I'm counting on > the old message format in order to tie an infected message back to > the sending site and targeted user. I'm using the message-id to do > that. This is used for reports which I send to customers. Is > there an easy way to return to the old message format? > > Richard Lynch > WVNET > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQqV8gBH2WUcUFbZUEQLYEACfd/LCqUTFV+Ih9lzhF/aW0nCnIk8Anikk xuO926M/XImn/vH2iDFUK8Ry =HfGx -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jun 7 11:56:40 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:57 2006 Subject: Header added to outgoing messages Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 What version? Bcc or Cc or To is irrelevant, they are all just recipients. MailScanner doesn't use the headers. On 6 Jun 2005, at 15:57, Steffan Henke wrote: > On Sun, 29 May 2005, Julian Field wrote: > > >> Found and fixed. This is a bug I accidentally introduced recently >> as a >> result of another change someone wanted. I think I have found them >> all >> now. The scanning was working as intended, but the wrong header was >> being put in. >> > > Julian, > > right now, I noticed that an "X-MailScanner: Found to be clean" is > added > if a domain gets a "Bcc:" of an email, is that an expected behaviour ? > > Let's say the ruleset for scans looks like this: > > To: a.com yes > To: b.com yes > To: default no > > > Now I send an Email To: c.com with a Bcc: b.com . > The email to c.com isn't actually scanned, nonetheless the header > gets added. > > > > Regards, > > Steffan > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQqV9axH2WUcUFbZUEQL89gCfeK+430fzI0O+kLZGTl0QbYqqfBIAn1oD nVV7C1qQ7CjAUGbKvXlUoa6K =01Q3 -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From stef at L5NET.NET Tue Jun 7 12:02:44 2005 From: stef at L5NET.NET (Stef Morrell) Date: Thu Jan 12 21:29:57 2006 Subject: SA 3.0.4 Message-ID: Martin wrote: > SpamAssassin 3.0.4 is released! SpamAssassin 3.0.4 contains > > Highlights of the release > ------------------------- > > - Added in SURBL JP list. Given it's now in the main release, we should be removing the rule from spam.assassin.prefs.conf yes? Stef Stefan Morrell | Director Tel: 0870 365 2813 | Level 5 Internet Ltd Fax: 0192 450 7307 | Part of the Alpha Omega Group stef@l5net.net | stef@aoc-uk.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From henker at S-H-COM.DE Tue Jun 7 12:28:41 2005 From: henker at S-H-COM.DE (Steffan Henke) Date: Thu Jan 12 21:29:57 2006 Subject: Header added to outgoing messages Message-ID: On Tue, 7 Jun 2005, Julian Field wrote: > What version? This is 4.42.9-1. > Bcc or Cc or To is irrelevant, they are all just recipients. > MailScanner doesn't use the headers. That's what I thought, so I really don't see why that header is added to an outgoing mail. In addition, I had some problems whitelisting lately, especially from sans.org. Although I have From: *@sans.org yes in my spam.whitelist.rules, these emails are close to being marked as spam: From: The SANS Institute Subject: Internet Storm Center Threat Update, Desktop Security and Other SANS Webcasts in June Precedence: bulk Errors-To: Sender: X-MailScanner: Found to be clean X-MailScanner-SpamCheck: not spam, SpamAssassin (Wertung=6.657, benoetigt 7, AWL -2.45, BAYES_99 3.50, DCC_CHECK 4.00, DIGEST_MULTIPLE 0.10, RAZOR2_CHECK 1.51) X-MailScanner-SpamScore: ssssss I am going to whitelist sans.org in the SpamAssassin conf as well, but I don't understand why the whitelisting for these particular mails is not applied. Regards, Steffan ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michael at NOMENNESCIO.NET Tue Jun 7 12:43:30 2005 From: michael at NOMENNESCIO.NET (Mike) Date: Thu Jan 12 21:29:57 2006 Subject: Header added to outgoing messages Message-ID: [ The following text is in the "ISO-8859-15" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >Behalf Of Steffan Henke > >> Bcc or Cc or To is irrelevant, they are all just recipients. >> MailScanner doesn't use the headers. > >That's what I thought, so I really don't see why that header is added >to an outgoing mail. >In addition, I had some problems whitelisting lately, especially from >sans.org. Although I have > >From: *@sans.org yes > >in my spam.whitelist.rules, these emails are close to being marked as >spam: > >From: The SANS Institute What Julian is trying to say, is that MS only knows/looks at the ENVELOPE From (MAIL FROM:) and To (RCPT TO:). The From: that you state above (Webcast@sans.org) is NOT the ENVELOPE From. Check your MTA logs to see the ENVELOPE From, or add the X-MailScanner-Envelope-From: header (configure in MailScanner.conf). >Errors-To: >Sender: > >I am going to whitelist sans.org in the SpamAssassin conf as well, but I >don't understand why the whitelisting for these particular mails is not >applied. Presumably, you should whitelist: From: *@*.sans.org yes The ENVELOPE From is probably bounce@mailings.sans.org (from the mailings.sans.org domain, NOT sans.org). >Regards, > >Steffan Mike. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From hard2hold at gmail.com Tue Jun 7 12:52:43 2005 From: hard2hold at gmail.com (Hard Hold) Date: Thu Jan 12 21:29:57 2006 Subject: panda linux Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Saw that MailScanner now supports the panda virus scanner, so I thought I would try it out. I see the update scripts, but nowhere can I find out how to register the free version for updates. Been all over the panda site and google. Maybe I am blind, and it would not be the first time. Does anyone have the link to register the panda linux for updates? I am sorry for the off topic, but could not find anywhere else to turn. Thanks Rob ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Tue Jun 7 13:12:01 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:29:57 2006 Subject: SA 3.0.4 Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Stef Morrell > Sent: Tuesday, June 07, 2005 7:03 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: SA 3.0.4 > > Martin wrote: > > > SpamAssassin 3.0.4 is released! SpamAssassin 3.0.4 contains > > > > Highlights of the release > > ------------------------- > > > > - Added in SURBL JP list. > > Given it's now in the main release, we should be removing the rule from > spam.assassin.prefs.conf yes? > > Stef Yes. The JP_* lines can bee removed. The score has been lowered a bit but I tend to trust the scores assigned by the SA folks until something changes my mind :) Steve Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Jun 7 13:34:26 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:57 2006 Subject: SA 3.0.4 Message-ID: Stephen I'm keeping a close eye on that score. Given the 'fun' the bayes scores where in 3.0.2 from the automatic score assignment I've started to view auto assigned scores with a heavy pinch of salt. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Stephen Swaney wrote: >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>Behalf Of Stef Morrell >>Sent: Tuesday, June 07, 2005 7:03 AM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: SA 3.0.4 >> >>Martin wrote: >> >> >>>SpamAssassin 3.0.4 is released! SpamAssassin 3.0.4 contains >>> >>>Highlights of the release >>>------------------------- >>> >>> - Added in SURBL JP list. >> >>Given it's now in the main release, we should be removing the rule from >>spam.assassin.prefs.conf yes? >> >>Stef > > > Yes. The JP_* lines can bee removed. > > The score has been lowered a bit but I tend to trust the scores assigned by > the SA folks until something changes my mind :) > > Steve > > Steve Swaney > President > Fortress Systems Ltd. > Phone: 202 338-1670 > Cell: 202 352-3262 > www.fsl.com > steve.swaney@fsl.com > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rich at MAIL.WVNET.EDU Tue Jun 7 13:36:39 2005 From: rich at MAIL.WVNET.EDU (Richard Lynch) Date: Thu Jan 12 21:29:57 2006 Subject: Bug? in syslog infection messages Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >What virus scanner are you using? (And if it's Sophos or ClamAV then >the module version or the command-line version?) > > Sorry, I should have mentioned that I'm running F-Prot. I'm also running ClamAV in command line mode. The output from ClamAV does include the full path. -- Rich >On 6 Jun 2005, at 13:56, Richard Lynch wrote: > > > >>I upgraded to the latest stable over the weekend. The infection >>messages in the syslog are now formatted like this... >> >>Jun 6 04:33:33 helen MailScanner[9301]: ./eyghn.zip->eyghn.htm >>Infection: W32/Mytob.EK@mm >> >>Prior to the upgrade the messages are formatted like this... >> >>Jun 4 04:16:30 barney MailScanner[18024]: /var/spool/MailScanner/ >>incoming/18024/j548EsXL032151/tyve.scr Infection: W32/Mytob.CZ@mm >> >>Note that the full path is missing. Unfortunately, I'm counting on >>the old message format in order to tie an infected message back to >>the sending site and targeted user. I'm using the message-id to do >>that. This is used for reports which I send to customers. Is >>there an easy way to return to the old message format? >> >>Richard Lynch >>WVNET >> >> -- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Text/X-VCARD (charset: UTF-8 "Internet-standard Unicode") ] [ (Name: "rich.vcf") 13 lines. ] [ Unable to print this part. ] From campbell at cnpapers.com Tue Jun 7 13:41:13 2005 From: campbell at cnpapers.com (Steve Campbell) Date: Thu Jan 12 21:29:57 2006 Subject: little off topic: Am I an open relay? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Beat, Beat Jucker wrote: >> I had a similar situation just last week. It had to do with some >> kind of setup on a user's Thunderbird. A friend of this user told >> him how to set up Thunderbird to act as a relay for a different >> domain than ours, and for some reason, because it was being done >> from our IPs, sendmail would go merrily along and send it, even >> though it wasn't supposed to. > > In my opinion each domain (company) should take care that only well > known mailservers in their domain should be able to take the role of > a relay mailserver (eg controlled by firewall). This will prevent > many virus/spam distributions I agree, but this was happening on my outbound mailserver, so I couldn't control it with the normal solution. This is the user's normal SMTP server, it was set up to only relay for particular domains, but it still relayed for this non-authorized domain. It was also receiving mail for this user in this non-authorized domain. Somewhere, I have a feeling, that there is a setting in my sendmail configuration that says relay for any IP in my IP range. I don't understand the inbound part at all. Any ideas how this may have been implemented? Steve > > Regards > -- Beat > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jun 7 13:56:11 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:57 2006 Subject: 4.43.2-1 BETA has fixed MCP "Delete" action logging - Thanks! Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Great. Thanks for confirming that. On 7 Jun 2005, at 11:33, Quentin Campbell wrote: > Julian > > Short note to confirm that 4.43.2-1 BETA has fixed the MCP "Delete" > action logging bug that I reported. > > I am running this BETA release on one of our production MTAs and it > seems to be OK. > > (Sendmail + 4.43.2-1 + SpamAssassin 3.0.2 + Sophos + McAfee + ClamAV) > > Thanks > > Quentin > --- > PHONE: +44 191 222 8209 Information Systems and Services (ISS), > University of Newcastle, > Newcastle upon Tyne, > FAX: +44 191 222 8765 United Kingdom, NE1 7RU. > ---------------------------------------------------------------------- > -- > "Any opinion expressed above is mine. The University can get its own." > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQqWZbhH2WUcUFbZUEQLG9ACeIFkDTI+FubY4QqyLJoXQ575FNq0AmwSp GQsxxTV35OJmGkz3Rr49+GVO =r2JP -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jun 7 14:01:11 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:57 2006 Subject: Bug? in syslog infection messages Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In SweepViruses.pm swap over lines 1920 and 1921. They should currently say: $logout =~ s/^.+\/(.+\/.+$)/\.\/$1/; # New MailScanner::Log::InfoLog($logout); and you probably want MailScanner::Log::InfoLog($logout); $logout =~ s/^.+\/(.+\/.+$)/\.\/$1/; # New instead. On 7 Jun 2005, at 13:36, Richard Lynch wrote: > Julian Field wrote: > > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> What virus scanner are you using? (And if it's Sophos or ClamAV >> then the module version or the command-line version?) >> >> > Sorry, I should have mentioned that I'm running F-Prot. I'm also > running ClamAV in command line mode. The output from ClamAV does > include the full path. > > -- Rich > > > >> On 6 Jun 2005, at 13:56, Richard Lynch wrote: >> >> >> >>> I upgraded to the latest stable over the weekend. The infection >>> messages in the syslog are now formatted like this... >>> >>> Jun 6 04:33:33 helen MailScanner[9301]: ./eyghn.zip->eyghn.htm >>> Infection: W32/Mytob.EK@mm >>> >>> Prior to the upgrade the messages are formatted like this... >>> >>> Jun 4 04:16:30 barney MailScanner[18024]: /var/spool/ >>> MailScanner/ incoming/18024/j548EsXL032151/tyve.scr Infection: >>> W32/Mytob.CZ@mm >>> >>> Note that the full path is missing. Unfortunately, I'm counting >>> on the old message format in order to tie an infected message >>> back to the sending site and targeted user. I'm using the >>> message-id to do that. This is used for reports which I send to >>> customers. Is there an easy way to return to the old message >>> format? >>> >>> Richard Lynch >>> WVNET >>> >>> > > > -- > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQqWamRH2WUcUFbZUEQKesgCgoZpVrVSt1l5OxWZLkD8+q5gYXqEAn19Q J6TsclMOnXxxbSKooruH2PFN =Mkyz -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Tue Jun 7 14:07:57 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:29:57 2006 Subject: SA 3.0.4 Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Martin Hepworth > Sent: Tuesday, June 07, 2005 8:34 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: SA 3.0.4 > > Stephen > > I'm keeping a close eye on that score. > > Given the 'fun' the bayes scores where in 3.0.2 from the automatic score > assignment I've started to view auto assigned scores with a heavy pinch > of salt. > > -- > Martin Hepworth That a good point. I'll watch the hits on JP_ for the nest few days. For those that care - in spam.assassin.prefs.comf we had scored URIBL_JP_SURBL: score URIBL_JP_SURBL 4.0 It's now scored: score URIBL_JP_SURBL 0 1.539 0 2.462 Thanks, Steve Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Tue Jun 7 14:09:01 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:57 2006 Subject: panda linux Message-ID: Hard Hold wrote: > Saw that MailScanner now supports the panda virus scanner, so I > thought I would try it out. I see the update scripts, but nowhere can > I find out how to register the free version for updates. Been all > over the panda site and google. Maybe I am blind, and it would not be > the first time. Does anyone have the link to register the panda > linux for updates? I am sorry for the off topic, but could not find > anywhere else to turn. > > Thanks > > Rob > AFAIK you need buy a licensed product to get updates... "free" indeed... -- Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From hard2hold at gmail.com Tue Jun 7 14:12:39 2005 From: hard2hold at gmail.com (Hard Hold) Date: Thu Jan 12 21:29:57 2006 Subject: panda linux Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 6/7/05, Steen, Glenn wrote: > Hard Hold wrote: > > Saw that MailScanner now supports the panda virus scanner, so I > > thought I would try it out. I see the update scripts, but nowhere can > > I find out how to register the free version for updates. Been all > > over the panda site and google. Maybe I am blind, and it would not be > > the first time. Does anyone have the link to register the panda > > linux for updates? I am sorry for the off topic, but could not find > > anywhere else to turn. > > > > Thanks > > > > Rob > > > AFAIK you need buy a licensed product to get updates... "free" indeed... > > -- Glenn > looks like you get what you pay for then. ty for the information. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rich at MAIL.WVNET.EDU Tue Jun 7 14:47:31 2005 From: rich at MAIL.WVNET.EDU (Richard Lynch) Date: Thu Jan 12 21:29:57 2006 Subject: Bug? in syslog infection messages Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >In SweepViruses.pm swap over lines 1920 and 1921. >They should currently say: > > $logout =~ s/^.+\/(.+\/.+$)/\.\/$1/; # New > MailScanner::Log::InfoLog($logout); > >and you probably want > > MailScanner::Log::InfoLog($logout); > $logout =~ s/^.+\/(.+\/.+$)/\.\/$1/; # New > >instead. > > Yes, that did it. Thank you. In my copy of SweepViruses.pm it was lines 1902 and 1903. I'm running... > MailScanner -V > ... > This is MailScanner version 4.42.9 Will you be making the same change to the code base or is this a modification that I will have to maintain? I appreciate all of you efforts. -- Rich -- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Text/X-VCARD (charset: UTF-8 "Internet-standard Unicode") ] [ (Name: "rich.vcf") 13 lines. ] [ Unable to print this part. ] From Glenn.Steen at AP1.SE Tue Jun 7 14:46:40 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:57 2006 Subject: Possible problem with the new panda wrapper Message-ID: Hi Rick & all, I finally had a slow moment to look at your new wrapper script. Lets start out positive: I really like what you've done there. Might be because of the rich comments in a language I actually understand:-), but more likely the nice "sidestep" of terminal issues. Probably comes from you being a real programmer, where I'm just a know-nothing programmer-turned-sysadmin (happened just after the dark ages too:-):). Some "problems" though: Am I correct in that this still will not honour the path given at the end of options? So that saying "." or "./" is virtually the same? Seems to me that MS could do that in ScanBatch, if TryCommercial times out (please correct me if I'm wrong!). Am I correct that you call pavcl once/directory, not once/batch? Would be nice if it was once/batch:). Now for the real problem. When I simulate a batch of more than one message, this detects the "clean second" as the "unclean first". Better that I show what I mean: --------------------------------- [root@mail bbb]# ls -lR .: totalt 8 drwxrwx--- 2 postfix apache 4096 mar 9 18:51 B46B323DAF.66B25/ drwxr-xr-x 2 root root 4096 mar 16 10:55 ZZZZZZZZ.ZZZZ/ ./B46B323DAF.66B25: totalt 8 -rw-rw---- 1 postfix apache 69 mar 9 18:51 eicar.com -rw-rw---- 1 postfix apache 1223 mar 9 18:51 message ./ZZZZZZZZ.ZZZZ: totalt 4 -rw-r--r-- 1 root root 132 mar 16 10:55 message [root@mail bbb]# pwd /var/spool/MailScanner/quarantine/.test/bbb [root@mail bbb]# /root/MailScanner-install-4.42.9/perl-tar/MailScanner-4.42.9/lib/panda-w rapper /usr -nsb -eng -aex -nso -aut -cmp . FOUND:Eicar.Mod##::##message->eicar.com##::##B46B323DAF.66B25##::##/var/ spool/MailScanner/quarantine/.test/bbb FOUND:Eicar.Mod##::##message->eicar.com##::##ZZZZZZZZ.ZZZZ##::##/var/spo ol/MailScanner/quarantine/.test/bbb [root@mail bbb]# cat ZZZZZZZZ.ZZZZ/message Dummy file Dummy file Dummy file Dummy file Dummy file Dummy file Dummy file Dummy file Dummy file Dummy file Dummy file Dummy file [root@mail bbb]# ------------------------------------ As you can see (apart from me not having it actually installed:-), the ZZZZZZZZ.ZZZZ/message file shouldn't be detected, but it is. I've not looked too deeply into why this happens.. Will do so, if this temporary slump in Real Work keeps up:-)... Or you could beat me to it:-). Tell me if you need more info. Best Regards, -- Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jun 7 14:57:25 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:57 2006 Subject: Bug? in syslog infection messages Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 7 Jun 2005, at 14:47, Richard Lynch wrote: Julian Field wrote: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In SweepViruses.pm swap over lines 1920 and 1921. They should currently say:   $logout =~ s/^.+\/(.+\/.+$)/\.\/$1/; # New   MailScanner::Log::InfoLog($logout); and you probably want   MailScanner::Log::InfoLog($logout);   $logout =~ s/^.+\/(.+\/.+$)/\.\/$1/; # New instead.   Yes, that did it.  Thank you.  In my copy of SweepViruses.pm it was lines 1902 and 1903.  I'm running... > MailScanner -V > ... > This is MailScanner version 4.42.9 Will you be making the same change to the code base or is this a modification that I will have to maintain?  I appreciate all of you efforts. No, don't worry, I've added it to the main code base. --  Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/PGP-SIGNATURE 202bytes. ] [ Unable to print this part. ] From jaearick at COLBY.EDU Tue Jun 7 15:37:52 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:29:57 2006 Subject: who is using require_rdns.m4? Message-ID: Gang, I've run require_rdns.m4 since about 10 EDT yesterday. In the last 24 hours, I've seen: Yesterday (10 AM to midnight): Total RDNS Fix Reverse DNS: 5889 (5xx fatal error) Total RDNS no resolve: 378 (4xx tempfail) Total RDNS Possible forgery: 4578 (4xx tempfail) Today (since midnight): Total RDNS Fix Reverse DNS: 6327 Total RDNS no resolve: 426 Total RDNS Possible forgery: 4214 The bulk of the "no reverse DNS" fatal rejections came from APNIC numbers. As for the issue of one IP number hosting multiple names, I believe that this test can be eliminated from require_rdns.m4 by removing the line that contains "451 Possibly forged hostname for $1". Per suggestions here, I have done that to my setup. I have heard nothing but silence from our helpdesk since installing require_rdns.m4 yesterday. No complaints or queries. We are a college, and lots of people are gone so it is quiet now anyway. But people howl quickly about email issues. Despite opinions to the contrary here, maybe require_rdns is not such a bad idea for anti-spam. BTW, upgraded to SpamAssassin 3.0.4 with MailScanner 4.43.2. No problems. I commented out the URIBL_JP_SURBL stuff in spam.assassin.prefs.conf as part of this upgrade. Jeff Earickson Colby College ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cade.thacker at ONERINGGROUP.COM Tue Jun 7 15:41:31 2005 From: cade.thacker at ONERINGGROUP.COM (Cade Thacker) Date: Thu Jan 12 21:29:57 2006 Subject: TNEF - attach winmail.dat contents to original email ? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, thanks for the responses. Peter, you are sorta right, the winmail.dat file *may* or *may not* contain an attachment. If there is not an attachment, then you are right, I think I am safe to discard it, but if there is an attachment, I would like to reattach it, and discard the original winmail.dat. So I am looking at Message.pm, and at first glance, it looks like maybe I can make some changes to that to do what I want. Obviously this is the brains of the operation. What I am thinking is adding another entry into MailScanner.conf to "Replace TNEF With Contents = Yes", then modifying Message.pm to respect that flag and make the changes. I also see that I can write my own perl and put it in /usr/lib/MailScanner/MailScanner/CustomFunctions. This looks highly promising. Would this be a good place to put a function that does what I want? Is there a simpler way? I am not looking for a step-by-step how do (although that would be awesome :), but just which way to go (and which way not to go) would be highly, highly appreciated. Scott Silva wrote: Peter Russell wrote: Here is the problem: We have some clients that continually receive winmail.dat files. Obviously, it be best if winmail.dat would just go away, but unfortunately that is not that case ;) What we would like to do, is to setup the MailScanner so that when the mail is processed it will go ahead and unpack the winmail.dat file, extract the actual attachment, scan it for viruses, and the re-attach that to the original email, thus discarding the original winmail.dat file. Thus the client does not have to bothered with the winmail.dat file. Winmail.dat does not always mean that there is an attachment. It means that some one who has incorrectly configured their exchange server has allowed the iused of the Microsoft Rich Text for external emails and the formatting data is contained in the winmail.dat, not attachments. Formatting data like outlook stationery, and horizontal rules and other formatting data. You can safely delete them, but do it with a warning to the folks running exchange. If the email had an attachment and was send from an incorrectly configured exvchange environment you wouild see 2 attachments, not the winmail.dat containing the 2nd attachment. I looked through the MailScanner.conf and studied the TNEF settings, but my understanding of them is that they unpack the winmail.dat so that the file(s) can be scanned, then just sends the original email on it way with the winmail.dat still attached. I am just hoping to take this one step further. We are currently running MailScanner 4.41.3 on Fedora Core 3. Can this be accomplished through MailScanner, or should I even dive down into setting up a sendmail filter? I am open to any and all suggestions. Thanks for your help! I have to dis-agree. winmail.dat can contain attachments as well as formatting. All packed up with the TNEF encoder. Another example of Microsoft's attempts at world domination. -- - Cade Thacker - - One Ring Group - cade.thacker@oneringgroup.com 404 303 9900 x105 770 402 7143 (cell) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jwilliams at COURTESYMORTGAGE.COM Tue Jun 7 16:42:43 2005 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:29:57 2006 Subject: little off topic: Am I an open relay? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Steve, Thanks for the heads-up, especially since we are testing out Thunderbird right now. Well, I figured out for the most part what the problem was. It appears one of my users computer is loaded with spyware. *sigh* I was able to watch my server and catch a piece of the mail. When I broke down the headers, the orginating IP address was from my internal network. Which completely threw me off as well as piss me off. Once I unplugged the persons computer from the network, everything was fine. So in essence, that computer turned into a mailserver. Today I will be doing some forensic work on the computer to see just what the hell happened (can you tell that I am still angry?) This is another one of those things that drives me nuts because i've been pushing for months (almost a year really) to tighten down what are users can do, both browsing the internet and installing software. FINALLY! After yesterday, the big wigs said "Wow, that was serious. Maybe we should stop it. Lets do it." Ya, a day late and a dollar short. Anyway, if anyone is curious as to what I find on the computer, shoot me a personal email and i'll give you a full breakdown of what i find. Thanks for the heads up Steve. Jason >Jason, > >I had a similar situation just last week. It had to do with some kind of setup >on a user's Thunderbird. A friend of this user told him how to set up >Thunderbird to act as a relay for a different domain than ours, and for some >reason, because it was being done from our IPs, sendmail would go merrily along >and send it, even though it wasn't supposed to. I never did find out what the >user had done to make this happen, and he wasn't savvy enough to be able to tell >me. My only option I could think of before I found out what was happening, was >to block the domain in MS, and the user finally called and complained. > > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue Jun 7 17:01:37 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:57 2006 Subject: little off topic: Am I an open relay? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jason Williams wrote: > Steve, > > Thanks for the heads-up, especially since we are testing out Thunderbird > right now. > Well, I figured out for the most part what the problem was. It appears > one of my users computer is loaded with spyware. *sigh* > I was able to watch my server and catch a piece of the mail. When I > broke down the headers, the orginating IP address was from my internal > network. Which completely threw me off as well as piss me off. Once I > unplugged the persons computer from the network, everything was fine. So > in essence, that computer turned into a mailserver. Today I will be > doing some forensic work on the computer to see just what the hell > happened (can you tell that I am still angry?) > > This is another one of those things that drives me nuts because i've > been pushing for months (almost a year really) to tighten down what are > users can do, both browsing the internet and installing software. > FINALLY! After yesterday, the big wigs said "Wow, that was serious. > Maybe we should stop it. Lets do it." Ya, a day late and a dollar short. > > Anyway, if anyone is curious as to what I find on the computer, shoot me > a personal email and i'll give you a full breakdown of what i find. > > Thanks for the heads up Steve. > > Jason > >> Jason, >> >> I had a similar situation just last week. It had to do with some kind >> of setup >> on a user's Thunderbird. A friend of this user told him how to set up >> Thunderbird to act as a relay for a different domain than ours, and >> for some >> reason, because it was being done from our IPs, sendmail would go >> merrily along >> and send it, even though it wasn't supposed to. I never did find out >> what the >> user had done to make this happen, and he wasn't savvy enough to be >> able to tell >> me. My only option I could think of before I found out what was >> happening, was >> to block the domain in MS, and the user finally called and complained. >> >> >> >> > Some of that cr#p gets installed through activex vulnerabilities in IE. The user doesn't have to say yes, as a matter of fact they get no prompt at all, and some gets in even on locked down PC's. It's making me pull out my hair! I have had to do the "cat5-ectomy" on several PC's this year. -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From brent.bolin at gmail.com Tue Jun 7 17:20:50 2005 From: brent.bolin at gmail.com (BB) Date: Thu Jan 12 21:29:57 2006 Subject: Do RBL lists check all Received: from x.x.x.x headers Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] For example if your on dialup or dynamic but you setup smarthost it will still show dialup header IP's ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Tue Jun 7 17:52:44 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:29:57 2006 Subject: totally off topic Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Not looking to get blasted, but this is about the best list group for getting questions taken care of. Does any one have any suggestion for setting up a Linux spyware filter? Thanks and sorry. This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Tue Jun 7 18:06:39 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:29:57 2006 Subject: Do RBL lists check all Received: from x.x.x.x headers Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] BB wrote: > > For example if your on dialup or dynamic but you setup smarthost it will > still show dialup header IP's Dialup RBLs should only be checked against IPs delivering to a server in trusted_networks. Other RBLs are checked against all RBLs. So in your case you will have FP problems, since I assume your smarthost is running SA, thus trusted, and accepting mail directly from dialup/dynamic client IPs. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jwilliams at COURTESYMORTGAGE.COM Tue Jun 7 18:14:20 2005 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:29:57 2006 Subject: little off topic: Am I an open relay? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I know what you mean. There is one product i've been looking at and after this incident, strongly considering using. Two of their products I like. Here is the website: http://www.faronics.com/index.asp The two that would help us and let us keep the hair we have are: DeepFreeze: http://www.faronics.com/html/deepfreeze.asp AntiExec: http://www.faronics.com/html/AntiExec.asp I may just pony up the money and buy DeepFreeze. Hope this helps. Jason Scott Silva wrote: >>>Some of that cr#p gets installed through activex vulnerabilities in IE. >>>The user doesn't have to say yes, as a matter of fact they get no prompt >>>at all, and some gets in even on locked down PC's. It's making me pull >>>out my hair! I have had to do the "cat5-ectomy" on several PC's this year. >>> >>> >>> ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jfalgout at OGOV.NET Tue Jun 7 18:16:43 2005 From: jfalgout at OGOV.NET (Jeff Falgout) Date: Thu Jan 12 21:29:57 2006 Subject: totally off topic Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] David Curtis said: > Not looking to get blasted, but this is about the best list group for > getting questions taken care of. > > Does any one have any suggestion for setting up a Linux spyware > filter? > > Thanks and sorry. Check out the DansGuardian Antivirus plugin - I use it to scan http traffic using squid and clamav. Clam is starting to add alot of spyware into it's signatures. If you need something right away, you can create your own. In addition, you can also use blacklists to filter out the known spyware sites. www.dansguardian.org http://www.harvest.com.br/asp/afn/dg.nsf or the av plugin. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Tue Jun 7 18:18:16 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:29:57 2006 Subject: little off topic: Am I an open relay? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thank you. These are the types of solutions we have looked at and have used. I am looking more at a gateway product that prevents spyware from even getting to the computer. There are many gateway appliances that do this but I have been unable to find a Linux (free) solution. Thanks. >>> jwilliams@COURTESYMORTGAGE.COM 06/07 1:14 PM >>> I know what you mean. There is one product i've been looking at and after this incident, strongly considering using. Two of their products I like. Here is the website: http://www.faronics.com/index.asp The two that would help us and let us keep the hair we have are: DeepFreeze: http://www.faronics.com/html/deepfreeze.asp AntiExec: http://www.faronics.com/html/AntiExec.asp I may just pony up the money and buy DeepFreeze. Hope this helps. Jason Scott Silva wrote: >>>Some of that cr#p gets installed through activex vulnerabilities in IE. >>>The user doesn't have to say yes, as a matter of fact they get no prompt >>>at all, and some gets in even on locked down PC's. It's making me pull >>>out my hair! I have had to do the "cat5-ectomy" on several PC's this year. >>> >>> >>> ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dnsadmin at 1BIGTHINK.COM Tue Jun 7 18:23:41 2005 From: dnsadmin at 1BIGTHINK.COM (DNSAdmin) Date: Thu Jan 12 21:29:57 2006 Subject: totally off topic Message-ID: At 12:52 PM 6/7/2005, you wrote: >Not looking to get blasted, but this is about the best list group for >getting questions taken care of. > >Does any one have any suggestion for setting up a Linux spyware filter? > >Thanks and sorry. That's probably not a bad question, but something I've never researched or come upon. I'll be lurking.. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. http://www.sng.ecs.soton.ac.uk/mailscanner/ Configuration by Glenn Parsons dnsadmin-at-1bigthink.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Tue Jun 7 18:23:05 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:29:57 2006 Subject: totally off topic Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks for the info. I would not even know where to start to create my own. We are looking at adding the clam to dansguardian. Thanks. >>> jfalgout@OGOV.NET 06/07 1:16 PM >>> David Curtis said: > Not looking to get blasted, but this is about the best list group for > getting questions taken care of. > > Does any one have any suggestion for setting up a Linux spyware > filter? > > Thanks and sorry. Check out the DansGuardian Antivirus plugin - I use it to scan http traffic using squid and clamav. Clam is starting to add alot of spyware into it's signatures. If you need something right away, you can create your own. In addition, you can also use blacklists to filter out the known spyware sites. www.dansguardian.org http://www.harvest.com.br/asp/afn/dg.nsf or the av plugin. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Jun 7 18:22:35 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:57 2006 Subject: totally off topic Message-ID: David Obvious answer is not to use IE on windows..... kills 99% of all known spyware dead ;-) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 David Curtis wrote: > Not looking to get blasted, but this is about the best list group for > getting questions taken care of. > > Does any one have any suggestion for setting up a Linux spyware filter? > > Thanks and sorry. > > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Tue Jun 7 18:22:46 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:29:57 2006 Subject: Possible problem with the new panda wrapper Message-ID: Glenn, I replied off list with more detail than here, I didn't notice your message went to the list as well as me. > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Steen, Glenn > Sent: Tuesday, June 07, 2005 8:47 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Possible problem with the new panda wrapper > > > Hi Rick & all, > > I finally had a slow moment to look at your new wrapper script. > Lets start out positive: I really like what you've done there. Might > be because of the rich comments in a language I actually understand:-), > but more likely the nice "sidestep" of terminal issues. Probably > comes from you being a real programmer, where I'm just a know-nothing > programmer-turned-sysadmin (happened just after the dark ages too:-):). > > Some "problems" though: > Am I correct in that this still will not honour the path given at the > end of options? So that saying "." or "./" is virtually the > same? Seems to me that MS could do that in ScanBatch, if TryCommercial > times out (please correct me if I'm wrong!). > > Am I correct that you call pavcl once/directory, not once/batch? Would > be nice if it was once/batch:). Done, you should already have a copy of a new version of panda-wrapper, and the required patch to SweepViruses.pm, to try out. Please let me/us know if it's more like what you desire. It will scan the child's entire batch with one call to pavcl > > Now for the real problem. When I simulate a batch of more than one > message, this detects the "clean second" as the "unclean first". Better > that I show what I mean: [..] This was a stupid error on my part. I deleted some debug stuff before sending the last version to Julian and I didn't test it with a batch... I deleted one line too many. I have attached a patch for panda-wrapper that will fix this one line brain spaz. Apply the patch or change the following line in panda-wrapper from: sub scan_virus{ to: sub scan_virus{ # Make sure our Virtual Screen is clean when called. $VirtualScreens = ""; I don't know if/when Julian will incorporate the changes to panda-wrapper and SweepViruses.pm to allow a single call to pavcl for each batch rather than each message. If anyone else wants this change now/soon let me know and I can send it to you or post it here. Again, Sorry for the brain fade on the above error Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/OCTET-STREAM (Name: "panda-wrapper.diff") ] [ 430bytes. ] [ Unable to print this part. ] From support at spyproductions.com Tue Jun 7 18:27:08 2005 From: support at spyproductions.com (SpyProductions Support Team) Date: Thu Jan 12 21:29:57 2006 Subject: Mailscanner upgrade Message-ID: Hi Everyone, Just upgraded MailScanner here on system I inherited here running Rh 9 and it won't start. I installed all the dependencies that it asked for when I initially installed it, but it still looks like a dependency issue to me.... I'm seeing the following whenever I try to start MailScanner: Starting MailScanner daemons: incoming sendmail: [ OK ] outgoing sendmail: [ OK ] MailScanner: Can't locate IO/Wrap.pm in @INC (@INC contains: /usr/lib/MailScanner /usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl /usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 . /usr/lib/MailScanner) at /usr/lib/perl5/vendor_perl/5.8.0/MIME/Parser.pm line 134. BEGIN failed--compilation aborted at /usr/lib/perl5/vendor_perl/5.8.0/MIME/Parser.pm line 134. Compilation failed in require at /usr/lib/MailScanner/MailScanner/MCPMessage.pm line 40. BEGIN failed--compilation aborted at /usr/lib/MailScanner/MailScanner/MCPMessage.pm line 40. Compilation failed in require at /usr/sbin/MailScanner line 73. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 73. I scanned the archive and found one issue - IO-stringy, but am lost on the rest Any help would be trully appreciated. Thanks, Darryl Jones System Administrator SpyProductions Achieve Web Success http://spyproductions.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Tue Jun 7 18:28:35 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:29:57 2006 Subject: totally off topic Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Unfortunately this is not an option for us right now. I know this will prevent most of the problem, like teaching people safe searching habits, it just will not happen here. >>> martinh@SOLID-STATE-LOGIC.COM 06/07 1:22 PM >>> David Obvious answer is not to use IE on windows..... kills 99% of all known spyware dead ;-) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 David Curtis wrote: > Not looking to get blasted, but this is about the best list group for > getting questions taken care of. > > Does any one have any suggestion for setting up a Linux spyware filter? > > Thanks and sorry. > > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Jun 7 18:31:28 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:57 2006 Subject: totally off topic Message-ID: David more serviously.. http://www.pcxperience.org/dgvirus/ uses the MaiLScanner AV interface to provide a plugin to DG. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 David Curtis wrote: > Not looking to get blasted, but this is about the best list group for > getting questions taken care of. > > Does any one have any suggestion for setting up a Linux spyware filter? > > Thanks and sorry. > > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue Jun 7 18:25:34 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:57 2006 Subject: little off topic: Am I an open relay? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jason Williams wrote: > I know what you mean. > There is one product i've been looking at and after this incident, > strongly considering using. Two of their products I like. Here is the > website: > > http://www.faronics.com/index.asp > > The two that would help us and let us keep the hair we have are: > > DeepFreeze: > http://www.faronics.com/html/deepfreeze.asp > > AntiExec: > http://www.faronics.com/html/AntiExec.asp > > I may just pony up the money and buy DeepFreeze. > > Hope this helps. > > Jason > > > Scott Silva wrote: > >>>> Some of that cr#p gets installed through activex vulnerabilities in IE. >>>> The user doesn't have to say yes, as a matter of fact they get no >>>> prompt >>>> at all, and some gets in even on locked down PC's. It's making me pull >>>> out my hair! I have had to do the "cat5-ectomy" on several PC's this >>>> year. >>>> >>>> > > You can also have a look at this; http://www.spywareguide.com/blockfile.php I was just starting to look at this today. -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From quinting at HSD.CA Tue Jun 7 18:55:07 2005 From: quinting at HSD.CA (Quintin Giesbrecht) Date: Thu Jan 12 21:29:57 2006 Subject: little off topic: Am I an open relay? Message-ID: I am an IT in a school division, and we run deepfreeze on any computer that students use. It has saved us weeks and months of work. Of course, the staff machines are not locked down....oh well, can't have it all :( -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Jason Williams Sent: June 7, 2005 12:14 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: little off topic: Am I an open relay? I know what you mean. There is one product i've been looking at and after this incident, strongly considering using. Two of their products I like. Here is the website: http://www.faronics.com/index.asp The two that would help us and let us keep the hair we have are: DeepFreeze: http://www.faronics.com/html/deepfreeze.asp AntiExec: http://www.faronics.com/html/AntiExec.asp I may just pony up the money and buy DeepFreeze. Hope this helps. Jason Scott Silva wrote: >>>Some of that cr#p gets installed through activex vulnerabilities in IE. >>>The user doesn't have to say yes, as a matter of fact they get no prompt >>>at all, and some gets in even on locked down PC's. It's making me pull >>>out my hair! I have had to do the "cat5-ectomy" on several PC's this year. >>> >>> >>> ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jun 7 18:59:16 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:57 2006 Subject: Mailscanner upgrade Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SpyProductions Support Team wrote: > > Hi Everyone, > > Just upgraded MailScanner here on system I inherited here running Rh 9 > and it won't start. I installed all the dependencies that it asked for > when I initially installed it, but it still looks like a dependency > issue to me.... > > I'm seeing the following whenever I try to start MailScanner: > > Starting MailScanner daemons: > incoming sendmail: [ OK ] > outgoing sendmail: [ OK ] > MailScanner: Can't locate IO/Wrap.pm in @INC (@INC contains: > /usr/lib/MailScanner /usr/lib/perl5/5.8.0/i386-linux-thread-multi > /usr/lib/perl5/5.8.0 > /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl > /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl > /usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 . > /usr/lib/MailScanner) at > /usr/lib/perl5/vendor_perl/5.8.0/MIME/Parser.pm line 134. > BEGIN failed--compilation aborted at > /usr/lib/perl5/vendor_perl/5.8.0/MIME/Parser.pm line 134. > Compilation failed in require at > /usr/lib/MailScanner/MailScanner/MCPMessage.pm line 40. > BEGIN failed--compilation aborted at > /usr/lib/MailScanner/MailScanner/MCPMessage.pm line 40. > Compilation failed in require at /usr/sbin/MailScanner line 73. > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 73. > > I scanned the archive and found one issue - IO-stringy, but am lost on > the rest Does indeed look like IO-stringy. This should be installed by the ./install.sh installation script in the MailScanner distribution. Have you tried to upgrade to the latest MailScanner? - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQqXgdRH2WUcUFbZUEQKBEACg6ZsyhVAR60q7hMcnBuAyLbFjDNQAn1gp YkbbncsXIfKH4TG5P90VZq0V =bfPr -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From support at spyproductions.com Tue Jun 7 19:15:11 2005 From: support at spyproductions.com (SpyProductions Support Team) Date: Thu Jan 12 21:29:58 2006 Subject: Mailscanner upgrade Message-ID: I used the RPM dist off of the MailScanner website last week. I just tried the latest version - 4.22.9-1 and it installed without a problem. Tried to crank it up, same issue..... Darryl Jones System Administrator SpyProductions Achieve Web Success http://spyproductions.com > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field > Sent: Tuesday, June 07, 2005 1:59 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Mailscanner upgrade > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > SpyProductions Support Team wrote: > > > > > Hi Everyone, > > > > Just upgraded MailScanner here on system I inherited here > running Rh 9 > > and it won't start. I installed all the dependencies that > it asked for > > when I initially installed it, but it still looks like a dependency > > issue to me.... > > > > I'm seeing the following whenever I try to start MailScanner: > > > > Starting MailScanner daemons: > > incoming sendmail: [ OK ] > > outgoing sendmail: [ OK ] > > MailScanner: Can't locate IO/Wrap.pm in @INC (@INC contains: > > /usr/lib/MailScanner /usr/lib/perl5/5.8.0/i386-linux-thread-multi > > /usr/lib/perl5/5.8.0 > > /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi > > /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl > > /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi > > /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl > > /usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 . > > /usr/lib/MailScanner) at > > /usr/lib/perl5/vendor_perl/5.8.0/MIME/Parser.pm line 134. > > BEGIN failed--compilation aborted at > > /usr/lib/perl5/vendor_perl/5.8.0/MIME/Parser.pm line 134. > > Compilation failed in require at > > /usr/lib/MailScanner/MailScanner/MCPMessage.pm line 40. > > BEGIN failed--compilation aborted at > > /usr/lib/MailScanner/MailScanner/MCPMessage.pm line 40. > > Compilation failed in require at /usr/sbin/MailScanner line 73. > > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 73. > > > > I scanned the archive and found one issue - IO-stringy, but > am lost on > > the rest > > Does indeed look like IO-stringy. This should be installed by the > ./install.sh installation script in the MailScanner > distribution. Have > you tried to upgrade to the latest MailScanner? > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.1 (Build 2185) > > iQA/AwUBQqXgdRH2WUcUFbZUEQKBEACg6ZsyhVAR60q7hMcnBuAyLbFjDNQAn1gp > YkbbncsXIfKH4TG5P90VZq0V > =bfPr > -----END PGP SIGNATURE----- > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' > in the body of the email. Before posting, read the Wiki > (http://wiki.mailscanner.info/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Jun 7 19:08:36 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:58 2006 Subject: Mailscanner upgrade Message-ID: Hmm prob fun with RH RPM and NON RH rpm perl module locations (again). see if you can find a RH RPM with the modules you need. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 SpyProductions Support Team wrote: > I used the RPM dist off of the MailScanner website last week. > I just tried the latest version - 4.22.9-1 and it installed without a > problem. Tried to crank it up, same issue..... > > Darryl Jones > System Administrator > SpyProductions > Achieve Web Success > http://spyproductions.com > > >>-----Original Message----- >>From: MailScanner mailing list >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>Sent: Tuesday, June 07, 2005 1:59 PM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: Mailscanner upgrade >> >> >>-----BEGIN PGP SIGNED MESSAGE----- >>Hash: SHA1 >> >> >> >>SpyProductions Support Team wrote: >> >> >>> >>>Hi Everyone, >>> >>>Just upgraded MailScanner here on system I inherited here >> >>running Rh 9 >> >>>and it won't start. I installed all the dependencies that >> >>it asked for >> >>>when I initially installed it, but it still looks like a dependency >>>issue to me.... >>> >>>I'm seeing the following whenever I try to start MailScanner: >>> >>>Starting MailScanner daemons: >>>incoming sendmail: [ OK ] >>>outgoing sendmail: [ OK ] >>>MailScanner: Can't locate IO/Wrap.pm in @INC (@INC contains: >>>/usr/lib/MailScanner /usr/lib/perl5/5.8.0/i386-linux-thread-multi >>>/usr/lib/perl5/5.8.0 >>>/usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi >>>/usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl >>>/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi >>>/usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl >>>/usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 . >>>/usr/lib/MailScanner) at >>>/usr/lib/perl5/vendor_perl/5.8.0/MIME/Parser.pm line 134. >>>BEGIN failed--compilation aborted at >>>/usr/lib/perl5/vendor_perl/5.8.0/MIME/Parser.pm line 134. >>>Compilation failed in require at >>>/usr/lib/MailScanner/MailScanner/MCPMessage.pm line 40. >>>BEGIN failed--compilation aborted at >>>/usr/lib/MailScanner/MailScanner/MCPMessage.pm line 40. >>>Compilation failed in require at /usr/sbin/MailScanner line 73. >>>BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 73. >>> >>>I scanned the archive and found one issue - IO-stringy, but >> >>am lost on >> >>>the rest >> >>Does indeed look like IO-stringy. This should be installed by the >>./install.sh installation script in the MailScanner >>distribution. Have >>you tried to upgrade to the latest MailScanner? >> >>- -- >>Julian Field >>www.MailScanner.info >>Buy the MailScanner book at www.MailScanner.info/store >>Professional Support Services at www.MailScanner.biz >>MailScanner thanks transtec Computers for their support >> >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >>-----BEGIN PGP SIGNATURE----- >>Version: PGP Desktop 9.0.1 (Build 2185) >> >>iQA/AwUBQqXgdRH2WUcUFbZUEQKBEACg6ZsyhVAR60q7hMcnBuAyLbFjDNQAn1gp >>YkbbncsXIfKH4TG5P90VZq0V >>=bfPr >>-----END PGP SIGNATURE----- >> >>------------------------ MailScanner list >>------------------------ To unsubscribe, email >>jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' >>in the body of the email. Before posting, read the Wiki >>(http://wiki.mailscanner.info/) and the archives >>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jun 7 19:09:54 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:58 2006 Subject: Mailscanner upgrade Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Did the installation script produce any errors as it installed the RPMs? Something fairly fundamental didn't work. If you can give me remote ssh access and the root password, I'll take a look for you. Mail me details (off-list!). SpyProductions Support Team wrote: >I used the RPM dist off of the MailScanner website last week. >I just tried the latest version - 4.22.9-1 and it installed without a >problem. Tried to crank it up, same issue..... > >Darryl Jones >System Administrator >SpyProductions >Achieve Web Success >http://spyproductions.com > > > >>-----Original Message----- >>From: MailScanner mailing list >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>Sent: Tuesday, June 07, 2005 1:59 PM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: Mailscanner upgrade >> >> >>-----BEGIN PGP SIGNED MESSAGE----- >>Hash: SHA1 >> >> >> >>SpyProductions Support Team wrote: >> >> >> >>> >>>Hi Everyone, >>> >>>Just upgraded MailScanner here on system I inherited here >>> >>> >>running Rh 9 >> >> >>>and it won't start. I installed all the dependencies that >>> >>> >>it asked for >> >> >>>when I initially installed it, but it still looks like a dependency >>>issue to me.... >>> >>>I'm seeing the following whenever I try to start MailScanner: >>> >>>Starting MailScanner daemons: >>>incoming sendmail: [ OK ] >>>outgoing sendmail: [ OK ] >>>MailScanner: Can't locate IO/Wrap.pm in @INC (@INC contains: >>>/usr/lib/MailScanner /usr/lib/perl5/5.8.0/i386-linux-thread-multi >>>/usr/lib/perl5/5.8.0 >>>/usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi >>>/usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl >>>/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi >>>/usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl >>>/usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 . >>>/usr/lib/MailScanner) at >>>/usr/lib/perl5/vendor_perl/5.8.0/MIME/Parser.pm line 134. >>>BEGIN failed--compilation aborted at >>>/usr/lib/perl5/vendor_perl/5.8.0/MIME/Parser.pm line 134. >>>Compilation failed in require at >>>/usr/lib/MailScanner/MailScanner/MCPMessage.pm line 40. >>>BEGIN failed--compilation aborted at >>>/usr/lib/MailScanner/MailScanner/MCPMessage.pm line 40. >>>Compilation failed in require at /usr/sbin/MailScanner line 73. >>>BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 73. >>> >>>I scanned the archive and found one issue - IO-stringy, but >>> >>> >>am lost on >> >> >>>the rest >>> >>> >>Does indeed look like IO-stringy. This should be installed by the >>./install.sh installation script in the MailScanner >>distribution. Have >>you tried to upgrade to the latest MailScanner? >> >>- -- >>Julian Field >>www.MailScanner.info >>Buy the MailScanner book at www.MailScanner.info/store >>Professional Support Services at www.MailScanner.biz >>MailScanner thanks transtec Computers for their support >> >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >>-----BEGIN PGP SIGNATURE----- >>Version: PGP Desktop 9.0.1 (Build 2185) >> >>iQA/AwUBQqXgdRH2WUcUFbZUEQKBEACg6ZsyhVAR60q7hMcnBuAyLbFjDNQAn1gp >>YkbbncsXIfKH4TG5P90VZq0V >>=bfPr >>-----END PGP SIGNATURE----- >> >>------------------------ MailScanner list >>------------------------ To unsubscribe, email >>jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' >>in the body of the email. Before posting, read the Wiki >>(http://wiki.mailscanner.info/) and the archives >>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQqXi8xH2WUcUFbZUEQJkyACgj1eQSE8MVCyuUTIsJRR3sf7EY38AoJjp ZfJ8ZWG/3arp33fimhHlPCmq =Zzut -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jun 7 19:21:56 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:58 2006 Subject: Mailscanner upgrade Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 But that's why MailScanner rebuilds each of the RPMs before installing them. They should end up in the right place for your system. Martin Hepworth wrote: > Hmm > > prob fun with RH RPM and NON RH rpm perl module locations (again). > > see if you can find a RH RPM with the modules you need. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > SpyProductions Support Team wrote: > >> I used the RPM dist off of the MailScanner website last week. >> I just tried the latest version - 4.22.9-1 and it installed without a >> problem. Tried to crank it up, same issue..... >> >> Darryl Jones >> System Administrator >> SpyProductions >> Achieve Web Success >> http://spyproductions.com >> >> >>> -----Original Message----- >>> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] >>> On Behalf Of Julian Field >>> Sent: Tuesday, June 07, 2005 1:59 PM >>> To: MAILSCANNER@JISCMAIL.AC.UK >>> Subject: Re: Mailscanner upgrade >>> >>> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> >>> >>> SpyProductions Support Team wrote: >>> >>> >>>> >>>> Hi Everyone, >>>> >>>> Just upgraded MailScanner here on system I inherited here >>> >>> >>> running Rh 9 >>> >>>> and it won't start. I installed all the dependencies that >>> >>> >>> it asked for >>> >>>> when I initially installed it, but it still looks like a dependency >>>> issue to me.... >>>> >>>> I'm seeing the following whenever I try to start MailScanner: >>>> >>>> Starting MailScanner daemons: >>>> incoming sendmail: [ OK ] >>>> outgoing sendmail: [ OK ] >>>> MailScanner: Can't locate IO/Wrap.pm in @INC (@INC contains: >>>> /usr/lib/MailScanner /usr/lib/perl5/5.8.0/i386-linux-thread-multi >>>> /usr/lib/perl5/5.8.0 >>>> /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi >>>> /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl >>>> /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi >>>> /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl >>>> /usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 . >>>> /usr/lib/MailScanner) at >>>> /usr/lib/perl5/vendor_perl/5.8.0/MIME/Parser.pm line 134. >>>> BEGIN failed--compilation aborted at >>>> /usr/lib/perl5/vendor_perl/5.8.0/MIME/Parser.pm line 134. >>>> Compilation failed in require at >>>> /usr/lib/MailScanner/MailScanner/MCPMessage.pm line 40. >>>> BEGIN failed--compilation aborted at >>>> /usr/lib/MailScanner/MailScanner/MCPMessage.pm line 40. >>>> Compilation failed in require at /usr/sbin/MailScanner line 73. >>>> BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 73. >>>> >>>> I scanned the archive and found one issue - IO-stringy, but >>> >>> >>> am lost on >>> >>>> the rest >>> >>> >>> Does indeed look like IO-stringy. This should be installed by the >>> ./install.sh installation script in the MailScanner distribution. >>> Have you tried to upgrade to the latest MailScanner? >>> >>> - -- Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store Professional >>> Support Services at www.MailScanner.biz MailScanner thanks transtec >>> Computers for their support >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> >>> -----BEGIN PGP SIGNATURE----- >>> Version: PGP Desktop 9.0.1 (Build 2185) >>> >>> iQA/AwUBQqXgdRH2WUcUFbZUEQKBEACg6ZsyhVAR60q7hMcnBuAyLbFjDNQAn1gp >>> YkbbncsXIfKH4TG5P90VZq0V >>> =bfPr >>> -----END PGP SIGNATURE----- >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >>> mailscanner' in the body of the email. Before posting, read the Wiki >>> (http://wiki.mailscanner.info/) and the archives >>> (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQqXlxRH2WUcUFbZUEQJy9ACfch4JtnJMIW0D2+myZy0Gbow+//wAoMzt sUy1JX4B+pdESq8aZ8vu7C64 =DtwS -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rgreen at TRAYERPRODUCTS.COM Tue Jun 7 19:31:17 2005 From: rgreen at TRAYERPRODUCTS.COM (Rodney Green) Date: Thu Jan 12 21:29:58 2006 Subject: totally off topic Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] IE-SpyAd is not a Linux filter for spyware, but is a big list of sites to be added to the restricted sites zone in IE. The author has a script that will add/remove the said list. You could add the list to the users IE via login batch file. You could lock IE down so the users can't add/remove sites, using group policy. https://netfiles.uiuc.edu/ehowes/www/resource.htm David Curtis wrote: > Not looking to get blasted, but this is about the best list group for > getting questions taken care of. > > Does any one have any suggestion for setting up a Linux spyware filter? > > Thanks and sorry. > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. ------------------------ MailScanner list > ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* -- Rodney Green Network/Security Administrator Trayer Products, Inc. rgreen@trayerproducts.com 607-734-8124 Ext. 343 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cstone at AXINT.NET Tue Jun 7 20:16:05 2005 From: cstone at AXINT.NET (Chris Stone) Date: Thu Jan 12 21:29:58 2006 Subject: Mailscanner upgrade Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday 07 June 2005 11:27 am, SpyProductions Support Team wrote: > Just upgraded MailScanner here on system I inherited here running Rh 9 and > it won't start. I installed all the dependencies that it asked for > when I initially installed it, but it still looks like a dependency issue > to me.... > > I'm seeing the following whenever I try to start MailScanner: > > Starting MailScanner daemons: > incoming sendmail: [ OK ] > outgoing sendmail: [ OK ] > MailScanner: Can't locate IO/Wrap.pm in @INC (@INC contains: Run: perl -MCPAN -e 'install IO::Wrap' That should take care of it for you.... -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFCpfJ1G4PxJjbMvv0RAv2KAJ94WC1ZdL0B10F9rOmuAPqlTzqYJACfbR94 A1HdImsRPgcihN7k/B9qRes= =nUeu -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jun 7 21:40:05 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:58 2006 Subject: Mailscanner upgrade Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It turned out to be the classic UTF8 problem in /etc/sysconfig/i18n, the error message was a red herring. Chris Stone wrote: >* PGP Signed by an unknown key: 06/07/05 at 20:16:05 > >On Tuesday 07 June 2005 11:27 am, SpyProductions Support Team wrote: > > >>Just upgraded MailScanner here on system I inherited here running Rh 9 and >>it won't start. I installed all the dependencies that it asked for >>when I initially installed it, but it still looks like a dependency issue >>to me.... >> >>I'm seeing the following whenever I try to start MailScanner: >> >>Starting MailScanner daemons: >>incoming sendmail: [ OK ] >>outgoing sendmail: [ OK ] >>MailScanner: Can't locate IO/Wrap.pm in @INC (@INC contains: >> >> > >Run: perl -MCPAN -e 'install IO::Wrap' > >That should take care of it for you.... > >* Unknown Key >* 0x36CCBEFD (L) > > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQqYGJhH2WUcUFbZUEQIfUACgn1T0FYqfnMYaUv+LFvqbLyIumdgAoJH9 cCTDW6ONLlhS28Q9rWI9Dlc/ =C6L6 -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Tue Jun 7 21:57:34 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:58 2006 Subject: SV: Possible problem with the new panda wrapper Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Brain fades happen. Even to the best. Will test and report back tomorrow. -- Glenn -----Ursprungligt meddelande----- Från: MailScanner mailing list genom Rick Cooper Skickat: ti 2005-06-07 19:22 Till: MAILSCANNER@JISCMAIL.AC.UK Kopia: Ämne: Re: Possible problem with the new panda wrapper Glenn, I replied off list with more detail than here, I didn't notice your message went to the list as well as me. > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Steen, Glenn > Sent: Tuesday, June 07, 2005 8:47 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Possible problem with the new panda wrapper > > > Hi Rick & all, > > I finally had a slow moment to look at your new wrapper script. > Lets start out positive: I really like what you've done there. Might > be because of the rich comments in a language I actually understand:-), > but more likely the nice "sidestep" of terminal issues. Probably > comes from you being a real programmer, where I'm just a know-nothing > programmer-turned-sysadmin (happened just after the dark ages too:-):). > > Some "problems" though: > Am I correct in that this still will not honour the path given at the > end of options? So that saying "." or "./" is virtually the > same? Seems to me that MS could do that in ScanBatch, if TryCommercial > times out (please correct me if I'm wrong!). > > Am I correct that you call pavcl once/directory, not once/batch? Would > be nice if it was once/batch:). Done, you should already have a copy of a new version of panda-wrapper, and the required patch to SweepViruses.pm, to try out. Please let me/us know if it's more like what you desire. It will scan the child's entire batch with one call to pavcl > > Now for the real problem. When I simulate a batch of more than one > message, this detects the "clean second" as the "unclean first". Better > that I show what I mean: [..] This was a stupid error on my part. I deleted some debug stuff before sending the last version to Julian and I didn't test it with a batch... I deleted one line too many. I have attached a patch for panda-wrapper that will fix this one line brain spaz. Apply the patch or change the following line in panda-wrapper from: sub scan_virus{ to: sub scan_virus{ # Make sure our Virtual Screen is clean when called. $VirtualScreens = ""; I don't know if/when Julian will incorporate the changes to panda-wrapper and SweepViruses.pm to allow a single call to pavcl for each batch rather than each message. If anyone else wants this change now/soon let me know and I can send it to you or post it here. Again, Sorry for the brain fade on the above error Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin at MICA.NET Tue Jun 7 23:34:59 2005 From: Kevin at MICA.NET (Kevin Hanser) Date: Thu Jan 12 21:29:58 2006 Subject: New version of msre (MailScanner Ruleset Editor) available: 0.2.1 Message-ID: Hello, For anyone interested, I have just updated my MailScanner Ruleset Editor (msre). This is a bug fix release, I fixed a few issues that would cause the rulesets to get messed up w/multiple actions (like "store notify"). For more information on msre: http://msre.sourceforge.net Or to see what has been fixed/changed, you can view the changelog at: http://sourceforge.net/project/shownotes.php?release_id=333373 k ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Jun 8 08:40:52 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:58 2006 Subject: Mailscanner upgrade Message-ID: Classic as in old - well a year ago I guess....In computing terms thats ancient ;-) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > It turned out to be the classic UTF8 problem in /etc/sysconfig/i18n, the > error message was a red herring. > > Chris Stone wrote: > > >>* PGP Signed by an unknown key: 06/07/05 at 20:16:05 >> >>On Tuesday 07 June 2005 11:27 am, SpyProductions Support Team wrote: >> >> >> >>>Just upgraded MailScanner here on system I inherited here running Rh 9 and >>>it won't start. I installed all the dependencies that it asked for >>>when I initially installed it, but it still looks like a dependency issue >>>to me.... >>> >>>I'm seeing the following whenever I try to start MailScanner: >>> >>>Starting MailScanner daemons: >>>incoming sendmail: [ OK ] >>>outgoing sendmail: [ OK ] >>>MailScanner: Can't locate IO/Wrap.pm in @INC (@INC contains: >>> >>> >> >>Run: perl -MCPAN -e 'install IO::Wrap' >> >>That should take care of it for you.... >> >>* Unknown Key >>* 0x36CCBEFD (L) >> >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> > > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.1 (Build 2185) > > iQA/AwUBQqYGJhH2WUcUFbZUEQIfUACgn1T0FYqfnMYaUv+LFvqbLyIumdgAoJH9 > cCTDW6ONLlhS28Q9rWI9Dlc/ > =C6L6 > -----END PGP SIGNATURE----- > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Christo at IT4AFRICA.CO.ZA Wed Jun 8 08:51:15 2005 From: Christo at IT4AFRICA.CO.ZA (Christo Bezuidenhout) Date: Thu Jan 12 21:29:58 2006 Subject: confusing message {Virus Scanned} Message-ID: Is that one file or two different files. In WindoZE you can create a file with a ',' in the filename. That could be why it has been blocked. Because of the length of the single file. Christo -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Craig White Sent: 08 June 2005 03:22 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: confusing message {Virus Scanned} # rpm -qa mailscanner mailscanner-4.40.5-1 One of my users reports this error... Our e-mail content detector has just been triggered by a message you sent: To: obscured_email_address Subject: Homeowners Financial Date: Tue Jun 7 12:00:04 2005 One or more of the attachments (Payroll Adjust.doc, Payroll Adjust-1.doc) are on the list of unacceptable attachments for this site and will not have been delivered. Consider renaming the files to avoid this constraint. The virus detector said this about the message: Report: Report: MailScanner: Very long filenames are good signs of attacks against Microsoft e-mail packages (Payroll Adjust.doc) Report: MailScanner: Very long filenames are good signs of attacks against Microsoft e-mail packages (Payroll Adjust-1.doc) --- Is this a .doc filetype problem? It complains about filename lengths but these seem sufficiently short to me. Not knowing what else to do, I have added to filename.rules.conf allow \.doc$ - - anywhere else I should be looking? Thanks Craig ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Wed Jun 8 10:32:31 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:58 2006 Subject: Possible problem with the new panda wrapper Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Steen, Glenn wrote: > Brain fades happen. Even to the best. > Will test and report back tomorrow. > > -- Glenn > > > -----Ursprungligt meddelande----- > Från: MailScanner mailing list genom Rick Cooper > Skickat: ti 2005-06-07 19:22 > Till: MAILSCANNER@JISCMAIL.AC.UK > Kopia: > Ämne: Re: Possible problem with the new panda wrapper > Glenn, > > I replied off list with more detail than here, I didn't notice your > message went to the > list as well as me. Yep - started as "just for Rick", then thought I'd alert any users too. Apart from this message, I think well save everyone else the trouble to hit delete by keeping it off-list:-). Look below for more. >> -----Original Message----- >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >> Behalf Of Steen, Glenn Sent: Tuesday, June 07, 2005 8:47 AM >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Possible problem with the new panda wrapper >> >> (snip) >> Am I correct that you call pavcl once/directory, not once/batch? >> Would be nice if it was once/batch:). > > Done, you should already have a copy of a new version of > panda-wrapper, and the required patch to SweepViruses.pm, to try out. > Please let me/us know if it's more like what you desire. It will scan > the child's entire batch with one call to pavcl Has some problems, that *might* affect the "once/dir" case too... As mentioned in my private mail to you, we need initialize the term so that pavcl only sees the "huge tty". >> >> Now for the real problem. When I simulate a batch of more than one >> message, this detects the "clean second" as the "unclean first". >> Better that I show what I mean: > [..] > > This was a stupid error on my part. I deleted some debug stuff before > sending the last version to Julian and I didn't test it with a > batch... I deleted one line too many. I have attached a patch for > panda-wrapper that will fix this one line brain spaz. > > Apply the patch or change the following line in panda-wrapper from: > sub scan_virus{ > to: > > sub scan_virus{ > # Make sure our Virtual Screen is clean when called. > $VirtualScreens = ""; > > I don't know if/when Julian will incorporate the changes to > panda-wrapper and SweepViruses.pm to allow a single call to pavcl for > each batch rather than each message. If anyone else wants this change > now/soon let me know and I can send it to you or post it here. > > Again, Sorry for the brain fade on the above error > > Rick This patch makes the "stock wrapper" work ok, but ... It might still "prettify" the outpu so that you lose the message ID. So, any users of panda should keep a sharp eye on the logs for strangeness like "..." etc. Best regards -- Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Wed Jun 8 10:36:54 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:58 2006 Subject: Your email requires verification verify#inmoBzQ_ArsSdjocXeYPqizi6I1WijaZ Message-ID: admin@thenamegame.com wrote: > The message you sent requires that you verify that you > are a real live human being and not a spam source. > > To complete this verification, simply reply to this message and leave > the subject line intact. > > The headers of the message sent from your address are show below: > > From owner-mailscanner@jiscmail.ac.uk Wed Jun 08 05:33:16 2005 >(snip) Julian, Could you please drop this fluffhead too? Really annoying with people who set up things they seem to be unable to rightly use. -- Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jkf at ecs.soton.ac.uk Wed Jun 8 15:28:43 2005 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:58 2006 Subject: Your email requires verification verify#inmoBzQ_ArsSdjocXeYPqizi6I1WijaZ Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Done. On 8 Jun 2005, at 10:36, Steen, Glenn wrote: > admin@thenamegame.com wrote: > >> The message you sent requires that you verify that you >> are a real live human being and not a spam source. >> >> To complete this verification, simply reply to this message and leave >> the subject line intact. >> >> The headers of the message sent from your address are show below: >> >> From owner-mailscanner@jiscmail.ac.uk Wed Jun 08 05:33:16 2005 >> (snip) >> > > Julian, > > Could you please drop this fluffhead too? Really annoying with > people who set up things they seem to be unable to rightly use. > > -- Glenn > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > - -- Julian Field jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQqcAoRH2WUcUFbZUEQLwWgCg+Tkw7kcsSr+LObXQvQ/QlHz91pwAoNfT PqdKefkIqr+pwfhcUMsSI0iO =UJyU -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Wed Jun 8 16:01:03 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:58 2006 Subject: confusing message {Virus Scanned} Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Christo Bezuidenhout wrote: > Is that one file or two different files. In WindoZE you can create a file > with a ',' in the filename. That could be why it has been blocked. Because > of the length of the single file. > > Christo > > > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf > Of Craig White > Sent: 08 June 2005 03:22 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: confusing message {Virus Scanned} > > # rpm -qa mailscanner > mailscanner-4.40.5-1 > > One of my users reports this error... > > Our e-mail content detector has just been triggered by a message you > sent: > To: obscured_email_address > Subject: Homeowners Financial > Date: Tue Jun 7 12:00:04 2005 > > One or more of the attachments (Payroll Adjust.doc, Payroll > Adjust-1.doc) are on the list of unacceptable attachments for this site and > will not have been delivered. > > Consider renaming the files to avoid this constraint. > > The virus detector said this about the message: > Report: Report: MailScanner: Very long filenames are good signs of attacks > against Microsoft e-mail packages (Payroll Adjust.doc) > Report: MailScanner: Very long filenames are good signs of attacks against > Microsoft e-mail packages (Payroll Adjust-1.doc) > --- > > Is this a .doc filetype problem? It complains about filename lengths but > these seem sufficiently short to me. > > Not knowing what else to do, I have added to filename.rules.conf > > allow \.doc$ - - > It is hitting the rule "deny .{150,}" But that is looking for a lot of characters after the first dot. Although the error message shows a short file name, some of the messages get "sanitized" filenames. You need to look at the original message to see whats up. -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Wed Jun 8 16:28:53 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:58 2006 Subject: confusing message {Virus Scanned} Message-ID: Scott Silva wrote: > Christo Bezuidenhout wrote: >> Is that one file or two different files. In WindoZE you can create a >> file with a ',' in the filename. That could be why it has been >> blocked. Because of the length of the single file. >> >> Christo >> >> >> >> -----Original Message----- >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] >> On Behalf Of Craig White Sent: 08 June 2005 03:22 AM >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: confusing message {Virus Scanned} >> >> # rpm -qa mailscanner >> mailscanner-4.40.5-1 >> >> One of my users reports this error... >> >> Our e-mail content detector has just been triggered by a message you >> sent: >> To: obscured_email_address >> Subject: Homeowners Financial >> Date: Tue Jun 7 12:00:04 2005 >> >> One or more of the attachments (Payroll Adjust.doc, Payroll >> Adjust-1.doc) are on the list of unacceptable attachments for this >> site and will not have been delivered. >> >> Consider renaming the files to avoid this constraint. >> >> The virus detector said this about the message: >> Report: Report: MailScanner: Very long filenames are good signs of >> attacks against Microsoft e-mail packages (Payroll Adjust.doc) >> Report: MailScanner: Very long filenames are good signs of attacks >> against Microsoft e-mail packages (Payroll Adjust-1.doc) >> --- >> >> Is this a .doc filetype problem? It complains about filename lengths >> but these seem sufficiently short to me. >> >> Not knowing what else to do, I have added to filename.rules.conf >> >> allow \.doc$ - - >> > > It is hitting the rule "deny .{150,}" But that is looking for a lot of > characters after the first dot. > Although the error message shows a short file name, some of the > messages get "sanitized" filenames. You need to look at the original > message to see whats up. > > I might be totally off base, but isn't this likely to be your regular spam/scam/trojan/whatever? Just from looking at the subject and purported content... -- Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From brent.bolin at gmail.com Wed Jun 8 16:56:56 2005 From: brent.bolin at gmail.com (BB) Date: Thu Jan 12 21:29:58 2006 Subject: Your email requires verification verify#inmoBzQ_ArsSdjocXeYPqizi6I1WijaZ Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dipswitch, Fix the mailling list. Why do I get bounced messages. The message eventually posts. I receive MailScanner mail lists. On 6/8/05, Steen, Glenn wrote: admin@thenamegame.com wrote: > The message you sent requires that you verify that you > are a real live human being and not a spam source. > > To complete this verification, simply reply to this message and leave > the subject line intact. > > The headers of the message sent from your address are show below: > > From owner-mailscanner@jiscmail.ac.uk Wed Jun 08 05:33:16 2005 >(snip) Julian, Could you please drop this fluffhead too? Really annoying with people who set up things they seem to be unable to rightly use. -- Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives ( http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Wed Jun 8 17:04:40 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:29:58 2006 Subject: Your email requires verification verify#inmoBzQ_ArsSdjocXeYPqizi6I1WijaZ Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] BB wrote: > Dipswitch, ^^^^^^^^^^^ Quite a way to attract people's attention?? > > Fix the mailling list. Why do I get bounced messages. The message > eventually posts. I receive MailScanner mail lists. Could you be more specific? Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From itdept at REDRED.COM Wed Jun 8 17:12:47 2005 From: itdept at REDRED.COM (RedRed!com IT Department) Date: Thu Jan 12 21:29:58 2006 Subject: Your email requires verification verify#inmoBzQ_ArsSdjocXeYPqizi6I1WijaZ Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] ^^^^^^^^^^^ Quite a way to attract people's attention?? I agree Drew. BB, If the list makes you so upset that you need to resort to tactics like that, then maybe you need to find another list. I for one find the information in this list very useful, to say the least. To have a few misconfigured autoresponders spew junk mail every once in while is not that big of a deal. Especially, when you can just post to the admins (politely) and have it taken care of. Sean Drew Marshall wrote: > BB wrote: > >> Dipswitch, > > > ^^^^^^^^^^^ Quite a way to attract people's attention?? > >> >> Fix the mailling list. Why do I get bounced messages. The message >> eventually posts. I receive MailScanner mail lists. > > > Could you be more specific? > > Drew > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From combs at magnet.fsu.edu Wed Jun 8 17:20:02 2005 From: combs at magnet.fsu.edu (Tom Combs) Date: Thu Jan 12 21:29:58 2006 Subject: Individual user spamassassin settings? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, Are the ~/.spamassassin/user_pref settings ignored when using spamassassin from within mailscanner? If I'm reading the mailscanner.conf file correctly, only the /root/.spamassassin/user_pref file will be consulted when using sendmail. I have some people that are getting a lot of foreign language spam and I was hoping to use the ok_languages setting to limit this spam on an individual bases. We get a lot of legitimate foreign language email so I can't do this at the global level. If this ~/.spamassassin/user_pref approach won't work, is there another alternative. TIA, Tom Combs -- Tom Combs E-mail: combs@magnet.fsu.edu National High Magnetic Field Laboratory Phone: (850) 644-1657 1800 E. Paul Dirac Drive Tallahassee, FL 32310 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Wed Jun 8 17:15:51 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:58 2006 Subject: Your email requires verification verify#inmoBzQ_ArsSdjocXeYPqizi6I1WijaZ Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Drew Marshall wrote: > BB wrote: > >> Dipswitch, > > > ^^^^^^^^^^^ Quite a way to attract people's attention?? > >> >> Fix the mailling list. Why do I get bounced messages. The message >> eventually posts. I receive MailScanner mail lists. > > > Could you be more specific? > > Drew > > I just don't reply to them. The messages still seem to post, and even though they add to the irritation score, sooner or later they will be hit by a clue-by-4. I might reply if "I" asked for help, but if giving of your time and hard fought learning requires verification, then forget it! -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From avieira at REIT.UP.PT Wed Jun 8 17:52:28 2005 From: avieira at REIT.UP.PT (Anabela Vieira) Date: Thu Jan 12 21:29:58 2006 Subject: Individual user spamassassin settings? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] estão ai? ----- Original Message ----- From: "Tom Combs" To: Sent: Wednesday, June 08, 2005 5:20 PM Subject: Individual user spamassassin settings? > Hi, > > Are the ~/.spamassassin/user_pref settings ignored when using spamassassin > from within mailscanner? If I'm reading the mailscanner.conf file > correctly, only the /root/.spamassassin/user_pref file will be consulted > when using sendmail. > > I have some people that are getting a lot of foreign language spam and I > was hoping to use the ok_languages setting to limit this spam on an > individual bases. We get a lot of legitimate foreign language email so I > can't do this at the global level. If this ~/.spamassassin/user_pref > approach won't work, is there another alternative. > > TIA, Tom Combs > > -- > Tom Combs E-mail: combs@magnet.fsu.edu > National High Magnetic Field Laboratory Phone: (850) 644-1657 > 1800 E. Paul Dirac Drive Tallahassee, FL 32310 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Wed Jun 8 18:23:31 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:29:58 2006 Subject: Individual user spamassassin settings? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Tom Combs wrote: > Hi, > Tom, Please don't hijack a discussion. Using a threaded view, your message is with others from march... More chances not being seen. Hijacking also makes it confusing to follow the hijacked thread. This is not only valid for Tom... Regards, Ugo > > TIA, Tom Combs > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jun 8 18:54:03 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:58 2006 Subject: Individual user spamassassin settings? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] MailScanner always calls SpamAssassin as the same user. Most of the things people normally want (score threshold, blacklist, whitelist) can be implemented from MailScanner's end. You should be able to get your spam id success rate up to about 98% even without ok_languages, with careful configuration. Tom Combs wrote: > Hi, > > Are the ~/.spamassassin/user_pref settings ignored when using > spamassassin from within mailscanner? If I'm reading the > mailscanner.conf file correctly, only the > /root/.spamassassin/user_pref file will be consulted when using sendmail. > > I have some people that are getting a lot of foreign language spam and > I was hoping to use the ok_languages setting to limit this spam on an > individual bases. We get a lot of legitimate foreign language email so > I can't do this at the global level. If this ~/.spamassassin/user_pref > approach won't work, is there another alternative. > > TIA, Tom Combs > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jun 8 19:06:58 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:58 2006 Subject: Your email requires verification verify Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] The way it works is this. A condition of joining this mailing list, particularly if you ask for help from anyone, is that you configure your challenge/response system to permit mail from the mailing list *before* you join. If I get any verification requests from these systems when I post to the list, their membership will be temporarily suspended (using the "NOMAIL" flag). They can reset this themselves, but hopefully it will prod them into asking why they have been suspended. At which point I will take the time to explain. If anyone else gets a challenge mail, they are welcome to contact me off-list and I will do the same. The mailing list is the wrong place for discussions about challenge/response systems. If you want to rant about them, do so elsewhere (you will find anonymous@ecs.soton.ac.uk quite a good address to rant at; it is very understanding, if a little unresponsive :-) Anyone mailing *me* asking for help is also expected to permit mail from me before asking for my time and effort, which I give for free. Anyone not doing this will (a) not get the response they wanted, and (b) may well get a tirade of abuse from me if I have had a bad day and feel like venting at someone. Only if I am feeling particularly kind, and they have asked a very good question (or pointed out a bug or other problem that is my fault) will I respond positively to their challenge/response system. Thus spake root. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From webalizer at NWCWEB.COM Wed Jun 8 19:19:21 2005 From: webalizer at NWCWEB.COM (Dave Duffner - PSCGi) Date: Thu Jan 12 21:29:58 2006 Subject: Your email requires verification garbage... Message-ID: -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of BB Sent: Wednesday, June 08, 2005 11:57 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Your email requires verification verify#inmoBzQ_ArsSdjocXeYPqizi6I1WijaZ Dipswitch, <<< Nice touch, even... Talk about needing a Clue-by-4. Fix the mailling list. Why do I get bounced messages. The message eventually posts. I receive MailScanner mail lists. Not to drag this into infinity, but here's my 2 Questions o' the Day: #1 - BB's a GMail user. How/why he's getting 'bounced' stuff is beyond my comprehension. #2 - Who exactly was he ranting to? Maybe I'm just lucky, I never see all that junk. I--I Message scanned by MailScanner, and is believed to be clean. CONFIDENTIALITY NOTICE: This transmission intended for the specified destination and person. If this is not you, this e-mail must be deleted immediately. www.pscginternet.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Jan-Peter.Koopmann at SECEIDOS.DE Wed Jun 8 20:15:10 2005 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:29:58 2006 Subject: Your email requires verification verify Message-ID: On Wednesday, June 08, 2005 8:07 PM Julian Field wrote: > Thus spake root. ROTFL... Thanks. Nice end of the day! :-) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Wed Jun 8 20:15:04 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:58 2006 Subject: Your email requires verification verify Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > The way it works is this. > > A condition of joining this mailing list, particularly if you ask for > help from anyone, is that you configure your challenge/response system > to permit mail from the mailing list *before* you join. > If I get any verification requests from these systems when I post to the > list, their membership will be temporarily suspended (using the "NOMAIL" > flag). They can reset this themselves, but hopefully it will prod them > into asking why they have been suspended. At which point I will take the > time to explain. If anyone else gets a challenge mail, they are welcome > to contact me off-list and I will do the same. > > The mailing list is the wrong place for discussions about > challenge/response systems. If you want to rant about them, do so > elsewhere (you will find anonymous@ecs.soton.ac.uk quite a good address > to rant at; it is very understanding, if a little unresponsive :-) > > Anyone mailing *me* asking for help is also expected to permit mail from > me before asking for my time and effort, which I give for free. Anyone > not doing this will (a) not get the response they wanted, and (b) may > well get a tirade of abuse from me if I have had a bad day and feel like > venting at someone. Only if I am feeling particularly kind, and they > have asked a very good question (or pointed out a bug or other problem > that is my fault) will I respond positively to their challenge/response > system. > > Thus spake root. > And the users saw that it was good! All hail root!! -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Wed Jun 8 20:17:24 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:58 2006 Subject: Your email requires verification garbage... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dave Duffner - PSCGi wrote: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of BB > Sent: Wednesday, June 08, 2005 11:57 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Your email requires verification verify#inmoBzQ_ArsSdjocXeYPqizi6I1WijaZ > > Dipswitch, <<< Nice touch, even... Talk about needing a Clue-by-4. > > Fix the mailling list. Why do I get bounced messages. The message eventually posts. I receive MailScanner mail lists. > > Not to drag this into infinity, but here's my 2 Questions o' the Day: > > #1 - BB's a GMail user. How/why he's getting 'bounced' stuff is > beyond my comprehension. > > #2 - Who exactly was he ranting to? Maybe I'm just lucky, I never see > all that junk. > > > I--I That might explain it. I also post and read through Gmane. And I often get replies in regular mail, not just on list. Maybe Gmane is generating the extra traffic and causing his challenge system to fire? -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Wed Jun 8 22:47:06 2005 From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:29:58 2006 Subject: Your email requires verification garbage... Message-ID: > Maybe Gmane is generating the extra traffic and causing his challenge > system to fire? Who cares? Root hath spoken All hail root Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location & domains http://www.blacknight.ie/ Tel. +353 59 9137101 | Fax. +353 59 9146970 Tired of your current host? Save 15% when you move to us! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Wed Jun 8 23:18:00 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:58 2006 Subject: SV: Your email requires verification garbage... Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Might've been me.... This is where being non-native to the english language comes in handy.... Most abuse simply don't register in my interpreter:). Anyway, since the almighty has spoken, I will be sure to follow the part about taking this type off thing off-list next time. -- Glenn -----Ursprungligt meddelande----- Från: MailScanner mailing list genom Dave Duffner - PSCGi Skickat: on 2005-06-08 20:19 Till: MAILSCANNER@JISCMAIL.AC.UK Kopia: Ämne: Re: Your email requires verification garbage... -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of BB Sent: Wednesday, June 08, 2005 11:57 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Your email requires verification verify#inmoBzQ_ArsSdjocXeYPqizi6I1WijaZ Dipswitch, <<< Nice touch, even... Talk about needing a Clue-by-4. Fix the mailling list. Why do I get bounced messages. The message eventually posts. I receive MailScanner mail lists. Not to drag this into infinity, but here's my 2 Questions o' the Day: #1 - BB's a GMail user. How/why he's getting 'bounced' stuff is beyond my comprehension. #2 - Who exactly was he ranting to? Maybe I'm just lucky, I never see all that junk. I--I Message scanned by MailScanner, and is believed to be clean. CONFIDENTIALITY NOTICE: This transmission intended for the specified destination and person. If this is not you, this e-mail must be deleted immediately. www.pscginternet.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Wed Jun 8 23:40:50 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:58 2006 Subject: Your email requires verification garbage... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Michele Neylon :: Blacknight Solutions wrote: >>Maybe Gmane is generating the extra traffic and causing his challenge >>system to fire? > > > Who cares? > > Root hath spoken > > All hail root > All hail root! grep "humble submission" /var/log/messages -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Thu Jun 9 00:26:45 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:29:58 2006 Subject: SLQ Bayes Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have implmented the SQL bayes as per the wiki entry http://wiki.mailscanner.info/doku.php?id=documentation:anti_spam:spamassassin:bayes:sql (very easy to follow, thanks very much) I have 3 servers all using the one sql bayes db. Should i implement Persistant Connections, as per the link at the bottom of the wiki page? Does this mean that currently each new scan has to create a new connection to the database and with persistant connections only one connection/authentication is made until interuption? TIA Pete ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Thu Jun 9 00:40:59 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:29:58 2006 Subject: SLQ Bayes Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Peter Russell wrote: > I have implmented the SQL bayes as per the wiki entry > http://wiki.mailscanner.info/doku.php?id=documentation:anti_spam:spamassassin:bayes:sql > (very easy to follow, thanks very much) Thank you, i hope to contribute further to the wiki. > > I have 3 servers all using the one sql bayes db. > > Should i implement Persistant Connections, as per the link at the bottom > of the wiki page? > > Does this mean that currently each new scan has to create a new > connection to the database and with persistant connections only one > connection/authentication is made until interuption? > > TIA > Pete a mis-interpretation on my part, the BayesStore SQL.pm already uses persistent connections to the database (though user_prefs and probably AWL_SQL doesn't). I have removed this part from the wiki. - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Thu Jun 9 00:52:14 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:29:58 2006 Subject: SLQ Bayes Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > > > a mis-interpretation on my part, the BayesStore SQL.pm already uses > persistent connections to the database (though user_prefs and probably > AWL_SQL doesn't). I have removed this part from the wiki. > > - dhawal Thanks for that. Something i have noticed. All sa --lint tests worked fine. I see the autolearn=spam/notspam but i dont see bayes getting used during message processing :( IS there anything else i need to do to make it work? TIA Pete ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Thu Jun 9 01:03:37 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:29:58 2006 Subject: SLQ Bayes Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Peter Russell wrote: >> >> >> a mis-interpretation on my part, the BayesStore SQL.pm already uses >> persistent connections to the database (though user_prefs and probably >> AWL_SQL doesn't). I have removed this part from the wiki. >> >> - dhawal > > Thanks for that. > > Something i have noticed. All sa --lint tests worked fine. I see the > autolearn=spam/notspam but i dont see bayes getting used during message > processing :( > > IS there anything else i need to do to make it work? > Did you comment out the following lines in spam.assassin.prefs.conf bayes_path /etc/MailScanner/bayes/bayes bayes_file_mode 0660 also you mention --lint worked fine, but what exactly does it say? i would double-check every required change once again. - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Thu Jun 9 01:14:59 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:29:58 2006 Subject: SLQ Bayes Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dhawal Doshy wrote: > Peter Russell wrote: > >>> >>> >>> a mis-interpretation on my part, the BayesStore SQL.pm already uses >>> persistent connections to the database (though user_prefs and >>> probably AWL_SQL doesn't). I have removed this part from the wiki. >>> >>> - dhawal >> >> >> Thanks for that. >> >> Something i have noticed. All sa --lint tests worked fine. I see the >> autolearn=spam/notspam but i dont see bayes getting used during >> message processing :( >> >> IS there anything else i need to do to make it work? >> > > Did you comment out the following lines in spam.assassin.prefs.conf > bayes_path /etc/MailScanner/bayes/bayes > bayes_file_mode 0660 > > also you mention --lint worked fine, but what exactly does it say? i > would double-check every required change once again. > > - dhawal Yep added the other lines from your guide, commented out the baove 2 and then did a lint using that config file and it appears to work. Nothing in lint is marked as failed. I wonder how the username bit works, because if i use the lint test in mailwatch i get a different result as it appears as though is using the apache credentials to connect, which have no access and therefore i get a <200 spams error. SHould the username in the sql DB security be *@localhost or *@remotehost ? debug: bayes: Using username: root debug: bayes: Database connection established debug: bayes: found bayes db version 3 debug: bayes: Using userid: 6 debug: running uri tests; score so far=0.126 debug: bayes corpus size: nspam = 19137, nham = 35279 debug: tokenize: header tokens for *F = "U*ignore D*compiling.spamassassin.taint.org D*spamassassin.taint.org D*taint.org D*org" debug: tokenize: header tokens for *m = " 1118275789 lint_rules " debug: tokenize: header tokens for *RT = " " debug: tokenize: header tokens for *RU = " " debug: bayes: tok_get_all: Token Count: 20 debug: bayes token 'somewhat' => 0.0798823885826036 debug: bayes: score = 0.36410136776969 debug: registering glue method for check_uridnsbl (Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9592ab8)) debug: Razor2 is available debug: tests=BAYES_40,DCC_CHECK,MISSING_HEADERS,MISSING_SUBJECT,NO_REAL_NAME ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Thu Jun 9 01:24:59 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:29:58 2006 Subject: SLQ Bayes Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Peter Russell wrote: > Dhawal Doshy wrote: > >> Peter Russell wrote: >> >>>> >>>> >>>> a mis-interpretation on my part, the BayesStore SQL.pm already uses >>>> persistent connections to the database (though user_prefs and >>>> probably AWL_SQL doesn't). I have removed this part from the wiki. >>>> >>>> - dhawal >>> >>> >>> >>> Thanks for that. >>> >>> Something i have noticed. All sa --lint tests worked fine. I see the >>> autolearn=spam/notspam but i dont see bayes getting used during >>> message processing :( >>> >>> IS there anything else i need to do to make it work? >>> >> >> Did you comment out the following lines in spam.assassin.prefs.conf >> bayes_path /etc/MailScanner/bayes/bayes >> bayes_file_mode 0660 >> >> also you mention --lint worked fine, but what exactly does it say? i >> would double-check every required change once again. >> >> - dhawal > > > Yep added the other lines from your guide, commented out the baove 2 and > then did a lint using that config file and it appears to work. Nothing > in lint is marked as failed. I wonder how the username bit works, > because if i use the lint test in mailwatch i get a different result as > it appears as though is using the apache credentials to connect, which > have no access and therefore i get a <200 spams error. SHould the > username in the sql DB security be *@localhost or *@remotehost ? > > debug: bayes: Using username: root > debug: bayes: Database connection established > debug: bayes: found bayes db version 3 > debug: bayes: Using userid: 6 > > > debug: running uri tests; score so far=0.126 > debug: bayes corpus size: nspam = 19137, nham = 35279 > debug: tokenize: header tokens for *F = "U*ignore > D*compiling.spamassassin.taint.org D*spamassassin.taint.org D*taint.org > D*org" > debug: tokenize: header tokens for *m = " 1118275789 lint_rules " > debug: tokenize: header tokens for *RT = " " > debug: tokenize: header tokens for *RU = " " > debug: bayes: tok_get_all: Token Count: 20 > debug: bayes token 'somewhat' => 0.0798823885826036 > debug: bayes: score = 0.36410136776969 > debug: registering glue method for check_uridnsbl > (Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9592ab8)) > debug: Razor2 is available > > > debug: > tests=BAYES_40,DCC_CHECK,MISSING_HEADERS,MISSING_SUBJECT,NO_REAL_NAME > Here 'localhost' ought to be changed to the server_name that is hosting your database (make sure the server_name is resolvable either via dns or /etc/hosts), unless the database and SA are on the same server. bayes_store_module Mail::SpamAssassin::BayesStore::SQL bayes_sql_dsn DBI:mysql:sa_bayes:localhost <== change this parameter bayes_sql_username sa_user bayes_sql_password sa_password Also what does a MailScanner debug for SA have to report? - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Thu Jun 9 01:33:58 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:29:58 2006 Subject: SLQ Bayes Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] >> > > Here 'localhost' ought to be changed to the server_name that is hosting > your database (make sure the server_name is resolvable either via dns or > /etc/hosts), unless the database and SA are on the same server. > > bayes_store_module Mail::SpamAssassin::BayesStore::SQL > bayes_sql_dsn DBI:mysql:sa_bayes:localhost <== change this parameter > bayes_sql_username sa_user > bayes_sql_password sa_password > > Also what does a MailScanner debug for SA have to report? > > - dhawal That output is from DB and MailScanner on the same machine. I had already tried using the machine name and the fqdn. From MaiLScanner debug i get the following. debug: bayes: Database connection established debug: bayes: found bayes db version 3 debug: bayes: Using userid: 4 debug: bayes: Not available for scanning, only 36 spam(s) in Bayes DB < 200 When using the root from the shell i get I am using the same spam.assassin.prefs.conf because i have /etc/mail/spamassassin/local.cf symlinked to /etc/MailScanner/spam.assassin.prefs.conf debug: bayes: Using username: root debug: bayes: Database connection established debug: bayes: found bayes db version 3 debug: bayes: Using userid: 6 debug: running uri tests; score so far=0.126 debug: bayes corpus size: nspam = 19137, nham = 35279 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Thu Jun 9 01:46:28 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:29:58 2006 Subject: SLQ Bayes Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Peter Russell wrote: >>> >> >> Here 'localhost' ought to be changed to the server_name that is >> hosting your database (make sure the server_name is resolvable either >> via dns or /etc/hosts), unless the database and SA are on the same >> server. >> >> bayes_store_module Mail::SpamAssassin::BayesStore::SQL >> bayes_sql_dsn DBI:mysql:sa_bayes:localhost <== change this parameter >> bayes_sql_username sa_user >> bayes_sql_password sa_password >> >> Also what does a MailScanner debug for SA have to report? >> >> - dhawal > > > That output is from DB and MailScanner on the same machine. I had > already tried using the machine name and the fqdn. > > From MaiLScanner debug i get the following. > > debug: bayes: Database connection established > debug: bayes: found bayes db version 3 > debug: bayes: Using userid: 4 ** This is the likely problem ** > debug: bayes: Not available for scanning, only 36 spam(s) in Bayes DB < 200 **** > > When using the root from the shell i get I am using the same > spam.assassin.prefs.conf because i have /etc/mail/spamassassin/local.cf > symlinked to /etc/MailScanner/spam.assassin.prefs.conf > > > debug: bayes: Using username: root > debug: bayes: Database connection established > debug: bayes: found bayes db version 3 > debug: bayes: Using userid: 6 > > > debug: running uri tests; score so far=0.126 > debug: bayes corpus size: nspam = 19137, nham = 35279 > You could probably try the backup / restore once again OR your next option is sa-learn.. Take all your ham (regular non-spam mail) sa-learn --ham -p /path/to/spam.assassin.prefs.conf --mbox ham.mbox Take all your spam sa-learn --spam -p /path/to/spam.assassin.prefs.conf --mbox spam.mbox The above commands vary slightly if you are using Maildirs - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Thu Jun 9 01:54:56 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:29:58 2006 Subject: SLQ Bayes Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] OK Thanks. But note. That the exact same Database produces a different results about the amount fo ham or spam depending on where you launch the lint from. IN MailScanner debug or mailwatch debug it says 36 nspams from shell account as root it shows 19000 nspam. We store no mail on the gateway, this is a agteway from Exchange and Domino. I still have the text dumps of the original bayes DBs. I will persevere with looking at MYSQL permissions. thanks Pete Dhawal Doshy wrote: > Peter Russell wrote: > >>>> >>> >>> Here 'localhost' ought to be changed to the server_name that is >>> hosting your database (make sure the server_name is resolvable either >>> via dns or /etc/hosts), unless the database and SA are on the same >>> server. >>> >>> bayes_store_module Mail::SpamAssassin::BayesStore::SQL >>> bayes_sql_dsn DBI:mysql:sa_bayes:localhost <== change this parameter >>> bayes_sql_username sa_user >>> bayes_sql_password sa_password >>> >>> Also what does a MailScanner debug for SA have to report? >>> >>> - dhawal >> >> >> >> That output is from DB and MailScanner on the same machine. I had >> already tried using the machine name and the fqdn. >> >> From MaiLScanner debug i get the following. >> >> debug: bayes: Database connection established >> debug: bayes: found bayes db version 3 >> debug: bayes: Using userid: 4 > > > ** This is the likely problem ** > >> debug: bayes: Not available for scanning, only 36 spam(s) in Bayes DB >> < 200 > > **** > >> >> When using the root from the shell i get I am using the same >> spam.assassin.prefs.conf because i have >> /etc/mail/spamassassin/local.cf symlinked to >> /etc/MailScanner/spam.assassin.prefs.conf >> >> >> debug: bayes: Using username: root >> debug: bayes: Database connection established >> debug: bayes: found bayes db version 3 >> debug: bayes: Using userid: 6 >> >> >> debug: running uri tests; score so far=0.126 >> debug: bayes corpus size: nspam = 19137, nham = 35279 >> > > You could probably try the backup / restore once again OR your next > option is sa-learn.. > > Take all your ham (regular non-spam mail) > sa-learn --ham -p /path/to/spam.assassin.prefs.conf --mbox ham.mbox > > Take all your spam > sa-learn --spam -p /path/to/spam.assassin.prefs.conf --mbox spam.mbox > > The above commands vary slightly if you are using Maildirs > > - dhawal > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Thu Jun 9 01:59:56 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:29:58 2006 Subject: SLQ Bayes Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Peter Russell wrote: > OK Thanks. But note. That the exact same Database produces a different > results about the amount fo ham or spam depending on where you launch > the lint from. > > IN MailScanner debug or mailwatch debug it says 36 nspams from shell > account as root it shows 19000 nspam. > > We store no mail on the gateway, this is a agteway from Exchange and > Domino. > > I still have the text dumps of the original bayes DBs. > > I will persevere with looking at MYSQL permissions. > > thanks > Pete > From sql/README.bayes: If you do not see the following lines something is likely to be misconfigured debug: bayes: Database connection established debug: bayes: Using username: This being your case using MailScanner > debug: bayes: Database connection established > debug: bayes: found bayes db version 3 > debug: bayes: Using userid: 4 > debug: bayes: Not available for scanning, only 36 spam(s) in Bayes DB < 200 MailScanner doesn't seem to be using the BayesSQL as mentioned in the sa.prefs.conf, IS mysql (and associated perl dbi/dbd libraries) available to the user MS in running under? - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Thu Jun 9 02:52:41 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:29:58 2006 Subject: SLQ Bayes Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dhawal Doshy wrote: > Peter Russell wrote: > >> OK Thanks. But note. That the exact same Database produces a different >> results about the amount fo ham or spam depending on where you launch >> the lint from. >> >> IN MailScanner debug or mailwatch debug it says 36 nspams from shell >> account as root it shows 19000 nspam. >> >> We store no mail on the gateway, this is a agteway from Exchange and >> Domino. >> >> I still have the text dumps of the original bayes DBs. >> >> I will persevere with looking at MYSQL permissions. >> >> thanks >> Pete >> > > From sql/README.bayes: If you do not see the following lines something > is likely to be misconfigured > > debug: bayes: Database connection established > debug: bayes: Using username: > > This being your case using MailScanner > > debug: bayes: Database connection established > > debug: bayes: found bayes db version 3 > > debug: bayes: Using userid: 4 > > debug: bayes: Not available for scanning, only 36 spam(s) in Bayes DB > < 200 > > MailScanner doesn't seem to be using the BayesSQL as mentioned in the > sa.prefs.conf, IS mysql (and associated perl dbi/dbd libraries) > available to the user MS in running under? > Yeah when i run as root is works great when i log in as postfix (or use the mailscanner debug) it doesnt work. I can connect to the database using the credentials in the sa.prefs file sa_user and localhost from the shell. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Thu Jun 9 06:34:54 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:29:58 2006 Subject: Gmail and MailScanner Message-ID: Is Gmail using MailScanner for their spam detection? I sent an email from one of my Gmail accounts and it bounced. When I looked at the headers in the bounce message, there were lines in there exactly like I expect from MY MailScanner boxen: Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline X-PSN-MailScanner-Information: Please contact the ISP for more information X-PSN-MailScanner: Found to be clean Mike ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From smf at F2S.COM Thu Jun 9 08:06:33 2005 From: smf at F2S.COM (Steve Freegard) Date: Thu Jan 12 21:29:58 2006 Subject: SLQ Bayes Message-ID: Hi Pete, You need to add the line: 'bayes_sql_override_username root' to spam.assassin.pref.conf as SpamAssassin tracks bayes per user in the same database (similar to having the bayes files in the users home directory) so if you run sa-learn as postfix you'll get different results - this will also cause problems if you try and learn anything through MailWatch. You can manually 'see' which user you imported your files based bayes data into by connecting to the database that you created and running: mysql> SELECT id, username, spam_count, ham_count, token_count FROM bayes_vars; +----+----------+------------+-----------+-------------+ | id | username | spam_count | ham_count | token_count | +----+----------+------------+-----------+-------------+ | 2 | root | 190707 | 168166 | 124113 | | 3 | apache | 0 | 0 | 0 | +----+----------+------------+-----------+-------------+ 2 rows in set (0.02 sec) It's probably worth putting this into the wiki - I would recommend setting the override _before_ the old data is imported as it saves hassle later. Hope this helps. Kind regards, Steve. On Thu, 2005-06-09 at 11:52 +1000, Peter Russell wrote: > Dhawal Doshy wrote: > > Peter Russell wrote: > > > >> OK Thanks. But note. That the exact same Database produces a different > >> results about the amount fo ham or spam depending on where you launch > >> the lint from. > >> > >> IN MailScanner debug or mailwatch debug it says 36 nspams from shell > >> account as root it shows 19000 nspam. > >> > >> We store no mail on the gateway, this is a agteway fr > OM b1om Exchange and > >> Domino. > >> > >> I still have the text dumps of the original bayes DBs. > >> > >> I will persevere with looking at MYSQL permissions. > >> > >> thanks > >> Pete > >> > > > > From sql/README.bayes: If you do not see the following lines something > > is likely to be misconfigured > > > > debug: bayes: Database connection established > > debug: bayes: Using username: > > > > This being your case using MailScanner > > > debug: bayes: Database connection established > > > debug: bayes: found bayes db version 3 > > > debug: bayes: Using userid: 4 > > > debug: bayes: Not available for scanning, only 36 spam(s) in Bayes DB > > < 200 > > > > MailScanner doesn't seem to be using the BayesSQL as mentioned in the > > sa.prefs.conf, IS mysql (and associated perl dbi/dbd libraries) > > available to the user MS in running under? > > > > Yeah when i run as root is works great when i log in as postfix (or use > the mailscanner debug) it doesnt work. I can connect to the database > using the credentials in the sa.prefs file sa_user and localhost from > the shell. > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu Jun 9 09:19:12 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:58 2006 Subject: Gmail and MailScanner Message-ID: Mike not that I know of - depends on who's using the X-PSN header....maybe the people you sent the email to..? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Mike Kercher wrote: > Is Gmail using MailScanner for their spam detection? > > I sent an email from one of my Gmail accounts and it bounced. When I looked > at the headers in the bounce message, there were lines in there exactly like > I expect from MY MailScanner boxen: > > Mime-Version: 1.0 > Content-Type: text/plain; charset=ISO-8859-1 > Content-Transfer-Encoding: quoted-printable > Content-Disposition: inline > X-PSN-MailScanner-Information: Please contact the ISP for more information > X-PSN-MailScanner: Found to be clean > > Mike > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Thu Jun 9 10:47:50 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:29:58 2006 Subject: SLQ Bayes Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thank you fixed it instantly. Working beautifully now. Much appreciated. Pete Steve Freegard wrote: > Hi Pete, > > You need to add the line: 'bayes_sql_override_username root' to > spam.assassin.pref.conf as SpamAssassin tracks bayes per user in the > same database (similar to having the bayes files in the users home > directory) so if you run sa-learn as postfix you'll get different > results - this will also cause problems if you try and learn anything > through MailWatch. > > You can manually 'see' which user you imported your files based bayes > data into by connecting to the database that you created and running: > > mysql> SELECT id, username, spam_count, ham_count, token_count FROM bayes_vars; > +----+----------+------------+-----------+-------------+ > | id | username | spam_count | ham_count | token_count | > +----+----------+------------+-----------+-------------+ > | 2 | root | 190707 | 168166 | 124113 | > | 3 | apache | 0 | 0 | 0 | > +----+----------+------------+-----------+-------------+ > 2 rows in set (0.02 sec) > > It's probably worth putting this into the wiki - I would recommend setting the override _before_ the old data is imported as it saves hassle later. > > Hope this helps. > > Kind regards, > Steve. > > > On Thu, 2005-06-09 at 11:52 +1000, Peter Russell wrote: > >>Dhawal Doshy wrote: >> >>>Peter Russell wrote: >>> >>> >>>>OK Thanks. But note. That the exact same Database produces a different >>>>results about the amount fo ham or spam depending on where you launch >>>>the lint from. >>>> >>>>IN MailScanner debug or mailwatch debug it says 36 nspams from shell >>>>account as root it shows 19000 nspam. >>>> >>>>We store no mail on the gateway, this is a agteway fr >> >>OM b1om Exchange and >> >>>>Domino. >>>> >>>>I still have the text dumps of the original bayes DBs. >>>> >>>>I will persevere with looking at MYSQL permissions. >>>> >>>>thanks >>>>Pete >>>> >>> >>> From sql/README.bayes: If you do not see the following lines something >>>is likely to be misconfigured >>> >>>debug: bayes: Database connection established >>>debug: bayes: Using username: >>> >>>This being your case using MailScanner >>> > debug: bayes: Database connection established >>> > debug: bayes: found bayes db version 3 >>> > debug: bayes: Using userid: 4 >>> > debug: bayes: Not available for scanning, only 36 spam(s) in Bayes DB >>>< 200 >>> >>>MailScanner doesn't seem to be using the BayesSQL as mentioned in the >>>sa.prefs.conf, IS mysql (and associated perl dbi/dbd libraries) >>>available to the user MS in running under? >>> >> >>Yeah when i run as root is works great when i log in as postfix (or use >>the mailscanner debug) it doesnt work. I can connect to the database >>using the credentials in the sa.prefs file sa_user and localhost from >>the shell. >> > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Thu Jun 9 11:58:04 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:29:58 2006 Subject: SLQ Bayes Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks Steve for the excellent insight, i have amended the wiki accordingly. Do have a look at the wiki entry if you can spare some time. http://wiki.mailscanner.info/doku.php?id=documentation:anti_spam:spamassassin:bayes:sql - dhawal Pete Russell wrote: > Thank you fixed it instantly. Working beautifully now. > > Much appreciated. > > Pete > > Steve Freegard wrote: > >> Hi Pete, >> >> You need to add the line: 'bayes_sql_override_username root' to >> spam.assassin.pref.conf as SpamAssassin tracks bayes per user in the >> same database (similar to having the bayes files in the users home >> directory) so if you run sa-learn as postfix you'll get different >> results - this will also cause problems if you try and learn anything >> through MailWatch. >> >> You can manually 'see' which user you imported your files based bayes >> data into by connecting to the database that you created and running: >> >> mysql> SELECT id, username, spam_count, ham_count, token_count FROM >> bayes_vars; >> +----+----------+------------+-----------+-------------+ >> | id | username | spam_count | ham_count | token_count | >> +----+----------+------------+-----------+-------------+ >> | 2 | root | 190707 | 168166 | 124113 | >> | 3 | apache | 0 | 0 | 0 | >> +----+----------+------------+-----------+-------------+ >> 2 rows in set (0.02 sec) >> >> It's probably worth putting this into the wiki - I would recommend >> setting the override _before_ the old data is imported as it saves >> hassle later. >> >> Hope this helps. >> >> Kind regards, >> Steve. >> >> >> On Thu, 2005-06-09 at 11:52 +1000, Peter Russell wrote: >> >>> Dhawal Doshy wrote: >>> >>>> Peter Russell wrote: >>>> >>>> >>>>> OK Thanks. But note. That the exact same Database produces a >>>>> different results about the amount fo ham or spam depending on >>>>> where you launch the lint from. >>>>> >>>>> IN MailScanner debug or mailwatch debug it says 36 nspams from >>>>> shell account as root it shows 19000 nspam. >>>>> >>>>> We store no mail on the gateway, this is a agteway fr >>> >>> >>> OM b1om Exchange and >>> >>>>> Domino. >>>>> >>>>> I still have the text dumps of the original bayes DBs. >>>>> >>>>> I will persevere with looking at MYSQL permissions. >>>>> >>>>> thanks >>>>> Pete >>>>> >>>> >>>> From sql/README.bayes: If you do not see the following lines >>>> something is likely to be misconfigured >>>> >>>> debug: bayes: Database connection established >>>> debug: bayes: Using username: >>>> >>>> This being your case using MailScanner >>>> > debug: bayes: Database connection established >>>> > debug: bayes: found bayes db version 3 >>>> > debug: bayes: Using userid: 4 >>>> > debug: bayes: Not available for scanning, only 36 spam(s) in Bayes >>>> DB < 200 >>>> >>>> MailScanner doesn't seem to be using the BayesSQL as mentioned in >>>> the sa.prefs.conf, IS mysql (and associated perl dbi/dbd libraries) >>>> available to the user MS in running under? >>>> >>> >>> Yeah when i run as root is works great when i log in as postfix (or >>> use the mailscanner debug) it doesnt work. I can connect to the >>> database using the credentials in the sa.prefs file sa_user and >>> localhost from the shell. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From smf at F2S.COM Thu Jun 9 13:27:38 2005 From: smf at F2S.COM (Steve Freegard) Date: Thu Jan 12 21:29:58 2006 Subject: SLQ Bayes Message-ID: Hi Dhawal, I've amended the wiki entry - I think that 'bayes_sql_override_username' should always be set as it is analogous to having 'bayes_path' and 'bayes_file_mode' set when using the dbm store. Cheers, Steve. On Thu, 2005-06-09 at 16:28 +0530, Dhawal Doshy wrote: > Thanks Steve for the excellent insight, i have amended the wiki accordingly. > > Do have a look at the wiki entry if you can spare some time. > http://wiki.mailscanner.info/doku.php?id=documentation:anti_spam:spamassassin:bayes:sql > > - dhawal > > Pete Russell wrote: > > Thank you fixed it instantly. Working beautifully now. > > > > Much appreciated. > > > > Pete > > > > Steve Freegard wrote: > > > >> Hi Pete, > >> > >> You need to add the line: 'bayes_sql_override_username root' to > >> spam.assassin.pref.conf as SpamAssassin tracks bayes per user in the > >> same database (similar to having the bayes files in the users home > >> directory) so if you run sa-learn as postfix you'll get different > >> results - this will also cause problems if you try and learn anything > >> through MailWatch. > >> > >> You can manually 'see' which user you imported your files based bayes > >> data into by connecting to the database that you created and running: > >> > >> mysql> SELECT id, username, spam_count, ham_count, token_count FROM > >> bayes_vars; > >> +----+----------+------------+-----------+-------------+ > >> | id | username | spam_count | ham_count | token_count | > >> +----+----------+------------+-----------+-------------+ > >> | 2 | root | 190707 | 168166 | 124113 | > >> | 3 | apache | 0 | 0 | 0 | > >> +----+----------+------------+-----------+-------------+ > >> 2 rows in set (0.02 sec) > >> > >> It's probably worth putting this into the wiki - I would recommend > >> setting the override _before_ the old data is imported as it saves > >> hassle later. > >> > >> Hope this helps. > >> > >> Kind regards, > >> Steve. > >> > >> > >> On Thu, 2005-06-09 at 11:52 +1000, Peter Russell wrote: > >> > >>> Dhawal Doshy wrote: > >>> > >>>> Peter Russell wrote: > >>>> > >>>> > >>>>> OK Thanks. But note. That the exact same Database produces a > >>>>> different results about the amount fo ham or spam depending on > >>>>> where you launch the lint from. > >>>>> > >>>>> IN MailScanner debug or mailwatch debug it says 36 nspams from > >>>>> shell account as root it shows 19000 nspam. > >>>>> > >>>>> We store no mail on the gateway, this is a agteway fr > >>> > >>> > >>> OM b1om Exchange and > >>> > >>>>> Domino. > >>>>> > >>>>> I still have the text dumps of the original bayes DBs. > >>>>> > >>>>> I will persevere with looking at MYSQL permissions. > >>>>> > >>>>> thanks > >>>>> Pete > >>>>> > >>>> > >>>> From sql/README.bayes: If you do not see the following lines > >>>> something is likely to be misconfigured > >>>> > >>>> debug: bayes: Database connection established > >>>> debug: bayes: Using username: > >>>> > >>>> This being your case using MailScanner > >>>> > debug: bayes: Database connection established > >>>> > debug: bayes: found bayes db version 3 > >>>> > debug: bayes: Using userid: 4 > >>>> > debug: bayes: Not available for scanning, only 36 spam(s) in Bayes > >>>> DB < 200 > >>>> > >>>> MailScanner doesn't seem to be using the BayesSQL as mentioned in > >>>> the sa.prefs.conf, IS mysql (and associated perl dbi/dbd libraries) > >>>> available to the user MS in running under? > >>>> > >>> > >>> Yeah when i run as root is works great when i log in as postfix (or > >>> use the mailscanner debug) it doesnt work. I can connect to the > >>> database using the credentials in the sa.prefs file sa_user and > >>> localhost from the shell. > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From housey at SME-ECOM.CO.UK Thu Jun 9 13:51:51 2005 From: housey at SME-ECOM.CO.UK (Paul Houselander) Date: Thu Jan 12 21:29:58 2006 Subject: OT: mbox back into queue files Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Ive got a bit of a problem where mail was being delievered into a local account rather than being forwarded onto the real mail server. Is there a way of converting the mail back into qf/df files and re-deliver. Sorry for the OT post. Thanks Paul ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jun 9 13:55:27 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:58 2006 Subject: OT: mbox back into queue files Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 "sendmail -t" is your friend for this job. On 9 Jun 2005, at 13:51, Paul Houselander wrote: > Hi > > Ive got a bit of a problem where mail was being delievered into a > local > account rather than being forwarded onto the real mail server. > > Is there a way of converting the mail back into qf/df files and re- > deliver. > > Sorry for the OT post. > > Thanks > > Paul > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQqg8QhH2WUcUFbZUEQJBowCfd8B+flC7zhybZbg9Q/oFlLBZY5YAoLa6 JxWQXhEc9f01RJ4po/qFTWcL =F+bo -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Thu Jun 9 13:59:49 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:29:58 2006 Subject: SLQ Bayes Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] ONe last question. When using the --restore option is replaces the data in the database, rather than append. When you use --import is does nothing. How does one consolidate 3 bayes DB i currently have? Its not hugely important i guess, just be nice. Ta for you help guys, big improvement having the single bayes DB between the 3 servers. Pete Steve Freegard wrote: > Hi Dhawal, > > I've amended the wiki entry - I think that 'bayes_sql_override_username' > should always be set as it is analogous to having 'bayes_path' and > 'bayes_file_mode' set when using the dbm store. > > Cheers, > Steve. > > On Thu, 2005-06-09 at 16:28 +0530, Dhawal Doshy wrote: > >>Thanks Steve for the excellent insight, i have amended the wiki accordingly. >> >>Do have a look at the wiki entry if you can spare some time. >>http://wiki.mailscanner.info/doku.php?id=documentation:anti_spam:spamassassin:bayes:sql >> >>- dhawal >> >>Pete Russell wrote: >> >>>Thank you fixed it instantly. Working beautifully now. >>> >>>Much appreciated. >>> >>>Pete >>> >>>Steve Freegard wrote: >>> >>> >>>>Hi Pete, >>>> >>>>You need to add the line: 'bayes_sql_override_username root' to >>>>spam.assassin.pref.conf as SpamAssassin tracks bayes per user in the >>>>same database (similar to having the bayes files in the users home >>>>directory) so if you run sa-learn as postfix you'll get different >>>>results - this will also cause problems if you try and learn anything >>>>through MailWatch. >>>> >>>>You can manually 'see' which user you imported your files based bayes >>>>data into by connecting to the database that you created and running: >>>> >>>>mysql> SELECT id, username, spam_count, ham_count, token_count FROM >>>>bayes_vars; >>>>+----+----------+------------+-----------+-------------+ >>>>| id | username | spam_count | ham_count | token_count | >>>>+----+----------+------------+-----------+-------------+ >>>>| 2 | root | 190707 | 168166 | 124113 | >>>>| 3 | apache | 0 | 0 | 0 | >>>>+----+----------+------------+-----------+-------------+ >>>>2 rows in set (0.02 sec) >>>> >>>>It's probably worth putting this into the wiki - I would recommend >>>>setting the override _before_ the old data is imported as it saves >>>>hassle later. >>>> >>>>Hope this helps. >>>> >>>>Kind regards, >>>>Steve. >>>> >>>> >>>>On Thu, 2005-06-09 at 11:52 +1000, Peter Russell wrote: >>>> >>>> >>>>>Dhawal Doshy wrote: >>>>> >>>>> >>>>>>Peter Russell wrote: >>>>>> >>>>>> >>>>>> >>>>>>>OK Thanks. But note. That the exact same Database produces a >>>>>>>different results about the amount fo ham or spam depending on >>>>>>>where you launch the lint from. >>>>>>> >>>>>>>IN MailScanner debug or mailwatch debug it says 36 nspams from >>>>>>>shell account as root it shows 19000 nspam. >>>>>>> >>>>>>>We store no mail on the gateway, this is a agteway fr >>>>> >>>>> >>>>>OM b1om Exchange and >>>>> >>>>> >>>>>>>Domino. >>>>>>> >>>>>>>I still have the text dumps of the original bayes DBs. >>>>>>> >>>>>>>I will persevere with looking at MYSQL permissions. >>>>>>> >>>>>>>thanks >>>>>>>Pete >>>>>>> >>>>>> >>>>>>From sql/README.bayes: If you do not see the following lines >>>>>>something is likely to be misconfigured >>>>>> >>>>>>debug: bayes: Database connection established >>>>>>debug: bayes: Using username: >>>>>> >>>>>>This being your case using MailScanner >>>>>> >>>>>>>debug: bayes: Database connection established >>>>>>>debug: bayes: found bayes db version 3 >>>>>>>debug: bayes: Using userid: 4 >>>>>>>debug: bayes: Not available for scanning, only 36 spam(s) in Bayes >>>>>> >>>>>>DB < 200 >>>>>> >>>>>>MailScanner doesn't seem to be using the BayesSQL as mentioned in >>>>>>the sa.prefs.conf, IS mysql (and associated perl dbi/dbd libraries) >>>>>>available to the user MS in running under? >>>>>> >>>>> >>>>>Yeah when i run as root is works great when i log in as postfix (or >>>>>use the mailscanner debug) it doesnt work. I can connect to the >>>>>database using the credentials in the sa.prefs file sa_user and >>>>>localhost from the shell. >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Thu Jun 9 14:29:58 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:58 2006 Subject: SLQ Bayes Message-ID: Steve Freegard wrote: > Hi Dhawal, > > I've amended the wiki entry - I think that > 'bayes_sql_override_username' should always be set as it is analogous > to having 'bayes_path' and 'bayes_file_mode' set when using the dbm > store. > > Cheers, > Steve. > (snip) Minor issue Steve (assuming you were the one who did that:-), Setting the ... like that prevent the **...** tags from being interpreted. Could you (or whoever did it) amend that? -- Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Thu Jun 9 14:30:51 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:29:58 2006 Subject: Mails Stuck in mqueue.in? Message-ID: I've been seeing this behavior on just one of my MS boxes. Periodically, the same emails get scanned over and over and over. They are always HS Spam and my HS Spam action is delete. For some reason they just never get removed from mqueue.in: Jun 9 08:24:27 mail MailScanner[26638]: Spam Checks: Found 5 spam messages Jun 9 08:24:27 mail MailScanner[26638]: Spam Actions: message j59Cwocq031622 actions are delete Jun 9 08:24:27 mail MailScanner[26638]: Spam Actions: message j59CVtDm027874 actions are delete Jun 9 08:24:27 mail MailScanner[26638]: Spam Actions: message j59D9tYw001212 actions are delete Jun 9 08:24:27 mail MailScanner[26638]: Spam Actions: message j59DBqsG001578 actions are delete Jun 9 08:24:27 mail MailScanner[26638]: Spam Actions: message j59CMh4H026742 actions are delete Jun 9 08:24:30 mail sendmail[4515]: ruleset=check_relay, arg1=[220.81.231.67], arg2=220.81.231.67, relay=[220.81.231.67], reject=550 5.7.1 Use your ISP SMTP server or fix reverse DNS for 220.81.231.67 Jun 9 08:24:30 mail MailScanner[26647]: Message j59DBqsG001578 from 84.94.56.60 (tremendous@012.net.il) to abby.com is spam, SpamAssassin (score=26.731, required 5.7, BAYES_99 3.50, DNS_FROM_RFC_POST 1.61, DNS_FROM_RFC_WHOIS 0.30, HELO_DYNAMIC_HCC 3.74, HELO_DYNAMIC_IPADDR2 3.50, HELO_DYNAMIC_SPLIT_IP 0.78, HTML_40_50 0.04, HTML_IMAGE_ONLY_08 3.04, HTML_MESSAGE 0.00, MIME_HTML_ONLY 0.18, MIME_QP_LONG_LINE 0.04, RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK 1.51, RCVD_BY_IP 0.07, RCVD_IN_SORBS_DUL 1.99, RCVD_NUMERIC_HELO 1.25, UNIQUE_WORDS 2.27, URIBL_AB_SURBL 0.42, URIBL_JP_SURBL 2.46) Jun 9 08:24:32 mail MailScanner[26611]: Message j59Cwoco031622 from 151.44.27.164 (ihvcds@gmail.com) to abby.com is spam, SpamAssassin (score=13.356, required 5.7, BAYES_95 3.00, DCC_CHECK 2.17, DIGEST_MULTIPLE 0.10, PYZOR_CHECK 3.45, RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK 1.51, RCVD_IN_NJABL_DUL 0.09, RCVD_IN_SORBS_DUL 1.99, URIBL_SBL 1.00) Jun 9 08:24:32 mail MailScanner[26638]: Virus and Content Scanning: Starting Jun 9 08:24:34 mail MailScanner[26647]: Message j59CMh4H026742 from 81.213.179.179 (identdep_op4464380012@charteronebank.com) to abby.com is spam, SpamAssassin (score=15.942, required 5.7, AWL 0.00, BAYES_95 3.00, FROM_HAS_ULINE_NUMS 0.06, HTML_80_90 0.15, HTML_FONT_LOW_CONTRAST 0.79, HTML_IMAGE_ONLY_08 3.04, HTML_MESSAGE 0.00, MIME_HTML_ONLY 0.18, MSGID_FROM_MTA_ID 1.72, NORMAL_HTTP_TO_IP 0.03, RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK 1.51, RCVD_HELO_IP_MISMATCH 2.18, RCVD_IN_SORBS_DUL 1.99, RCVD_IN_SORBS_WEB 0.01, RCVD_NUMERIC_HELO 1.25) Jun 9 08:24:35 mail MailScanner[26611]: Message j59Cwocn031622 from 151.44.27.164 (ebvlnhnytdc@gmail.com) to abby.com is spam, SpamAssassin (score=13.808, required 5.7, AWL -0.05, BAYES_99 3.50, DCC_CHECK 2.17, DIGEST_MULTIPLE 0.10, PYZOR_CHECK 3.45, RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK 1.51, RCVD_IN_NJABL_DUL 0.09, RCVD_IN_SORBS_DUL 1.99, URIBL_SBL 1.00) Jun 9 08:24:36 mail MailScanner[26647]: Spam Checks: Found 5 spam messages Jun 9 08:24:36 mail MailScanner[26647]: Spam Actions: message j59Cwocq031622 actions are delete Jun 9 08:24:36 mail MailScanner[26647]: Spam Actions: message j59CVtDm027874 actions are delete Jun 9 08:24:36 mail MailScanner[26647]: Spam Actions: message j59D9tYw001212 actions are delete Jun 9 08:24:36 mail MailScanner[26647]: Spam Actions: message j59DBqsG001578 actions are delete Jun 9 08:24:36 mail MailScanner[26647]: Spam Actions: message j59CMh4H026742 actions are delete Jun 9 08:24:39 mail MailScanner[26611]: Message j59CMh4H026742 from 81.213.179.179 (identdep_op4464380012@charteronebank.com) to abby.com is spam, SpamAssassin (score=15.942, required 5.7, BAYES_95 3.00, FROM_HAS_ULINE_NUMS 0.06, HTML_80_90 0.15, HTML_FONT_LOW_CONTRAST 0.79, HTML_IMAGE_ONLY_08 3.04, HTML_MESSAGE 0.00, MIME_HTML_ONLY 0.18, MSGID_FROM_MTA_ID 1.72, NORMAL_HTTP_TO_IP 0.03, RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK 1.51, RCVD_HELO_IP_MISMATCH 2.18, RCVD_IN_SORBS_DUL 1.99, RCVD_IN_SORBS_WEB 0.01, RCVD_NUMERIC_HELO 1.25) Jun 9 08:24:39 mail MailScanner[26611]: Spam Checks: Found 6 spam messages Jun 9 08:24:39 mail MailScanner[26611]: Spam Actions: message j59DBqsD001578 actions are delete Jun 9 08:24:39 mail MailScanner[26611]: Spam Actions: message j59DBqsA001578 actions are delete Jun 9 08:24:39 mail MailScanner[26611]: Spam Actions: message j59DBqsC001578 actions are delete Jun 9 08:24:39 mail MailScanner[26611]: Spam Actions: message j59Cwoco031622 actions are delete Jun 9 08:24:39 mail MailScanner[26611]: Spam Actions: message j59Cwocn031622 actions are delete Jun 9 08:24:39 mail MailScanner[26611]: Spam Actions: message j59CMh4H026742 actions are delete These end up driving the load on the machine to over 5.x and the box starts to crawl. I'm using MS 4.41.3-1, SA+sql, Sendmail-8.13.4, sophossavi and clamavmodule. OS is RHEL 3U4. Any thoughts? Mike ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Thu Jun 9 14:34:28 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:29:58 2006 Subject: mbox back into queue files Message-ID: Paul Houselander <> scribbled on Thursday, June 09, 2005 7:52 AM: > Hi > > Ive got a bit of a problem where mail was being delievered into a > local account rather than being forwarded onto the real mail server. > > Is there a way of converting the mail back into qf/df files and > re-deliver. > > Sorry for the OT post. > > Support MailScanner development - buy the book off the website! 'formail -Y -s /usr/sbin/sendmail user@new.address < /var/spool/mail/user' should do the trick. Mike ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jun 9 14:45:44 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:58 2006 Subject: Mails Stuck in mqueue.in? Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Run MailScanner on them in debug mode. You may find it is crashing when it tries to remove them, and then gets re-spawned so scans them again. On 9 Jun 2005, at 14:30, Mike Kercher wrote: > I've been seeing this behavior on just one of my MS boxes. > Periodically, > the same emails get scanned over and over and over. They are > always HS Spam > and my HS Spam action is delete. For some reason they just never get > removed from mqueue.in: > > Jun 9 08:24:27 mail MailScanner[26638]: Spam Checks: Found 5 spam > messages > Jun 9 08:24:27 mail MailScanner[26638]: Spam Actions: message > j59Cwocq031622 actions are delete > Jun 9 08:24:27 mail MailScanner[26638]: Spam Actions: message > j59CVtDm027874 actions are delete > Jun 9 08:24:27 mail MailScanner[26638]: Spam Actions: message > j59D9tYw001212 actions are delete > Jun 9 08:24:27 mail MailScanner[26638]: Spam Actions: message > j59DBqsG001578 actions are delete > Jun 9 08:24:27 mail MailScanner[26638]: Spam Actions: message > j59CMh4H026742 actions are delete > Jun 9 08:24:30 mail sendmail[4515]: ruleset=check_relay, > arg1=[220.81.231.67], arg2=220.81.231.67, relay=[220.81.231.67], > reject=550 > 5.7.1 Use your ISP SMTP server or fix reverse DNS for 220.81.231.67 > > Jun 9 08:24:30 mail MailScanner[26647]: Message j59DBqsG001578 from > 84.94.56.60 (tremendous@012.net.il) to abby.com is spam, SpamAssassin > (score=26.731, required 5.7, BAYES_99 3.50, DNS_FROM_RFC_POST 1.61, > DNS_FROM_RFC_WHOIS 0.30, HELO_DYNAMIC_HCC 3.74, > HELO_DYNAMIC_IPADDR2 3.50, > HELO_DYNAMIC_SPLIT_IP 0.78, HTML_40_50 0.04, HTML_IMAGE_ONLY_08 3.04, > HTML_MESSAGE 0.00, MIME_HTML_ONLY 0.18, MIME_QP_LONG_LINE 0.04, > RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK 1.51, RCVD_BY_IP 0.07, > RCVD_IN_SORBS_DUL 1.99, RCVD_NUMERIC_HELO 1.25, UNIQUE_WORDS 2.27, > URIBL_AB_SURBL 0.42, URIBL_JP_SURBL 2.46) > > Jun 9 08:24:32 mail MailScanner[26611]: Message j59Cwoco031622 from > 151.44.27.164 (ihvcds@gmail.com) to abby.com is spam, SpamAssassin > (score=13.356, required 5.7, BAYES_95 3.00, DCC_CHECK 2.17, > DIGEST_MULTIPLE > 0.10, PYZOR_CHECK 3.45, RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK > 1.51, > RCVD_IN_NJABL_DUL 0.09, RCVD_IN_SORBS_DUL 1.99, URIBL_SBL 1.00) > > Jun 9 08:24:32 mail MailScanner[26638]: Virus and Content Scanning: > Starting > Jun 9 08:24:34 mail MailScanner[26647]: Message j59CMh4H026742 from > 81.213.179.179 (identdep_op4464380012@charteronebank.com) to > abby.com is > spam, SpamAssassin (score=15.942, required 5.7, AWL 0.00, BAYES_95 > 3.00, > FROM_HAS_ULINE_NUMS 0.06, HTML_80_90 0.15, HTML_FONT_LOW_CONTRAST > 0.79, > HTML_IMAGE_ONLY_08 3.04, HTML_MESSAGE 0.00, MIME_HTML_ONLY 0.18, > MSGID_FROM_MTA_ID 1.72, NORMAL_HTTP_TO_IP 0.03, > RAZOR2_CF_RANGE_51_100 0.06, > RAZOR2_CHECK 1.51, RCVD_HELO_IP_MISMATCH 2.18, RCVD_IN_SORBS_DUL 1.99, > RCVD_IN_SORBS_WEB 0.01, RCVD_NUMERIC_HELO 1.25) > > Jun 9 08:24:35 mail MailScanner[26611]: Message j59Cwocn031622 from > 151.44.27.164 (ebvlnhnytdc@gmail.com) to abby.com is spam, > SpamAssassin > (score=13.808, required 5.7, AWL -0.05, BAYES_99 3.50, DCC_CHECK 2.17, > DIGEST_MULTIPLE 0.10, PYZOR_CHECK 3.45, RAZOR2_CF_RANGE_51_100 0.06, > RAZOR2_CHECK 1.51, RCVD_IN_NJABL_DUL 0.09, RCVD_IN_SORBS_DUL 1.99, > URIBL_SBL > 1.00) > Jun 9 08:24:36 mail MailScanner[26647]: Spam Checks: Found 5 spam > messages > Jun 9 08:24:36 mail MailScanner[26647]: Spam Actions: message > j59Cwocq031622 actions are delete > Jun 9 08:24:36 mail MailScanner[26647]: Spam Actions: message > j59CVtDm027874 actions are delete > Jun 9 08:24:36 mail MailScanner[26647]: Spam Actions: message > j59D9tYw001212 actions are delete > Jun 9 08:24:36 mail MailScanner[26647]: Spam Actions: message > j59DBqsG001578 actions are delete > Jun 9 08:24:36 mail MailScanner[26647]: Spam Actions: message > j59CMh4H026742 actions are delete > Jun 9 08:24:39 mail MailScanner[26611]: Message j59CMh4H026742 from > 81.213.179.179 (identdep_op4464380012@charteronebank.com) to > abby.com is > spam, SpamAssassin (score=15.942, required 5.7, BAYES_95 3.00, > FROM_HAS_ULINE_NUMS 0.06, HTML_80_90 0.15, HTML_FONT_LOW_CONTRAST > 0.79, > HTML_IMAGE_ONLY_08 3.04, HTML_MESSAGE 0.00, MIME_HTML_ONLY 0.18, > MSGID_FROM_MTA_ID 1.72, NORMAL_HTTP_TO_IP 0.03, > RAZOR2_CF_RANGE_51_100 0.06, > RAZOR2_CHECK 1.51, RCVD_HELO_IP_MISMATCH 2.18, RCVD_IN_SORBS_DUL 1.99, > RCVD_IN_SORBS_WEB 0.01, RCVD_NUMERIC_HELO 1.25) > > Jun 9 08:24:39 mail MailScanner[26611]: Spam Checks: Found 6 spam > messages > Jun 9 08:24:39 mail MailScanner[26611]: Spam Actions: message > j59DBqsD001578 actions are delete > Jun 9 08:24:39 mail MailScanner[26611]: Spam Actions: message > j59DBqsA001578 actions are delete > Jun 9 08:24:39 mail MailScanner[26611]: Spam Actions: message > j59DBqsC001578 actions are delete > Jun 9 08:24:39 mail MailScanner[26611]: Spam Actions: message > j59Cwoco031622 actions are delete > Jun 9 08:24:39 mail MailScanner[26611]: Spam Actions: message > j59Cwocn031622 actions are delete > Jun 9 08:24:39 mail MailScanner[26611]: Spam Actions: message > j59CMh4H026742 actions are delete > > These end up driving the load on the machine to over 5.x and the > box starts > to crawl. I'm using MS 4.41.3-1, SA+sql, Sendmail-8.13.4, > sophossavi and > clamavmodule. OS is RHEL 3U4. Any thoughts? > > Mike > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQqhICxH2WUcUFbZUEQJemACdEcgAof7VsH8MEyxS5wb50J0ISMgAoKte YuugM3sBnGAhB7uKwWFa4ker =eME8 -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Danny_Beland at PCH.GC.CA Thu Jun 9 14:48:59 2005 From: Danny_Beland at PCH.GC.CA (Danny Beland) Date: Thu Jan 12 21:29:58 2006 Subject: Mails Stuck in mqueue.in? Message-ID: We had the same problem and what we did it to disable phishing (seemed to help) and we set the lock type to posix instead of flock. Have a nice day!!! Danny Mike Kercher To Sent by: MAILSCANNER@JISCMAIL.AC.UK MailScanner cc mailing list Mails Stuck in mqueue.in? 06/09/2005 09:30 AM Please respond to MailScanner mailing list I've been seeing this behavior on just one of my MS boxes. Periodically, the same emails get scanned over and over and over. They are always HS Spam and my HS Spam action is delete. For some reason they just never get removed from mqueue.in: Jun 9 08:24:27 mail MailScanner[26638]: Spam Checks: Found 5 spam messages Jun 9 08:24:27 mail MailScanner[26638]: Spam Actions: message j59Cwocq031622 actions are delete Jun 9 08:24:27 mail MailScanner[26638]: Spam Actions: message j59CVtDm027874 actions are delete Jun 9 08:24:27 mail MailScanner[26638]: Spam Actions: message j59D9tYw001212 actions are delete Jun 9 08:24:27 mail MailScanner[26638]: Spam Actions: message j59DBqsG001578 actions are delete Jun 9 08:24:27 mail MailScanner[26638]: Spam Actions: message j59CMh4H026742 actions are delete Jun 9 08:24:30 mail sendmail[4515]: ruleset=check_relay, arg1=[220.81.231.67], arg2=220.81.231.67, relay=[220.81.231.67], reject=550 5.7.1 Use your ISP SMTP server or fix reverse DNS for 220.81.231.67 Jun 9 08:24:30 mail MailScanner[26647]: Message j59DBqsG001578 from 84.94.56.60 (tremendous@012.net.il) to abby.com is spam, SpamAssassin (score=26.731, required 5.7, BAYES_99 3.50, DNS_FROM_RFC_POST 1.61, DNS_FROM_RFC_WHOIS 0.30, HELO_DYNAMIC_HCC 3.74, HELO_DYNAMIC_IPADDR2 3.50, HELO_DYNAMIC_SPLIT_IP 0.78, HTML_40_50 0.04, HTML_IMAGE_ONLY_08 3.04, HTML_MESSAGE 0.00, MIME_HTML_ONLY 0.18, MIME_QP_LONG_LINE 0.04, RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK 1.51, RCVD_BY_IP 0.07, RCVD_IN_SORBS_DUL 1.99, RCVD_NUMERIC_HELO 1.25, UNIQUE_WORDS 2.27, URIBL_AB_SURBL 0.42, URIBL_JP_SURBL 2.46) Jun 9 08:24:32 mail MailScanner[26611]: Message j59Cwoco031622 from 151.44.27.164 (ihvcds@gmail.com) to abby.com is spam, SpamAssassin (score=13.356, required 5.7, BAYES_95 3.00, DCC_CHECK 2.17, DIGEST_MULTIPLE 0.10, PYZOR_CHECK 3.45, RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK 1.51, RCVD_IN_NJABL_DUL 0.09, RCVD_IN_SORBS_DUL 1.99, URIBL_SBL 1.00) Jun 9 08:24:32 mail MailScanner[26638]: Virus and Content Scanning: Starting Jun 9 08:24:34 mail MailScanner[26647]: Message j59CMh4H026742 from 81.213.179.179 (identdep_op4464380012@charteronebank.com) to abby.com is spam, SpamAssassin (score=15.942, required 5.7, AWL 0.00, BAYES_95 3.00, FROM_HAS_ULINE_NUMS 0.06, HTML_80_90 0.15, HTML_FONT_LOW_CONTRAST 0.79, HTML_IMAGE_ONLY_08 3.04, HTML_MESSAGE 0.00, MIME_HTML_ONLY 0.18, MSGID_FROM_MTA_ID 1.72, NORMAL_HTTP_TO_IP 0.03, RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK 1.51, RCVD_HELO_IP_MISMATCH 2.18, RCVD_IN_SORBS_DUL 1.99, RCVD_IN_SORBS_WEB 0.01, RCVD_NUMERIC_HELO 1.25) Jun 9 08:24:35 mail MailScanner[26611]: Message j59Cwocn031622 from 151.44.27.164 (ebvlnhnytdc@gmail.com) to abby.com is spam, SpamAssassin (score=13.808, required 5.7, AWL -0.05, BAYES_99 3.50, DCC_CHECK 2.17, DIGEST_MULTIPLE 0.10, PYZOR_CHECK 3.45, RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK 1.51, RCVD_IN_NJABL_DUL 0.09, RCVD_IN_SORBS_DUL 1.99, URIBL_SBL 1.00) Jun 9 08:24:36 mail MailScanner[26647]: Spam Checks: Found 5 spam messages Jun 9 08:24:36 mail MailScanner[26647]: Spam Actions: message j59Cwocq031622 actions are delete Jun 9 08:24:36 mail MailScanner[26647]: Spam Actions: message j59CVtDm027874 actions are delete Jun 9 08:24:36 mail MailScanner[26647]: Spam Actions: message j59D9tYw001212 actions are delete Jun 9 08:24:36 mail MailScanner[26647]: Spam Actions: message j59DBqsG001578 actions are delete Jun 9 08:24:36 mail MailScanner[26647]: Spam Actions: message j59CMh4H026742 actions are delete Jun 9 08:24:39 mail MailScanner[26611]: Message j59CMh4H026742 from 81.213.179.179 (identdep_op4464380012@charteronebank.com) to abby.com is spam, SpamAssassin (score=15.942, required 5.7, BAYES_95 3.00, FROM_HAS_ULINE_NUMS 0.06, HTML_80_90 0.15, HTML_FONT_LOW_CONTRAST 0.79, HTML_IMAGE_ONLY_08 3.04, HTML_MESSAGE 0.00, MIME_HTML_ONLY 0.18, MSGID_FROM_MTA_ID 1.72, NORMAL_HTTP_TO_IP 0.03, RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK 1.51, RCVD_HELO_IP_MISMATCH 2.18, RCVD_IN_SORBS_DUL 1.99, RCVD_IN_SORBS_WEB 0.01, RCVD_NUMERIC_HELO 1.25) Jun 9 08:24:39 mail MailScanner[26611]: Spam Checks: Found 6 spam messages Jun 9 08:24:39 mail MailScanner[26611]: Spam Actions: message j59DBqsD001578 actions are delete Jun 9 08:24:39 mail MailScanner[26611]: Spam Actions: message j59DBqsA001578 actions are delete Jun 9 08:24:39 mail MailScanner[26611]: Spam Actions: message j59DBqsC001578 actions are delete Jun 9 08:24:39 mail MailScanner[26611]: Spam Actions: message j59Cwoco031622 actions are delete Jun 9 08:24:39 mail MailScanner[26611]: Spam Actions: message j59Cwocn031622 actions are delete Jun 9 08:24:39 mail MailScanner[26611]: Spam Actions: message j59CMh4H026742 actions are delete These end up driving the load on the machine to over 5.x and the box starts to crawl. I'm using MS 4.41.3-1, SA+sql, Sendmail-8.13.4, sophossavi and clamavmodule. OS is RHEL 3U4. Any thoughts? Mike ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Thu Jun 9 15:52:36 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:29:58 2006 Subject: Mails Stuck in mqueue.in? Message-ID: Julian Field <> scribbled on Thursday, June 09, 2005 8:46 AM: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Run MailScanner on them in debug mode. You may find it is crashing > when it tries to remove them, and then gets re-spawned so scans them > again. > > On 9 Jun 2005, at 14:30, Mike Kercher wrote: > >> I've been seeing this behavior on just one of my MS boxes. >> Periodically, >> the same emails get scanned over and over and over. They are always >> HS Spam and my HS Spam action is delete. For some reason they just >> never get removed from mqueue.in: >> >> Jun 9 08:24:27 mail MailScanner[26638]: Spam Checks: Found 5 spam >> messages Jun 9 08:24:27 mail MailScanner[26638]: Spam Actions: >> message >> j59Cwocq031622 actions are delete >> Jun 9 08:24:27 mail MailScanner[26638]: Spam Actions: message >> j59CVtDm027874 actions are delete >> Jun 9 08:24:27 mail MailScanner[26638]: Spam Actions: message >> j59D9tYw001212 actions are delete Next time it happens, I'll restart MS in debug and post the results here. Thanks Julian. Mike ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Thu Jun 9 16:17:41 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:29:58 2006 Subject: SLQ Bayes Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dhawal Doshy said: > Peter Russell wrote: >> I have implmented the SQL bayes as per the wiki entry >> http://wiki.mailscanner.info/doku.php?id=documentation:anti_spam:spamassassin:bayes:sql >> (very easy to follow, thanks very much) > > Thank you, i hope to contribute further to the wiki. > Just to add my thanks too. I implimented SQL bayes and it works nicely, thanks. The only thing I would suggest Postfix users watch is the user that they upload the database as. I had an issue where Bayes was not used by Postfix due to insufficient samples. On investigation I had uploaded my db as another user. I su'ed to the Postfix user and re-loaded and lo, it works great. The other point to also consider is bayes expiry (Which I only considered when I had my 2 MS boxes both auto expiring (At different times) which really wasn't required :-) Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Thu Jun 9 16:23:35 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:29:58 2006 Subject: SLQ Bayes Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Drew Marshall said: > Dhawal Doshy said: >> Peter Russell wrote: >>> I have implmented the SQL bayes as per the wiki entry >>> http://wiki.mailscanner.info/doku.php?id=documentation:anti_spam:spamassassin:bayes:sql >>> (very easy to follow, thanks very much) >> >> Thank you, i hope to contribute further to the wiki. >> > Just to add my thanks too. I implimented SQL bayes and it works nicely, > thanks. The only thing I would suggest Postfix users watch is the user > that they upload the database as. I had an issue where Bayes was not used > by Postfix due to insufficient samples. On investigation I had uploaded my > db as another user. I su'ed to the Postfix user and re-loaded and lo, it > works great. > > The other point to also consider is bayes expiry (Which I only considered > when I had my 2 MS boxes both auto expiring (At different times) which > really wasn't required :-) > > Drew And then I read the rest of the thread.... Now where did I put my 4x... -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dnsadmin at 1BIGTHINK.COM Thu Jun 9 16:58:46 2005 From: dnsadmin at 1BIGTHINK.COM (DNSAdmin) Date: Thu Jan 12 21:29:58 2006 Subject: OT: How to defeat address harvesting; like this..??? Message-ID: Hello All, Less than 24 hours of changing over a domain to a new mail server, and I've got a gnat I need to swat! |Unknown users: | | arnold@******.com | from [222.233.140.203] 1 time(s). | | bowen@******.com | from [222.233.140.203] 1 time(s). | | boyd@******.com | from [222.233.140.203] 1 time(s). | (List condensed for mail list purposes. They tried to guess about 20 users last night) This is a harvesting attack to determine valid usernames to compile a spam list. How do I defeat this??? Any decent suggestions appreciated! I might even consider the baseball bat if he/she were in my backyard! I have CentOS 3.4, Sendmail 8.12, MailScanner 4.41, SpamAssassin 2.55 TIA! Glenn Parsons -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. http://www.sng.ecs.soton.ac.uk/mailscanner/ Configuration by Glenn Parsons dnsadmin-at-1bigthink.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Thu Jun 9 17:03:27 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:29:58 2006 Subject: How to defeat address harvesting; like this..??? Message-ID: DNSAdmin <> scribbled on Thursday, June 09, 2005 10:59 AM: > Hello All, > > Less than 24 hours of changing over a domain to a new mail server, > and I've got a gnat I need to swat! > >> Unknown users: >> >> arnold@******.com >> from [222.233.140.203] 1 time(s). >> >> bowen@******.com >> from [222.233.140.203] 1 time(s). >> >> boyd@******.com >> from [222.233.140.203] 1 time(s). >> > (List condensed for mail list purposes. They tried to guess about 20 > users last night) > > This is a harvesting attack to determine valid usernames to compile a > spam list. > > How do I defeat this??? Any decent suggestions appreciated! I might > even consider the baseball bat if he/she were in my backyard! > > I have CentOS 3.4, Sendmail 8.12, MailScanner 4.41, SpamAssassin 2.55 > > TIA! > Glenn Parsons In /etc/mail/sendmail.mc: define(`confBAD_RCPT_THROTTLE',`1')dnl This will start throttling those connections. Mike ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From goudron_et_plumes at YAHOO.FR Thu Jun 9 17:22:15 2005 From: goudron_et_plumes at YAHOO.FR (Nestor Burma) Date: Thu Jan 12 21:29:58 2006 Subject: OT: How to defeat address harvesting; like this..??? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, --- DNSAdmin a écrit : > |Unknown users: > | > | arnold@******.com > | from [222.233.140.203] 1 time(s). > | > | bowen@******.com > | from [222.233.140.203] 1 time(s). > | > | boyd@******.com > | from [222.233.140.203] 1 time(s). > | > This is a harvesting attack to determine valid > usernames to compile a spam > list. I would not say so. It looks like a dictionnary-based sending of mail. They will try several bazillions frequent (first, middle and last) names. The most part will be rejected but a few may well get through. I do not think they test the SMTP error code to build a spam list. They may do so, but I think it's unlikely, except if they want to target YOUR domain only (because your valid adresses may well be invalid for my domain). Hth, -- Nb ___________________________________________________________________________ Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo! Messenger Téléchargez cette version sur http://fr.messenger.yahoo.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu Jun 9 17:12:20 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:58 2006 Subject: OT: How to defeat address harvesting; like this..??? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] DNSAdmin wrote: > Hello All, > > Less than 24 hours of changing over a domain to a new mail server, and > I've got a gnat I need to swat! > > |Unknown users: > | > | arnold@******.com > | from [222.233.140.203] 1 time(s). > | > | bowen@******.com > | from [222.233.140.203] 1 time(s). > | > | boyd@******.com > | from [222.233.140.203] 1 time(s). > | > (List condensed for mail list purposes. They tried to guess about 20 > users last night) > > This is a harvesting attack to determine valid usernames to compile a > spam list. > > How do I defeat this??? Any decent suggestions appreciated! I might even > consider the baseball bat if he/she were in my backyard! > > I have CentOS 3.4, Sendmail 8.12, MailScanner 4.41, SpamAssassin 2.55 > > TIA! > Glenn Parsons > I found these in a 5 second search of Google; http://www.amiga.ch/spamtracker/ http://www.samag.com/documents/s=8920/sam0311k/0311k.htm You can probably find more. -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu Jun 9 17:16:59 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:58 2006 Subject: Mails Stuck in mqueue.in? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Mike Kercher wrote: > I've been seeing this behavior on just one of my MS boxes. Periodically, > the same emails get scanned over and over and over. They are always HS Spam > and my HS Spam action is delete. For some reason they just never get > removed from mqueue.in: > > Jun 9 08:24:27 mail MailScanner[26638]: Spam Checks: Found 5 spam messages > Jun 9 08:24:27 mail MailScanner[26638]: Spam Actions: message > j59Cwocq031622 actions are delete > Jun 9 08:24:27 mail MailScanner[26638]: Spam Actions: message > j59CVtDm027874 actions are delete > Jun 9 08:24:27 mail MailScanner[26638]: Spam Actions: message > j59D9tYw001212 actions are delete > Jun 9 08:24:27 mail MailScanner[26638]: Spam Actions: message > j59DBqsG001578 actions are delete > Jun 9 08:24:27 mail MailScanner[26638]: Spam Actions: message > j59CMh4H026742 actions are delete > Jun 9 08:24:30 mail sendmail[4515]: ruleset=check_relay, > arg1=[220.81.231.67], arg2=220.81.231.67, relay=[220.81.231.67], reject=550 > 5.7.1 Use your ISP SMTP server or fix reverse DNS for 220.81.231.67 > > Jun 9 08:24:30 mail MailScanner[26647]: Message j59DBqsG001578 from > 84.94.56.60 (tremendous@012.net.il) to abby.com is spam, SpamAssassin > (score=26.731, required 5.7, BAYES_99 3.50, DNS_FROM_RFC_POST 1.61, > DNS_FROM_RFC_WHOIS 0.30, HELO_DYNAMIC_HCC 3.74, HELO_DYNAMIC_IPADDR2 3.50, > HELO_DYNAMIC_SPLIT_IP 0.78, HTML_40_50 0.04, HTML_IMAGE_ONLY_08 3.04, > HTML_MESSAGE 0.00, MIME_HTML_ONLY 0.18, MIME_QP_LONG_LINE 0.04, > RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK 1.51, RCVD_BY_IP 0.07, > RCVD_IN_SORBS_DUL 1.99, RCVD_NUMERIC_HELO 1.25, UNIQUE_WORDS 2.27, > URIBL_AB_SURBL 0.42, URIBL_JP_SURBL 2.46) > > Jun 9 08:24:32 mail MailScanner[26611]: Message j59Cwoco031622 from > 151.44.27.164 (ihvcds@gmail.com) to abby.com is spam, SpamAssassin > (score=13.356, required 5.7, BAYES_95 3.00, DCC_CHECK 2.17, DIGEST_MULTIPLE > 0.10, PYZOR_CHECK 3.45, RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK 1.51, > RCVD_IN_NJABL_DUL 0.09, RCVD_IN_SORBS_DUL 1.99, URIBL_SBL 1.00) > > Jun 9 08:24:32 mail MailScanner[26638]: Virus and Content Scanning: > Starting > Jun 9 08:24:34 mail MailScanner[26647]: Message j59CMh4H026742 from > 81.213.179.179 (identdep_op4464380012@charteronebank.com) to abby.com is > spam, SpamAssassin (score=15.942, required 5.7, AWL 0.00, BAYES_95 3.00, > FROM_HAS_ULINE_NUMS 0.06, HTML_80_90 0.15, HTML_FONT_LOW_CONTRAST 0.79, > HTML_IMAGE_ONLY_08 3.04, HTML_MESSAGE 0.00, MIME_HTML_ONLY 0.18, > MSGID_FROM_MTA_ID 1.72, NORMAL_HTTP_TO_IP 0.03, RAZOR2_CF_RANGE_51_100 0.06, > RAZOR2_CHECK 1.51, RCVD_HELO_IP_MISMATCH 2.18, RCVD_IN_SORBS_DUL 1.99, > RCVD_IN_SORBS_WEB 0.01, RCVD_NUMERIC_HELO 1.25) > > Jun 9 08:24:35 mail MailScanner[26611]: Message j59Cwocn031622 from > 151.44.27.164 (ebvlnhnytdc@gmail.com) to abby.com is spam, SpamAssassin > (score=13.808, required 5.7, AWL -0.05, BAYES_99 3.50, DCC_CHECK 2.17, > DIGEST_MULTIPLE 0.10, PYZOR_CHECK 3.45, RAZOR2_CF_RANGE_51_100 0.06, > RAZOR2_CHECK 1.51, RCVD_IN_NJABL_DUL 0.09, RCVD_IN_SORBS_DUL 1.99, URIBL_SBL > 1.00) > Jun 9 08:24:36 mail MailScanner[26647]: Spam Checks: Found 5 spam messages > Jun 9 08:24:36 mail MailScanner[26647]: Spam Actions: message > j59Cwocq031622 actions are delete > Jun 9 08:24:36 mail MailScanner[26647]: Spam Actions: message > j59CVtDm027874 actions are delete > Jun 9 08:24:36 mail MailScanner[26647]: Spam Actions: message > j59D9tYw001212 actions are delete > Jun 9 08:24:36 mail MailScanner[26647]: Spam Actions: message > j59DBqsG001578 actions are delete > Jun 9 08:24:36 mail MailScanner[26647]: Spam Actions: message > j59CMh4H026742 actions are delete > Jun 9 08:24:39 mail MailScanner[26611]: Message j59CMh4H026742 from > 81.213.179.179 (identdep_op4464380012@charteronebank.com) to abby.com is > spam, SpamAssassin (score=15.942, required 5.7, BAYES_95 3.00, > FROM_HAS_ULINE_NUMS 0.06, HTML_80_90 0.15, HTML_FONT_LOW_CONTRAST 0.79, > HTML_IMAGE_ONLY_08 3.04, HTML_MESSAGE 0.00, MIME_HTML_ONLY 0.18, > MSGID_FROM_MTA_ID 1.72, NORMAL_HTTP_TO_IP 0.03, RAZOR2_CF_RANGE_51_100 0.06, > RAZOR2_CHECK 1.51, RCVD_HELO_IP_MISMATCH 2.18, RCVD_IN_SORBS_DUL 1.99, > RCVD_IN_SORBS_WEB 0.01, RCVD_NUMERIC_HELO 1.25) > > Jun 9 08:24:39 mail MailScanner[26611]: Spam Checks: Found 6 spam messages > Jun 9 08:24:39 mail MailScanner[26611]: Spam Actions: message > j59DBqsD001578 actions are delete > Jun 9 08:24:39 mail MailScanner[26611]: Spam Actions: message > j59DBqsA001578 actions are delete > Jun 9 08:24:39 mail MailScanner[26611]: Spam Actions: message > j59DBqsC001578 actions are delete > Jun 9 08:24:39 mail MailScanner[26611]: Spam Actions: message > j59Cwoco031622 actions are delete > Jun 9 08:24:39 mail MailScanner[26611]: Spam Actions: message > j59Cwocn031622 actions are delete > Jun 9 08:24:39 mail MailScanner[26611]: Spam Actions: message > j59CMh4H026742 actions are delete > > These end up driving the load on the machine to over 5.x and the box starts > to crawl. I'm using MS 4.41.3-1, SA+sql, Sendmail-8.13.4, sophossavi and > clamavmodule. OS is RHEL 3U4. Any thoughts? > > Mike > With Sendmail 8.13 the first thing to try is changing the locking to posix from flock in /etc/MailScanner/MailScanner.conf -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Jim at jameswest.com Thu Jun 9 17:37:32 2005 From: Jim at jameswest.com (Jim West) Date: Thu Jan 12 21:29:59 2006 Subject: How to defeat address harvesting; like this..??? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > > In /etc/mail/sendmail.mc: > > define(`confBAD_RCPT_THROTTLE',`1')dnl > > This will start throttling those connections. > > Mike > How would one go about doing the same thing for Postfix ? Thanx. - Jim ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Thu Jun 9 17:44:45 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:29:59 2006 Subject: Mails Stuck in mqueue.in? Message-ID: Scott Silva <> scribbled on Thursday, June 09, 2005 11:17 AM: > Mike Kercher wrote: >> I've been seeing this behavior on just one of my MS boxes. >> Periodically, the same emails get scanned over and over and over. >> They are always HS Spam and my HS Spam action is delete. For some >> reason they just never get removed from mqueue.in: >> >> j59CMh4H026742 actions are delete >> >> These end up driving the load on the machine to over 5.x and the box >> starts to crawl. I'm using MS 4.41.3-1, SA+sql, Sendmail-8.13.4, >> sophossavi and clamavmodule. OS is RHEL 3U4. Any thoughts? >> >> Mike >> > With Sendmail 8.13 the first thing to try is changing the locking to > posix from flock in /etc/MailScanner/MailScanner.conf > I've been using posix ever since I first went to 8.13.x Thanks though! Mike ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at SMITS.CO.UK Thu Jun 9 17:51:57 2005 From: mailscanner at SMITS.CO.UK (Bart Smit) Date: Thu Jan 12 21:29:59 2006 Subject: queues only come down with reboot Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Strange problem which is starting to plague us more and more: Two filters load balanced on MX. MailScanner 4.31.6. Dual Xeon 2.4 with 2GB RAM First on RH9, sendmail 8.12.8-9.90 Second on FC1, sendmail 8.12.10-1.1.1 These process about 90k messages per day, usually with only a few messages queued. From mailscanner at SMITS.CO.UK Thu Jun 9 17:31:50 2005 From: mailscanner at SMITS.CO.UK (MailScanner) Date: Thu Jan 12 21:29:59 2006 Subject: queues only come down with reboot Message-ID: Strange problem which is starting to plague us more and more: Two filters load balanced on MX. MailScanner 4.31.6. Dual Xeon 2.4 with 2GB RAM First on RH9, sendmail 8.12.8-9.90 Second on FC1, sendmail 8.12.10-1.1.1 These process about 90k messages per day, usually with only a few messages queued. From dnsadmin at 1BIGTHINK.COM Thu Jun 9 18:10:01 2005 From: dnsadmin at 1BIGTHINK.COM (DNSAdmin) Date: Thu Jan 12 21:29:59 2006 Subject: OT: How to defeat address harvesting; like this..??? Message-ID: At 12:12 PM 6/9/2005, you wrote: > > How do I defeat this??? Any decent suggestions appreciated! I might even > > consider the baseball bat if he/she were in my backyard! > > > > I have CentOS 3.4, Sendmail 8.12, MailScanner 4.41, SpamAssassin 2.55 > > > > TIA! > > Glenn Parsons > > >I found these in a 5 second search of Google; >http://www.amiga.ch/spamtracker/ >http://www.samag.com/documents/s=8920/sam0311k/0311k.htm >You can probably find more. Thank You Scott, I must brush up on my Google skills again! I'll try again with this. Thanks for your links! Very good. Thank you Sir! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. http://www.sng.ecs.soton.ac.uk/mailscanner/ Configuration by Glenn Parsons dnsadmin-at-1bigthink.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu Jun 9 19:03:03 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:59 2006 Subject: OT: How to defeat address harvesting; like this..??? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] DNSAdmin wrote: > At 12:12 PM 6/9/2005, you wrote: > >> > How do I defeat this??? Any decent suggestions appreciated! I might >> even >> > consider the baseball bat if he/she were in my backyard! >> > >> > I have CentOS 3.4, Sendmail 8.12, MailScanner 4.41, SpamAssassin 2.55 >> > >> > TIA! >> > Glenn Parsons >> > >> I found these in a 5 second search of Google; >> http://www.amiga.ch/spamtracker/ >> http://www.samag.com/documents/s=8920/sam0311k/0311k.htm >> You can probably find more. > > > Thank You Scott, > > I must brush up on my Google skills again! I'll try again with this. > Thanks for your links! Very good. > > Thank you Sir! > I did not mean to put down your Google skills, I was just letting you know it wasn't an exhaustive search. I'm short handed today, and am wearing even more hats then usual! -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Thu Jun 9 20:08:15 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:29:59 2006 Subject: How to defeat address harvesting; like this..??? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jim West wrote: In /etc/mail/sendmail.mc: define(`confBAD_RCPT_THROTTLE',`1')dnl This will start throttling those connections. Mike How would one go about doing the same thing for Postfix ? Postfix comes with a similar feature turned on by default. You can tune to your system by adjusting (I quote): smtpd_error_sleep_time (default: 1s) With Postfix 2.1 and later: the SMTP server response delay after a client has made more than $smtpd_soft_error_limit errors, and fewer than $smtpd_hard_error_limit errors, without delivering mail. You can also tweak the two error limits to taste also. HTH Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Thu Jun 9 20:09:59 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:29:59 2006 Subject: were did {Disarmed} come from Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I just upgraded to the latest stable MailScanner (4.42.9) and also upgraded Spamassassin to (3.0.4). Now I am starting to get {Disarmed} in the subject line of some e-mails. Some of the spam and some of the regular e-mails. I have looked for the setting of turning {Disarmed} on or off and have not found it any where. I would assume I am just missing it some where. Can any one point me to where I can change it? Thanks. This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu Jun 9 20:24:44 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:59 2006 Subject: were did {Disarmed} come from Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] David Curtis wrote: > I just upgraded to the latest stable MailScanner (4.42.9) and also > upgraded Spamassassin to (3.0.4). Now I am starting to get {Disarmed} in > the subject line of some e-mails. Some of the spam and some of the > regular e-mails. I have looked for the setting of turning {Disarmed} on > or off and have not found it any where. I would assume I am just missing > it some where. Can any one point me to where I can change it? > > Thanks. In /etc/MailScanner/MailScanner.conf look for this; # If HTML tags in the message were "disarmed" by using the HTML "Allow" # options above with the "disarm" settings, do you want to modify the # subject line? # This can also be the filename of a ruleset. Disarmed Modify Subject = no -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Thu Jun 9 20:34:25 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:29:59 2006 Subject: were did {Disarmed} come from Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] David Curtis wrote: > I just upgraded to the latest stable MailScanner (4.42.9) and also > upgraded Spamassassin to (3.0.4). Now I am starting to get {Disarmed} in > the subject line of some e-mails. Some of the spam and some of the > regular e-mails. I have looked for the setting of turning {Disarmed} on > or off and have not found it any where. I would assume I am just missing > it some where. Can any one point me to where I can change it? > > Thanks. MailScanner.conf: # If HTML tags in the message were "disarmed" by using the HTML "Allow" # options above with the "disarm" settings, do you want to modify the # subject line? # This can also be the filename of a ruleset. Disarmed Modify Subject = no # This is the text to add to the start of the subject if the # "Disarmed Modify Subject" option is set. # This can also be the filename of a ruleset. Disarmed Subject Text = {Disarmed} ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu Jun 9 20:42:23 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:59 2006 Subject: were did {Disarmed} come from Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Scott Silva wrote: > David Curtis wrote: > >>I just upgraded to the latest stable MailScanner (4.42.9) and also >>upgraded Spamassassin to (3.0.4). Now I am starting to get {Disarmed} in >>the subject line of some e-mails. Some of the spam and some of the >>regular e-mails. I have looked for the setting of turning {Disarmed} on >>or off and have not found it any where. I would assume I am just missing >>it some where. Can any one point me to where I can change it? >> >>Thanks. > > In /etc/MailScanner/MailScanner.conf look for this; > # If HTML tags in the message were "disarmed" by using the HTML "Allow" > # options above with the "disarm" settings, do you want to modify the > # subject line? > # This can also be the filename of a ruleset. > Disarmed Modify Subject = no > Hit send just too darn fast. Yours will probably be Disarmed Modify Subject = Yes -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jun 9 21:03:31 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:59 2006 Subject: were did {Disarmed} come from Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Scott Silva wrote: >Scott Silva wrote: > > >>David Curtis wrote: >> >> >> >>>I just upgraded to the latest stable MailScanner (4.42.9) and also >>>upgraded Spamassassin to (3.0.4). Now I am starting to get {Disarmed} in >>>the subject line of some e-mails. Some of the spam and some of the >>>regular e-mails. I have looked for the setting of turning {Disarmed} on >>>or off and have not found it any where. I would assume I am just missing >>>it some where. Can any one point me to where I can change it? >>> >>>Thanks. >>> >>> >>In /etc/MailScanner/MailScanner.conf look for this; >># If HTML tags in the message were "disarmed" by using the HTML "Allow" >># options above with the "disarm" settings, do you want to modify the >># subject line? >># This can also be the filename of a ruleset. >>Disarmed Modify Subject = no >> >> >> >Hit send just too darn fast. Yours will probably be Disarmed Modify >Subject = Yes > > And if that text isn't in your MailScanner.conf, then you need to run upgrade_MailScanner_conf to import the new options that weren't in your previous version. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQqiglBH2WUcUFbZUEQI6bACgpjbYdDCn/ZUZMxbTfucl3KlpmXEAn1OJ oXX4XJQFpprNB6CMZ7G0UxGW =2Ut/ -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Thu Jun 9 21:14:25 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:29:59 2006 Subject: were did {Disarmed} come from Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] It is set to no like it always has been. I only started noticing it after the latest upgrade. Thanks. >>> ssilva@SGVWATER.COM 06/09 3:42 PM >>> Scott Silva wrote: > David Curtis wrote: > >>I just upgraded to the latest stable MailScanner (4.42.9) and also >>upgraded Spamassassin to (3.0.4). Now I am starting to get {Disarmed} in >>the subject line of some e-mails. Some of the spam and some of the >>regular e-mails. I have looked for the setting of turning {Disarmed} on >>or off and have not found it any where. I would assume I am just missing >>it some where. Can any one point me to where I can change it? >> >>Thanks. > > In /etc/MailScanner/MailScanner.conf look for this; > # If HTML tags in the message were "disarmed" by using the HTML "Allow" > # options above with the "disarm" settings, do you want to modify the > # subject line? > # This can also be the filename of a ruleset. > Disarmed Modify Subject = no > Hit send just too darn fast. Yours will probably be Disarmed Modify Subject = Yes -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu Jun 9 21:10:37 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:59 2006 Subject: were did {Disarmed} come from Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > Scott Silva wrote: > > >>>Scott Silva wrote: >>> >>> >>> >>>>David Curtis wrote: >>>> >>>> >>>> >>>> >>>>>I just upgraded to the latest stable MailScanner (4.42.9) and also >>>>>upgraded Spamassassin to (3.0.4). Now I am starting to get {Disarmed} in >>>>>the subject line of some e-mails. Some of the spam and some of the >>>>>regular e-mails. I have looked for the setting of turning {Disarmed} on >>>>>or off and have not found it any where. I would assume I am just missing >>>>>it some where. Can any one point me to where I can change it? >>>>> >>>>>Thanks. >>>>> >>>>> >>>> >>>>In /etc/MailScanner/MailScanner.conf look for this; >>>># If HTML tags in the message were "disarmed" by using the HTML "Allow" >>>># options above with the "disarm" settings, do you want to modify the >>>># subject line? >>>># This can also be the filename of a ruleset. >>>>Disarmed Modify Subject = no >>>> >>>> >>>> >>> >>>Hit send just too darn fast. Yours will probably be Disarmed Modify >>>Subject = Yes >>> >>> > > And if that text isn't in your MailScanner.conf, then you need to run > upgrade_MailScanner_conf to import the new options that weren't in your > previous version. > I keep forgetting about the defaults! -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Thu Jun 9 21:18:27 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:29:59 2006 Subject: were did {Disarmed} come from Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] David Curtis wrote: > It is set to no like it always has been. I only started noticing it > after the latest upgrade. Always? This was implemented in 4.42.9. > Thanks. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu Jun 9 22:59:05 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:59 2006 Subject: McAfee irritation Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have lived with this since the beginning. Quarantine: /var/spool/MailScanner/quarantine/20050609/j59Ll91p009996 Report: McAfee: /j59Ll91p009996/msg-9595-1.html Found the Phish-BankFraud.eml.a trojan !!! ClamAV Module: msg-9595-1.html was infected: HTML.Phishing.Bank-1 As you see, the McAfee section of the report has the immediate parent directory in the error. My perl isn't even close to figuring out how to trim to the last "/" in the output. I'm sure Julian can do this with his mouse tied behind his back. -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From itdept at FRACTALWEB.COM Thu Jun 9 23:21:33 2005 From: itdept at FRACTALWEB.COM (Fractal IT Dept.) Date: Thu Jan 12 21:29:59 2006 Subject: how to stop russian spam? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi everyone, We have an unbelieveable amount of spam coming in apparently in Russian. How do we go about increasing the scores on this stuff? Cheers, Chris ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Thu Jun 9 23:29:01 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:29:59 2006 Subject: how to stop russian spam? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Fractal IT Dept. wrote: > Hi everyone, > > We have an unbelieveable amount of spam coming in apparently in Russian. > How do we go about increasing the scores on this stuff? > Do you get russian nonspam? If not, see man Mail::SpamAssassin::Conf. Look at ok_languages and ok_locales. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From itdept at FRACTALWEB.COM Thu Jun 9 23:44:58 2005 From: itdept at FRACTALWEB.COM (Fractal IT Dept.) Date: Thu Jan 12 21:29:59 2006 Subject: how to stop russian spam? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Matt Kettler wrote: Do you get russian nonspam? If not, see man Mail::SpamAssassin::Conf. Look at ok_languages and ok_locales. Hi Matt, To be honest, I have no idea if we get russian ham or not. We have hundreds of users on the mail server, so it's entirely possible that we do get russian ham. Assuming for a moment that russian ham is happening, is there any way to filter out the russian spam? Do the bayes filters even understand other languages? Failing that, is it possible to use rulesets to specify which domains will accept russian emails? Cheers, Chris ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Thu Jun 9 23:50:39 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:29:59 2006 Subject: OT: How to defeat address harvesting; like this..??? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] The wiki on the mailscanner site has at least 2 guides for beating these types of attacks. ALl pretty simple to implment. Good Luck Pete Scott Silva wrote: > DNSAdmin wrote: > >>At 12:12 PM 6/9/2005, you wrote: >> >> >>>>How do I defeat this??? Any decent suggestions appreciated! I might >>> >>>even >>> >>>>consider the baseball bat if he/she were in my backyard! >>>> >>>>I have CentOS 3.4, Sendmail 8.12, MailScanner 4.41, SpamAssassin 2.55 >>>> >>>>TIA! >>>>Glenn Parsons >>>> >>> >>>I found these in a 5 second search of Google; >>>http://www.amiga.ch/spamtracker/ >>>http://www.samag.com/documents/s=8920/sam0311k/0311k.htm >>>You can probably find more. >> >> >>Thank You Scott, >> >>I must brush up on my Google skills again! I'll try again with this. >>Thanks for your links! Very good. >> >>Thank you Sir! >> > > I did not mean to put down your Google skills, I was just letting you > know it wasn't an exhaustive search. I'm short handed today, and am > wearing even more hats then usual! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Thu Jun 9 23:52:06 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:29:59 2006 Subject: McAfee irritation Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Antivir does the same thing. I stopped trying to read the reports because when oyu have a long list its just WAY too messy. Pete Scott Silva wrote: > I have lived with this since the beginning. > Quarantine: /var/spool/MailScanner/quarantine/20050609/j59Ll91p009996 > Report: McAfee: /j59Ll91p009996/msg-9595-1.html Found the > Phish-BankFraud.eml.a trojan !!! > ClamAV Module: msg-9595-1.html was infected: > HTML.Phishing.Bank-1 > > As you see, the McAfee section of the report has the immediate parent > directory in the error. > My perl isn't even close to figuring out how to trim to the last "/" in > the output. > I'm sure Julian can do this with his mouse tied behind his back. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Thu Jun 9 23:54:45 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:29:59 2006 Subject: how to stop russian spam? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Are you positive its Russian? Not German? Justathought Pete Fractal IT Dept. wrote: > Matt Kettler wrote: > >>Do you get russian nonspam? If not, see man Mail::SpamAssassin::Conf. Look at >>ok_languages and ok_locales. >> >> > Hi Matt, > > To be honest, I have no idea if we get russian ham or not. We have > hundreds of users on the mail server, so it's entirely possible that we > do get russian ham. Assuming for a moment that russian ham is happening, > is there any way to filter out the russian spam? Do the bayes filters > even understand other languages? > > Failing that, is it possible to use rulesets to specify which domains > will accept russian emails? > > Cheers, > Chris > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From itdept at FRACTALWEB.COM Fri Jun 10 00:06:28 2005 From: itdept at FRACTALWEB.COM (Fractal IT Dept.) Date: Thu Jan 12 21:29:59 2006 Subject: how to stop russian spam? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Peter Russell wrote: > Are you positive its Russian? Not German? > > Justathought > Pete > Hi Pete, Ok, you're right. It MIGHT not be Russian. It could be Polish, Ukranian, or some other cyrillic language. It's definitely not German though because we've got backwards Ns and Rs, and a whole bunch of characters that our alphabet doesn't have. Cheers, Chris ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Fri Jun 10 00:21:49 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:29:59 2006 Subject: how to stop russian spam? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Fractal IT Dept. wrote: > Hi Matt, > > To be honest, I have no idea if we get russian ham or not. We have > hundreds of users on the mail server, so it's entirely possible that we > do get russian ham. Assuming for a moment that russian ham is happening, > is there any way to filter out the russian spam? Do the bayes filters > even understand other languages? Bayes filters don't care about language... To bayes, a word is just a collection of letters that is probably spam or probably not spam. There's no language analysis, it's all based on training frequencies. Thus your best "quick any easy" tactic would be to train those spams. This will wind up impacting any Russian ham as well, but not too severely as they will have a lot of words that don't overlap the spam profile. Worst case you wind up having to train a couple Russian hams before bayes recognizes the "neutral ground" tokens for the Russian language. > > Failing that, is it possible to use rulesets to specify which domains > will accept russian emails? I don't know of any, but maybe someone else odes. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Fri Jun 10 00:45:51 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:59 2006 Subject: how to stop russian spam? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Fractal IT Dept. wrote: > Peter Russell wrote: > >> Are you positive its Russian? Not German? >> >> Justathought >> Pete >> > Hi Pete, > > Ok, you're right. It MIGHT not be Russian. It could be Polish, Ukranian, > or some other cyrillic language. It's definitely not German though > because we've got backwards Ns and Rs, and a whole bunch of characters > that our alphabet doesn't have. > > Cheers, > Chris > Have you checked if any would be caught with uribl's or other blacklists? Do they fire any interesting scores in spamassassin that you could increase? Do you yse razor or any other hash type checkers? -- Version: 3.12 GAT d+ s+:+ a+ C++ UL++++ P+ L++ E--- W+++ N++ o-- K--- w O- M-- V-- PS-- PE Y-- PGP++ t++ 5++ X-- R* tv+ b+++ DI++ D+ G e* h---- r+++ y++++ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From james_gray at OCS.COM Thu Jun 9 23:59:16 2005 From: james_gray at OCS.COM (James Gray) Date: Thu Jan 12 21:29:59 2006 Subject: MailScanner on secondary MX Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Today's project is to run up CentOS 4.0 and turn it into a secondary MX that will basically relay mail to an internal exchange machine (just like the primary) and hold mail for 2 other domains to an internal IMAP server. I'd like to keep all the existing recipient verification and grey-listing etc. Which I've got sorted in my head....just gotta write the scripts :) So are there any particular "gotcha's" I should be looking out for, either with CentOS or MailScanner? I normally use Debian on servers but $BOSS has declared RedHat (EL) will be our preferred platform - I've been waiting 6 months for installation media from $BOSS...so screw it; CentOS, then migrate later. The primary is scheduled for some major hardware changes and I NEED this secondary up and runnning soon. Does anyone have any useful scripts to keep two geographically and logically separte servers in sync with each other's config? I was thinking CVS but that seems like overkill - other ideas? Cheers, James ______________________________ I.T. Manager - Asia Region Open Channel Solutions ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dcurtis at SBSCHOOLS.NET Fri Jun 10 03:58:22 2005 From: dcurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:29:59 2006 Subject: were did {Disarmed} come from Message-ID: Thank you so much. I fogot about upgrade_MailScanner_conf. Once I ran that the option was set to yes to I set it to no. Thanks. Thanks, David Curtis dcurtis@sbschools.net (802) 652-7254 South Burlington School District 550 Dorset Street South Burlington, Vt 05403 >>> ssilva@SGVWATER.COM 06/09/05 4:10 PM >>> Julian Field wrote: > Scott Silva wrote: > > >>>Scott Silva wrote: >>> >>> >>> >>>>David Curtis wrote: >>>> >>>> >>>> >>>> >>>>>I just upgraded to the latest stable MailScanner (4.42.9) and also >>>>>upgraded Spamassassin to (3.0.4). Now I am starting to get {Disarmed} in >>>>>the subject line of some e-mails. Some of the spam and some of the >>>>>regular e-mails. I have looked for the setting of turning {Disarmed} on >>>>>or off and have not found it any where. I would assume I am just missing >>>>>it some where. Can any one point me to where I can change it? >>>>> >>>>>Thanks. >>>>> >>>>> >>>> >>>>In /etc/MailScanner/MailScanner.conf look for this; >>>># If HTML tags in the message were "disarmed" by using the HTML "Allow" >>>># options above with the "disarm" settings, do you want to modify the >>>># subject line? >>>># This can also be the filename of a ruleset. >>>>Disarmed Modify Subject = no >>>> >>>> >>>> >>> >>>Hit send just too darn fast. Yours will probably be Disarmed Modify >>>Subject = Yes >>> >>> > > And if that text isn't in your MailScanner.conf, then you need to run > upgrade_MailScanner_conf to import the new options that weren't in your > previous version. > I keep forgetting about the defaults! -- ,---.____________ _ ============ . /' \ | \ I_ O _I_,==.: | A beer doesn't get >--|===`-----'I `---' I | |: | upset if you come / _ \ I I | |:' | home with another / ( `-,----============:__;: | beer! / (_ O __) \_ : | ,,---.__________/ (______) (_) :/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From tenderby at VHIA.COM.AU Fri Jun 10 05:25:47 2005 From: tenderby at VHIA.COM.AU (Tony Enderby) Date: Thu Jan 12 21:29:59 2006 Subject: Rulesets (User configured) Message-ID: Hi Folks, Apologies if this has been asked of the list before. I was wondering if anyone knows of a mysql or equivalent based custom config module which allows users to create custom attachment filter sets for MailScanner? I have been using the phplistadmin contrib for a while now and find it quite handy and wondered whether there was something similar for filename / filetype rules. Many thanks in advance. Tony. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Jun 10 09:04:13 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:59 2006 Subject: MailScanner on secondary MX Message-ID: James from what I see on the mailing list there's no obvious issues with Centos4 (might be worth having a search on the archives just in case my google like brain has dropped a bit or two ;-) Dunno about the scripts, but rsync might help - depends on now much config you need to mess with. Rsync is quite efficient. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 James Gray wrote: > Today's project is to run up CentOS 4.0 and turn it into a secondary MX that > will basically relay mail to an internal exchange machine (just like the > primary) and hold mail for 2 other domains to an internal IMAP server. I'd > like to keep all the existing recipient verification and grey-listing etc. > Which I've got sorted in my head....just gotta write the scripts :) > > So are there any particular "gotcha's" I should be looking out for, either > with CentOS or MailScanner? I normally use Debian on servers but $BOSS has > declared RedHat (EL) will be our preferred platform - I've been waiting 6 > months for installation media from $BOSS...so screw it; CentOS, then migrate > later. The primary is scheduled for some major hardware changes and I NEED > this secondary up and runnning soon. > > Does anyone have any useful scripts to keep two geographically and logically > separte servers in sync with each other's config? I was thinking CVS but > that seems like overkill - other ideas? > > Cheers, > > James > ______________________________ > I.T. Manager - Asia Region > Open Channel Solutions > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From garry at GLENDOWN.DE Fri Jun 10 10:11:19 2005 From: garry at GLENDOWN.DE (Garry Glendown) Date: Thu Jan 12 21:29:59 2006 Subject: Russian spam? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Is there a filter rule somewhere that will flag cyrillic text?? This junk keeps getting through, though barely it seems ... can't tell which rules it hits, but a couple I've looked at come in at 4.something ... Tnx, -gg ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Fri Jun 10 10:23:51 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:59 2006 Subject: SV: MailScanner on secondary MX Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] ISTR that you need set selinux to off (or possibly warn) with CentOS4. -- Glenn -----Ursprungligt meddelande----- Från: MailScanner mailing list genom Martin Hepworth Skickat: fr 2005-06-10 10:04 Till: MAILSCANNER@JISCMAIL.AC.UK Kopia: Ämne: Re: MailScanner on secondary MX James from what I see on the mailing list there's no obvious issues with Centos4 (might be worth having a search on the archives just in case my google like brain has dropped a bit or two ;-) Dunno about the scripts, but rsync might help - depends on now much config you need to mess with. Rsync is quite efficient. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 James Gray wrote: > Today's project is to run up CentOS 4.0 and turn it into a secondary MX that > will basically relay mail to an internal exchange machine (just like the > primary) and hold mail for 2 other domains to an internal IMAP server. I'd > like to keep all the existing recipient verification and grey-listing etc. > Which I've got sorted in my head....just gotta write the scripts :) > > So are there any particular "gotcha's" I should be looking out for, either > with CentOS or MailScanner? I normally use Debian on servers but $BOSS has > declared RedHat (EL) will be our preferred platform - I've been waiting 6 > months for installation media from $BOSS...so screw it; CentOS, then migrate > later. The primary is scheduled for some major hardware changes and I NEED > this secondary up and runnning soon. > > Does anyone have any useful scripts to keep two geographically and logically > separte servers in sync with each other's config? I was thinking CVS but > that seems like overkill - other ideas? > > Cheers, > > James > ______________________________ > I.T. Manager - Asia Region > Open Channel Solutions > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From support-lists at PETDOCTORS.CO.UK Fri Jun 10 10:51:24 2005 From: support-lists at PETDOCTORS.CO.UK (Nigel kendrick) Date: Thu Jan 12 21:29:59 2006 Subject: MailScanner on secondary MX Message-ID: I'm running all my mail servers on CentOS (Two on Cento4 and Three on Centos3.4) - no issues whatsoever with PostFix+MailScanner+SpamAssassin+ClamAV+Razor. I had a few problems with SquirrelMail on CentOS4, but turning off SELinux (as mentioned elsewhere) fixed that - you can also edit stuff to fix the problems if you want to run with SELinux. Have fun! NK -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth Sent: 10 June 2005 09:04 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: MailScanner on secondary MX James from what I see on the mailing list there's no obvious issues with Centos4 (might be worth having a search on the archives just in case my google like brain has dropped a bit or two ;-) Dunno about the scripts, but rsync might help - depends on now much config you need to mess with. Rsync is quite efficient. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 James Gray wrote: > Today's project is to run up CentOS 4.0 and turn it into a secondary > MX that > will basically relay mail to an internal exchange machine (just like the > primary) and hold mail for 2 other domains to an internal IMAP server. I'd > like to keep all the existing recipient verification and grey-listing etc. > Which I've got sorted in my head....just gotta write the scripts :) > > So are there any particular "gotcha's" I should be looking out for, > either > with CentOS or MailScanner? I normally use Debian on servers but $BOSS has > declared RedHat (EL) will be our preferred platform - I've been waiting 6 > months for installation media from $BOSS...so screw it; CentOS, then migrate > later. The primary is scheduled for some major hardware changes and I NEED > this secondary up and runnning soon. > > Does anyone have any useful scripts to keep two geographically and > logically > separte servers in sync with each other's config? I was thinking CVS but > that seems like overkill - other ideas? > > Cheers, > > James > ______________________________ > I.T. Manager - Asia Region > Open Channel Solutions > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > mailscanner' in the body of the email. Before posting, read the Wiki > (http://wiki.mailscanner.info/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pz at CHRIST-NET.SK Fri Jun 10 10:36:22 2005 From: pz at CHRIST-NET.SK (Peter Zimen) Date: Thu Jan 12 21:29:59 2006 Subject: zip archive Message-ID: My users have got mails from trusted user in zip password archive. Allow zip rule is setting, and mailscanner allow this mail to deliver. This is OK. But Sophos log is: Virus and Content Scanning: Starting Jun 7 00:53:58 cn02 MailScanner[26473]: SophosSAVI::ERROR:: File was encrypted (530):: ./F28C342794.0E4F4/V000023.zip Jun 7 00:53:58 cn02 MailScanner[26473]: Virus Scanning: SophosSAVI found 1 infections Is it possible to setting sophos to allow this file? Peter Zimen --- S pozdravom Peter Zimen ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/PKCS7-SIGNATURE 3.2KB. ] [ Unable to print this part. ] From martinh at SOLID-STATE-LOGIC.COM Fri Jun 10 10:58:37 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:59 2006 Subject: zip archive Message-ID: Peter latest version of MS (4.43.2) will allow you to use the "Allowed Sophos Error Messages" option with the SAVI interface. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Peter Zimen wrote: > My users have got mails from trusted user in zip password archive. > Allow zip rule is setting, and mailscanner allow this mail to deliver. > This is OK. > > But Sophos log is: > > Virus and Content Scanning: Starting > Jun 7 00:53:58 cn02 MailScanner[26473]: SophosSAVI::ERROR:: File was > encrypted (530):: ./F28C342794.0E4F4/V000023.zip > Jun 7 00:53:58 cn02 MailScanner[26473]: Virus Scanning: SophosSAVI > found 1 infections > > > Is it possible to setting sophos to allow this file? > > > > Peter Zimen > > > > --- > > S pozdravom > > Peter Zimen > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pz at CHRIST-NET.SK Fri Jun 10 11:09:31 2005 From: pz at CHRIST-NET.SK (Peter Zimen) Date: Thu Jan 12 21:29:59 2006 Subject: zip archive Message-ID: Plese, how to configure? --- S pozdravom Peter Zimen On 10.6.2005, at 11:58, Martin Hepworth wrote: > Peter > > latest version of MS (4.43.2) will allow you to use the "Allowed > Sophos Error Messages" option with the SAVI interface. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Peter Zimen wrote: > >> My users have got mails from trusted user in zip password archive. >> Allow zip rule is setting, and mailscanner allow this mail to >> deliver. This is OK. >> But Sophos log is: >> Virus and Content Scanning: Starting >> Jun 7 00:53:58 cn02 MailScanner[26473]: SophosSAVI::ERROR:: File >> was encrypted (530):: ./F28C342794.0E4F4/V000023.zip >> Jun 7 00:53:58 cn02 MailScanner[26473]: Virus Scanning: >> SophosSAVI found 1 infections >> Is it possible to setting sophos to allow this file? >> Peter Zimen >> --- >> S pozdravom >> Peter Zimen >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> Support MailScanner development - buy the book off the website! >> > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/PKCS7-SIGNATURE 3.2KB. ] [ Unable to print this part. ] From martinh at SOLID-STATE-LOGIC.COM Fri Jun 10 11:14:44 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:59 2006 Subject: zip archive Message-ID: Pete first of all upgrade to 4.43.2 the put the allowed messages into the option Allowed Sophos Error Messages = "corrupt", "format not supported", "File was encrypted" -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Peter Zimen wrote: > Plese, how to configure? > > --- > > S pozdravom > > Peter Zimen > > On 10.6.2005, at 11:58, Martin Hepworth wrote: > >> Peter >> >> latest version of MS (4.43.2) will allow you to use the "Allowed >> Sophos Error Messages" option with the SAVI interface. >> >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >> >> Peter Zimen wrote: >> >>> My users have got mails from trusted user in zip password archive. >>> Allow zip rule is setting, and mailscanner allow this mail to >>> deliver. This is OK. >>> But Sophos log is: >>> Virus and Content Scanning: Starting >>> Jun 7 00:53:58 cn02 MailScanner[26473]: SophosSAVI::ERROR:: File >>> was encrypted (530):: ./F28C342794.0E4F4/V000023.zip >>> Jun 7 00:53:58 cn02 MailScanner[26473]: Virus Scanning: SophosSAVI >>> found 1 infections >>> Is it possible to setting sophos to allow this file? >>> Peter Zimen >>> --- >>> S pozdravom >>> Peter Zimen ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From goudron_et_plumes at YAHOO.FR Fri Jun 10 12:46:33 2005 From: goudron_et_plumes at YAHOO.FR (Nestor Burma) Date: Thu Jan 12 21:29:59 2006 Subject: Contact the author, once again Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, There may be something weird in my mails, since there's almost not a week without some message triggering the "Contact the author" stuff :-) So I got this yesterday : MailScanner[9971]: New Batch: Scanning 1 messages, 18366 bytes MailScanner[9971]: Spam Checks: Starting MailScanner[9971]: Virus and Content Scanning: Starting MailScanner[9971]: sshd MailScanner[9971]: ProcessClamAVOutput: unrecognised line "sshd". Please contact the authors! MailScanner[9971]: sshd_config MailScanner[9971]: ProcessClamAVOutput: unrecognised line "sshd_config". Please contact the authors! MailScanner[9971]: sshd.debug MailScanner[9971]: ProcessClamAVOutput: unrecognised line "sshd.debug". Please contact the authors! MailScanner[9971]: sshd.debug2 MailScanner[9971]: ProcessClamAVOutput: unrecognised line "sshd.debug2". Please contact the authors! Using MS 4.41.3-1, ClamAV 0.85.1, SpamAssassin 3.0.4. I have extracted the message from my mailflow, if you (Julian) need it I'll send it directly to you. Sincerely, -- NB. ___________________________________________________________________________ Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo! Messenger Téléchargez cette version sur http://fr.messenger.yahoo.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Jan-Peter.Koopmann at SECEIDOS.DE Fri Jun 10 13:42:53 2005 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:29:59 2006 Subject: Contact the author, once again Message-ID: On Friday, June 10, 2005 1:47 PM Nestor Burma wrote: > MailScanner[9971]: ProcessClamAVOutput: unrecognised line "sshd". > Please contact the authors! Looks like a problem with either the clamav-wrapper or clamscan, assuming you are using clamav and not clamavmodule. Have you tried running clamscan on the message and inspecting the clamscan output? Regards, JP ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Fri Jun 10 16:57:41 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:29:59 2006 Subject: Contact the author, once again Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Nestor Burma wrote: > Hello, > > There may be something weird in my mails, since > there's almost not a week without some message > triggering the "Contact the author" stuff :-) > > Using MS 4.41.3-1, ClamAV 0.85.1, SpamAssassin 3.0.4. For what it's worth, I'm currently using MailScanner 4.42.1 and ClamAV 0.85.1 with no issues like this. It could be something that got fixed, but I can't identify anything clamav related between the two because I can't find the announcement for 4.42.1, and Julian tends to concatenate his fix list for beta-release into subsequent betas. 4.42.2 or higher would be advisable however, as it fixed clamav missing some sober.p messages. (possibly fixed in 4.42.1, can't tell due to Julian's concatenation) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at NKPANAMA.COM Fri Jun 10 17:45:10 2005 From: alex at NKPANAMA.COM (Alex Neuman) Date: Thu Jan 12 21:29:59 2006 Subject: OT: How to defeat address harvesting; like this..??? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] There are things you can do to sendmail and other MTA's that slow down the spammer's attacks by delaying further and further every connection attempt (or RCPT TO: attempt) by seconds or more. Try: http://www.technoids.org/dossed.html Peter Russell wrote: > The wiki on the mailscanner site has at least 2 guides for beating > these types of attacks. ALl pretty simple to implment. > > Good Luck > Pete > > Scott Silva wrote: > >> DNSAdmin wrote: >> >>> At 12:12 PM 6/9/2005, you wrote: >>> >>> >>>>> How do I defeat this??? Any decent suggestions appreciated! I might >>>> >>>> >>>> even >>>> >>>>> consider the baseball bat if he/she were in my backyard! >>>>> >>>>> I have CentOS 3.4, Sendmail 8.12, MailScanner 4.41, SpamAssassin 2.55 >>>>> >>>>> TIA! >>>>> Glenn Parsons >>>>> >>>> >>>> I found these in a 5 second search of Google; >>>> http://www.amiga.ch/spamtracker/ >>>> http://www.samag.com/documents/s=8920/sam0311k/0311k.htm >>>> You can probably find more. >>> >>> >>> >>> Thank You Scott, >>> >>> I must brush up on my Google skills again! I'll try again with this. >>> Thanks for your links! Very good. >>> >>> Thank you Sir! >>> >> >> I did not mean to put down your Google skills, I was just letting you >> know it wasn't an exhaustive search. I'm short handed today, and am >> wearing even more hats then usual! >> >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pz at CHRIST-NET.SK Fri Jun 10 19:03:42 2005 From: pz at CHRIST-NET.SK (Peter Zimen) Date: Thu Jan 12 21:29:59 2006 Subject: zip archive Message-ID: Thanks, works fine :). Peter On 10.6.2005, at 12:14, Martin Hepworth wrote: > Pete > > first of all upgrade to 4.43.2 > > the put the allowed messages into the option > > Allowed Sophos Error Messages = "corrupt", "format not supported", > "File was encrypted" > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Peter Zimen wrote: > >> Plese, how to configure? >> --- >> S pozdravom >> Peter Zimen >> On 10.6.2005, at 11:58, Martin Hepworth wrote: >> >>> Peter >>> >>> latest version of MS (4.43.2) will allow you to use the "Allowed >>> Sophos Error Messages" option with the SAVI interface. >>> >>> -- >>> Martin Hepworth >>> Snr Systems Administrator >>> Solid State Logic >>> Tel: +44 (0)1865 842300 >>> >>> >>> Peter Zimen wrote: >>> >>> >>>> My users have got mails from trusted user in zip password archive. >>>> Allow zip rule is setting, and mailscanner allow this mail to >>>> deliver. This is OK. >>>> But Sophos log is: >>>> Virus and Content Scanning: Starting >>>> Jun 7 00:53:58 cn02 MailScanner[26473]: SophosSAVI::ERROR:: >>>> File was encrypted (530):: ./F28C342794.0E4F4/V000023.zip >>>> Jun 7 00:53:58 cn02 MailScanner[26473]: Virus Scanning: >>>> SophosSAVI found 1 infections >>>> Is it possible to setting sophos to allow this file? >>>> Peter Zimen >>>> --- >>>> S pozdravom >>>> Peter Zimen >>>> > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/PKCS7-SIGNATURE 3.2KB. ] [ Unable to print this part. ] From bsnottum at HOTMAIL.COM Fri Jun 10 19:56:55 2005 From: bsnottum at HOTMAIL.COM ([iso-8859-1] Bjørn-Sverre Nøttum) Date: Thu Jan 12 21:29:59 2006 Subject: mailscanner as mailgateway Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hallo! I want to use mailscanner as my mailgateway. Is it possible to follow the setup in the genral documentation? Or does this only apply if you have everything on the same box. I guess there are some challenges if/ when you have to run to instances of sendmail for instance. I have been reading quite a lot of the documentatin, but have not been able to find anything specific on this, and I do not want to start something which is not possible to achieve. What I want the mailgateway to do is the traditional: Recive mail, scan it for viruses an spam and then dump it off to the actual mailserver (should apply for both incoming an outgoing mail ofcourse). I already have a functioning mailserver with squirrel an some other stuff. This is working well and I do not want to put anything more into this box. Hoetos and hint will be highly appreciated! Bjorn _________________________________________________________________ MSN Hotmail http://www.hotmail.com Med markedets beste SPAM-filter. Gratis! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Fri Jun 10 20:12:14 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:29:59 2006 Subject: IE_VULN rule Message-ID: Way back when, this rule was posted to deal w/an IE vulnerability: # IE explorer spoofing uri IE_VULN /%([01][0-9a-f]|7f).*@/i score IE_VULN 100.0 describe IE_VULN Internet Explorer vulnerability Can someone tell me what this rule (in spam.assassin.prefs.conf) is actually doing? Is it trapping messages sent from IE or with questional URLs or what? It's stepping on some inbound 911 updates going to the local constabulary and since they're the ones that write parking tickets, etc., I figured it might be prudent to sorta, er, figure out what's going on... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From joshua.hirsh at PARTNERSOLUTIONS.CA Fri Jun 10 20:19:06 2005 From: joshua.hirsh at PARTNERSOLUTIONS.CA (Joshua Hirsh) Date: Thu Jan 12 21:29:59 2006 Subject: OT: Gripe about corrupted signed messages to the list Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi fellow-list-members, I'm sure that I'm not the only person that this annoys, but would it be possible for all of you fine folks who sign your outgoing email with a certificate, to disable it before sending to the list? (If it's been mentioned before, I must have missed it and just ignore me). The problem is that this list adds a signature to all messages, which corrupts your digital signature. Some mail clients like to display warnings about said messages (and rightly so!) saying that they've been altered in transit. What this ends up meaning is that it takes more effort to read your particular message, and in most cases, I don't even bother reading them. (finding enough time to read most of the messages on this list is challenging enough!) Thanks! -Joshua ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Fri Jun 10 20:24:10 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:29:59 2006 Subject: mailscanner as mailgateway Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Bjørn-Sverre Nøttum wrote: > Hallo! > > I want to use mailscanner as my mailgateway. Is it possible to follow > the setup in the genral documentation? Or does this only apply if you > have everything on the same box. > > I guess there are some challenges if/ when you have to run to > instances of sendmail for instance. I have been reading quite a lot > of the documentatin, but have not been able to find anything specific > on this, and I do not want to start something which is not possible > to achieve. > > What I want the mailgateway to do is the traditional: Recive mail, > scan it for viruses an spam and then dump it off to the actual > mailserver (should apply for both incoming an outgoing mail ofcourse). > > I already have a functioning mailserver with squirrel an some other > stuff. This is working well and I do not want to put anything more > into this box. > > Hoetos and hint will be highly appreciated! That's easily done w/MailScanner. I use sendmail here. In /etc/mail/mailertable just put something like the following: mydomain.com esmtp:[192.168.1.25] myotherdomain.com esmtp:[192.168.1.25] tabs go here-----^^^^ Add any domains you want to receive mail for, and the address of the internal mail server that you want to send them to. and in /etc/mail/relay-domains put any domain you're relaying for such as: mydomain.com myotherdomain.com You'll probably need to edit the access file to allow relaying from internal machines outbound. It's well documented... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at ZANKER.ORG Fri Jun 10 20:27:53 2005 From: mike at ZANKER.ORG (Mike Zanker) Date: Thu Jan 12 21:29:59 2006 Subject: OT: Gripe about corrupted signed messages to the list Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/6/05 20:19, Joshua Hirsh wrote: > I'm sure that I'm not the only person that this annoys, but would it be possible for all of you fine folks who sign your outgoing email with a certificate, to disable it before sending to the list? (If it's been mentioned before, I must have missed it and just ignore me). Provided you fix your mail client to wrap lines properly :) > The problem is that this list adds a signature to all messages, which corrupts your digital signature. Some mail clients like to display warnings about said messages (and rightly so!) saying that they've been altered in transit. PGP/GPG marks the signed part so that things like this shouldn't happen. Mike. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (Darwin) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCqem5/kpNbHCQHr4RApqvAKC1LdYT1OojNddeSod1ooDj4Tgw9wCgyGqs nR4nYXxn2OIO1q/+1VQCpKU= =prdp -----END PGP SIGNATURE----- This message has been scanned for viruses by MailController - www.MailController.altohiway.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raylund.lai at KANKANWOO.COM Fri Jun 10 20:14:04 2005 From: raylund.lai at KANKANWOO.COM (Raylund Lai) Date: Thu Jan 12 21:29:59 2006 Subject: mailscanner as mailgateway Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I can be done. Basically it's the MTA (e.g. sendmail) to configure as mail gateway. MailScanner will be configure as usual. Cheers Raylund Bjørn-Sverre Nøttum wrote: > Hallo! > > I want to use mailscanner as my mailgateway. Is it possible to follow > the setup in the genral documentation? Or does this only apply if you > have everything on the same box. > > I guess there are some challenges if/ when you have to run to > instances of sendmail for instance. I have been reading quite a lot of > the documentatin, but have not been able to find anything specific on > this, and I do not want to start something which is not possible to > achieve. > > What I want the mailgateway to do is the traditional: Recive mail, > scan it for viruses an spam and then dump it off to the actual > mailserver (should apply for both incoming an outgoing mail ofcourse). > > I already have a functioning mailserver with squirrel an some other > stuff. This is working well and I do not want to put anything more > into this box. > > Hoetos and hint will be highly appreciated! > > Bjorn > > _________________________________________________________________ > MSN Hotmail http://www.hotmail.com Med markedets beste SPAM-filter. > Gratis! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From William.Burns at AEROFLEX.COM Fri Jun 10 20:21:14 2005 From: William.Burns at AEROFLEX.COM (William Burns) Date: Thu Jan 12 21:29:59 2006 Subject: mailscanner as mailgateway Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Bjørn-Sverre Nøttum wrote: > I want to use mailscanner as my mailgateway. No problem. If you can configure a "normal" mail gateway, then you'll be able to add MailScanner to that just as easily as adding MailScanner to a server that hosts mail locally. -Bill ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From joshua.hirsh at PARTNERSOLUTIONS.CA Fri Jun 10 20:48:21 2005 From: joshua.hirsh at PARTNERSOLUTIONS.CA (Joshua Hirsh) Date: Thu Jan 12 21:29:59 2006 Subject: OT: Gripe about corrupted signed messages to the list Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > Provided you fix your mail client to wrap lines properly :) Hah! Fair enough. That problem is party due to a large screen resolution, and partly due to corporate email client standards (Outlook) =p > PGP/GPG marks the signed part so that things like this > shouldn't happen. I should have been more specific, PGP/GPG signed messages never cause the problem. I'm not sure which email clients are the culprites, but messages from Peter Zimen and Denis Beauchemin (a small selection of others too) have this issue for me. Cheers, -Joshua ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Fri Jun 10 20:49:53 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:29:59 2006 Subject: OT: Gripe about corrupted signed messages to the list Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Mike Zanker wrote: > >>> The problem is that this list adds a signature to all messages, which corrupts your digital signature. Some mail clients like to display warnings about said messages (and rightly so!) saying that they've been altered in transit. > > > PGP/GPG marks the signed part so that things like this shouldn't happen. > > Mike. Since Joshua mentioned certificates, I'm fairly certain he was strictly referring to s/mime signatures, not PGP/GPG signatures (which don't use certificates). S/Mime signs a whole mime segment, and doesn't deal well with list signatures. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Fri Jun 10 21:04:36 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:29:59 2006 Subject: OT: Gripe about corrupted signed messages to the list Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Joshua Hirsh wrote: >>Provided you fix your mail client to wrap lines properly :) >> >> > > Hah! Fair enough. That problem is party due to a large screen resolution, and partly due to corporate email client standards (Outlook) =p > > > No problem here with your line breaks since TBird wraps long lines to my screen size. > > > >>PGP/GPG marks the signed part so that things like this >>shouldn't happen. >> >> > > I should have been more specific, PGP/GPG signed messages never cause the problem. I'm not sure which email clients are the culprites, but messages from Peter Zimen and Denis Beauchemin (a small selection of others too) have this issue for me. > > I couldn't find a setting in TBird to not sign an email sent to a given destination. From now on I will try to remember to turn the feature off manually every time I post to this list (but I may forget since this is the only place I have to do it). Have a nice weekend you all. Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Fri Jun 10 21:41:19 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:29:59 2006 Subject: Gripe about corrupted signed messages to the list Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Joshua Hirsh > Sent: Friday, June 10, 2005 2:19 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: OT: Gripe about corrupted signed messages to the list > > > Hi fellow-list-members, > > I'm sure that I'm not the only person that this annoys, but > would it be possible for all of you fine folks who sign your > outgoing email with a certificate, to disable it before sending > to the list? (If it's been mentioned before, I must have missed > it and just ignore me). > > The problem is that this list adds a signature to all messages, > which corrupts your digital signature. Some mail clients like to > display warnings about said messages (and rightly so!) saying > that they've been altered in transit. > > What this ends up meaning is that it takes more effort to read > your particular message, and in most cases, I don't even bother > reading them. (finding enough time to read most of the messages > on this list is challenging enough!) > "Some mail agents" might be Outlook?. It won't display anything in the preview pane, you have to actually open the message in a new window and tell it you will accept the message before it can be read. Unless it's a part of critical thread or the subject is very interesting I delete them off hand just to get them out of my way. If Thunderbird would just integrate a decent calendar, notes, etc I would dump Outlook in a heart beat. It's hard to describe how annoying it is to get a bunch of those cert signed messages and you cannot even mark them as read without dancing through the warnings they have been altered in transit (and they have). I would think not using a certificate when posting to a news list that alters ever message sent through it, would be the best... I just figured I was the only one who was aggravated by that. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Fri Jun 10 23:08:05 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:59 2006 Subject: SV: mailscanner as mailgateway Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Yes, look in the wiki (and other places:) and think "my squirrelmail box" everywhere it says something like "Exchange/Domino/Groupwise":-). As Raylund says, MS doesn't really come into the picture (well...:), this is all in the MTA(s, but look at for example postfix... This can use only one instance...). -- Glenn -----Ursprungligt meddelande----- Från: MailScanner mailing list genom Raylund Lai Skickat: fr 2005-06-10 21:14 Till: MAILSCANNER@JISCMAIL.AC.UK Kopia: Ämne: Re: mailscanner as mailgateway I can be done. Basically it's the MTA (e.g. sendmail) to configure as mail gateway. MailScanner will be configure as usual. Cheers Raylund Bjørn-Sverre Nøttum wrote: > Hallo! > > I want to use mailscanner as my mailgateway. Is it possible to follow > the setup in the genral documentation? Or does this only apply if you > have everything on the same box. > > I guess there are some challenges if/ when you have to run to > instances of sendmail for instance. I have been reading quite a lot of > the documentatin, but have not been able to find anything specific on > this, and I do not want to start something which is not possible to > achieve. > > What I want the mailgateway to do is the traditional: Recive mail, > scan it for viruses an spam and then dump it off to the actual > mailserver (should apply for both incoming an outgoing mail ofcourse). > > I already have a functioning mailserver with squirrel an some other > stuff. This is working well and I do not want to put anything more > into this box. > > Hoetos and hint will be highly appreciated! > > Bjorn > > _________________________________________________________________ > MSN Hotmail http://www.hotmail.com Med markedets beste SPAM-filter. > Gratis! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jun 11 12:25:37 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:59 2006 Subject: IE_VULN rule Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] This was for an old vulnerability, that rule has been there for ages. You should be able to safely remove it now. Kevin Miller wrote: >Way back when, this rule was posted to deal w/an IE vulnerability: > ># IE explorer spoofing >uri IE_VULN /%([01][0-9a-f]|7f).*@/i >score IE_VULN 100.0 >describe IE_VULN Internet Explorer vulnerability > >Can someone tell me what this rule (in spam.assassin.prefs.conf) is actually >doing? Is it trapping messages sent from IE or with questional URLs or >what? > >It's stepping on some inbound 911 updates going to the local constabulary >and since they're the ones that write parking tickets, etc., I figured it >might be prudent to sorta, er, figure out what's going on... > >...Kevin > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From naolson at gmail.com Sun Jun 12 09:49:23 2005 From: naolson at gmail.com (Nathan Olson) Date: Thu Jan 12 21:29:59 2006 Subject: X-MailScanner-From problem Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] The header is named X-%orgname%-MailScanner-From in MailScanner.conf but X-MailScanner-From in spam.assassin.prefs.conf Nathan Olson ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Sun Jun 12 12:10:20 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:29:59 2006 Subject: X-MailScanner-From problem Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Nathan Olson wrote: >The header is named X-%orgname%-MailScanner-From in MailScanner.conf >but X-MailScanner-From in spam.assassin.prefs.conf > > I would suggest changing spam.assassin.prefs.conf to match then ;-) Seriously, I would always suggest thoroughly checking all the settings in that file are suitable for your environment. A good spot none the less. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Sun Jun 12 14:45:07 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:29:59 2006 Subject: Problem with ClamAV update Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, I get weird result from autoupdate on one of my servers: Excerpt from a 'sane' server: [root@sane root]# grep updated /var/log/maillog Jun 12 08:03:52 sane ClamAV-autoupdate[9824]: ClamAV updated Jun 12 09:09:29 sane ClamAV-autoupdate[18865]: ClamAV updated [root@sane root]# clamscan -V ClamAV 0.85.1/929/Sun Jun 12 08:11:33 2005 [root@sane root]# date Sun Jun 12 09:40:48 EDT 2005 Excerpt from problematic server [root@insanelog]# grep updated /var/log/maillog Jun 12 05:01:45 instane ClamAV-autoupdate[5501]: ClamAV updated Jun 12 06:02:10 insane ClamAV-autoupdate[6012]: ClamAV updated [root@insane log]# clamscan -V ClamAV 0.85.1/919/Tue Jun 7 08:26:14 2005 [root@insane log]# date Sun Jun 12 06:39:11 PDT 2005 The logs say it is updating, around the same time as my other server (differences in time is because of timezone), but the definition # is not reflecting the update. If I run freshclam manually: [root@insanelog]# freshclam ClamAV update process started at Sun Jun 12 06:42:37 2005 main.cvd is up to date (version: 32, sigs: 34720, f-level: 5, builder: tkojm) Downloading daily.cvd [*] daily.cvd updated (version: 929, sigs: 798, f-level: 5, builder: diego) Database updated (35518 signatures) from database.clamav.net (IP: 195.92.99.99) [root@insane log]# clamscan -V ClamAV 0.85.1/929/Sun Jun 12 05:11:33 2005 Any ideas? Should I enable the log in freshclam.conf? Regards, Ugo ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From miguelk at konsultex.com.br Sun Jun 12 15:17:31 2005 From: miguelk at konsultex.com.br (Miguel Koren OBrien de Lacy) Date: Thu Jan 12 21:29:59 2006 Subject: Problem with ClamAV update Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ugo; My installations use this version: [root@rivendell root]# clamscan -V ClamAV 0.85.1/929/Sun Jun 12 09:11:33 2005 Which is the one you found 'same'. It seems to work fine: [root@rivendell root]# grep updated /var/log/maillog .... Jun 11 16:10:22 rivendell ClamAV-autoupdate[16565]: ClamAV updated Jun 12 01:10:36 rivendell ClamAV-autoupdate[32549]: ClamAV updated Jun 12 05:03:35 rivendell ClamAV-autoupdate[21590]: ClamAV updated Jun 12 09:05:51 rivendell ClamAV-autoupdate[29811]: ClamAV updated Jun 12 10:05:52 rivendell ClamAV-autoupdate[31400]: ClamAV updated When I check the database files they look like this: -rw-r--r-- 1 clamav clamav 69314 Jun 12 10:05 daily.cvd -rw-r--r-- 1 clamav clamav 2196392 Jun 4 23:10 main.cvd The times are in BRT. Notice that the other one has a slightly lower minor revision number. I would update. Miguel -- Konsultex Informatica (http://www.konsultex.com.br) ---------- Original Message ----------- From: Ugo Bellavance To: MAILSCANNER@JISCMAIL.AC.UK Sent: Sun, 12 Jun 2005 09:45:07 -0400 Subject: Problem with ClamAV update > Hi, > > I get weird result from autoupdate on one of my servers: > > Excerpt from a 'sane' server: > > [root@sane root]# grep updated /var/log/maillog > Jun 12 08:03:52 sane ClamAV-autoupdate[9824]: ClamAV updated > Jun 12 09:09:29 sane ClamAV-autoupdate[18865]: ClamAV updated > [root@sane root]# clamscan -V > ClamAV 0.85.1/929/Sun Jun 12 08:11:33 2005 > [root@sane root]# date > Sun Jun 12 09:40:48 EDT 2005 > > Excerpt from problematic server > > [root@insanelog]# grep updated /var/log/maillog > Jun 12 05:01:45 instane ClamAV-autoupdate[5501]: ClamAV updated > Jun 12 06:02:10 insane ClamAV-autoupdate[6012]: ClamAV updated > [root@insane log]# clamscan -V > ClamAV 0.85.1/919/Tue Jun 7 08:26:14 2005 > [root@insane log]# date > Sun Jun 12 06:39:11 PDT 2005 > > The logs say it is updating, around the same time as my other server > (differences in time is because of timezone), but the definition # is > not reflecting the update. If I run freshclam manually: > > [root@insanelog]# freshclam > ClamAV update process started at Sun Jun 12 06:42:37 2005 > main.cvd is up to date (version: 32, sigs: 34720, f-level: 5, builder: > tkojm) > Downloading daily.cvd [*] > daily.cvd updated (version: 929, sigs: 798, f-level: 5, builder: diego) > Database updated (35518 signatures) from database.clamav.net (IP: > 195.92.99.99) > [root@insane log]# clamscan -V > ClamAV 0.85.1/929/Sun Jun 12 05:11:33 2005 > > Any ideas? > > Should I enable the log in freshclam.conf? > > Regards, > > Ugo > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- > Esta mensagem foi verificada pelo sistema de antivírus e > acredita-se estar livre de perigo. ------- End of Original Message ------- -- Esta mensagem foi verificada pelo sistema de antivírus e acredita-se estar livre de perigo. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Sun Jun 12 16:38:56 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:29:59 2006 Subject: Problem with ClamAV update Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Miguel Koren OBrien de Lacy wrote: > Ugo; > > My installations use this version: > > [root@rivendell root]# clamscan -V > ClamAV 0.85.1/929/Sun Jun 12 09:11:33 2005 That is what I get in my problematic server once I run freshclam manually. > > Which is the one you found 'same'. It seems to work fine: > > [root@rivendell root]# grep updated /var/log/maillog > .... > Jun 11 16:10:22 rivendell ClamAV-autoupdate[16565]: ClamAV updated > Jun 12 01:10:36 rivendell ClamAV-autoupdate[32549]: ClamAV updated > Jun 12 05:03:35 rivendell ClamAV-autoupdate[21590]: ClamAV updated > Jun 12 09:05:51 rivendell ClamAV-autoupdate[29811]: ClamAV updated > Jun 12 10:05:52 rivendell ClamAV-autoupdate[31400]: ClamAV updated > > When I check the database files they look like this: > > -rw-r--r-- 1 clamav clamav 69314 Jun 12 10:05 daily.cvd > -rw-r--r-- 1 clamav clamav 2196392 Jun 4 23:10 main.cvd > > The times are in BRT. > > Notice that the other one has a slightly lower minor revision number. I would update. > Sorry, I don't get that one. Thanks, > Miguel > > -- > Konsultex Informatica (http://www.konsultex.com.br) > > ---------- Original Message ----------- > From: Ugo Bellavance > To: MAILSCANNER@JISCMAIL.AC.UK > Sent: Sun, 12 Jun 2005 09:45:07 -0400 > Subject: Problem with ClamAV update > > >>Hi, >> >>I get weird result from autoupdate on one of my servers: >> >>Excerpt from a 'sane' server: >> >>[root@sane root]# grep updated /var/log/maillog >>Jun 12 08:03:52 sane ClamAV-autoupdate[9824]: ClamAV updated >>Jun 12 09:09:29 sane ClamAV-autoupdate[18865]: ClamAV updated >>[root@sane root]# clamscan -V >>ClamAV 0.85.1/929/Sun Jun 12 08:11:33 2005 >>[root@sane root]# date >>Sun Jun 12 09:40:48 EDT 2005 >> >>Excerpt from problematic server >> >>[root@insanelog]# grep updated /var/log/maillog >>Jun 12 05:01:45 instane ClamAV-autoupdate[5501]: ClamAV updated >>Jun 12 06:02:10 insane ClamAV-autoupdate[6012]: ClamAV updated >>[root@insane log]# clamscan -V >>ClamAV 0.85.1/919/Tue Jun 7 08:26:14 2005 >>[root@insane log]# date >>Sun Jun 12 06:39:11 PDT 2005 >> >>The logs say it is updating, around the same time as my other server >>(differences in time is because of timezone), but the definition # is >>not reflecting the update. If I run freshclam manually: >> >>[root@insanelog]# freshclam >>ClamAV update process started at Sun Jun 12 06:42:37 2005 >>main.cvd is up to date (version: 32, sigs: 34720, f-level: 5, builder: >>tkojm) >>Downloading daily.cvd [*] >>daily.cvd updated (version: 929, sigs: 798, f-level: 5, builder: diego) >>Database updated (35518 signatures) from database.clamav.net (IP: >>195.92.99.99) >>[root@insane log]# clamscan -V >>ClamAV 0.85.1/929/Sun Jun 12 05:11:33 2005 >> >>Any ideas? >> >>Should I enable the log in freshclam.conf? >> >>Regards, >> >>Ugo ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Mon Jun 13 08:58:56 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:59 2006 Subject: Gripe about corrupted signed messages to the list Message-ID: Peter Russell wrote: > I use Thunderbird on win32m to read this list and have no issues at > all with any certs? > > Anyway, i do see HEAPS AND HEAPS of broken threads and the Subjects > almost always starts with SV: Guilty as charged.... Sure there are others (mostly Danes and some fellow Swedes), but I'd guess I'm responsible for most of these. > Is appears as though its the outlook users causing this - arent you Nope, not really. Or at least in my case it's a question about prefs and l10n (In the real OL I'm set with an english locale and swedish regional settings ... this one will make replies start with RE: ... But when using OWA I'm suddenly using a swedish locale. Sigh. And sometimes (often:) I'm to lazy to fix the subject line). > able to install Tbird and use it just for lists ? cos every second > thread in the list being broken is pretty ordinary. > > Pete And you think I haven't? And the ongoing office-war hasn't gone down the particular trench where the m-sexchange-person has disabled both POP and IMAP? And (since he prefered a "secure" OWA solution) that the server is so tightly wound that I can't get at it with the evolution exchange connector? All done with the blessing of the PHB, who actually set that corporate policy mandating how I am supposed to read my mail. Oh well. But it's been noted, I'll make an effort to fix the SV:/RE: thing in the future. -- Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From garry at GLENDOWN.DE Mon Jun 13 09:13:01 2005 From: garry at GLENDOWN.DE (Garry Glendown) Date: Thu Jan 12 21:29:59 2006 Subject: Gripe about corrupted signed messages to the list Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Steen, Glenn wrote: > Peter Russell wrote: > >>I use Thunderbird on win32m to read this list and have no issues at >>all with any certs? >> >>Anyway, i do see HEAPS AND HEAPS of broken threads and the Subjects >>almost always starts with SV: [..] > But it's been noted, I'll make an effort to fix the SV:/RE: thing in > the future. The subject shouldn't be causing this --- just took a look at your reply to the clamav update thread --- looks like your message does not contain the references header ... so, rather than messing with the subject, rather check why your MUA swallows the references ... -gg ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dfilchak at SYMPATICO.CA Mon Jun 13 07:06:58 2005 From: dfilchak at SYMPATICO.CA (Dave Filchak) Date: Thu Jan 12 21:29:59 2006 Subject: not delivering mail Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] After working just fine for many months, I now have an issue where no mail is being delivered and maillog shows consistent errors saying that the address of sender does not resolve. However, in those addresses is included my own domain and using dig to check these addresses, they all resolve just fine. I have Bind running on both of my mail servers and neither seem to be able to resolve any domains. If I use dig to lookup domains that show failure, they all seem to be able to resolve. The local dns seems to be working. At this point, mail has virtually stopped. Any body offer up any ideas? Dave ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rakesh at netcore.co.in Mon Jun 13 07:29:32 2005 From: rakesh at netcore.co.in (Rakesh) Date: Thu Jan 12 21:29:59 2006 Subject: 4.43.2-1, bug ? Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Mon, 2005-06-13 at 11:26, Dörfler Andreas wrote: > hi there, > > ive updated friday to beta 4.43.2-1. > since that day i only got 4 mails with viruswarnings. > in mailwatch blocked virusmails marked as spam, so i download > the attachment and the internal virusscanner pops up. > is there something broken or its only me ? > > greetings > andy > Hi Andy, >From your mail I am assuming that you quarantine your spams as well and you perform some extra checks like DCC or Razor or Pyzor. In such cases virus mails are sometimes considered as spams by these extra checks. If you store/quarantine your spams then virus scanning is not performed on these mails and are directly quarantined. However if you don't quarantine virus mails that are detected as spams please enable the Keep Spam And MCP Archive Clean = yes in your MailScanner.conf. This will cause MailScanner to perform virus checks before quarantining the mail. regards Rakesh ---------------------------------------------------------- Netcore Solutions Pvt. Ltd. Website: http://www.netcore.co.in Spamtraps: http://cleanmail.netcore.co.in/directory.html ---------------------------------------------------------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From damian at WORKGROUPSOLUTIONS.COM Mon Jun 13 08:02:27 2005 From: damian at WORKGROUPSOLUTIONS.COM (Damian Mendoza) Date: Thu Jan 12 21:29:59 2006 Subject: mailscanner as mailgateway Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, Configure sendmail to function as a gateway - access.db and mailertable.db are critical. Once you have sendmail working as a gateway, install MailScanner. If you want a 10 minute installation of Fedora O.S., Sendmail, MailScanner, MailWatch, Web Interface, SpamAssassin 3.x, ClamAV, etc - download ftp://64.186.236.226/pub/spamgate-1.21.iso - burn a CDROM and boot to install components which will build an AntiSpam/Antivirus gateway in 10-15 minutes. Regards, Damian Mendoza http://www.spamgate.us 949 586-2200 -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Bjørn-Sverre Nøttum Sent: Friday, June 10, 2005 11:57 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: mailscanner as mailgateway Hallo! I want to use mailscanner as my mailgateway. Is it possible to follow the setup in the genral documentation? Or does this only apply if you have everything on the same box. I guess there are some challenges if/ when you have to run to instances of sendmail for instance. I have been reading quite a lot of the documentatin, but have not been able to find anything specific on this, and I do not want to start something which is not possible to achieve. What I want the mailgateway to do is the traditional: Recive mail, scan it for viruses an spam and then dump it off to the actual mailserver (should apply for both incoming an outgoing mail ofcourse). I already have a functioning mailserver with squirrel an some other stuff. This is working well and I do not want to put anything more into this box. Hoetos and hint will be highly appreciated! Bjorn _________________________________________________________________ MSN Hotmail http://www.hotmail.com Med markedets beste SPAM-filter. Gratis! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Andreas.Doerfler at KEMPTEN.DE Mon Jun 13 06:56:50 2005 From: Andreas.Doerfler at KEMPTEN.DE ([iso-8859-1] Dörfler Andreas) Date: Thu Jan 12 21:30:00 2006 Subject: 4.43.2-1, bug ? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] hi there, ive updated friday to beta 4.43.2-1. since that day i only got 4 mails with viruswarnings. in mailwatch blocked virusmails marked as spam, so i download the attachment and the internal virusscanner pops up. is there something broken or its only me ? greetings andy --free your mind, use open source http://www.mono-project.com ASCII ribbon campaign ( ) - against HTML email X & vCards / \ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Sun Jun 12 23:46:54 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:30:00 2006 Subject: Gripe about corrupted signed messages to the list Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I use Thunderbird on win32m to read this list and have no issues at all with any certs? Anyway, i do see HEAPS AND HEAPS of broken threads and the Subjects almost always starts with SV: Is appears as though its the outlook users causing this - arent you able to install Tbird and use it just for lists ? cos every second thread in the list being broken is pretty ordinary. Pete ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Mon Jun 13 00:52:54 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:30:00 2006 Subject: New snertsoft milter site Message-ID: For those of you who use any of Anthony Howe's excellent milters, please note that Anthony has a new web site, updated existing milters and a new milter - milter-cli. Milter-cli looks very interseting. Steve Steve Swaney President Fort Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com -----Original Message----- From: milters-bounce@milter.info [mailto:milters-bounce@milter.info] On Behalf Of Anthony Howe Sent: Tuesday, May 31, 2005 8:05 PM To: milters@milter.info Subject: [milters] SnertSoft Online... Removal...........: milters-request@milter.info?subject=remove More information..: http://www.milter.info/#Support -------------------------------------------------------- I'm happy to announce the long awaited update to the Snert Milters has finally been released. There have been lots of changes within LibSnert and many of the milters. Notable fixes to the cache code, DNS client code (IPv6 support, CNAME loop detection), Linux socket timeout fix, revamped configure and install, fixed the startup scripts, option files, and much much more. milter-ahead, -bcc, -gris, -sender, -spamc all have new options. NOTE that with this release, many of the default file locations for Linux and *BSD have changed to better reflect the recommended file hierarchy for those systems. Most important will be the location of the unix domain socket, pid, and cache locations. Please look at the Notes section of the manual for further details. As always, please review the change logs for libsnert and the milters you use. http://www.snertsoft.com/ With this update comes a new milter, milter-cli. This milter provides a means by which client connection and envelope details and/or message headers and content can be filtered using shell commands or scripts. Intended as a way to implement quick & dirty content filtering solutions when there is no other suitable milter available. -- Anthony C Howe +33 6 11 89 73 78 http://www.snert.com/ ICQ: 7116561 AIM: Sir Wumpus new moon on high / jasmine on the breeze / quiet twilight ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From naolson at gmail.com Sun Jun 12 23:42:13 2005 From: naolson at gmail.com (Nathan Olson) Date: Thu Jan 12 21:30:00 2006 Subject: X-MailScanner-From problem Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] The header should be X-YOURDOMAIN-COM-MailScanner-From by default, like the bayes_ignore lines above it in spam.assassin.prefs.conf This would be a more visual clue that it needs to be changed. Nate ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From miguelk at konsultex.com.br Sun Jun 12 21:10:12 2005 From: miguelk at konsultex.com.br (Miguel Koren OBrien de Lacy) Date: Thu Jan 12 21:30:00 2006 Subject: Problem with ClamAV update Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ugo; I meant that v: 0.85.1/919 is lower than 0.85.1/929, assuming that 919 and 929 are part of the version number. Since you said that after running freshclam manually you also get 0.85.1/929, this looks more like a database version. Miguel -- Konsultex Informatica (http://www.konsultex.com.br) > > Notice that the other one has a slightly lower minor revision number. I would update. > > > > Sorry, I don't get that one. > -- Esta mensagem foi verificada pelo sistema de antivírus e acredita-se estar livre de perigo. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Sun Jun 12 22:00:44 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:00 2006 Subject: Problem with ClamAV update Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Miguel Koren OBrien de Lacy wrote: > Ugo; > > I meant that v: 0.85.1/919 is lower than 0.85.1/929, assuming that 919 and 929 are > part of the version number. Since you said that after running freshclam manually you > also get 0.85.1/929, this looks more like a database version. Yes, it is the version of the virus definitions. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From adrik at SALESMANAGER.NL Mon Jun 13 10:13:22 2005 From: adrik at SALESMANAGER.NL (Adri Koppes) Date: Thu Jan 12 21:30:00 2006 Subject: TNEF files left in incoming sendmail queue Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Today I noticed I had 2 tnef files left in my incoming sendmail queue (/var/spool/mqueue.in). Does MailScanner expand these in the incoming queue directory? I'm using the internal TNEF module. MailScanner.conf contains: Expand TNEF = yes Deliver Unparsable TNEF = no TNEF Expander = internal TNEF Timeout = 120 /var/spool/mqueue.in contains: # ls -l /var/spool/mqueue.in total 84 -rw-r--r-- 1 root daemon 7344 Jun 10 06:35 tnef-7769-1.doc -rw-r--r-- 1 root daemon 76800 Jun 10 06:35 tnef-7769-2.doc /var/log/maillog contains: Jun 10 06:35:44 mail MailScanner[7769]: New Batch: Scanning 1 messages, 116569 bytes Jun 10 06:35:51 mail MailScanner[7769]: Expanding TNEF archive at /var/spool/MailScanner/incoming/7769/j5A4ZUTm008140/winmail.dat Jun 10 06:35:51 mail MailScanner[7769]: Corrupt TNEF winmail.dat that cannot be analysed in message j5A4ZUTm008140 Jun 10 06:35:51 mail MailScanner[7769]: Virus and Content Scanning: Starting Jun 10 06:35:51 mail MailScanner[7769]: SophosSAVI::ERROR:: Sweep could not proceed, the file was corrupted (538):: ./j5A4ZUTm008140/winmail.dat Jun 10 06:35:52 mail MailScanner[7769]: Virus Scanning: SophosSAVI found 1 infections Jun 10 06:35:52 mail MailScanner[7769]: ClamAVModule::LibClamAV Error: Error reading TNEF message Jun 10 06:35:52 mail MailScanner[7769]: Virus Scanning: ClamAV Module found 1 infections Jun 10 06:35:53 mail MailScanner[7769]: Infected message j5A4ZUTm008140 came from xxx.xx.xxx.xx Adri. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Sun Jun 12 18:59:22 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:30:00 2006 Subject: SV: Problem with ClamAV update Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Perhaps you'll see something in /tmpClamav.update.log (or whatever it'scalled ... I'm @home:-)? -- Glenn -----Ursprungligt meddelande----- Från: MailScanner mailing list genom Ugo Bellavance Skickat: sö 2005-06-12 15:45 Till: MAILSCANNER@JISCMAIL.AC.UK Kopia: Ämne: Problem with ClamAV update Hi, I get weird result from autoupdate on one of my servers: Excerpt from a 'sane' server: [root@sane root]# grep updated /var/log/maillog Jun 12 08:03:52 sane ClamAV-autoupdate[9824]: ClamAV updated Jun 12 09:09:29 sane ClamAV-autoupdate[18865]: ClamAV updated [root@sane root]# clamscan -V ClamAV 0.85.1/929/Sun Jun 12 08:11:33 2005 [root@sane root]# date Sun Jun 12 09:40:48 EDT 2005 Excerpt from problematic server [root@insanelog]# grep updated /var/log/maillog Jun 12 05:01:45 instane ClamAV-autoupdate[5501]: ClamAV updated Jun 12 06:02:10 insane ClamAV-autoupdate[6012]: ClamAV updated [root@insane log]# clamscan -V ClamAV 0.85.1/919/Tue Jun 7 08:26:14 2005 [root@insane log]# date Sun Jun 12 06:39:11 PDT 2005 The logs say it is updating, around the same time as my other server (differences in time is because of timezone), but the definition # is not reflecting the update. If I run freshclam manually: [root@insanelog]# freshclam ClamAV update process started at Sun Jun 12 06:42:37 2005 main.cvd is up to date (version: 32, sigs: 34720, f-level: 5, builder: tkojm) Downloading daily.cvd [*] daily.cvd updated (version: 929, sigs: 798, f-level: 5, builder: diego) Database updated (35518 signatures) from database.clamav.net (IP: 195.92.99.99) [root@insane log]# clamscan -V ClamAV 0.85.1/929/Sun Jun 12 05:11:33 2005 Any ideas? Should I enable the log in freshclam.conf? Regards, Ugo ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Andreas.Doerfler at KEMPTEN.DE Mon Jun 13 09:07:59 2005 From: Andreas.Doerfler at KEMPTEN.DE ([iso-8859-1] Dörfler Andreas) Date: Thu Jan 12 21:30:00 2006 Subject: 4.43.2-1, bug ? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] ive forgot. done update from sa 3.0.3 to 3.0.4 too and dcc 1.3.3 to 1.3.5 so far i see in older mails ms is compatible with sa 3.0.4 ? > ive updated from 4.42.9-1 to beta 4.43.2-1 and i never got > these problem. > ive never needed archive clean. up to the update it worked > without any problems > and i didnt found something inside the releasenotes its needed now ?! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Andreas.Doerfler at KEMPTEN.DE Mon Jun 13 09:01:53 2005 From: Andreas.Doerfler at KEMPTEN.DE ([iso-8859-1] Dörfler Andreas) Date: Thu Jan 12 21:30:00 2006 Subject: 4.43.2-1, bug ? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] hello rakesh > >From your mail I am assuming that you quarantine your spams > as well and > you perform some extra checks like DCC or Razor or Pyzor. right In > such cases > virus mails are sometimes considered as spams by these extra > checks. If > you store/quarantine your spams then virus scanning is not > performed on > these mails and are directly quarantined. However if you don't > quarantine virus mails that are detected as spams please enable the > > Keep Spam And MCP Archive Clean = yes > > in your MailScanner.conf. This will cause MailScanner to perform virus > checks before quarantining the mail. thats a thing i dont understand ive updated from 4.42.9-1 to beta 4.43.2-1 and i never got these problem. ive never needed archive clean. up to the update it worked without any problems and i didnt found something inside the releasenotes its needed now ?! greetings andy --free your mind, use open source http://www.mono-project.com ASCII ribbon campaign ( ) - against HTML email X & vCards / \ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Mon Jun 13 09:50:42 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:30:00 2006 Subject: Gripe about corrupted signed messages to the list Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > > And you think I haven't? And the ongoing office-war hasn't gone down > the particular trench where the m-sexchange-person has disabled both > POP and IMAP? And (since he prefered a "secure" OWA solution) that > the server is so tightly wound that I can't get > at it with the evolution exchange connector? All done with the > blessing of the PHB, who actually set that corporate policy mandating > how I am supposed to read my mail. Oh well. > > But it's been noted, I'll make an effort to fix the SV:/RE: thing in > the future. > > -- Glenn > The SV: Thing doesnt bother me i thought it was the cause/symptom of the thread breaking? Sounds like an buggar - fortuantely our Exchange 'admins' dont know how to turn off IMAP etc, so our OWA makes makes a nice IMAP server for my thunderbird client, no more crappy OWA for me :) I guess there is no way you're allowed to try and access mail from a remote server from inside fortress work? eg your ISP? Good luck Pete ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jun 13 11:10:37 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:00 2006 Subject: not delivering mail Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Do you use razor? If so, are you doing a daily "razor-admin - discover" command? On 13 Jun 2005, at 07:06, Dave Filchak wrote: > After working just fine for many months, I now have an issue where no > mail is being delivered and maillog shows consistent errors saying > that > the address of sender does not resolve. However, in those addresses is > included my own domain and using dig to check these addresses, they > all > resolve just fine. I have Bind running on both of my mail servers and > neither seem to be able to resolve any domains. If I use dig to lookup > domains that show failure, they all seem to be able to resolve. The > local dns seems to be working. > > At this point, mail has virtually stopped. Any body offer up any > ideas? > > Dave > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQq1bnhH2WUcUFbZUEQIRYwCdEVnxPfS/+ZLfObaAOZyvYGIknwwAoJ7v 8Ql6lE/S0f+CxXBXOFSa2gef =btFp -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Mon Jun 13 12:14:08 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:30:00 2006 Subject: Password protected file - PW protected XLS, PDF & MDB files blocked - why? Message-ID: Since upgrading to MS 4.43.2-1 and Sophos 3.94 am finding that attempts to send password protected XLS, PDF and MDB files are being blocked. I have "Block Encrypted Messages = no" in MailScanner.conf so am at a loss to know how I can stop this behaviour. What I am seeing appears to be different to that which Jeff Earickson reported earlier this month as I am not getting an error from Sophos (or at least one I can see). My logs say, for example: Jun 13 10:37:08 cheviot2 MailScanner[21097]: Password protected file ./j5D9b3iZ027126/ISpwdprot.xls Jun 13 10:37:08 cheviot2 MailScanner[21097]: Virus Scanning: Sophos found 1 infections Suggestions on workarounds welcomed. Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Mon Jun 13 12:21:13 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:30:00 2006 Subject: Gripe about corrupted signed messages to the list Message-ID: Garry Glendown wrote: > Steen, Glenn wrote: >> Peter Russell wrote: >> >>> I use Thunderbird on win32m to read this list and have no issues at >>> all with any certs? >>> >>> Anyway, i do see HEAPS AND HEAPS of broken threads and the Subjects >>> almost always starts with SV: > [..] >> But it's been noted, I'll make an effort to fix the SV:/RE: thing in >> the future. > > The subject shouldn't be causing this --- just took a look at your > reply to the clamav update thread --- looks like your message does > not contain the references header ... so, rather than messing with > the subject, rather check why your MUA swallows the references ... > > -gg Oh so true. Note to self - Ingest coffee _before_ replying to mails... Just noticed a bit of "optimistic header removal" that I actually _do_ have control over... So now I should ge generating/passing through Thread-Topic: and Thread-Index: ... I'm no OL/MSEX-guru, so wouldn't know how to "enable/add" the In-Reply-To: and/or References: headers. Please enlighten me if you do. -- Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Mon Jun 13 12:26:57 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:30:00 2006 Subject: Gripe about corrupted signed messages to the list Message-ID: Pete Russell wrote: >> And you think I haven't? And the ongoing office-war hasn't gone down >> the particular trench where the m-sexchange-person has disabled both >> POP and IMAP? And (since he prefered a "secure" OWA solution) that >> the server is so tightly wound that I can't get >> at it with the evolution exchange connector? All done with the >> blessing of the PHB, who actually set that corporate policy mandating >> how I am supposed to read my mail. Oh well. >> >> But it's been noted, I'll make an effort to fix the SV:/RE: thing in >> the future. >> >> -- Glenn >> > > The SV: Thing doesnt bother me i thought it was the cause/symptom of > the thread breaking? > > Sounds like an buggar - fortuantely our Exchange 'admins' dont know > how to turn off IMAP etc, so our OWA makes makes a nice IMAP server > for my thunderbird client, no more crappy OWA for me :) > > I guess there is no way you're allowed to try and access mail from a > remote server from inside fortress work? eg your ISP? > > Good luck > Pete You're a "lucky" guy Pete (imagine what they don't know more:-):-). Anyway, using external mail solutions is seriously frowned upon. For at least _some_ good reasons:-). I do cheat a bit, but reading this list "off-site" would probably ... alert the enemy^H^H^H^H^Hcoworker in question:). Does this still break threads for you? I've discovered some header removals that really shouldn't have gone... Thread-Topic: and Thread-Index: more specifically. -- Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Mon Jun 13 12:41:54 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:30:00 2006 Subject: Gripe about corrupted signed messages to the list Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Steen, Glenn said: > Does this still break threads for you? I've discovered some header > removals that really shouldn't have gone... Thread-Topic: and > Thread-Index: more specifically. Glenn It's appeared threaded to my system so looking good! It's only the tread index header I believe that is important. The tread topic is irrelevant. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Mon Jun 13 12:47:32 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:30:00 2006 Subject: Gripe about corrupted signed messages to the list Message-ID: Drew Marshall wrote: > Steen, Glenn said: >> Does this still break threads for you? I've discovered some header >> removals that really shouldn't have gone... Thread-Topic: and >> Thread-Index: more specifically. > > Glenn > > It's appeared threaded to my system so looking good! It's only the > tread index header I believe that is important. The tread topic is > irrelevant. > > Drew Great! What's fooled me so long is that all _my_ messages (of course) have been threaded by m-sexchange, and most/everyone else not having this erroneous setup... Well, I never saw it. -- Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From smilga at MIKROTIK.COM Mon Jun 13 13:02:01 2005 From: smilga at MIKROTIK.COM (Martins Smilga) Date: Thu Jan 12 21:30:00 2006 Subject: Spam action Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, If I put "Spam action = store " what happen? This mail get only in archive or also forward to recipient? Martins ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Mon Jun 13 13:09:02 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:30:00 2006 Subject: Spam action Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Martins Smilga said: > Hello, > > If I put "Spam action = store " what happen? > > This mail get only in archive or also forward to recipient? > > > Martins Martins Please start a new thread or your question will get lost in the original. The answer to your question however, is that is will do what it says on the tin and just store the mesage in the quarantine. If you want delivery as well you need to specify where you want it delivered e.g. store deliver spam@tld.com Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jun 13 13:30:50 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:00 2006 Subject: Spam action Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Martins Smilga said: > Hello, > > If I put "Spam action = store " what happen? > > This mail get only in archive or also forward to recipient? > > > Martins > The answer to your question however, is that is will do what it says on the tin and just store the mesage in the quarantine. If you want delivery as well you need to specify where you want it delivered e.g. store deliver spam@tld.com - -- Not quite true. If you want to store and deliver to the original recipient, you want "store deliver". If you also want to forward the message to some other address too, then you should use the "forward" action. The syntax for all this is (fairly clearly, I hope) explained in the relevant bit of MailScanner.conf. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQq18exH2WUcUFbZUEQJxhACg9JROvz4hdssQGkeQ1KqCaDtw96UAn2L9 t/p4Fww3uMPOJkIKO7B5W7fZ =QqKw -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Mon Jun 13 14:29:32 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:30:00 2006 Subject: Custom black list question Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello all.... I made a custom blacklist in /etc/Mailscanner/rules/Custom_BlackList in it i have a test email address blacklisted in the sysntax of From: rob@thehostmasters.com YES In /etc/Mailscanner.conf i have thise line set to Definite Spam Is High Scoring = /etc/Mailscanner/rules/Custom_BlackList so that it gets deleted rather than just marked as spam and delivered, as my high score for spam gets deleted. I restarted MS and sent a test email form that address and it simply goes through... am i forgetting somehting here? :) Sendmail V8.12.11 MS V4.40 SA V3.03 Fedora core 2 Thanks... Rob... ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Andreas.Doerfler at KEMPTEN.DE Mon Jun 13 14:38:20 2005 From: Andreas.Doerfler at KEMPTEN.DE ([iso-8859-1] Dörfler Andreas) Date: Thu Jan 12 21:30:00 2006 Subject: Custom black list question Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] for blacklist Is Definitely Spam = %rules-dir%/spam.blacklist.rules dont forget to set FromOrTo: default no at bottom of the file -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Rob Sent: Monday, June 13, 2005 3:30 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Custom black list question Hello all.... I made a custom blacklist in /etc/Mailscanner/rules/Custom_BlackList in it i have a test email address blacklisted in the sysntax of From: rob@thehostmasters.com YES In /etc/Mailscanner.conf i have thise line set to Definite Spam Is High Scoring = /etc/Mailscanner/rules/Custom_BlackList so that it gets deleted rather than just marked as spam and delivered, as my high score for spam gets deleted. I restarted MS and sent a test email form that address and it simply goes through... am i forgetting somehting here? :) Sendmail V8.12.11 MS V4.40 SA V3.03 Fedora core 2 Thanks... Rob... ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Mon Jun 13 14:41:48 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:30:00 2006 Subject: Spam action Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field said: > Not quite true. Oops, never work from memory :-( > If you want to store and deliver to the original recipient, you want > "store deliver". If you also want to forward the message to some > other address too, then you should use the "forward" action. The > syntax for all this is (fairly clearly, I hope) explained in the > relevant bit of MailScanner.conf. But not too far off! Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Mon Jun 13 14:42:34 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:30:00 2006 Subject: Custom black list question Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ok right, but if I want the spam to be deleted NOT delivered with Spam in the subject, this should work then? However I did forget to put FromOrTo: default no in the file I just did , I will try it again after I add that line thanks.. Rob... ----- Original Message ----- From: "Dörfler Andreas" To: Sent: Monday, June 13, 2005 9:38 AM Subject: Re: Custom black list question for blacklist Is Definitely Spam = %rules-dir%/spam.blacklist.rules dont forget to set FromOrTo: default no at bottom of the file -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Rob Sent: Monday, June 13, 2005 3:30 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Custom black list question Hello all.... I made a custom blacklist in /etc/Mailscanner/rules/Custom_BlackList in it i have a test email address blacklisted in the sysntax of From: rob@thehostmasters.com YES In /etc/Mailscanner.conf i have thise line set to Definite Spam Is High Scoring = /etc/Mailscanner/rules/Custom_BlackList so that it gets deleted rather than just marked as spam and delivered, as my high score for spam gets deleted. I restarted MS and sent a test email form that address and it simply goes through... am i forgetting somehting here? :) Sendmail V8.12.11 MS V4.40 SA V3.03 Fedora core 2 Thanks... Rob... ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Mon Jun 13 14:53:38 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:30:00 2006 Subject: Custom black list question Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] So after adding the forgotten default line still does not work... weird.... I must be not doing something right? :) Rob... ----- Original Message ----- From: "Rob" To: Sent: Monday, June 13, 2005 9:42 AM Subject: Re: Custom black list question Ok right, but if I want the spam to be deleted NOT delivered with Spam in the subject, this should work then? However I did forget to put FromOrTo: default no in the file I just did , I will try it again after I add that line thanks.. Rob... ----- Original Message ----- From: "Dörfler Andreas" To: Sent: Monday, June 13, 2005 9:38 AM Subject: Re: Custom black list question for blacklist Is Definitely Spam = %rules-dir%/spam.blacklist.rules dont forget to set FromOrTo: default no at bottom of the file -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Rob Sent: Monday, June 13, 2005 3:30 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Custom black list question Hello all.... I made a custom blacklist in /etc/Mailscanner/rules/Custom_BlackList in it i have a test email address blacklisted in the sysntax of From: rob@thehostmasters.com YES In /etc/Mailscanner.conf i have thise line set to Definite Spam Is High Scoring = /etc/Mailscanner/rules/Custom_BlackList so that it gets deleted rather than just marked as spam and delivered, as my high score for spam gets deleted. I restarted MS and sent a test email form that address and it simply goes through... am i forgetting somehting here? :) Sendmail V8.12.11 MS V4.40 SA V3.03 Fedora core 2 Thanks... Rob... ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From joshua.hirsh at PARTNERSOLUTIONS.CA Mon Jun 13 14:57:41 2005 From: joshua.hirsh at PARTNERSOLUTIONS.CA (Joshua Hirsh) Date: Thu Jan 12 21:30:00 2006 Subject: Custom black list question Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > So after adding the forgotten default line still does not work... > > weird.... I must be not doing something right? Hi Rob, Please note that the filename for a rule sets must end in ".rules" to be processed properly by MailScanner. Cheers, -Joshua ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ebruce at HPMICH.COM Mon Jun 13 14:59:25 2005 From: ebruce at HPMICH.COM (Ed Bruce) Date: Thu Jan 12 21:30:00 2006 Subject: Gripe about corrupted signed messages to the list Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Peter Russell wrote: > I use Thunderbird on win32m to read this list and have no issues at > all with any certs? > > Anyway, i do see HEAPS AND HEAPS of broken threads and the Subjects > almost always starts with SV: > > Is appears as though its the outlook users causing this - arent you > able to install Tbird and use it just for lists ? cos every second > thread in the list being broken is pretty ordinary. > Gonna add a me too. I use Thunderbird read this list, I just couldn't follow all the discussions if it wasn't threaded. I also can connect to gmane using Thunderbird when I need to search the whole list. My gripe is all the broken threads. Especially those that just change the subject when they reply. So in the middle of a thread about one subject all of a sudden it changes to something else becuase simply changing the subject does not create a new thread. :-( -- This message has been scanned for viruses and dangerous content by Secure Resource, and is believed to be clean. MailScanner thanks transtec Computers for their support. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Mon Jun 13 15:05:37 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:30:00 2006 Subject: Custom black list question Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Opps, ok so renamed and restarted, still no go..... I thought this should be a simple thing....?? Any other thing i should look for... Thanks for allthe help so far.... Rob... ----- Original Message ----- From: "Joshua Hirsh" To: Sent: Monday, June 13, 2005 9:57 AM Subject: Re: Custom black list question > So after adding the forgotten default line still does not work... > > weird.... I must be not doing something right? Hi Rob, Please note that the filename for a rule sets must end in ".rules" to be processed properly by MailScanner. Cheers, -Joshua ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dstraka at CASPERCOLLEGE.EDU Mon Jun 13 15:40:38 2005 From: dstraka at CASPERCOLLEGE.EDU (Daniel Straka) Date: Thu Jan 12 21:30:00 2006 Subject: Keyword Blacklists Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Is there any way to configure MailScanner to blacklist and delete messages based on keywords in the header or message body? Dan Straka Casper College (307)268-2399 ** Visit Casper College Online at www.caspercollege.edu ** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From joshua.hirsh at PARTNERSOLUTIONS.CA Mon Jun 13 15:25:34 2005 From: joshua.hirsh at PARTNERSOLUTIONS.CA (Joshua Hirsh) Date: Thu Jan 12 21:30:00 2006 Subject: Keyword Blacklists Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > Is there any way to configure MailScanner to blacklist and delete > messages based on keywords in the header or message body? Hi Dan, You should take a look at the configuration for MCP. MCP was included as a method to accomplish what you're asking for. You could also do this directly in SpamAssassin (MCP is a second check with SpamAssassin for bad content/banned words). -Joshua ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at nkpanama.com Mon Jun 13 15:26:25 2005 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Jan 12 21:30:00 2006 Subject: Keyword Blacklists Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Daniel Straka wrote: >Is there any way to configure MailScanner to blacklist and delete >messages based on keywords in the header or message body? > >Dan Straka >Casper College >(307)268-2399 > > ** Visit Casper College Online at www.caspercollege.edu ** > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > Use spamassassin to add rules regarding the body, headers, subject, etc. - and give them sufficiently high results to get blocked. You can also use MCP for this purpose. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Mon Jun 13 15:28:15 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:30:00 2006 Subject: Keyword Blacklists Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Daniel Straka > Sent: Monday, June 13, 2005 10:41 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Keyword Blacklists > > Is there any way to configure MailScanner to blacklist and delete > messages based on keywords in the header or message body? > > Dan Straka > Casper College > (307)268-2399 Abosultely. Look at the MCP (Message Content Protection) settings in MailScanner.conf. You will have to write your own rule sets for detecting keywords but the MCP rule sets are simply SpamAssassin rule sets which look for you key works or phrases. Steve Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From joshua.hirsh at PARTNERSOLUTIONS.CA Mon Jun 13 15:28:33 2005 From: joshua.hirsh at PARTNERSOLUTIONS.CA (Joshua Hirsh) Date: Thu Jan 12 21:30:00 2006 Subject: Custom black list question Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Rob, Ok, just to confirm.. You have your ruleset defined for "Is Definitely Spam", such as "Is Definitely Spam = %rules-dir%/spam.blacklist.rules" and you also have "Definite Spam Is High Scoring = yes" and "High Scoring Spam Actions = delete"? Your spam.blacklist.rules file should also look similar to this (the default entry defined last): From: *@*dabsmaah.biz yes From: spammer@spamdomain.com and To: *@yourdomain.com yes To: PHB@yourdomain.com yes FromOrTo: default no Also verify in your logs that MailScanner is actually restarting properly. -Joshua ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bpumphrey at WOODMACLAW.COM Mon Jun 13 15:31:28 2005 From: bpumphrey at WOODMACLAW.COM (Billy A. Pumphrey) Date: Thu Jan 12 21:30:00 2006 Subject: Problem with ClamAV update Message-ID: Little bit different question if I may. How does MailScanner use ClamAV? Looks like it doesn't use clamd. Would someone help me understand why and how MailScanner uses clamav? Billy Pumphrey IT Manager Wooden & McLaughlin > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Ugo Bellavance > Sent: Sunday, June 12, 2005 4:01 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Problem with ClamAV update > > Miguel Koren OBrien de Lacy wrote: > > Ugo; > > > > I meant that v: 0.85.1/919 is lower than 0.85.1/929, assuming that 919 > and 929 are > > part of the version number. Since you said that after running freshclam > manually you > > also get 0.85.1/929, this looks more like a database version. > > Yes, it is the version of the virus definitions. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Mon Jun 13 15:39:44 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:30:00 2006 Subject: Custom black list question Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] here is what i have... Is Definitely Spam = no Definite Spam Is High Scoring = %rules-dir%/spam.blacklist.rules Changed file names to be standard with everyhting else... files contents of spam.blacklist.rules From: kenccs@188.com YES From: rob@bloodycaesar.ca YES FromOrTo: default no Rob... ----- Original Message ----- From: "Joshua Hirsh" To: Sent: Monday, June 13, 2005 10:28 AM Subject: Re: Custom black list question Hi Rob, Ok, just to confirm.. You have your ruleset defined for "Is Definitely Spam", such as "Is Definitely Spam = %rules-dir%/spam.blacklist.rules" and you also have "Definite Spam Is High Scoring = yes" and "High Scoring Spam Actions = delete"? Your spam.blacklist.rules file should also look similar to this (the default entry defined last): From: *@*dabsmaah.biz yes From: spammer@spamdomain.com and To: *@yourdomain.com yes To: PHB@yourdomain.com yes FromOrTo: default no Also verify in your logs that MailScanner is actually restarting properly. -Joshua ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From joshua.hirsh at PARTNERSOLUTIONS.CA Mon Jun 13 15:48:32 2005 From: joshua.hirsh at PARTNERSOLUTIONS.CA (Joshua Hirsh) Date: Thu Jan 12 21:30:00 2006 Subject: Custom black list question Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > here is what i have... > > Is Definitely Spam = no > Definite Spam Is High Scoring = %rules-dir%/spam.blacklist.rules > Changed file names to be standard with everyhting else... > > files contents of spam.blacklist.rules > > > From: kenccs@188.com YES > From: rob@bloodycaesar.ca YES > FromOrTo: default no Hi Rob, What exactly are you trying to accomplish? From the configuration you have sent, any messages sent from kenccs@188.com or rob@bloodycaesar.ca will be subjected to the 'High Scoring Spam Actions', but only if they also match in the ruleset for 'Is Definitely Spam' (which you have defined as no, so they'll never match). If you're attempting to blacklist and delete messages originating from addresses in your rules file, change "Definite Spam Is High Scoring" to yes (unless you don't want it to be deleted and just marked as spam) and set "Is Definitely Spam" to match against your rules file. Please read the configuration comments carefully for these two configuration options. Regards, -Joshua ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Mon Jun 13 16:00:12 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:30:00 2006 Subject: Custom black list question Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Fantastic it works now... I guess I got it backwards... Thanks allot for all your help.... Have a super day! Rob... ----- Original Message ----- From: "Joshua Hirsh" To: Sent: Monday, June 13, 2005 10:48 AM Subject: Re: Custom black list question > here is what i have... > > Is Definitely Spam = no > Definite Spam Is High Scoring = %rules-dir%/spam.blacklist.rules > Changed file names to be standard with everyhting else... > > files contents of spam.blacklist.rules > > > From: kenccs@188.com YES > From: rob@bloodycaesar.ca YES > FromOrTo: default no Hi Rob, What exactly are you trying to accomplish? From the configuration you have sent, any messages sent from kenccs@188.com or rob@bloodycaesar.ca will be subjected to the 'High Scoring Spam Actions', but only if they also match in the ruleset for 'Is Definitely Spam' (which you have defined as no, so they'll never match). If you're attempting to blacklist and delete messages originating from addresses in your rules file, change "Definite Spam Is High Scoring" to yes (unless you don't want it to be deleted and just marked as spam) and set "Is Definitely Spam" to match against your rules file. Please read the configuration comments carefully for these two configuration options. Regards, -Joshua ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dstraka at CASPERCOLLEGE.EDU Mon Jun 13 16:18:53 2005 From: dstraka at CASPERCOLLEGE.EDU (Daniel Straka) Date: Thu Jan 12 21:30:00 2006 Subject: Keyword Blacklists II Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] OK, so if I wanted to blacklist messages containing keywords such as sperm or orgasms or viagra, what is the step-by-step procedure to enable blacklisting? Anyone may reply off-line. Thanks....Dan Quoting Stephen Swaney : > > -----Original Message----- > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] > On > > Behalf Of Daniel Straka > > Sent: Monday, June 13, 2005 10:41 AM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Keyword Blacklists > > > > Is there any way to configure MailScanner to blacklist and delete > > messages based on keywords in the header or message body? > > > > Dan Straka > > Casper College > > (307)268-2399 > > Abosultely. Look at the MCP (Message Content Protection) settings in > MailScanner.conf. You will have to write your own rule sets for > detecting > keywords but the MCP rule sets are simply SpamAssassin rule sets > which look > for you key works or phrases. > > Steve > > Steve Swaney > President > Fortress Systems Ltd. > Phone: 202 338-1670 > Cell: 202 352-3262 > www.fsl.com > steve.swaney@fsl.com > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > Dan Straka Casper College (307)268-2399 ** Visit Casper College Online at www.caspercollege.edu ** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Mon Jun 13 15:51:55 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:00 2006 Subject: SV: Problem with ClamAV update Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Steen, Glenn wrote: > Perhaps you'll see something in /tmpClamav.update.log (or whatever it'scalled ... I'm @home:-)? I found someting about my version being outdated. I went to ClamAV's list archive and I'm on my way to solve that. Thanks, > > -- Glenn > > -----Ursprungligt meddelande----- > Från: MailScanner mailing list genom Ugo Bellavance > Skickat: sö 2005-06-12 15:45 > Till: MAILSCANNER@JISCMAIL.AC.UK > Kopia: > Ämne: Problem with ClamAV update > Hi, > > I get weird result from autoupdate on one of my servers: > > Excerpt from a 'sane' server: > > [root@sane root]# grep updated /var/log/maillog > Jun 12 08:03:52 sane ClamAV-autoupdate[9824]: ClamAV updated > Jun 12 09:09:29 sane ClamAV-autoupdate[18865]: ClamAV updated > [root@sane root]# clamscan -V > ClamAV 0.85.1/929/Sun Jun 12 08:11:33 2005 > [root@sane root]# date > Sun Jun 12 09:40:48 EDT 2005 > > Excerpt from problematic server > > [root@insanelog]# grep updated /var/log/maillog > Jun 12 05:01:45 instane ClamAV-autoupdate[5501]: ClamAV updated > Jun 12 06:02:10 insane ClamAV-autoupdate[6012]: ClamAV updated > [root@insane log]# clamscan -V > ClamAV 0.85.1/919/Tue Jun 7 08:26:14 2005 > [root@insane log]# date > Sun Jun 12 06:39:11 PDT 2005 > > The logs say it is updating, around the same time as my other server > (differences in time is because of timezone), but the definition # is > not reflecting the update. If I run freshclam manually: > > [root@insanelog]# freshclam > ClamAV update process started at Sun Jun 12 06:42:37 2005 > main.cvd is up to date (version: 32, sigs: 34720, f-level: 5, builder: > tkojm) > Downloading daily.cvd [*] > daily.cvd updated (version: 929, sigs: 798, f-level: 5, builder: diego) > Database updated (35518 signatures) from database.clamav.net (IP: > 195.92.99.99) > [root@insane log]# clamscan -V > ClamAV 0.85.1/929/Sun Jun 12 05:11:33 2005 > > Any ideas? > > Should I enable the log in freshclam.conf? > > Regards, > > Ugo > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From joshua.hirsh at PARTNERSOLUTIONS.CA Mon Jun 13 16:04:59 2005 From: joshua.hirsh at PARTNERSOLUTIONS.CA (Joshua Hirsh) Date: Thu Jan 12 21:30:00 2006 Subject: Keyword Blacklists II Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > OK, so if I wanted to blacklist messages containing keywords such as > sperm or orgasms or viagra, what is the step-by-step > procedure to enable blacklisting? Anyone may reply off-line. Hi Daniel, You should take a look at this document: http://www.sng.ecs.soton.ac.uk/mailscanner/install/mcp Cheers, -Joshua ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Mon Jun 13 16:16:24 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:00 2006 Subject: Problem with ClamAV update Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Billy A. Pumphrey wrote: > Little bit different question if I may. > > How does MailScanner use ClamAV? Looks like it doesn't use clamd. > Would someone help me understand why and how MailScanner uses clamav? > Mailscanner unpacks a batch of messages to a temporary directory tree, and then runs the command line scanners on that directory. When the scanners report back infections. MailScanner, since it kept track of where each message was unpacked, can parse the output and delete/quarantine/warn of each infected message. -- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bpumphrey at WOODMACLAW.COM Mon Jun 13 16:38:22 2005 From: bpumphrey at WOODMACLAW.COM (Billy A. Pumphrey) Date: Thu Jan 12 21:30:00 2006 Subject: Problem with ClamAV update Message-ID: Which program of Clam does it use. Clamscan? -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Scott Silva Sent: Monday, June 13, 2005 10:16 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Problem with ClamAV update Billy A. Pumphrey wrote: > Little bit different question if I may. > > How does MailScanner use ClamAV? Looks like it doesn't use clamd. > Would someone help me understand why and how MailScanner uses clamav? > Mailscanner unpacks a batch of messages to a temporary directory tree, and then runs the command line scanners on that directory. When the scanners report back infections. MailScanner, since it kept track of where each message was unpacked, can parse the output and delete/quarantine/warn of each infected message. -- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Mon Jun 13 16:37:16 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:00 2006 Subject: Custom black list question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rob wrote: > So after adding the forgotten default line still does not work... > > weird.... I must be not doing something right? > > :) > > Rob... > > ----- Original Message ----- From: "Rob" > To: > Sent: Monday, June 13, 2005 9:42 AM > Subject: Re: Custom black list question > > > Ok right, but if I want the spam to be deleted NOT delivered with Spam in > the subject, this should work then? > > However I did forget to put FromOrTo: default no in the file I just did , I > will try it again after I add that line > > thanks.. > > Rob... > > ----- Original Message ----- From: "Dörfler Andreas" > > To: > Sent: Monday, June 13, 2005 9:38 AM > Subject: Re: Custom black list question > > > for blacklist > > Is Definitely Spam = %rules-dir%/spam.blacklist.rules > > dont forget to set > > FromOrTo: default no > > at bottom of the file > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf > Of Rob > Sent: Monday, June 13, 2005 3:30 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Custom black list question > > > Hello all.... > > I made a custom blacklist in /etc/Mailscanner/rules/Custom_BlackList > > in it i have a test email address blacklisted in the sysntax of > > From: rob@thehostmasters.com YES > > > In /etc/Mailscanner.conf i have thise line set to > > Definite Spam Is High Scoring = /etc/Mailscanner/rules/Custom_BlackList > What you missed is to end the filename with .rules or .rule, so MailScanner parses it as a rules file. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Mon Jun 13 16:39:31 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:00 2006 Subject: Custom black list question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rob wrote: > here is what i have... > > Is Definitely Spam = no > Definite Spam Is High Scoring = %rules-dir%/spam.blacklist.rules > Changed file names to be standard with everyhting else... > Try Is Definitely Spam = %rules-dir%/spam.blacklist.rules Definite Spam Is High Scoring = yes -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Mon Jun 13 16:46:52 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:00 2006 Subject: Problem with ClamAV update Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Billy A. Pumphrey wrote: > Which program of Clam does it use. Clamscan? > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Scott Silva > Sent: Monday, June 13, 2005 10:16 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Problem with ClamAV update > > Billy A. Pumphrey wrote: > >>Little bit different question if I may. >> >>How does MailScanner use ClamAV? Looks like it doesn't use clamd. >>Would someone help me understand why and how MailScanner uses clamav? >> > > Mailscanner unpacks a batch of messages to a temporary directory tree, > and then runs the command line scanners on that directory. > When the scanners report back infections. MailScanner, since it kept > track of where each message was unpacked, can parse the output and > delete/quarantine/warn of each infected message. > Yes clamscan, unless you are using the clamavmodule, then it is a scanner in perl, using the clam database. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martelm at QUARK.VSC.EDU Mon Jun 13 18:04:00 2005 From: martelm at QUARK.VSC.EDU (Michael H. Martel) Date: Thu Jan 12 21:30:00 2006 Subject: Best Virus Scanners to use with MailScanner Message-ID: Hello! I'm looking at making sure we get as few viruses as possible. To which end we're currently using ClamAV, McAfee, BitDefender, and F-Prot as our Virus Scanners. What do people consider to be the best AV packages to use with MailScanner ? Thanks! Michael -- --------------------------------o--------------------------------- Michael H. Martel | Systems Administrator michael.martel@vsc.edu | Vermont State Colleges http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jun 13 18:12:43 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:00 2006 Subject: Problem with ClamAV update Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Scott Silva wrote: >Billy A. Pumphrey wrote: > > >>Which program of Clam does it use. Clamscan? >> >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>Behalf Of Scott Silva >>Sent: Monday, June 13, 2005 10:16 AM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: Problem with ClamAV update >> >>Billy A. Pumphrey wrote: >> >> >> >>>Little bit different question if I may. >>> >>>How does MailScanner use ClamAV? Looks like it doesn't use clamd. >>>Would someone help me understand why and how MailScanner uses clamav? >>> >>> >>> >>Mailscanner unpacks a batch of messages to a temporary directory tree, >>and then runs the command line scanners on that directory. >>When the scanners report back infections. MailScanner, since it kept >>track of where each message was unpacked, can parse the output and >>delete/quarantine/warn of each infected message. >> >> >> >Yes clamscan, unless you are using the clamavmodule, then it is a >scanner in perl, using the clam database. > > The clamavmodule is the fastest way of calling ClamAV, faster than using spamd or spamc. My method does not require starting any programs at all, it just directly calls the C ClamAV function library straight from Perl. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQq2+jBH2WUcUFbZUEQLNEgCg3FI1nF1qOMCwlNkMFR43bAKoc6sAnRbr Zt3+zBRO83Z2Zt40ksaqSrP0 =yifd -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jun 13 18:28:40 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:00 2006 Subject: Best Virus Scanners to use with MailScanner Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is an age-old question, but you will find a lot of MailScanner systems depend on ClamAV and BitDefender (for cost reasons) and one other that varies. I personally recommend Sophos or F-Prot, they are my favourites. McAfee seems to be unreliable as they aren't very fast about putting out updates, and they have this funny system or normal virus siganture files and "extra" ones when they feel like it. Other people can comment on McAfee better than I can. We have a site licence for Sophos, which as a University did not cost us much for what I reckon is a very good product. I would recommend *against* using Panda, it's diabolical. Poor old Rick Cooper seems to spend a lot of his time trying to get the virus detection working properly with Panda, due to their stupid output system. ClamAV is not only free (as in beer, and as in speech), but is also very good indeed. They are very often faster to respond to new viruses than most/all of the commercial competition. In the first few hours of a new virus, MailScanner does of course protect you using the other checks, such as the filename and filetype detection, both of which are vital and which don't exist in most of the commercial competition. Want to get a new virus executable straight into Microsoft's own corporate mail system? Call it blah_exe instead of blah.exe and tell the recipients to rename it for some reason you think up. They have no filetype protection, only filename. And they say they are serious about making their products secure? They should start by fixing the packages they rely on themselves! Hope some of that helps. Michael H. Martel wrote: > Hello! > > I'm looking at making sure we get as few viruses as possible. To > which end we're currently using ClamAV, McAfee, BitDefender, and > F-Prot as our Virus Scanners. What do people consider to be the best > AV packages to use with MailScanner ? > > Thanks! > > > Michael > > -- > > --------------------------------o--------------------------------- > Michael H. Martel | Systems Administrator > michael.martel@vsc.edu | Vermont State Colleges > http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQq3CShH2WUcUFbZUEQJ53QCg8o+Y7dd81t4KX5q5cvy1mIKf/K4AoINH TElFY+5rDOYt63+cdWBncci1 =Te/T -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Mon Jun 13 18:23:23 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:00 2006 Subject: Best Virus Scanners to use with MailScanner Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Michael H. Martel wrote: > Hello! > > I'm looking at making sure we get as few viruses as possible. To which > end we're currently using ClamAV, McAfee, BitDefender, and F-Prot as our > Virus Scanners. What do people consider to be the best AV packages to > use with MailScanner ? There is not one absolute answer to this, but with 4 scanners, you should be on the safe side. http://wiki.mailscanner.info/doku.php?id=maq:index#what_anti-virus_is_the_best > > Thanks! > > > Michael > > -- > > --------------------------------o--------------------------------- > Michael H. Martel | Systems Administrator > michael.martel@vsc.edu | Vermont State Colleges > http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dan.farmer at PHONEDIR.COM Mon Jun 13 18:39:28 2005 From: dan.farmer at PHONEDIR.COM (Dan Farmer) Date: Thu Jan 12 21:30:00 2006 Subject: Password protected file - PW protected XLS, PDF & MDB files blocked - why? Message-ID: On Jun 13, 2005, at 5:14 AM, Quentin Campbell wrote: > Since upgrading to MS 4.43.2-1 and Sophos 3.94 am finding that > attempts > to send password protected XLS, PDF and MDB files are being blocked. > > I have "Block Encrypted Messages = no" in MailScanner.conf so am at a > loss to know how I can stop this behaviour. What I am seeing > appears to > be different to that which Jeff Earickson reported earlier this > month as > I am not getting an error from Sophos (or at least one I can see). > > Suggestions on workarounds welcomed. check this setting: Allow Password-Protected Archives = yes (it was added when all those password protected zip viruses were coming outta the woodwork - I think it just blocks archives but maybe it also blocks other password protected content as well...?) The only other thing that I can think is that if it really is Sophos (as the logs indicate), maybe you could look into the "Allowed Sophos Error Messages =" setting to add this error - but I'm not sure how this section all works, we don't use Sophos. dan ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Mon Jun 13 18:44:38 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:30:00 2006 Subject: TNEF files left in incoming sendmail queue Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Adri Koppes wrote: >Today I noticed I had 2 tnef files left in my incoming sendmail queue (/var/spool/mqueue.in). >Does MailScanner expand these in the incoming queue directory? >I'm using the internal TNEF module. > >MailScanner.conf contains: > >Expand TNEF = yes >Deliver Unparsable TNEF = no >TNEF Expander = internal >TNEF Timeout = 120 > > > I also see them once in a while. Running with the same config as you are. MS versions ranging from 4.34 to 4.40. I just delete them manually alongside any email leftovers (incomplete qf/df pairs). Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jun 13 18:58:18 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:00 2006 Subject: Password protected file - PW protected XLS, PDF & MDB files blocked - why? Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Are you using sophos or sophossavi? If you would like me to take a look, please put an example password-protected xls file on a web server somewhere and mail me (off list) the URL where I can get it. The log output from the relevant time would be very helpful too. Dan Farmer wrote: > On Jun 13, 2005, at 5:14 AM, Quentin Campbell wrote: > >> Since upgrading to MS 4.43.2-1 and Sophos 3.94 am finding that attempts >> to send password protected XLS, PDF and MDB files are being blocked. >> >> I have "Block Encrypted Messages = no" in MailScanner.conf so am at a >> loss to know how I can stop this behaviour. What I am seeing appears to >> be different to that which Jeff Earickson reported earlier this >> month as >> I am not getting an error from Sophos (or at least one I can see). >> >> Suggestions on workarounds welcomed. > > > check this setting: > Allow Password-Protected Archives = yes > (it was added when all those password protected zip viruses were > coming outta the woodwork - I think it just blocks archives but maybe > it also blocks other password protected content as well...?) > > The only other thing that I can think is that if it really is Sophos > (as the logs indicate), maybe you could look into the "Allowed Sophos > Error Messages =" setting to add this error - but I'm not sure how > this section all works, we don't use Sophos. > > dan > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQq3JOhH2WUcUFbZUEQJuXwCg0oIQ8zsFuZUesbJJi+u33qZDsssAoK5m vPl+HHK0+/ewygrLefh1fSn0 =hTUm -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From craig at WESTPRESS.COM Mon Jun 13 18:59:15 2005 From: craig at WESTPRESS.COM (Craig Daters) Date: Thu Jan 12 21:30:00 2006 Subject: Scoring DNSRBL from spam.lists.conf? Message-ID: It was my belief that using the DNSRBL stuff in spam.lists.conf meant that messages who's origin IP, etc was found to exist on these lists where scored and thus contributed to the final spam score of a particular message? This past weekend, we had a Comcast user send mail to several of our users using some fake from addresses which ended in our domain, i.e.: info@westpress.com (legitimate) register@westpress.com (fake) so on, and so on. I went to www.DNSstuff.com to see which lists would have this person listed and entered some of the ones that looked not to be overly aggressive. This is where I learned that any message which appears on a list results is it automatically being flagged as spam. I have looked in MailScanner.conf, the only option I find that allow some control over how messages are flagged is the "Spam Lists To Reach High Score" option (which I have set to "3" by the way). Is this the correct behavior for the "Spam List" option? And secondly, is there a way to apply scores to these instead? --- Craig Daters (craig@westpress.com) Systems Administrator West Press 1663 West Grant Road Tucson, Arizona 85745 (520) 624-4939 x208 (520) 624-2715 fax www.westpress.com -- Please note: It is the policy of West Press that all e-mail sent to and from any @westpress.com address may be recorded and monitored. Unless it is West Press related business, please do not send any material of a private, personal, or confidential nature to this or any @westpress.com e-mail address. This message has been scanned for UCE (spam), viruses, and dangerous content, and is believed to be clean ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Mon Jun 13 18:55:54 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:00 2006 Subject: Password protected file - PW protected XLS, PDF & MDB files blocked - why? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Quentin Campbell wrote: > Since upgrading to MS 4.43.2-1 and Sophos 3.94 am finding that attempts > to send password protected XLS, PDF and MDB files are being blocked. > > I have "Block Encrypted Messages = no" in MailScanner.conf so am at a > loss to know how I can stop this behaviour. What I am seeing appears to > be different to that which Jeff Earickson reported earlier this month as > I am not getting an error from Sophos (or at least one I can see). > See the recents posts about Sophos (Allowed Sophos Error Messages). You should get your answer there. hth Ugo > My logs say, for example: > > Jun 13 10:37:08 cheviot2 MailScanner[21097]: Password protected file > ./j5D9b3iZ027126/ISpwdprot.xls > Jun 13 10:37:08 cheviot2 MailScanner[21097]: Virus Scanning: Sophos > found 1 infections > > Suggestions on workarounds welcomed. > > Quentin > --- > PHONE: +44 191 222 8209 Information Systems and Services (ISS), > University of Newcastle, > Newcastle upon Tyne, > FAX: +44 191 222 8765 United Kingdom, NE1 7RU. > ------------------------------------------------------------------------ > "Any opinion expressed above is mine. The University can get its own." > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Mon Jun 13 19:09:39 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:30:00 2006 Subject: Password protected file - PW protected XLS, PDF & MDB files blocked - why? Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Dan Farmer > Sent: Monday, June 13, 2005 12:39 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Password protected file - PW protected XLS, PDF & MDB files > blocked - why? > > > On Jun 13, 2005, at 5:14 AM, Quentin Campbell wrote: > > > Since upgrading to MS 4.43.2-1 and Sophos 3.94 am finding that > > attempts > > to send password protected XLS, PDF and MDB files are being blocked. > > > > I have "Block Encrypted Messages = no" in MailScanner.conf so am at a > > loss to know how I can stop this behaviour. What I am seeing > > appears to > > be different to that which Jeff Earickson reported earlier this > > month as > > I am not getting an error from Sophos (or at least one I can see). > > > > Suggestions on workarounds welcomed. > > check this setting: > Allow Password-Protected Archives = yes > (it was added when all those password protected zip viruses were > coming outta the woodwork - I think it just blocks archives but maybe > it also blocks other password protected content as well...?) It just blocks protected archives and isn't relevant to his problem > > The only other thing that I can think is that if it really is Sophos > (as the logs indicate), maybe you could look into the "Allowed Sophos > Error Messages =" setting to add this error - but I'm not sure how > this section all works, we don't use Sophos. > This is the correct place and the topic as well as the solution is in last week's archive, but I can't recall exactly what goes into the "Allowed Sophos Error Messages". I *think* Julian added the information to the latest MailScanner.conf section. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Mon Jun 13 19:10:32 2005 From: michele at BLACKNIGHT.IE (Michele Neylon:: Blacknight) Date: Thu Jan 12 21:30:00 2006 Subject: Scoring DNSRBL from spam.lists.conf? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] What are you actually doing? If you put a DNSBL in your mailscanner.conf *any* mail which hits *any* of the lists in MailScanner.conf will be flagged as spam and the spam action applied If you want to simply score based on DNSBL listings you need to do that via your SA rules and possibly via spam.assassin.prefs.conf NOT MailScanner.conf HTH Michele ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jun 13 19:19:16 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:00 2006 Subject: Scoring DNSRBL from spam.lists.conf? Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Craig Daters wrote: > It was my belief that using the DNSRBL stuff in spam.lists.conf meant > that messages who's origin IP, etc was found to exist on these lists > where scored and thus contributed to the final spam score of a > particular message? > > This past weekend, we had a Comcast user send mail to several of our > users using some fake from addresses which ended in our domain, i.e.: > > info@westpress.com (legitimate) > register@westpress.com (fake) > so on, and so on. > > I went to www.DNSstuff.com to see which lists would have this person > listed and entered some of the ones that looked not to be overly > aggressive. This is where I learned that any message which appears on > a list results is it automatically being flagged as spam. I have > looked in MailScanner.conf, the only option I find that allow some > control over how messages are flagged is the "Spam Lists To Reach High > Score" option (which I have set to "3" by the way). Is this the > correct behavior for the "Spam List" option? There is now also a "Spam Lists To Be Spam" option which says how many hits you have to get with different dnsbl's before the message is marked as spam. The behaviour before this option was added is the same as setting "Spam Lists To Be Spam = 1". But otherwise your description is correct. > > And secondly, is there a way to apply scores to these instead? Yes, use the SpamAssassin settings to apply different scores to different dnsbl's. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQq3OKRH2WUcUFbZUEQJR5gCffJapkzRPmZKtm69+6tdlESD4UIAAniQl Xj3LfcjMNA8BYuKDAS9bkEPu =TRhJ -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Mon Jun 13 20:58:13 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:00 2006 Subject: Problem with ClamAV update Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field said the following on 6/13/2005 10:12 AM: > Scott Silva wrote: > > >>>Billy A. Pumphrey wrote: >>> >>> >>> >>>>Which program of Clam does it use. Clamscan? >>>> >>>>-----Original Message----- >>>>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>>>Behalf Of Scott Silva >>>>Sent: Monday, June 13, 2005 10:16 AM >>>>To: MAILSCANNER@JISCMAIL.AC.UK >>>>Subject: Re: Problem with ClamAV update >>>> >>>>Billy A. Pumphrey wrote: >>>> >>>> >>>> >>>> >>>>>Little bit different question if I may. >>>>> >>>>>How does MailScanner use ClamAV? Looks like it doesn't use clamd. >>>>>Would someone help me understand why and how MailScanner uses clamav? >>>>> >>>>> >>>>> >>>> >>>>Mailscanner unpacks a batch of messages to a temporary directory tree, >>>>and then runs the command line scanners on that directory. >>>>When the scanners report back infections. MailScanner, since it kept >>>>track of where each message was unpacked, can parse the output and >>>>delete/quarantine/warn of each infected message. >>>> >>>> >>>> >>> >>>Yes clamscan, unless you are using the clamavmodule, then it is a >>>scanner in perl, using the clam database. >>> >>> > > The clamavmodule is the fastest way of calling ClamAV, faster than using > spamd or spamc. My method does not require starting any programs at all, ^^^^ ^^^^ Huh! > it just directly calls the C ClamAV function library straight from Perl. > Hey Julian, I think you need a quick nap. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Mon Jun 13 21:29:17 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:30:00 2006 Subject: Gripe about corrupted signed messages to the list Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > You're a "lucky" guy Pete (imagine what they don't know more:-):-). > Anyway, using external mail solutions is seriously frowned upon. For at > least _some_ good reasons:-). I do cheat a bit, but reading this list > "off-site" would probably ... alert the enemy^H^H^H^H^Hcoworker in > question:). > > Does this still break threads for you? I've discovered some header > removals that really shouldn't have gone... Thread-Topic: and > Thread-Index: more specifically. > > -- Glenn Fixed!!! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Mon Jun 13 21:18:03 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:00 2006 Subject: Problem with ClamAV update Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] >>The clamavmodule is the fastest way of calling ClamAV, faster than using >>spamd or spamc. My method does not require starting any programs at all, > > ^^^^ ^^^^ > Huh! > >>it just directly calls the C ClamAV function library straight from Perl. >> > > Hey Julian, > I think you need a quick nap. Why? spamd is the SA daemon and spamc is the client no? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jun 13 21:32:17 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:00 2006 Subject: Problem with ClamAV update Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Scott Silva wrote: >Julian Field said the following on 6/13/2005 10:12 AM: > > >>Scott Silva wrote: >> >> >> >> >>>>Billy A. Pumphrey wrote: >>>> >>>> >>>> >>>> >>>> >>>>>Which program of Clam does it use. Clamscan? >>>>> >>>>>-----Original Message----- >>>>>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>>>>Behalf Of Scott Silva >>>>>Sent: Monday, June 13, 2005 10:16 AM >>>>>To: MAILSCANNER@JISCMAIL.AC.UK >>>>>Subject: Re: Problem with ClamAV update >>>>> >>>>>Billy A. Pumphrey wrote: >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>>>Little bit different question if I may. >>>>>> >>>>>>How does MailScanner use ClamAV? Looks like it doesn't use clamd. >>>>>>Would someone help me understand why and how MailScanner uses clamav? >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>Mailscanner unpacks a batch of messages to a temporary directory tree, >>>>>and then runs the command line scanners on that directory. >>>>>When the scanners report back infections. MailScanner, since it kept >>>>>track of where each message was unpacked, can parse the output and >>>>>delete/quarantine/warn of each infected message. >>>>> >>>>> >>>>> >>>>> >>>>> >>>>Yes clamscan, unless you are using the clamavmodule, then it is a >>>>scanner in perl, using the clam database. >>>> >>>> >>>> >>>> >>The clamavmodule is the fastest way of calling ClamAV, faster than using >>spamd or spamc. My method does not require starting any programs at all, >> >> > ^^^^ ^^^^ > Huh! > > >>it just directly calls the C ClamAV function library straight from Perl. >> >> >> >Hey Julian, >I think you need a quick nap. > > ? I don't understand you. The original poster asked if MailScanner used clamd, and it doesn't. What's wrong with my comment? Seems valid to me. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQq3tURH2WUcUFbZUEQKwogCglGhsbFxerV4k880/hKx4z3tp0BkAni+v S9X8hmvooKaXNr9dQX+HxS+/ =ncAG -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Mon Jun 13 21:39:57 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:30:00 2006 Subject: Problem with ClamAV update Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: The clamavmodule is the fastest way of calling ClamAV, faster than using spamd or spamc. My method does not require starting any programs at all, ^^^^ ^^^^ Huh! it just directly calls the C ClamAV function library straight from Perl. Hey Julian, I think you need a quick nap. ? I don't understand you. The original poster asked if MailScanner used clamd, and it doesn't. What's wrong with my comment? Seems valid to me. Your comment is valid, but you referred to spamc & spamd, which belong to SA not ClamAV.... Got Ugo too :-) Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From craig at WESTPRESS.COM Mon Jun 13 22:32:09 2005 From: craig at WESTPRESS.COM (Craig Daters) Date: Thu Jan 12 21:30:00 2006 Subject: Scoring DNSRBL from spam.lists.conf? Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Jun 13, 2005, at 11:19 AM, Julian Field wrote: >> >> And secondly, is there a way to apply scores to these instead? > > Yes, use the SpamAssassin settings to apply different scores to > different dnsbl's. Can I do this using a similar config as SURB? i.e.: urirhssub SORBS_DNSBL dnsbl.sorbs.net body SORBS_DNSBL eval:check_uridnsbl('SORBS_DNSBL') describe SORBS_DNSBL Listed in SORBS at dnsbl.sorbs.net tflags SORBS_DNSBL NET score SORBS_DNSBL 4.0 Or do I use: score RCVD_SORBS_DNSBL 4 I have read over the documentation for spamassassin, but it is all very confusing (at least to me it is). After looking at the config files and doing a little googling, I came across the file 20_dnsbl_tests.cf where these all seem to be defined already. I guess I just am not sure what to do...? - --- Craig Daters (craig@westpress.com) Systems Administrator West Press 1663 West Grant Road Tucson, Arizona 85745 (520) 624-4939 x208 (520) 624-2715 fax www.westpress.com -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBQq37XxBVT8XLuTbnEQIE8gCfX+vd3ZF90m35NVdW/uUJj0vjWd0AoJHb erE6D4mzK5X/gqOc4w3kSbYI =a1zt -----END PGP SIGNATURE----- -- Please note: It is the policy of West Press that all e-mail sent to and from any @westpress.com address may be recorded and monitored. Unless it is West Press related business, please do not send any material of a private, personal, or confidential nature to this or any @westpress.com e-mail address. This message has been scanned for UCE (spam), viruses, and dangerous content, and is believed to be clean ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Mon Jun 13 23:27:42 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:00 2006 Subject: Problem with ClamAV update Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] >>>Hey Julian, >>>I think you need a quick nap. >>> >>> >>> >>> >>? I don't understand you. The original poster asked if MailScanner used >>clamd, and it doesn't. What's wrong with my comment? Seems valid to me. >> >> > Your comment is valid, but you referred to spamc & spamd, which belong > to SA not ClamAV.... Got Ugo too :-) ;) ... [Heading to bed...] Ugo ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Mon Jun 13 23:26:00 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:00 2006 Subject: Problem with ClamAV update Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ugo Bellavance said the following on 6/13/2005 1:18 PM: >>>The clamavmodule is the fastest way of calling ClamAV, faster than using ^^^^ ^^^^ >>>spamd or spamc. My method does not require starting any programs at all, >> >> ^^^^ ^^^^ >> Huh! >> >> >>>it just directly calls the C ClamAV function library straight from Perl. >>> >> >>Hey Julian, >>I think you need a quick nap. > > > Why? spamd is the SA daemon and spamc is the client no? > But does clamAV call them? -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Tue Jun 14 01:38:52 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:30:00 2006 Subject: FW: [Clamav-announce] announcing ClamAV 0.86rc1 Message-ID: -----Original Message----- From: clamav-announce-bounces@lists.clamav.net [mailto:clamav-announce-bounces@lists.clamav.net] On Behalf Of Luca Gibelli Sent: Monday, June 13, 2005 8:26 PM To: ClamAV Announce Subject: [Clamav-announce] announcing ClamAV 0.86rc1 Dear ClamAV users, version 0.86rc1 is available for download. This release candidate introduces a number of bugfixes and cleanups. Possible descriptor leaks in archive unpackers and mishandling of fast track uuencoded files have been fixed in libclamav. Database reloading in clamav-milter has been improved. The ClamAV team (http://www.clamav.net/team.html) -- Luca Gibelli (luca at clamav.net) - ClamAV, a GPL virus scanner PGP Key Fingerprint: C782 121E 8C3A 90E3 7A87 D802 6277 8FF4 5EFC 5582 PGP Key Available on: Key Servers || http://www.clamav.net/gpg/luca.gpg _______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-announce -------------- End of Announcement -------------- Please note this is RC1 (beta) not Production. Steve Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From usergroups at THEARGONCOMPANY.COM Tue Jun 14 07:51:45 2005 From: usergroups at THEARGONCOMPANY.COM (Atul Morey) Date: Thu Jan 12 21:30:00 2006 Subject: Oversized Zip? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Tuesday 16 Nov 2004 10:06 pm, Julian Field wrote: > This is almost certainly being generated by ClamAV which has checks in it > to catch large zip files. Check your ClamAV configuration. Doesn't the MailScanner send any notification to the recipient or the sender about the oversized.zip been quarantined ? Regards, Atul. > > On 16/11/04 3:56 pm, "Cecilia Martínez" wrote: > > Fedora C1 / Ensim Pro 4.01 / MailScanner / Sendmail / ClamAV / > > SpamAssassin > > > > > > Hello, > > > > Some ZIP attachments have been sent to quarantine because of their size, > > which in fact I don't think it is too much (200-300 kb). I can't find > > where to adjust this setting. Please help. > > > > This is the info sent to managers regarding the scanned message: > > > > Sender: user@domain.com > > IP Address: 201.128.183.45 > > Recipient: user1@domain.com, user2@domain.com > > Subject: re-envio de informacion > > MessageID: iAGFQfsg006140 > > Info: PU_SINAN_A_USD_REV_1.zip contains Oversized Zip > > Info: PU_SINAN_B_USD_REV_1.zip contains Oversized Zip > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From radislav.vrnata at PORCELA.CZ Tue Jun 14 08:52:00 2005 From: radislav.vrnata at PORCELA.CZ (Radislav Vrnata) Date: Thu Jan 12 21:30:00 2006 Subject: Attachments names and sizes Message-ID: [ The following text is in the "ISO-8859-2" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi all, is there any way to log all "queue file name : attachment file name : attachment size : message from : message to" for each message attachements (default log option or custom function) ? I need message traffic analysis based on attachments file names(types) and sizes. Any suggestions ? Thanks. Radislav ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jun 14 09:13:39 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:00 2006 Subject: Attachments names and sizes Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Use a Custom Function attached to the "Always Lookup Last" setting in the Advanced section of MailScanner.conf. Take a look at CustomConfig.pm and the files in /usr/lib/MailScanner/MailScanner/ CustomFunctions. This is how MailWatch does all its logging work. On 14 Jun 2005, at 08:52, Radislav Vrnata wrote: > Hi all, > > is there any way to log all "queue file name : attachment file name : > attachment size : message from : message to" for each message > attachements (default log option or custom function) ? > I need message traffic analysis based on attachments file names(types) > and sizes. > > Any suggestions ? > > Thanks. > > Radislav > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQq6RtRH2WUcUFbZUEQKdkACeMeFDbbbVtzhuXhpmG/WmCDt/wfEAoNdD FXuo8twULyzeurwluUEOz4zm =JE5U -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Jun 14 09:39:31 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:00 2006 Subject: Scoring DNSRBL from spam.lists.conf? Message-ID: Craig the score needed is the same as rest of the rule name - ie SORBS_DNSBL in this case NB SORBS is already defined in SA if you make sure "skip_rbl_checks 1" is removed (or commented out) in spam.assassin.prefs.conf. However you will need to turn off (set a score of zero) to all the other RBL's that you don't want to run. For a list of the RBL's see /usr/local/share/spamassassin/20_dnsbl_tests.cf. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Craig Daters wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > On Jun 13, 2005, at 11:19 AM, Julian Field wrote: > > >>>And secondly, is there a way to apply scores to these instead? >> >>Yes, use the SpamAssassin settings to apply different scores to >>different dnsbl's. > > > Can I do this using a similar config as SURB? > > i.e.: > > urirhssub SORBS_DNSBL dnsbl.sorbs.net > body SORBS_DNSBL eval:check_uridnsbl('SORBS_DNSBL') > describe SORBS_DNSBL Listed in SORBS at dnsbl.sorbs.net > tflags SORBS_DNSBL NET > > score SORBS_DNSBL 4.0 > > Or do I use: > > score RCVD_SORBS_DNSBL 4 > > I have read over the documentation for spamassassin, but it is all very > confusing (at least to me it is). After looking at the config files and > doing a little googling, I came across the file 20_dnsbl_tests.cf where > these all seem to be defined already. I guess I just am not sure what > to do...? > > - --- > Craig Daters (craig@westpress.com) > Systems Administrator > > West Press > 1663 West Grant Road > Tucson, Arizona 85745 > > (520) 624-4939 x208 > (520) 624-2715 fax > www.westpress.com > > -----BEGIN PGP SIGNATURE----- > Version: PGP 8.1 > > iQA/AwUBQq37XxBVT8XLuTbnEQIE8gCfX+vd3ZF90m35NVdW/uUJj0vjWd0AoJHb > erE6D4mzK5X/gqOc4w3kSbYI > =a1zt > -----END PGP SIGNATURE----- > > > -- > Please note: It is the policy of West Press that all e-mail > sent to and from any @westpress.com address may be recorded > and monitored. Unless it is West Press related business, > please do not send any material of a private, personal, > or confidential nature to this or any @westpress.com > e-mail address. > > This message has been scanned for UCE (spam), viruses, > and dangerous content, and is believed to be clean > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Tue Jun 14 10:48:45 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:30:00 2006 Subject: Password protected file - PW protected XLS, PDF & MDB files blocked - FIXED Message-ID: >-----Original Message----- >From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Rick Cooper >Sent: 13 June 2005 19:10 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Password protected file - PW protected XLS, PDF & >MDB files blocked - why? > [snip] >> The only other thing that I can think is that if it really is Sophos >> (as the logs indicate), maybe you could look into the "Allowed Sophos >> Error Messages =" setting to add this error - but I'm not sure how >> this section all works, we don't use Sophos. >> > >This is the correct place and the topic as well as the >solution is in last >week's archive, but I can't recall exactly what goes into the "Allowed >Sophos Error Messages". I *think* Julian added the information >to the latest >MailScanner.conf section. > >Rick Rick Thanks. You were more or less correct! Julian fixed MailScanner earlier this month so that sophossavi would heed what is defined for "Allowed Sophos Error Messages =". I use sophos rather than sophossavi and already exploit the use of "Allowed Sophos Error Messages =" option in MailScanner.conf because of earlier problems experienced with Sophos errors when processing attachments. However I did not initially recognise the password protected XLS file problem as yet another Sophos processing "error" to be dealt with in that way. Your response prompted me to rethink this. When I added "Password protected file" to the two Sophos error strings I was already exempting, I find that password protected XLS, MDB, etc, files are now being relayed unmolested. The option now looks like: Allowed Sophos Error Messages = "0x80040202", "corrupt", "Password protected file" Thanks again Quentin ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Tue Jun 14 11:32:52 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:00 2006 Subject: SV: Problem with ClamAV update Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Steen, Glenn wrote: > Perhaps you'll see something in /tmpClamav.update.log (or whatever it'scalled ... I'm @home:-)? > I found out that the problem is that my autoupdate script calls /usr/bin/freshclam instead of /usr/local/freshclam. But the script is the same as on my other servers. I tried removing /usr/bin/freshclam, removing libs in /usr/libs, uninstall + reinstall ClamAV, but it still tries to run /usr/bin/freshclam. Anyone has an idea about where I should go from now? Regards, ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Tue Jun 14 11:42:44 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:30:00 2006 Subject: Best Virus Scanners to use with MailScanner Message-ID: Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > This is an age-old question, but you will find a lot of MailScanner > systems depend on ClamAV and BitDefender (for cost reasons) and one > other that varies. I personally recommend Sophos or F-Prot, they are > my favourites. > > McAfee seems to be unreliable as they aren't very fast about putting > out updates, and they have this funny system or normal virus > siganture files and "extra" ones when they feel like it. Other people > can comment on McAfee better than I can. Since a while back they've gone to daily updates, which has greatly reduced the need for the pesky "extra.dat" files. They're still a bit slow when it comes to updates, but less bad than they used to be. > We have a site licence for Sophos, which as a University did not cost > us much for what I reckon is a very good product. > > I would recommend *against* using Panda, it's diabolical. Poor old > Rick Cooper seems to spend a lot of his time trying to get the virus > detection working properly with Panda, due to their stupid output > system. Rick has made this viable as a 4:th or 5:th scanner IMO. If you already have a Panda license, it's not that bad... Unless, of course, you try use the old wrapper... Look at http://wiki.mailscanner.info/doku.php?id=documentation:anti_virus:panda: install (all on one line, of course:) for my views on versions of MS (which might be wrong:-), and the necessary one-line "mini-patch" etc. You perhaps shouldn't rely on it as the sole saviour, but it should be at least marginally useable. (snip) > Michael H. Martel wrote: > >> Hello! >> >> I'm looking at making sure we get as few viruses as possible. To >> which end we're currently using ClamAV, McAfee, BitDefender, and >> F-Prot as our Virus Scanners. What do people consider to be the best >> AV packages to use with MailScanner ? >> >> Thanks! >> >> >> Michael >> (snip) I'd say you're pretty well protected already. I've been running with "only" ClamAV, McAfee and BitDefender for approx a year now, without anything slipping through. Sure sometimes only one will catch a new variant, but one is enough:-). And they've all taken turns being first. -- Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Tue Jun 14 11:54:42 2005 From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:30:00 2006 Subject: Fragmented message query Message-ID: One of our beloved clients corresponds with a company whose mail server is doing odd things to mail. MS reports the following: "MailScanner: Fragmented messages cannot be scanned and are removed" What exactly is a "fragmented message"? Can I whitelist it or will it be caught by the default checks? Sorry if this is basic question, but my head hurts trying to think of a solution :) Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location & domains http://www.blacknight.ie/ Tel. +353 59 9137101 | Fax. +353 59 9146970 Tired of your current host? Save 15% when you move to us! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Tue Jun 14 12:01:54 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:30:01 2006 Subject: SV: Problem with ClamAV update Message-ID: Ugo Bellavance wrote: > Steen, Glenn wrote: >> Perhaps you'll see something in /tmpClamav.update.log (or whatever >> it'scalled ... I'm @home:-)? >> > > I found out that the problem is that my autoupdate script calls > /usr/bin/freshclam instead of /usr/local/freshclam. But the script is > the same as on my other servers. I tried removing /usr/bin/freshclam, > removing libs in /usr/libs, uninstall + reinstall ClamAV, but it still > tries to run /usr/bin/freshclam. > > Anyone has an idea about where I should go from now? > > Regards, Looking at a copy of clamav-autoupdate you have: ------ $PackageDir = shift || "/usr/local"; $LogFile = "/tmp/ClamAV.update.log"; $ClamUpdateCommand = "$PackageDir/bin/freshclam"; ----- And since $PackageDir is set from the third column in /etc/MailScanner/virus.scanners.conf (when called from update_virus_scanners, it seems you need change that from /usr to /usr/local ... provided you've installed lcamav to /usr/local (which it seems you've done). HtH -- Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Jun 14 12:03:55 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:01 2006 Subject: Fragmented message query Message-ID: Hi Michele Basically the 'stupid' mailserver is splitting the email into chunks and transmitting each chunk seperately. The email client will then merge the chunks back into a single piece. I think Outlook can be easily setup to do this for large emails. (it's a bit like the old usenet was of transmitting large binaries by sendinf several smaller messages each containing a piece of the binary file). I've not seen any reports of malware using this technique so I would suggest it's safe to whitelist. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Michele Neylon :: Blacknight Solutions wrote: > One of our beloved clients corresponds with a company whose mail server is > doing odd things to mail. MS reports the following: > "MailScanner: Fragmented messages cannot be scanned and are removed" > > What exactly is a "fragmented message"? > > Can I whitelist it or will it be caught by the default checks? > > Sorry if this is basic question, but my head hurts trying to think of a > solution :) > > Mr Michele Neylon > Blacknight Internet Solutions Ltd > Hosting, co-location & domains > http://www.blacknight.ie/ > Tel. +353 59 9137101 | Fax. +353 59 9146970 > Tired of your current host? Save 15% when you move to us! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From prandal at HEREFORDSHIRE.GOV.UK Tue Jun 14 12:04:34 2005 From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil) Date: Thu Jan 12 21:30:01 2006 Subject: Fragmented message query Message-ID: Outlook Express is one of the monsters which can produce these. Basically, "large" emails are split into several unique emails (Part 1 of n, etc, a bit lie alt.binaries.... postings) which are reconstructed in the email client at the recipient's end. This makes it impossible for MailScanner and any virus scanners to scan the content. Best solution is to educate the senders, but failing that you can make a ruleset to let some through. I wouldn't unless all your desktop PCs are properly protected against malware, because you won't find anything until the bunch of messages are reassembled on the user's PC. Highly dangerous... Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Michele > Neylon :: Blacknight Solutions > Sent: 14 June 2005 11:55 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Fragmented message query > > One of our beloved clients corresponds with a company whose > mail server is doing odd things to mail. MS reports the following: > "MailScanner: Fragmented messages cannot be scanned and are removed" > > What exactly is a "fragmented message"? > > Can I whitelist it or will it be caught by the default checks? > > Sorry if this is basic question, but my head hurts trying to > think of a solution :) > > Mr Michele Neylon > Blacknight Internet Solutions Ltd > Hosting, co-location & domains > http://www.blacknight.ie/ > Tel. +353 59 9137101 | Fax. +353 59 9146970 Tired of your > current host? Save 15% when you move to us! > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jun 14 12:08:11 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:01 2006 Subject: SV: Problem with ClamAV update Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 14 Jun 2005, at 11:32, Ugo Bellavance wrote: > Steen, Glenn wrote: > >> Perhaps you'll see something in /tmpClamav.update.log (or whatever >> it'scalled ... I'm @home:-)? >> >> > > I found out that the problem is that my autoupdate script calls > /usr/bin/freshclam instead of /usr/local/freshclam. But the script is > the same as on my other servers. I tried removing /usr/bin/freshclam, > removing libs in /usr/libs, uninstall + reinstall ClamAV, but it still > tries to run /usr/bin/freshclam. I'm fairly sure my autoupdate script calls the freshclam version that it is told to use. Remember that the wrapper and autoupdate scripts all expect the installation directory (take it out of /etc/ MailScanner/virus.scanners.conf) as the first parameter on the command line. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQq66nxH2WUcUFbZUEQLztgCfS3z9f24RG0rf6nNgpwwMlunye5AAoNMn VeGZh/PxiVZgvCq/gDSxXS9S =1+r8 -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jun 14 12:11:45 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:01 2006 Subject: SV: Problem with ClamAV update Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 14 Jun 2005, at 12:01, Steen, Glenn wrote: > Ugo Bellavance wrote: > >> Steen, Glenn wrote: >> >>> Perhaps you'll see something in /tmpClamav.update.log (or whatever >>> it'scalled ... I'm @home:-)? >>> >>> >> >> I found out that the problem is that my autoupdate script calls >> /usr/bin/freshclam instead of /usr/local/freshclam. But the >> script is >> the same as on my other servers. I tried removing /usr/bin/ >> freshclam, >> removing libs in /usr/libs, uninstall + reinstall ClamAV, but it >> still >> tries to run /usr/bin/freshclam. >> >> Anyone has an idea about where I should go from now? >> >> Regards, >> > > Looking at a copy of clamav-autoupdate you have: > ------ > $PackageDir = shift || "/usr/local"; > > $LogFile = "/tmp/ClamAV.update.log"; > > $ClamUpdateCommand = "$PackageDir/bin/freshclam"; > > ----- > And since $PackageDir is set from the third column in > /etc/MailScanner/virus.scanners.conf (when called from > update_virus_scanners, > it seems you need change that from /usr to /usr/local ... provided > you've > installed lcamav to /usr/local (which it seems you've done). > Very simple: If you have installed ClamAV under /usr/local then that's what needs to be in virus.scanners.conf. If you use my Clam+SA package, you will find it automatically corrects virus.scanners.conf for you. Please don't start tweaking my wrapper or autoupdate scripts. You are asking (and deserve) a whole world of pain when you upgrade and forget to reinstall your "tweak". - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQq67chH2WUcUFbZUEQLQMQCg4GHnbqL6SOTZx90La/Mn8g3QCWoAnA1Y jU9mJPOeS3lLPaCanZJWD0wY =+sZi -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Tue Jun 14 12:20:44 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:30:01 2006 Subject: SV: Problem with ClamAV update Message-ID: Julian Field wrote: (snip) >> Looking at a copy of clamav-autoupdate you have: ^^^^^^^ <- ie "this is an example" >> ------ >> $PackageDir = shift || "/usr/local"; >> >> $LogFile = "/tmp/ClamAV.update.log"; >> >> $ClamUpdateCommand = "$PackageDir/bin/freshclam"; >> >> ----- >> And since $PackageDir is set from the third column in >> /etc/MailScanner/virus.scanners.conf (when called from >> update_virus_scanners, it seems you need change that from /usr to >> /usr/local ... provided you've installed lcamav to /usr/local (which >> it seems you've done). >> > > Very simple: If you have installed ClamAV under /usr/local then > that's what needs to be in virus.scanners.conf. If you use my Clam+SA > package, you will find it automatically corrects virus.scanners.conf > for you. And this differs from my explanation? Apart from my little typo (lcamav -> clamav) we seem to suggest exactly the same thing...;) > Please don't start tweaking my wrapper or autoupdate scripts. You are > asking (and deserve) a whole world of pain when you upgrade and > forget to reinstall your "tweak". Never! Nothing would be farther from my mind than suggest alterations to the code... Which is probably why I don't:-). -- Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Tue Jun 14 12:21:18 2005 From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:30:01 2006 Subject: Fragmented message query Message-ID: Phil/Martin Thanks for the info. The client wants to receive the mail, so I have to let them through. Where would I whitelist this exactly? Sorry, but I'm used to whitelisting other things, not MUAs being demented :) M Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location & domains http://www.blacknight.ie/ Tel. +353 59 9137101 | Fax. +353 59 9146970 Tired of your current host? Save 15% when you move to us! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Jun 14 13:27:13 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:01 2006 Subject: Fragmented message query Message-ID: Michele In MailScanner.conf Allow Partial Messages = no Is the default. make this a ruleset with the ruleset being From: sillyoutlookuser@domain.com yes FromOrTo; Default no and it should be fine. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Michele Neylon :: Blacknight Solutions wrote: > Phil/Martin > > Thanks for the info. > > The client wants to receive the mail, so I have to let them through. > > Where would I whitelist this exactly? > > Sorry, but I'm used to whitelisting other things, not MUAs being demented :) > > M > > Mr Michele Neylon > Blacknight Internet Solutions Ltd > Hosting, co-location & domains > http://www.blacknight.ie/ > Tel. +353 59 9137101 | Fax. +353 59 9146970 > Tired of your current host? Save 15% when you move to us! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From prandal at HEREFORDSHIRE.GOV.UK Tue Jun 14 13:28:58 2005 From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil) Date: Thu Jan 12 21:30:01 2006 Subject: Fragmented message query Message-ID: In MailScanner.conf, I have: Allow Partial Messages = %rules-dir%/partial.messages.rules and then partial.messages.rules contains something like From: partial@example.com yes FromOrTo: default no Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Michele > Neylon :: Blacknight Solutions > Sent: 14 June 2005 12:21 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Fragmented message query > > Phil/Martin > > Thanks for the info. > > The client wants to receive the mail, so I have to let them through. > > Where would I whitelist this exactly? > > Sorry, but I'm used to whitelisting other things, not MUAs > being demented :) > > M > > Mr Michele Neylon > Blacknight Internet Solutions Ltd > Hosting, co-location & domains > http://www.blacknight.ie/ > Tel. +353 59 9137101 | Fax. +353 59 9146970 Tired of your > current host? Save 15% when you move to us! > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Tue Jun 14 13:43:15 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:01 2006 Subject: SV: Problem with ClamAV update Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > > On 14 Jun 2005, at 12:01, Steen, Glenn wrote: > > >>>Ugo Bellavance wrote: >>> >>> >>>>Steen, Glenn wrote: >>>> >>>> >>>>>Perhaps you'll see something in /tmpClamav.update.log (or whatever >>>>>it'scalled ... I'm @home:-)? >>>>> >>>>> >>>> >>>>I found out that the problem is that my autoupdate script calls >>>>/usr/bin/freshclam instead of /usr/local/freshclam. But the >>>>script is >>>>the same as on my other servers. I tried removing /usr/bin/ >>>>freshclam, >>>>removing libs in /usr/libs, uninstall + reinstall ClamAV, but it >>>>still >>>>tries to run /usr/bin/freshclam. >>>> >>>>Anyone has an idea about where I should go from now? >>>> >>>>Regards, >>>> >>> >>>Looking at a copy of clamav-autoupdate you have: >>>------ >>>$PackageDir = shift || "/usr/local"; >>> >>>$LogFile = "/tmp/ClamAV.update.log"; >>> >>>$ClamUpdateCommand = "$PackageDir/bin/freshclam"; >>> >>>----- >>>And since $PackageDir is set from the third column in >>>/etc/MailScanner/virus.scanners.conf (when called from >>>update_virus_scanners, >>> it seems you need change that from /usr to /usr/local ... provided >>>you've >>>installed lcamav to /usr/local (which it seems you've done). >>> > > > Very simple: If you have installed ClamAV under /usr/local then > that's what needs to be in virus.scanners.conf. If you use my Clam+SA > package, you will find it automatically corrects virus.scanners.conf > for you. Cool. I found the problem. Forgot to manage the .rpmnew. I think it has been this way a while :(. The .rpmnew had the right path. > > Please don't start tweaking my wrapper or autoupdate scripts. You are > asking (and deserve) a whole world of pain when you upgrade and > forget to reinstall your "tweak". > I wouldn't do that. Thanks Julian and Glenn :). ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Tue Jun 14 14:13:08 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:30:01 2006 Subject: SV: Problem with ClamAV update Message-ID: Ugo Bellavance wrote: (snip) > > Cool. I found the problem. Forgot to manage the .rpmnew. I think it > has been this way a while :(. The .rpmnew had the right path. > Ah. Packaging systems... Can't live with 'em, can't live without 'em:-). At least now you'll remember to do the obligatory find... I do that after every update, and merge/remove any rpmnew files... Keeps life a tad more simple:-). >> >> Please don't start tweaking my wrapper or autoupdate scripts. You are >> asking (and deserve) a whole world of pain when you upgrade and >> forget to reinstall your "tweak". >> > > I wouldn't do that. > > Thanks Julian and Glenn :). Glad if I could help. Cheers -- Glenn (Who is counting the minutes and seconds to the seasons first real barbecue ... Yet another really good reason to get slightly inebriated on a weekday evening:-) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue Jun 14 15:44:39 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:01 2006 Subject: Best Virus Scanners to use with MailScanner Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Steen, Glenn said the following on 6/14/2005 3:42 AM: > Julian Field wrote: > >>-----BEGIN PGP SIGNED MESSAGE----- >>Hash: SHA1 >> >>This is an age-old question, but you will find a lot of MailScanner >>systems depend on ClamAV and BitDefender (for cost reasons) and one >>other that varies. I personally recommend Sophos or F-Prot, they are >>my favourites. >> >>McAfee seems to be unreliable as they aren't very fast about putting >>out updates, and they have this funny system or normal virus >>siganture files and "extra" ones when they feel like it. Other people >>can comment on McAfee better than I can. > > > Since a while back they've gone to daily updates, which has greatly > reduced the need for the pesky "extra.dat" files. They're still a bit > slow when it comes to updates, but less bad than they used to be. > > >>We have a site licence for Sophos, which as a University did not cost >>us much for what I reckon is a very good product. >> >>I would recommend *against* using Panda, it's diabolical. Poor old >>Rick Cooper seems to spend a lot of his time trying to get the virus >>detection working properly with Panda, due to their stupid output >>system. > > > Rick has made this viable as a 4:th or 5:th scanner IMO. If you already > have a Panda license, it's not that bad... Unless, of course, you try > use > the old wrapper... Look at > http://wiki.mailscanner.info/doku.php?id=documentation:anti_virus:panda: > install > (all on one line, of course:) for my views on versions of MS (which > might > be wrong:-), and the necessary one-line "mini-patch" etc. > You perhaps shouldn't rely on it as the sole saviour, but it should be > at least marginally useable. > > (snip) > >>Michael H. Martel wrote: >> >> >>>Hello! >>> >>>I'm looking at making sure we get as few viruses as possible. To >>>which end we're currently using ClamAV, McAfee, BitDefender, and >>>F-Prot as our Virus Scanners. What do people consider to be the best >>>AV packages to use with MailScanner ? >>> >>>Thanks! >>> >>> >>>Michael >>> > > (snip) > I'd say you're pretty well protected already. I've been running with > "only" ClamAV, McAfee and BitDefender for approx a year now, without > anything slipping through. Sure sometimes only one will catch a new > variant, but one is enough:-). And they've all taken turns being first. > > -- Glenn > Same here! And usually anything that might have been missed was caught by filename and filetype rules. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From devonharding at gmail.com Tue Jun 14 16:23:06 2005 From: devonharding at gmail.com (Devon Harding) Date: Thu Jan 12 21:30:01 2006 Subject: FSL Quarantine Report Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] For some reason, I have the FSL Quarantine Report setup, but its not sending out emails. This is what I get in /var/log/maillog after manually running the script from /usr/local/bin: Jun 13 14:24:34 art4 QuarantineReport[25500]: Starts Jun 13 14:24:37 art4 QuarantineReport[25500]: Ends What causes this? -Devon ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Tue Jun 14 16:40:28 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:30:01 2006 Subject: TNEF files left in incoming sendmail queue Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, Denis Beauchemin wrote: > Adri Koppes wrote: > >> Today I noticed I had 2 tnef files left in my incoming sendmail queue >> (/var/spool/mqueue.in). >> Does MailScanner expand these in the incoming queue directory? >> I'm using the internal TNEF module. >> >> MailScanner.conf contains: >> >> Expand TNEF = yes >> Deliver Unparsable TNEF = no >> TNEF Expander = internal >> TNEF Timeout = 120 >> > I also see them once in a while. Running with the same config as you > are. MS versions ranging from 4.34 to 4.40. I just delete them > manually alongside any email leftovers (incomplete qf/df pairs). > > Denis > Same observation here.. Expand TNEF = yes Deliver Unparsable TNEF = yes TNEF Expander = internal TNEF Timeout = 120 postfix-2.2.3-1.rhel4, spamassassin 3.0.4, razor, pyzor, dcc, uvscan, clamavmodule, bitdefender, No tmpfs used so far. The logs show me that mails with unparsable tnef attachments get delivered as configured, but they still leave a tnef-pid-x.doc in /var/spool/postfix/hold Why does MailScanner unpack these files in the hold directory instead of the /var/spool/MailScanner/incoming/ directory? or is this the intended behaviour? - dhawal MailScanner -v details here Running on Linux xxx.xxx.net 2.6.9-5.0.5.ELsmp #1 SMP Wed Apr 20 00:16:40 BST 2005 i686 i686 i386 GNU/Linux This is CentOS release 4.0 (Final) This is Perl version 5.008005 (5.8.5) This is MailScanner version 4.42.1 Module versions are: 1.00 AnyDBM_File 1.14 Archive::Zip 1.03 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.14 File::Temp 1.29 HTML::Entities 3.45 HTML::Parser 2.30 HTML::TokeParser 1.21 IO 1.10 IO::File 1.123 IO::Pipe 1.50 Mail::Header 3.05 MIME::Base64 5.417 MIME::Decoder 5.417 MIME::Decoder::UU 5.417 MIME::Head 5.417 MIME::Parser 3.03 MIME::QuotedPrint 5.417 MIME::Tools 0.10 Net::CIDR 1.08 POSIX 1.77 Socket 0.05 Sys::Syslog 1.02 Time::localtime Optional module versions are: 1.809 DB_File 1.08 Digest 1.01 Digest::HMAC 2.33 Digest::MD5 2.01 Digest::SHA1 0.44 Inline 0.17 Mail::ClamAV 3.000004 Mail::SpamAssassin 1.997 Mail::SPF::Query 0.15 Net::CIDR::Lite 0.23 Net::DNS 0.31 Net::LDAP 1.94 Parse::RecDescent missing SAVI 1.2 Sys::Hostname::Long 2.42 Test::Harness 0.47 Test::Simple 1.95 Text::Balanced 1.19 URI ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dnsadmin at 1BIGTHINK.COM Tue Jun 14 16:41:58 2005 From: dnsadmin at 1BIGTHINK.COM (DNSAdmin) Date: Thu Jan 12 21:30:01 2006 Subject: OT Sendmail help on new sendmail/MS/SA install Message-ID: Hello All, I am already knee-deep into a new server that is implementing sendmail. Yes, I know I will get an earful of "not the appropriate list" or "you should really try/use QMail or Postfix." I don't know where else I could get an expert answer to this. I have a fresh MailScanner, SpamAssassin, Sendmail install on CentOS 3.4 (equivalent to RedHat 3.0 ES). I just cannot seem to put all the pieces of SMTP_AUTH together. I have a server that will relay mail if you spoof one of my addresses. I used to use popb4smtp and qpopper on an older sendmail installation, but It seems they are quite old and outdated? I have hit the Search engines and the sendmail.org site. I have found all kinds of links that have pieces of the puzzle, but no one puts it all together in a simple, concise, do this, this and this, TEST and be happy. I have tried many of the pieces and still get no Relaying at all. However, I'm anticipating the state where I end up unacceptably insecure and a gaping gateway waiting for a SPAMMER to poke holes! Some examples of my reading thus far: http://www.sendmail.org/m4/anti_spam.html http://www.sendmail.org/~ca/email/auth.html http://www.sendmail.org/~ca/email/check.html http://www.sendmail.org/~ca/email/relayingdenied.html http://www.linux-sec.net/Mail/Sendmail/ http://www.centos.org/modules/newbb/viewtopic.php?topic_id=589&forum=31&post_id=1967#forumpost1967 So far this appears the most promising: http://www.sendmail.org/~ca/email/roaming.html Is it really that bad??? This does not appear to be simple. It looks like a good opportunity for me to wreck the server! Please! Links? Help? Am I suffering TMI? I am going to have all kinds of Windows Outlook, Mac Entourage, Eudora, Thunderbird users some of which who will not want to or understand how to authenticate over SSL. A few might. I will have roaming users. I will work on TLS/SSL after I get some sort of SMTP authentication working. It will have to be a plain old ISP-style mail server to start, but I need SMTP authentication! Thanks, Glenn Parsons -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. http://www.sng.ecs.soton.ac.uk/mailscanner/ Configuration by Glenn Parsons dnsadmin-at-1bigthink.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From KGoods at AIAINSURANCE.COM Tue Jun 14 16:51:13 2005 From: KGoods at AIAINSURANCE.COM (Ken Goods) Date: Thu Jan 12 21:30:01 2006 Subject: Messages in log unseen before. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ugo Bellavance wrote: > Ken Goods wrote: >> Ugo Bellavance wrote: >> >>> Ken Goods wrote: >>> >>>> I've seen quite a few of these in the logs since late last week... >>>> >>>> Jun 6 14:30:06 gw-mail MailScanner[14436]: Commercial scanner >>>> clamav timed out! Jun 6 14:30:06 gw-mail MailScanner[14436]: Virus >>>> Scanning: Denial Of Service attack detected! >>>> >>>> Can anyone shed some light? Something I should be concerned about? >>> >>> What version of clamAV are you using? >>> >> >> >> MailScanner 4.40.11 >> ClamAV 0.83 >> Spamassassin 3.0.2 >> >> I know they are a little dated but would that cause the above >> messages? >> > > Possibly for ClamAV. You should upgrade to 0.85.1. > >> Thanks, >> Ken >> > I upgraded clamav to 0.85.1 last Wednesday and I still get these messages: Jun 14 08:25:09 gw-mail MailScanner[5408]: Commercial scanner clamav timed out! Jun 14 08:25:09 gw-mail MailScanner[5408]: Virus Scanning: Denial Of Service attack detected! I don't remember ever seeing these before and I couldn't find anything with a google or ClamAV site/archive search. Can anyone give me a clue as to what these are and whether I should be concerned, or are these messages not even generated by MailScanner? (in which case I'll post to the clamav list) Thanks Ken ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Tue Jun 14 16:49:38 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:01 2006 Subject: OT Sendmail help on new sendmail/MS/SA install Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I haven't tried it yet but I recently found this: http://www.owlriver.com/tips/smtp-auth/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Tue Jun 14 17:24:17 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:30:01 2006 Subject: OT Sendmail help on new sendmail/MS/SA install Message-ID: Glenn I recently set up two authenticating SMTP servers on RH AS 3 systems using Sendmail. These do not themselves run MailScanner + SpamAsaassin, etc, but simply relay the mail they receive to other mail relays here that do. I made some notes of what I did that might be of some assistance. The two servers authenticate against a Unix password domain served by a NIS server here. If you are authenticating against a local password file or using some other authentication mechanism then ignore the NIS steps and change the sendmail.mc file definitions accordingly. 1. /etc/nsswitch.conf passwd: compat shadow: compat 1a. /etc/passwd & /etc/shadow Add the "+" escape line to end of ecah file. 2. Ensure /etc/yp.conf lists our three NIS servers. Do once on server "domainname ucs_sys5" to set NIS domain name. chkconfig ypbind on service ypbind start 3. Need /etc/init.d/sendmail enabled and /etc/init.d/MailScanner disabled. Edited 'sendmail' script to stop rebuild of virtusertable and friends. 4. Edit /etc/sysconfig/iptables to allow connections to ports 465 & 587 as well as port 25 for SMTP. service iptables restart 5. /etc/mail/sendmail.mc The M4 macro definitions below are for a server that requires STARTTLS to be negotiated first before SMTP AUTH. This is because in our case plain Unix password have to be exchanged between the clients and the server. You will need most of these features in your sendmail.mc file. Change location of files as appropriate for your site. define(`confPRIVACY_FLAGS', `goaway,noetrn')dnl define(`confDEF_CHAR_SET', `iso-8859-1')dnl define(`confCACERT_PATH',`/etc/mail/certs') define(`confCACERT',`/etc/mail/certs/ca-bundle.crt') define(`confSERVER_CERT',`/etc/mail/certs/sendmail.pem') define(`confSERVER_KEY',`/etc/mail/certs/sendmail.pem') define(`confCLIENT_CERT',`/etc/mail/certs/sendmail.pem') define(`confCLIENT_KEY',`/etc/mail/certs/sendmail.pem') dnl These AUTH options force a secure link to be negotiated _before_ dnl plain login/password authentication can be used. Thus in the first dnl EHLO response STARTTLS is offered then a new set of options is offered dnl this time including AUTH. define(`confAUTH_OPTIONS', `A p y')dnl dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl TRUST_AUTH_MECH(`LOGIN PLAIN')dnl dnl define(`confAUTH_MECHANISMS', `')dnl dnl smtp = 25 DAEMON_OPTIONS(`Port=smtp,Name=MTA,Modify=Ea') dnl smtps = 465 DAEMON_OPTIONS(`Port=smtps,Name=TLSMTA,Modify=Ea') dnl submission = 587 dnl There is no way to directly change the settings of MSA in .mc file. dnl Workaroud below the 'no_default_msa' option prevents automatic creation dnl of an mc configuration entry for an MSA. We then insert our own dnl declaration with our new settings. FEATURE(`no_default_msa') DAEMON_OPTIONS(`Port=submission,Name=MSA,Modify=Ea') 6. Need /etc/init.d/sendmail enabled and /etc/init.d/MailScanner disabled. Edited 'sendmail' script to stop rebuild of virtusertable and friends. 7. Edit /etc/sysconfig/iptables to allow connections to ports 465 & 587 as well as port 25 for SMTP. service iptables restart 8. /etc/mail/smtpauth.mc Build from MC definition thus: m4 sendmail.mc >sendmail.cf 6. /etc/mail/certs Location of certs used by sendmail is /etc/mail/certs. To test the servers (smtpauth1 & smtpauth2), on each machine did: (i) cd /usr/share/ssl/certs make sendmail.pem [Answer the prompts sensibly, Only important one is the server name which must be the FQDN (ie. smtpauth1.ncl.ac.uk)]. (ii) cp sendmail.pem /etc/mail/certs (iii) edited /etc/mail/sendmail.cf so that the lines with the strings /etc/mail/certs/sendmail_cert.pem /etc/mail/certs/sendmail_key.pem become /etc/mail/certs/sendmail.pem /etc/mail/certs/sendmail.pem NB: Should update sendmail.mc to make this change permanent. (iv) service sendmail start I hope this info might give you some hints as to how to progress things. Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." >-----Original Message----- >From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of DNSAdmin >Sent: 14 June 2005 16:42 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: OT Sendmail help on new sendmail/MS/SA install > >Hello All, > >I am already knee-deep into a new server that is implementing >sendmail. >Yes, I know I will get an earful of "not the appropriate list" or "you >should really try/use QMail or Postfix." I don't know where >else I could >get an expert answer to this. > >I have a fresh MailScanner, SpamAssassin, Sendmail install on >CentOS 3.4 >(equivalent to RedHat 3.0 ES). I just cannot seem to put all >the pieces of >SMTP_AUTH together. I have a server that will relay mail if >you spoof one >of my addresses. I used to use popb4smtp and qpopper on an >older sendmail >installation, but It seems they are quite old and outdated? > >I have hit the Search engines and the sendmail.org site. I >have found all >kinds of links that have pieces of the puzzle, but no one puts it all >together in a simple, concise, do this, this and this, TEST >and be happy. I >have tried many of the pieces and still get no Relaying at >all. However, >I'm anticipating the state where I end up unacceptably insecure and a >gaping gateway waiting for a SPAMMER to poke holes! > >Some examples of my reading thus far: >http://www.sendmail.org/m4/anti_spam.html >http://www.sendmail.org/~ca/email/auth.html >http://www.sendmail.org/~ca/email/check.html >http://www.sendmail.org/~ca/email/relayingdenied.html >http://www.linux-sec.net/Mail/Sendmail/ >http://www.centos.org/modules/newbb/viewtopic.php?topic_id=589& >forum=31&post_id=1967#forumpost1967 > >So far this appears the most promising: >http://www.sendmail.org/~ca/email/roaming.html > >Is it really that bad??? This does not appear to be simple. It >looks like a >good opportunity for me to wreck the server! > >Please! Links? Help? Am I suffering TMI? > >I am going to have all kinds of Windows Outlook, Mac >Entourage, Eudora, >Thunderbird users some of which who will not want to or >understand how to >authenticate over SSL. A few might. I will have roaming users. >I will work >on TLS/SSL after I get some sort of SMTP authentication >working. It will >have to be a plain old ISP-style mail server to start, but I need SMTP >authentication! > >Thanks, >Glenn Parsons > > >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. >http://www.sng.ecs.soton.ac.uk/mailscanner/ >Configuration by Glenn Parsons dnsadmin-at-1bigthink.com > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at nkpanama.com Tue Jun 14 17:43:45 2005 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Jan 12 21:30:01 2006 Subject: OT Sendmail help on new sendmail/MS/SA install Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Although the advice by other listmembers is extremely thorough, you only need a few things in order to have SMTP AUTH working out-of-the-box on CentOS/RH/FC or whatever other distro... 1. Have saslauthd running 2. Have the following on /etc/mail/sendmail.mc: TRUST_AUTH_MECH(`LOGIN PLAIN')dnl define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl define(`confAUTH_OPTIONS', `A')dnl 3. Make sure you don't have any entries on your "/etc/mail/access" that allow relaying, period. That way only authorized users will relay. Yeah, I know what everyone's going to say... No support for "safe" AUTH like CRAM-MD5 or DIGEST-MD5, "he should use SSL", etc. - But at least it'll get him started, right? In any case, try not to have users with easily guessable passwords. One trick spammers are using lately is to use servers set up for AUTH to relay their crap, using usernames like "admin/admin" or "joeuser/password" or "joeuser/12345" and getting away with it. Good luck... DNSAdmin wrote: > Hello All, > > I am already knee-deep into a new server that is implementing > sendmail. Yes, I know I will get an earful of "not the appropriate > list" or "you should really try/use QMail or Postfix." I don't know > where else I could get an expert answer to this. > > I have a fresh MailScanner, SpamAssassin, Sendmail install on CentOS > 3.4 (equivalent to RedHat 3.0 ES). I just cannot seem to put all the > pieces of SMTP_AUTH together. I have a server that will relay mail if > you spoof one of my addresses. I used to use popb4smtp and qpopper on > an older sendmail installation, but It seems they are quite old and > outdated? > > I have hit the Search engines and the sendmail.org site. I have found > all kinds of links that have pieces of the puzzle, but no one puts it > all together in a simple, concise, do this, this and this, TEST and be > happy. I have tried many of the pieces and still get no Relaying at > all. However, I'm anticipating the state where I end up unacceptably > insecure and a gaping gateway waiting for a SPAMMER to poke holes! > > Some examples of my reading thus far: > http://www.sendmail.org/m4/anti_spam.html > http://www.sendmail.org/~ca/email/auth.html > http://www.sendmail.org/~ca/email/check.html > http://www.sendmail.org/~ca/email/relayingdenied.html > http://www.linux-sec.net/Mail/Sendmail/ > http://www.centos.org/modules/newbb/viewtopic.php?topic_id=589&forum=31&post_id=1967#forumpost1967 > > > So far this appears the most promising: > http://www.sendmail.org/~ca/email/roaming.html > > Is it really that bad??? This does not appear to be simple. It looks > like a good opportunity for me to wreck the server! > > Please! Links? Help? Am I suffering TMI? > > I am going to have all kinds of Windows Outlook, Mac Entourage, > Eudora, Thunderbird users some of which who will not want to or > understand how to authenticate over SSL. A few might. I will have > roaming users. I will work on TLS/SSL after I get some sort of SMTP > authentication working. It will have to be a plain old ISP-style mail > server to start, but I need SMTP authentication! > > Thanks, > Glenn Parsons > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rurqueta at MUNILASERENA.CL Tue Jun 14 18:57:45 2005 From: rurqueta at MUNILASERENA.CL (Raul Urqueta Sierra) Date: Thu Jan 12 21:30:01 2006 Subject: problema Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hola amigos, Tengo instalado FC3, con MailScanner y Clamav, pero al revisar el maillog me aparece el siguiente mensaje: ClamAV-autoupdate[32101]: ClamAV updater /usr/local/bin/freshclam cannot be run Que podrá ser????? Significa esto que no se esta actualizando el clamav???? Gracias de antemano Raul.- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Tue Jun 14 19:04:43 2005 From: michele at BLACKNIGHT.IE (Michele Neylon:: Blacknight) Date: Thu Jan 12 21:30:01 2006 Subject: problema Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Raul Urqueta Sierra wrote: > Hola amigos, > Tengo instalado FC3, con MailScanner y Clamav, pero al revisar el > maillog me aparece el siguiente mensaje: > > ClamAV-autoupdate[32101]: ClamAV updater /usr/local/bin/freshclam cannot > be run > > Que podrá ser????? > Significa esto que no se esta actualizando el clamav???? > > Gracias de antemano > Raul How many times do you see that message? If you try to run it manually does it work? Michele ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rurqueta at MUNILASERENA.CL Tue Jun 14 19:42:29 2005 From: rurqueta at MUNILASERENA.CL (Raul Urqueta Sierra) Date: Thu Jan 12 21:30:01 2006 Subject: problema Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Aparece el error cada 1 hora aproximadamente, No se como ejecutarlo manual... -----Mensaje original----- De: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] En nombre de Michele Neylon:: Blacknight Enviado el: Martes, 14 de Junio de 2005 14:05 Para: MAILSCANNER@JISCMAIL.AC.UK Asunto: Re: problema Raul Urqueta Sierra wrote: > Hola amigos, > Tengo instalado FC3, con MailScanner y Clamav, pero al revisar el > maillog me aparece el siguiente mensaje: > > ClamAV-autoupdate[32101]: ClamAV updater /usr/local/bin/freshclam cannot > be run > > Que podrá ser????? > Significa esto que no se esta actualizando el clamav???? > > Gracias de antemano > Raul How many times do you see that message? If you try to run it manually does it work? Michele ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Tue Jun 14 20:01:49 2005 From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:30:01 2006 Subject: problema Message-ID: MailScanner mailing list wrote: > Aparece el error cada 1 hora aproximadamente, No se como > ejecutarlo manual... Just ssh into the server and run the command: freshclam It should be in your path Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location & domains http://www.blacknight.ie/ Tel. +353 59 9137101 | Fax. +353 59 9146970 Tired of your current host? Save 15% when you move to us! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Tue Jun 14 19:58:44 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:01 2006 Subject: problema Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Raul Urqueta Sierra wrote: > Aparece el error cada 1 hora aproximadamente, > No se como ejecutarlo manual... /usr/local/bin/freshclam existe? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From max at KIPNESS.COM Tue Jun 14 20:28:43 2005 From: max at KIPNESS.COM (Max Kipness) Date: Thu Jan 12 21:30:01 2006 Subject: Forcing Queue as Apache Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I^Òve been unable to figure out the best method to force email through the queue as user apache. I^Òve created a web page that lists emails from the /var/spool/Mailscanner/^Å/^Å/spam dir. To release an email, I simply have some PHP code that copies the email to the /var/spool/mqueue dir. After altering permissions in MailScanner.conf, this is not a problem. If I just wait for the next queue interval (default 30 min), everything is fine. However, I^Òd like the email to deliver immediately, so I have the PHP script executing the following command: $send = `/usr/sbin/sendmail ^ÖqI$messageid`; This causes permissions problems. The problems are different if the recipient is local or being relayed to another server. If the recipient is on a mail server that is being relayed to after the spam/virus checks, I get this error: Jun 14 14:13:13 mailserver sendmail[6860]: j5E7hvlJ022952: SYSERR(apache): mail.xxxxxx.com. config error: mail loops back to me (MX problem?) If the recipient is local to the server (this mailscanner server also hosts actual Sendmail user accounts), then I get these errors: Jun 14 11:49:18 mailserver sendmail[3052]: j5E2sZ61017899: SYSERR(apache): hash map "Alias0": unsafe map file /etc/aliases.db: Permission denied Jun 14 11:49:18 mailserver sendmail[3053]: j5E2sZ61017899: SYSERR(apache): openmailer: insufficient privileges to change gid, RunAsUid=48, new_gid=0, gid=48, egid=51 Jun 14 11:49:18 mailserver sendmail[3052]: j5E2sZ61017899: to=blisle, delay=13:54:43, xdelay=00:00:00, mailer=local, pri=352836, dsn=4.0.0, stat=Deferred: local mailer (/usr/bin/procmail) exited with EX_TEMPFAIL Jun 14 11:49:18 mailserver sendmail[3052]: j5E2sZ61017899: j5EGnIRN003052: sender notify: Warning: could not send message for past 4 hours I was able to get rid of the Alias0 error by changing perms to the /etc/aliases.db to 0644 (from 0640). But I can^Òt figure out the other errors. I was thinking of copying the messages to another folder instead of mqueue and then having cronjob running as root look into that folder every 5 minutes and then copy to mqueue, but I^Òd rather having it instantaneously. Any suggestions? And how safe is it? Thanks, Max ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rurqueta at MUNILASERENA.CL Tue Jun 14 20:38:42 2005 From: rurqueta at MUNILASERENA.CL (Raul Urqueta Sierra) Date: Thu Jan 12 21:30:01 2006 Subject: problema Message-ID: # locate freshclam /usr/share/man/man5/freshclam.conf.5.gz /usr/share/man/man1/freshclam.1.gz /usr/bin/freshclam /etc/cron.daily/freshclam /etc/logrotate.d/freshclam /etc/rc.d/rc4.d/K38freshclam /etc/rc.d/rc5.d/K38freshclam /etc/rc.d/init.d/freshclam /etc/rc.d/rc6.d/K38freshclam /etc/rc.d/rc0.d/K38freshclam /etc/rc.d/rc3.d/K38freshclam /etc/rc.d/rc1.d/K38freshclam /etc/rc.d/rc2.d/K38freshclam /etc/freshclam.conf esta es la lista, esta en usr/bin no en usr/local/bin lo copio para el otro lado?? -----Mensaje original----- De: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] En nombre de Ugo Bellavance Enviado el: Martes, 14 de Junio de 2005 14:59 Para: MAILSCANNER@JISCMAIL.AC.UK Asunto: Re: problema Raul Urqueta Sierra wrote: > Aparece el error cada 1 hora aproximadamente, > No se como ejecutarlo manual... /usr/local/bin/freshclam existe? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue Jun 14 20:42:45 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:01 2006 Subject: Forcing Queue as Apache Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Max Kipness said the following on 6/14/2005 12:28 PM: > I^Òve been unable to figure out the best method to force email through the > queue as user apache. > > I^Òve created a web page that lists emails from the > /var/spool/Mailscanner/^Å/^Å/spam dir. To release an email, I simply have > some PHP code that copies the email to the /var/spool/mqueue dir. After > altering permissions in MailScanner.conf, this is not a problem. If I just > wait for the next queue interval (default 30 min), everything is fine. > However, I^Òd like the email to deliver immediately, so I have the PHP > script executing the following command: > > $send = `/usr/sbin/sendmail ^ÖqI$messageid`; > > This causes permissions problems. > > The problems are different if the recipient is local or being relayed to > another server. > > If the recipient is on a mail server that is being relayed to after the > spam/virus checks, I get this error: > > Jun 14 14:13:13 mailserver sendmail[6860]: j5E7hvlJ022952: SYSERR(apache): > mail.xxxxxx.com. config error: mail loops back to me (MX problem?) > > If the recipient is local to the server (this mailscanner server also > hosts actual Sendmail user accounts), then I get these errors: > > Jun 14 11:49:18 mailserver sendmail[3052]: j5E2sZ61017899: SYSERR(apache): > hash map "Alias0": unsafe map file /etc/aliases.db: Permission denied > > Jun 14 11:49:18 mailserver sendmail[3053]: j5E2sZ61017899: SYSERR(apache): > openmailer: insufficient privileges to change gid, RunAsUid=48, new_gid=0, > gid=48, egid=51 > > Jun 14 11:49:18 mailserver sendmail[3052]: j5E2sZ61017899: to=blisle, > delay=13:54:43, xdelay=00:00:00, mailer=local, pri=352836, dsn=4.0.0, > stat=Deferred: local mailer (/usr/bin/procmail) exited with EX_TEMPFAIL > > Jun 14 11:49:18 mailserver sendmail[3052]: j5E2sZ61017899: j5EGnIRN003052: > sender notify: Warning: could not send message for past 4 hours > > I was able to get rid of the Alias0 error by changing perms to the > /etc/aliases.db to 0644 (from 0640). But I can^Òt figure out the other > errors. > > I was thinking of copying the messages to another folder instead of mqueue > and then having cronjob running as root look into that folder every 5 > minutes and then copy to mqueue, but I^Òd rather having it instantaneously. > > Any suggestions? And how safe is it? > > Thanks, > Max > Couldn't you just flush the sendmail queue after the copy. /usr/lib/sendmail -v -q -C/etc/mail/sendmail.cf, if I remember correctly, should do. Shouldn't be too much unless you release a lot of messages fairly often. But it will send everything in the queue, and not just the released message. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Tue Jun 14 20:57:05 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:01 2006 Subject: problema Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Raul Urqueta Sierra wrote: > # locate freshclam > /usr/share/man/man5/freshclam.conf.5.gz > /usr/share/man/man1/freshclam.1.gz > /usr/bin/freshclam > /etc/cron.daily/freshclam > /etc/logrotate.d/freshclam > /etc/rc.d/rc4.d/K38freshclam > /etc/rc.d/rc5.d/K38freshclam > /etc/rc.d/init.d/freshclam > /etc/rc.d/rc6.d/K38freshclam > /etc/rc.d/rc0.d/K38freshclam > /etc/rc.d/rc3.d/K38freshclam > /etc/rc.d/rc1.d/K38freshclam > /etc/rc.d/rc2.d/K38freshclam > /etc/freshclam.conf > > esta es la lista, esta en usr/bin no en usr/local/bin > > lo copio para el otro lado?? > No... qual es la version de ClamAV? Y MailScanner? Qual es la fecha de /usr/bin/freshclam? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rurqueta at MUNILASERENA.CL Tue Jun 14 21:21:02 2005 From: rurqueta at MUNILASERENA.CL (Raul Urqueta Sierra) Date: Thu Jan 12 21:30:01 2006 Subject: problema Message-ID: -rwxr-xr-x 1 root root 49533 May 18 14:34 freshclam clamscan -V ClamAV 0.85.1/880/Mon May 16 11:00:02 2005 # MailScanner -V Running on Linux servsrna.munilaserena.cl 2.6.9-1.667 #1 Tue Nov 2 14:41:25 EST 2004 i686 i686 i386 GNU/Linux This is Fedora Core release 3 (Heidelberg) This is Perl version 5.008005 (5.8.5) This is MailScanner version 4.41.3 No... qual es la version de ClamAV? Y MailScanner? Qual es la fecha de /usr/bin/freshclam? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From max at KIPNESS.COM Tue Jun 14 21:25:16 2005 From: max at KIPNESS.COM (Max Kipness) Date: Thu Jan 12 21:30:01 2006 Subject: Forcing Queue as Apache Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > Max Kipness said the following on 6/14/2005 12:28 PM: >> I^Òve been unable to figure out the best method to force email through >> the >> queue as user apache. >> >> I^Òve created a web page that lists emails from the >> /var/spool/Mailscanner/^Å/^Å/spam dir. To release an email, I simply have >> some PHP code that copies the email to the /var/spool/mqueue dir. After >> altering permissions in MailScanner.conf, this is not a problem. If I >> just >> wait for the next queue interval (default 30 min), everything is fine. >> However, I^Òd like the email to deliver immediately, so I have the PHP >> script executing the following command: >> >> $send = `/usr/sbin/sendmail ^ÖqI$messageid`; >> >> This causes permissions problems. >> >> The problems are different if the recipient is local or being relayed to >> another server. >> >> If the recipient is on a mail server that is being relayed to after the >> spam/virus checks, I get this error: >> >> Jun 14 14:13:13 mailserver sendmail[6860]: j5E7hvlJ022952: >> SYSERR(apache): >> mail.xxxxxx.com. config error: mail loops back to me (MX problem?) >> >> If the recipient is local to the server (this mailscanner server also >> hosts actual Sendmail user accounts), then I get these errors: >> >> Jun 14 11:49:18 mailserver sendmail[3052]: j5E2sZ61017899: >> SYSERR(apache): >> hash map "Alias0": unsafe map file /etc/aliases.db: Permission denied >> >> Jun 14 11:49:18 mailserver sendmail[3053]: j5E2sZ61017899: >> SYSERR(apache): >> openmailer: insufficient privileges to change gid, RunAsUid=48, >> new_gid=0, >> gid=48, egid=51 >> >> Jun 14 11:49:18 mailserver sendmail[3052]: j5E2sZ61017899: to=blisle, >> delay=13:54:43, xdelay=00:00:00, mailer=local, pri=352836, dsn=4.0.0, >> stat=Deferred: local mailer (/usr/bin/procmail) exited with EX_TEMPFAIL >> >> Jun 14 11:49:18 mailserver sendmail[3052]: j5E2sZ61017899: >> j5EGnIRN003052: >> sender notify: Warning: could not send message for past 4 hours >> >> I was able to get rid of the Alias0 error by changing perms to the >> /etc/aliases.db to 0644 (from 0640). But I can^Òt figure out the other >> errors. >> >> I was thinking of copying the messages to another folder instead of >> mqueue >> and then having cronjob running as root look into that folder every 5 >> minutes and then copy to mqueue, but I^Òd rather having it >> instantaneously. >> >> Any suggestions? And how safe is it? >> >> Thanks, >> Max >> > Couldn't you just flush the sendmail queue after the copy. > /usr/lib/sendmail -v -q -C/etc/mail/sendmail.cf, if I remember > correctly, should do. Shouldn't be too much unless you release a lot of > messages fairly often. > But it will send everything in the queue, and not just the released > message. Right, this will try to send everything instead of the one message. But this doesn't get around the permissions issue, because apache is still executing sendmail. Thanks, Max ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Tue Jun 14 21:33:10 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:01 2006 Subject: problema Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Raul Urqueta Sierra wrote: > -rwxr-xr-x 1 root root 49533 May 18 14:34 freshclam > > clamscan -V > ClamAV 0.85.1/880/Mon May 16 11:00:02 2005 Installacion para rpm o source? Qual es la fecha de /usr/bin/freshclam? > > # MailScanner -V > Running on > Linux servsrna.munilaserena.cl 2.6.9-1.667 #1 Tue Nov 2 14:41:25 EST > 2004 i686 i686 i386 GNU/Linux > This is Fedora Core release 3 (Heidelberg) > This is Perl version 5.008005 (5.8.5) > > This is MailScanner version 4.41.3 > > > No... qual es la version de ClamAV? Y MailScanner? > > Qual es la fecha de /usr/bin/freshclam? > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Tue Jun 14 21:44:15 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:30:01 2006 Subject: Forcing Queue as Apache Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Max Kipness wrote: >>Max Kipness said the following on 6/14/2005 12:28 PM: >> >> >>>I^Òve been unable to figure out the best method to force email through >>>the >>>queue as user apache. >>> >>>I^Òve created a web page that lists emails from the >>>/var/spool/Mailscanner/^Å/^Å/spam dir. To release an email, I simply have >>>some PHP code that copies the email to the /var/spool/mqueue dir. After >>>altering permissions in MailScanner.conf, this is not a problem. If I >>>just >>>wait for the next queue interval (default 30 min), everything is fine. >>>However, I^Òd like the email to deliver immediately, so I have the PHP >>>script executing the following command: >>> >>>$send = `/usr/sbin/sendmail ^ÖqI$messageid`; >>> >>>This causes permissions problems. >>> >>>The problems are different if the recipient is local or being relayed to >>>another server. >>> >>>If the recipient is on a mail server that is being relayed to after the >>>spam/virus checks, I get this error: >>> >>>Jun 14 14:13:13 mailserver sendmail[6860]: j5E7hvlJ022952: >>>SYSERR(apache): >>>mail.xxxxxx.com. config error: mail loops back to me (MX problem?) >>> >>>If the recipient is local to the server (this mailscanner server also >>>hosts actual Sendmail user accounts), then I get these errors: >>> >>>Jun 14 11:49:18 mailserver sendmail[3052]: j5E2sZ61017899: >>>SYSERR(apache): >>>hash map "Alias0": unsafe map file /etc/aliases.db: Permission denied >>> >>>Jun 14 11:49:18 mailserver sendmail[3053]: j5E2sZ61017899: >>>SYSERR(apache): >>>openmailer: insufficient privileges to change gid, RunAsUid=48, >>>new_gid=0, >>>gid=48, egid=51 >>> >>>Jun 14 11:49:18 mailserver sendmail[3052]: j5E2sZ61017899: to=blisle, >>>delay=13:54:43, xdelay=00:00:00, mailer=local, pri=352836, dsn=4.0.0, >>>stat=Deferred: local mailer (/usr/bin/procmail) exited with EX_TEMPFAIL >>> >>>Jun 14 11:49:18 mailserver sendmail[3052]: j5E2sZ61017899: >>>j5EGnIRN003052: >>>sender notify: Warning: could not send message for past 4 hours >>> >>>I was able to get rid of the Alias0 error by changing perms to the >>>/etc/aliases.db to 0644 (from 0640). But I can^Òt figure out the other >>>errors. >>> >>>I was thinking of copying the messages to another folder instead of >>>mqueue >>>and then having cronjob running as root look into that folder every 5 >>>minutes and then copy to mqueue, but I^Òd rather having it >>>instantaneously. >>> >>>Any suggestions? And how safe is it? >>> >>>Thanks, >>>Max >>> >>> >>> >>Couldn't you just flush the sendmail queue after the copy. >>/usr/lib/sendmail -v -q -C/etc/mail/sendmail.cf, if I remember >>correctly, should do. Shouldn't be too much unless you release a lot of >>messages fairly often. >>But it will send everything in the queue, and not just the released >>message. >> >> > >Right, this will try to send everything instead of the one message. But >this doesn't get around the permissions issue, because apache is still >executing sendmail. > > > What if you used sudo to give apache some more access? Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rurqueta at MUNILASERENA.CL Tue Jun 14 21:51:04 2005 From: rurqueta at MUNILASERENA.CL (Raul Urqueta Sierra) Date: Thu Jan 12 21:30:01 2006 Subject: problema Message-ID: rpm -----Mensaje original----- De: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] En nombre de Ugo Bellavance Enviado el: Martes, 14 de Junio de 2005 16:33 Para: MAILSCANNER@JISCMAIL.AC.UK Asunto: Re: problema Raul Urqueta Sierra wrote: > -rwxr-xr-x 1 root root 49533 May 18 14:34 freshclam > > clamscan -V > ClamAV 0.85.1/880/Mon May 16 11:00:02 2005 Installacion para rpm o source? Qual es la fecha de /usr/bin/freshclam? > > # MailScanner -V > Running on > Linux servsrna.munilaserena.cl 2.6.9-1.667 #1 Tue Nov 2 14:41:25 EST > 2004 i686 i686 i386 GNU/Linux > This is Fedora Core release 3 (Heidelberg) > This is Perl version 5.008005 (5.8.5) > > This is MailScanner version 4.41.3 > > > No... qual es la version de ClamAV? Y MailScanner? > > Qual es la fecha de /usr/bin/freshclam? > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue Jun 14 21:41:50 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:01 2006 Subject: Forcing Queue as Apache Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Max Kipness said the following on 6/14/2005 1:25 PM: >>Max Kipness said the following on 6/14/2005 12:28 PM: >> >>>I^Òve been unable to figure out the best method to force email through >>>the >>>queue as user apache. >>> >>>I^Òve created a web page that lists emails from the >>>/var/spool/Mailscanner/^Å/^Å/spam dir. To release an email, I simply have >>>some PHP code that copies the email to the /var/spool/mqueue dir. After >>>altering permissions in MailScanner.conf, this is not a problem. If I >>>just >>>wait for the next queue interval (default 30 min), everything is fine. >>>However, I^Òd like the email to deliver immediately, so I have the PHP >>>script executing the following command: >>> >>>$send = `/usr/sbin/sendmail ^ÖqI$messageid`; >>> >>>This causes permissions problems. >>> >>>The problems are different if the recipient is local or being relayed to >>>another server. >>> >>>If the recipient is on a mail server that is being relayed to after the >>>spam/virus checks, I get this error: >>> >>>Jun 14 14:13:13 mailserver sendmail[6860]: j5E7hvlJ022952: >>>SYSERR(apache): >>>mail.xxxxxx.com. config error: mail loops back to me (MX problem?) >>> >>>If the recipient is local to the server (this mailscanner server also >>>hosts actual Sendmail user accounts), then I get these errors: >>> >>>Jun 14 11:49:18 mailserver sendmail[3052]: j5E2sZ61017899: >>>SYSERR(apache): >>>hash map "Alias0": unsafe map file /etc/aliases.db: Permission denied >>> >>>Jun 14 11:49:18 mailserver sendmail[3053]: j5E2sZ61017899: >>>SYSERR(apache): >>>openmailer: insufficient privileges to change gid, RunAsUid=48, >>>new_gid=0, >>>gid=48, egid=51 >>> >>>Jun 14 11:49:18 mailserver sendmail[3052]: j5E2sZ61017899: to=blisle, >>>delay=13:54:43, xdelay=00:00:00, mailer=local, pri=352836, dsn=4.0.0, >>>stat=Deferred: local mailer (/usr/bin/procmail) exited with EX_TEMPFAIL >>> >>>Jun 14 11:49:18 mailserver sendmail[3052]: j5E2sZ61017899: >>>j5EGnIRN003052: >>>sender notify: Warning: could not send message for past 4 hours >>> >>>I was able to get rid of the Alias0 error by changing perms to the >>>/etc/aliases.db to 0644 (from 0640). But I can^Òt figure out the other >>>errors. >>> >>>I was thinking of copying the messages to another folder instead of >>>mqueue >>>and then having cronjob running as root look into that folder every 5 >>>minutes and then copy to mqueue, but I^Òd rather having it >>>instantaneously. >>> >>>Any suggestions? And how safe is it? >>> >>>Thanks, >>>Max >>> >> >>Couldn't you just flush the sendmail queue after the copy. >>/usr/lib/sendmail -v -q -C/etc/mail/sendmail.cf, if I remember >>correctly, should do. Shouldn't be too much unless you release a lot of >>messages fairly often. >>But it will send everything in the queue, and not just the released >>message. > > > Right, this will try to send everything instead of the one message. But > this doesn't get around the permissions issue, because apache is still > executing sendmail. > > Thanks, > Max > You could su the sendmail process, or just turn the queue rate up to 5 or 10 minutes instead of 30. My users complain on long queue hold times. They think e-mail should be like a fax. But when the guy that signs my paycheck complained, I changed it. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at MANGO.ZW Tue Jun 14 22:00:41 2005 From: mailscanner at MANGO.ZW (Jim Holland) Date: Thu Jan 12 21:30:01 2006 Subject: OT: Blocking oversized messages during SMTP transaction Message-ID: Hi all Sorry to be a little off topic here, but we have a sendmail issue that I hope someone might be able to assist with. It is driving us mad! We have only very limited bandwidth - 64k for 2,500 (yes) e-mail users - so need to utilise our bandwidth as efficiently as possible. We have therefore configured the maximum message size in sendmail 8.13.1 to 1.5 MB. This normally works fine with intelligent mail systems that understand what "250-SIZE 1500000" means. However some systems such as Yahoo and, surprisingly, GoogleMail, fail to use the SIZE extension when sending us mail. The result is that we accept large messages from them as we don't know what the message size is going to be in advance, and then when the specified size limit is reached for the temporary mail file, sendmail still stupidly insists on continuing with the transaction even though it will no longer write to disk. That means that if Yahoo sends us an 8 MB file we accept the first 1,5 MB and write that to disk but then keep accepting the remaining 6,5 MB bytes only to chuck them into the bit bucket. Only when the transaction is complete does sendmail inform the sender that the message is too large. Clearly this is a total waste of time and bandwidth. This evening some idiot tried to send us 12 separate copies of a 4,5 MB message! Killing the connections doesn't work as Yahoo obviously just keeps resending. I had to wait until it became apparent who the sender was, then blacklist them in the access file and only then kill the connections. Is there any automated solution to this? We need to be able to terminate the session with an appropriate error message the moment it is apparent that the message is too large. Can sendmail be made to issue a fatal error message during the DATA phase of the SMTP transaction? Or is the crunch time when we need to bite the bullet and change to say Exim instead? With the increase in size of messages allowed by systems such as Yahoo and Gmail this is going to be more and more of a problem for us. If the above messages had arrived during the day they would have killed our bandwidth completely for several hours. Any help would be most appreciated - apologies for being off-topic, but I know the gurus are here on this list! Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Cleveland at WINNEFOX.ORG Tue Jun 14 21:58:51 2005 From: Cleveland at WINNEFOX.ORG (Jody Cleveland) Date: Thu Jan 12 21:30:01 2006 Subject: X-Authentication error in headers of email - how to fix? Message-ID: Hello, I've noticed, in the header of emails I receive, there is an error message: X-Authentication-Warning: mailman.winnefox.org: postfix set sender to postmaster using -f Any ideas on what it mean, or how to fix it? I'm running MailScanner 4.42.9-1 with SpamAssassin 3.0.4 on a redhat 3.0 AS server. -- Jody Cleveland Computer Support Specialist cleveland@winnefox.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Tue Jun 14 22:06:16 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:30:01 2006 Subject: Messages in foreign languages Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, Is it just me who has problems with messages not in English? I know I don't write perfect English because my main language is French but at least I always post in English. Why does it bother me? Maybe because whenever I see something I can't read I feel I cannot help the other person. This list is so valuable to people because so many people help others. Whenever someone use a foreign language, they can't get as much support because many people don't speak that language. Anyway, this has been a busy day for me... so forgive me if I hurt somebody's feelings because that was not my intent. :-( Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at MANGO.ZW Tue Jun 14 22:11:07 2005 From: mailscanner at MANGO.ZW (Jim Holland) Date: Thu Jan 12 21:30:01 2006 Subject: Forcing Queue as Apache Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi On Tue, 14 Jun 2005, Max Kipness wrote: > I^Òve been unable to figure out the best method to force email through the > queue as user apache. > > I^Òve created a web page that lists emails from the > /var/spool/Mailscanner/^Å/^Å/spam dir. To release an email, I simply have > some PHP code that copies the email to the /var/spool/mqueue dir. After > altering permissions in MailScanner.conf, this is not a problem. If I just > wait for the next queue interval (default 30 min), everything is fine. > However, I^Òd like the email to deliver immediately, so I have the PHP > script executing the following command: > > $send = `/usr/sbin/sendmail ^ÖqI$messageid`; > > This causes permissions problems. A possible compromise that avoids giving any additional permissions to apache would be for the script to dump the quarantined mail into a temporary holding queue, and then for a root cron job to check the contents once a minute and if it finds mail in the holding queue it could move it into the mail queue and process that particular message. You could even have a script that checks every few seconds if you wanted to minimise the delay. Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Tue Jun 14 22:15:08 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:30:01 2006 Subject: OT: Blocking oversized messages during SMTP transaction Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jim Holland wrote: > Hi all > > Sorry to be a little off topic here, but we have a sendmail issue that I > hope someone might be able to assist with. It is driving us mad! > > We have only very limited bandwidth - 64k for 2,500 (yes) e-mail users - > so need to utilise our bandwidth as efficiently as possible. We have > therefore configured the maximum message size in sendmail 8.13.1 to 1.5 MB. > This normally works fine with intelligent mail systems that understand > what "250-SIZE 1500000" means. Which exact sendmail options did you set for this? There are several different options which act in related ways, but not quite the same. For example, did you set SMTP_MAILER_MAX or MAX_MESSAGE_SIZE, or both? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Tue Jun 14 22:23:48 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:30:01 2006 Subject: Messages in foreign languages Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Denis Beauchemin wrote: > Hello, > > Is it just me who has problems with messages not in English? I know I > don't write perfect English because my main language is French but at > least I always post in English. > > Why does it bother me? Maybe because whenever I see something I can't > read I feel I cannot help the other person. This list is so valuable to > people because so many people help others. Whenever someone use a > foreign language, they can't get as much support because many people > don't speak that language. True, although I generally figure that is the risk the poster takes. They're posting in a language outside the norm for the list, so they're taking a risk they might not get the help they need. But that's their problem, not mine. If they get help, great, if not, there's nothing I can do about it. Either way, it doesn't bother me. Sometimes if I see someone posting in a foreign language and getting no answers I'll point out the obvious and suggest they try translating. Otherwise I just ignore the messages I can't read with a shrug. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Tue Jun 14 22:26:26 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:30:01 2006 Subject: Messages in foreign languages Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Matt Kettler wrote: >Otherwise I just ignore the messages I can't read with a shrug. > > And the big red cross (In T'Bird ;-) ) Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at NKPANAMA.COM Tue Jun 14 22:26:45 2005 From: alex at NKPANAMA.COM (Alex Neuman) Date: Thu Jan 12 21:30:01 2006 Subject: problema Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Raul Urqueta Sierra wrote: >rpm > >-----Mensaje original----- >De: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] En >nombre de Ugo Bellavance >Enviado el: Martes, 14 de Junio de 2005 16:33 >Para: MAILSCANNER@JISCMAIL.AC.UK >Asunto: Re: problema > >Raul Urqueta Sierra wrote: > > >>-rwxr-xr-x 1 root root 49533 May 18 14:34 freshclam >> >>clamscan -V >>ClamAV 0.85.1/880/Mon May 16 11:00:02 2005 >> >> > >Installacion para rpm o source? > >Qual es la fecha de /usr/bin/freshclam? > > > >># MailScanner -V >>Running on >>Linux servsrna.munilaserena.cl 2.6.9-1.667 #1 Tue Nov 2 14:41:25 EST >>2004 i686 i686 i386 GNU/Linux >>This is Fedora Core release 3 (Heidelberg) >>This is Perl version 5.008005 (5.8.5) >> >>This is MailScanner version 4.41.3 >> >> >>No... qual es la version de ClamAV? Y MailScanner? >> >>Qual es la fecha de /usr/bin/freshclam? >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > Mal hecho ;) ... jejeje... lo que pasa es que muchas veces los rpms ponen las cosas donde no deben o el empaquetador que lo creó (algún fulano en algún lado con una idea de cómo deben ser las cosas que no necesariamente es igual que la tuya) se le ocurrió hacerlo de una manera más "kosher". En cualquier caso, quita el RPM y mándate a bajar el fuente, compilarlo, etc. .. lo puedes hacer así: 1. Baja el tar.gz del clamav 2. vete a zlib.net y bájatelo, se instala igual que muchos otros fuentes con ./configure && make && make install 3. Te vas al sitio donde descomprimiste el tar.gz del clamav, le das ./configure && make && make install y editas /usr/local/etc/freshclam.conf y /usr/local/etc/clamav.conf para que se ajuste a tu configuración. Como mínimo tienes que quitar el # de por delante del "example" y designar tu país para los mirrors de la bajada de los updates. 4. Corre freshclam y cruza los dedos ;) Saludos, Alex ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at NKPANAMA.COM Tue Jun 14 22:27:35 2005 From: alex at NKPANAMA.COM (Alex Neuman) Date: Thu Jan 12 21:30:01 2006 Subject: Messages in foreign languages Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Matt Kettler wrote: >Denis Beauchemin wrote: > > >>Hello, >> >>Is it just me who has problems with messages not in English? I know I >>don't write perfect English because my main language is French but at >>least I always post in English. >> >>Why does it bother me? Maybe because whenever I see something I can't >>read I feel I cannot help the other person. This list is so valuable to >>people because so many people help others. Whenever someone use a >>foreign language, they can't get as much support because many people >>don't speak that language. >> >> > >True, although I generally figure that is the risk the poster takes. > >They're posting in a language outside the norm for the list, so they're taking a >risk they might not get the help they need. But that's their problem, not mine. > >If they get help, great, if not, there's nothing I can do about it. Either way, >it doesn't bother me. > >Sometimes if I see someone posting in a foreign language and getting no answers >I'll point out the obvious and suggest they try translating. > >Otherwise I just ignore the messages I can't read with a shrug. > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > We *could* open a list in spanish if need be. I'd be glad to contribute. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From max at KIPNESS.COM Tue Jun 14 22:49:24 2005 From: max at KIPNESS.COM (Max Kipness) Date: Thu Jan 12 21:30:01 2006 Subject: Forcing Queue as Apache Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > A possible compromise that avoids giving any additional permissions to > apache would be for the script to dump the quarantined mail into a > temporary holding queue, and then for a root cron job to check the > contents once a minute and if it finds mail in the holding queue it could > move it into the mail queue and process that particular message. You > could even have a script that checks every few seconds if you wanted to > minimise the delay. Yes, I documented this as a thought earlier in my original message. What are the thoughts on running a 3 minute cronjob to do this. Is this going to be a noticable extra load on the server? Right now, I've used the Sudo suggestion and it works. Thanks Dennis. I'm now wondering what kind of security implications this might have. Thanks, Max ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vagabondking at gmail.com Tue Jun 14 23:12:52 2005 From: vagabondking at gmail.com (Matt Salerno) Date: Thu Jan 12 21:30:01 2006 Subject: No mail processed unless I restart MailScanner Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Gentoo 2005.1 Perl v5.8.5 MailScanner 4.42.9-1 (tarball from mailscanner.info) Postfix 2.1.5-r2 I downloaded the install from the website. I have been using MailScanner on Redhat boxes for quite some time, and it's great. Everything is installed to /opt/MailScanner Postfix is properly configured to put all inbound mail into the hold queue. MailScanner is set to pick mai up from the queue Incoming Queue Dir = /var/spool/postfix/hold When I start MailScanner with the server, mail does not get processed. According to the output of ps -ef | grep MailScanner, it is running, but mail just fills up in the hold queue. There is nothing in the maillog, and even almost nothing when I set debug = yes. When I start MailScanner with the debug, this is all I get: ozone opt # /etc/init.d/MailScanner start * Starting MailScanner ... Starting MailScanner... In Debugging mode, not forking... Same thing if I execute: /usr/bin/perl -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/MailScanner/etc/MailScanner.conf I have Virus and Spam scanning disabled. I am at a complete loss. Can I increase the verbosity of the debugging? Or can anyone point my in any direction? Thanks. -- Matthew J. Salerno ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Carl.Andrews at CRACKERBARREL.COM Tue Jun 14 23:46:06 2005 From: Carl.Andrews at CRACKERBARREL.COM (Andrews Carl 448) Date: Thu Jan 12 21:30:01 2006 Subject: Forcing Queue as Apache Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Try this: add the user apache to the /etc/mail/trusted-users file. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Max Kipness Sent: Tuesday, June 14, 2005 4:49 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Forcing Queue as Apache > A possible compromise that avoids giving any additional permissions to > apache would be for the script to dump the quarantined mail into a > temporary holding queue, and then for a root cron job to check the > contents once a minute and if it finds mail in the holding queue it could > move it into the mail queue and process that particular message. You > could even have a script that checks every few seconds if you wanted to > minimise the delay. Yes, I documented this as a thought earlier in my original message. What are the thoughts on running a 3 minute cronjob to do this. Is this going to be a noticable extra load on the server? Right now, I've used the Sudo suggestion and it works. Thanks Dennis. I'm now wondering what kind of security implications this might have. Thanks, Max ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at MANGO.ZW Wed Jun 15 00:33:41 2005 From: mailscanner at MANGO.ZW (Jim Holland) Date: Thu Jan 12 21:30:01 2006 Subject: OT: Blocking oversized messages during SMTP transaction Message-ID: On Tue, 14 Jun 2005, Matt Kettler wrote: > > Sorry to be a little off topic here, but we have a sendmail issue that I > > hope someone might be able to assist with. It is driving us mad! > > > > We have only very limited bandwidth - 64k for 2,500 (yes) e-mail users - > > so need to utilise our bandwidth as efficiently as possible. We have > > therefore configured the maximum message size in sendmail 8.13.1 to 1.5 MB. > > This normally works fine with intelligent mail systems that understand > > what "250-SIZE 1500000" means. > > Which exact sendmail options did you set for this? > > There are several different options which act in related ways, but not > quite the same. For example, did you set SMTP_MAILER_MAX or > MAX_MESSAGE_SIZE, or both? I used only the MAX_MESSAGE_SIZE option. Would the SMTP_MAILER_MAX option work differently and achieve what we need? Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Wed Jun 15 00:54:39 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:30:01 2006 Subject: OT: Blocking oversized messages during SMTP transaction Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jim Holland wrote: > I used only the MAX_MESSAGE_SIZE option. Would the SMTP_MAILER_MAX option > work differently and achieve what we need? > In general, MAX_MESSAGE_SIZE should be the correct way to do it. However, if you are having problems like you describe, you might try setting the SMTP_MAILER_MAX. This should limit the size of the SMTP session. I'd look around and see if there's a sendmail bug somewhere on the issue. Sendmail should enforce the MAX_MESSAGE_SIZE with an error and not a stuck connection. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Wed Jun 15 00:57:28 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:01 2006 Subject: Messages in foreign languages Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Alex Neuman said the following on 6/14/2005 2:27 PM: > Matt Kettler wrote: > >> Denis Beauchemin wrote: >> >> >>> Hello, >>> >>> Is it just me who has problems with messages not in English? I know I >>> don't write perfect English because my main language is French but at >>> least I always post in English. >>> >>> Why does it bother me? Maybe because whenever I see something I can't >>> read I feel I cannot help the other person. This list is so valuable to >>> people because so many people help others. Whenever someone use a >>> foreign language, they can't get as much support because many people >>> don't speak that language. >>> >> >> >> True, although I generally figure that is the risk the poster takes. >> >> They're posting in a language outside the norm for the list, so >> they're taking a >> risk they might not get the help they need. But that's their problem, >> not mine. >> >> If they get help, great, if not, there's nothing I can do about it. >> Either way, >> it doesn't bother me. >> >> Sometimes if I see someone posting in a foreign language and getting >> no answers >> I'll point out the obvious and suggest they try translating. >> >> Otherwise I just ignore the messages I can't read with a shrug. >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> > We *could* open a list in spanish if need be. I'd be glad to contribute. > It is true that most of this list is at least comfortable with english, if not native to it. But running the message through a translator like babelfish.altavista.net doesn't help much. Maybe if people see a message in a language they are comfortable with, that is getting no answers, maybe they could add some translation and repost. Out of the goodness of their heart of course. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Wed Jun 15 00:58:55 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:01 2006 Subject: No mail processed unless I restart MailScanner Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Matt Salerno said the following on 6/14/2005 3:12 PM: > Gentoo 2005.1 > Perl v5.8.5 > MailScanner 4.42.9-1 (tarball from mailscanner.info) > Postfix 2.1.5-r2 > > I downloaded the install from the website. I have been using > MailScanner on Redhat boxes for quite some time, and it's great. > > Everything is installed to /opt/MailScanner > > Postfix is properly configured to put all inbound mail into the hold queue. > > MailScanner is set to pick mai up from the queue > Incoming Queue Dir = /var/spool/postfix/hold > > When I start MailScanner with the server, mail does not get processed. > According to the output of ps -ef | grep MailScanner, it is running, > but mail just fills up in the hold queue. There is nothing in the > maillog, and even almost nothing when I set debug = yes. > > When I start MailScanner with the debug, this is all I get: > > ozone opt # /etc/init.d/MailScanner start > * Starting MailScanner ... > Starting MailScanner... > In Debugging mode, not forking... > > Same thing if I execute: > /usr/bin/perl -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner > /opt/MailScanner/etc/MailScanner.conf > > I have Virus and Spam scanning disabled. I am at a complete loss. > Can I increase the verbosity of the debugging? > > Or can anyone point my in any direction? > > Thanks. Is there anything in the hold directory besides queue files? -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From miguelk at konsultex.com.br Wed Jun 15 01:45:15 2005 From: miguelk at konsultex.com.br (Miguel Koren OBrien de Lacy) Date: Thu Jan 12 21:30:01 2006 Subject: problema Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Raul; Lo único que le agregaria a lo que dice Alex es que veas si FC3 tiene un update de zlib disponible por yum o mecanismo parecido. Vi en esta lista hace unos meses alguien que perdió su servidor por esa actualización. Saludos. Miguel -- Konsultex Informatica (http://www.konsultex.com.br) ---------- Original Message ----------- From: Alex Neuman To: MAILSCANNER@JISCMAIL.AC.UK Sent: Tue, 14 Jun 2005 16:26:45 -0500 Subject: Re: problema > Raul Urqueta Sierra wrote: > > >rpm > > > >-----Mensaje original----- > >De: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] En > >nombre de Ugo Bellavance > >Enviado el: Martes, 14 de Junio de 2005 16:33 > >Para: MAILSCANNER@JISCMAIL.AC.UK > >Asunto: Re: problema > > > >Raul Urqueta Sierra wrote: > > > > > >>-rwxr-xr-x 1 root root 49533 May 18 14:34 freshclam > >> > >>clamscan -V > >>ClamAV 0.85.1/880/Mon May 16 11:00:02 2005 > >> > >> > > > >Installacion para rpm o source? > > > >Qual es la fecha de /usr/bin/freshclam? > > > > > > > >># MailScanner -V > >>Running on > >>Linux servsrna.munilaserena.cl 2.6.9-1.667 #1 Tue Nov 2 14:41:25 EST > >>2004 i686 i686 i386 GNU/Linux > >>This is Fedora Core release 3 (Heidelberg) > >>This is Perl version 5.008005 (5.8.5) > >> > >>This is MailScanner version 4.41.3 > >> > >> > >>No... qual es la version de ClamAV? Y MailScanner? > >> > >>Qual es la fecha de /usr/bin/freshclam? > >> > >>------------------------ MailScanner list ------------------------ > >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>'leave mailscanner' in the body of the email. > >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and > >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> > >>Support MailScanner development - buy the book off the website! > >> > >> > >> > > > >------------------------ MailScanner list ------------------------ > >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >'leave mailscanner' in the body of the email. > >Before posting, read the Wiki (http://wiki.mailscanner.info/) and > >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > >Support MailScanner development - buy the book off the website! > > > >------------------------ MailScanner list ------------------------ > >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >'leave mailscanner' in the body of the email. > >Before posting, read the Wiki (http://wiki.mailscanner.info/) and > >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > >Support MailScanner development - buy the book off the website! > > > > > Mal hecho ;) ... jejeje... lo que pasa es que muchas veces los rpms > ponen las cosas donde no deben o el empaquetador que lo creó (algún > fulano en algún lado con una idea de cómo deben ser las cosas que no > necesariamente es igual que la tuya) se le ocurrió hacerlo de una manera > más "kosher". > > En cualquier caso, quita el RPM y mándate a bajar el fuente, compilarlo, > etc. .. lo puedes hacer así: > > 1. Baja el tar.gz del clamav > 2. vete a zlib.net y bájatelo, se instala igual que muchos otros fuentes > con ./configure && make && make install > 3. Te vas al sitio donde descomprimiste el tar.gz del clamav, le das > ./configure && make && make install y editas > /usr/local/etc/freshclam.conf y /usr/local/etc/clamav.conf para que se > ajuste a tu configuración. Como mínimo tienes que quitar el # de por > delante del "example" y designar tu país para los mirrors de la bajada > de los updates. > 4. Corre freshclam y cruza los dedos ;) > > Saludos, > > Alex > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- > Esta mensagem foi verificada pelo sistema de antivírus e > acredita-se estar livre de perigo. ------- End of Original Message ------- -- Esta mensagem foi verificada pelo sistema de antivírus e acredita-se estar livre de perigo. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at nkpanama.com Wed Jun 15 02:31:52 2005 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Jan 12 21:30:01 2006 Subject: Messages in foreign languages Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Scott Silva wrote: >Alex Neuman said the following on 6/14/2005 2:27 PM: > > >>Matt Kettler wrote: >> >> >> >>>Denis Beauchemin wrote: >>> >>> >>> >>> >>>>Hello, >>>> >>>>Is it just me who has problems with messages not in English? I know I >>>>don't write perfect English because my main language is French but at >>>>least I always post in English. >>>> >>>>Why does it bother me? Maybe because whenever I see something I can't >>>>read I feel I cannot help the other person. This list is so valuable to >>>>people because so many people help others. Whenever someone use a >>>>foreign language, they can't get as much support because many people >>>>don't speak that language. >>>> >>>> >>>> >>>True, although I generally figure that is the risk the poster takes. >>> >>>They're posting in a language outside the norm for the list, so >>>they're taking a >>>risk they might not get the help they need. But that's their problem, >>>not mine. >>> >>>If they get help, great, if not, there's nothing I can do about it. >>>Either way, >>>it doesn't bother me. >>> >>>Sometimes if I see someone posting in a foreign language and getting >>>no answers >>>I'll point out the obvious and suggest they try translating. >>> >>>Otherwise I just ignore the messages I can't read with a shrug. >>> >>>------------------------ MailScanner list ------------------------ >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>'leave mailscanner' in the body of the email. >>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>Support MailScanner development - buy the book off the website! >>> >>> >>> >>> >>We *could* open a list in spanish if need be. I'd be glad to contribute. >> >> >> >It is true that most of this list is at least comfortable with english, >if not native to it. >But running the message through a translator like >babelfish.altavista.net doesn't help much. >Maybe if people see a message in a language they are comfortable with, >that is getting no answers, maybe they could add some translation and >repost. Out of the goodness of their heart of course. > > > > I've noticed a few posts from central european users that look like they've been run through a machine translator, like AV. Usually sounds like gibberish, and they usually take a few posts to unravel. Server admins should definitely look into learning at least enough English to get their point across - although I know a few native English speakers who aren't too fluent when it comes to posting either ;) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Wed Jun 15 03:07:21 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:30:02 2006 Subject: Messages in foreign languages Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Server > admins should definitely look into learning at least enough English to > get their point across - although I know a few native English speakers > who aren't too fluent when it comes to posting either ;) Hey, I resemble that remark! In my case this is mostly due to last-minute editing and hitting send without re-reading it. Although others might also say it's because I don't know how to spell color correctly, I think they're the ones that are confused ;) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Andreas.Doerfler at KEMPTEN.DE Wed Jun 15 07:17:12 2005 From: Andreas.Doerfler at KEMPTEN.DE ([iso-8859-1] Dörfler Andreas) Date: Thu Jan 12 21:30:02 2006 Subject: Messages in foreign languages Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] active writers are not enough to split the lists bad idea ... i agree with dennis. my english isnt that good but i always post here in english. this is my respect to julian and the community. greetings andy --free your mind, use open source http://www.mono-project.com ASCII ribbon campaign ( ) - against HTML email X & vCards / \ > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Alex Neuman > We *could* open a list in spanish if need be. I'd be glad to > contribute. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From darren at TORSION.CO.UK Wed Jun 15 08:15:16 2005 From: darren at TORSION.CO.UK (darren) Date: Thu Jan 12 21:30:02 2006 Subject: Raq3 f-prot problem Message-ID: Hi This has started to appear in my mail logs. I cant update to the latest MailScanner because there is a problem installing the perl modules on the Raq. Anyone have an idea what I can do? Thanks Jun 15 07:07:37 www mailscanner[9912]: Either you've found a bug in MailScanner's F-Prot output parser, or F-Prot's output format has changed! F-Prot said this "Search: .". Please mail the author of MailScanner Jun 15 07:07:37 www mailscanner[9912]: Either you've found a bug in MailScanner's F-Prot output parser, or F-Prot's output format has changed! F-Prot said this "Action: Report only". Please mail the author of MailScanner Jun 15 07:07:37 www mailscanner[9912]: Either you've found a bug in MailScanner's F-Prot output parser, or F-Prot's output format has changed! F-Prot said this "Files: "Dumb" scan of all files". Please mail the author of MailScanner Jun 15 07:07:37 www mailscanner[9912]: Either you've found a bug in MailScanner's F-Prot output parser, or F-Prot's output format has changed! F-Prot said this "Switches: -ARCHIVE -PACKED -SERVER -OLD". Please mail the author of MailScanner ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From darren at TORSION.CO.UK Wed Jun 15 08:17:17 2005 From: darren at TORSION.CO.UK (darren) Date: Thu Jan 12 21:30:02 2006 Subject: Raq3 f-prot problem Message-ID: Sorry forgot to add Im running a V3 MailScanner -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of darren Sent: 15 June 2005 08:15 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Raq3 f-prot problem Hi This has started to appear in my mail logs. I cant update to the latest MailScanner because there is a problem installing the perl modules on the Raq. Anyone have an idea what I can do? Thanks Jun 15 07:07:37 www mailscanner[9912]: Either you've found a bug in MailScanner's F-Prot output parser, or F-Prot's output format has changed! F-Prot said this "Search: .". Please mail the author of MailScanner Jun 15 07:07:37 www mailscanner[9912]: Either you've found a bug in MailScanner's F-Prot output parser, or F-Prot's output format has changed! F-Prot said this "Action: Report only". Please mail the author of MailScanner Jun 15 07:07:37 www mailscanner[9912]: Either you've found a bug in MailScanner's F-Prot output parser, or F-Prot's output format has changed! F-Prot said this "Files: "Dumb" scan of all files". Please mail the author of MailScanner Jun 15 07:07:37 www mailscanner[9912]: Either you've found a bug in MailScanner's F-Prot output parser, or F-Prot's output format has changed! F-Prot said this "Switches: -ARCHIVE -PACKED -SERVER -OLD". Please mail the author of MailScanner ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Jun 15 09:00:12 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:02 2006 Subject: Raq3 f-prot problem Message-ID: Darren Then you'd better upgrade to V4.latest. V3 has not been supported for many moons....(assuming Julian puts a new version every month, V4 is well over 3 years old now..) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 darren wrote: > Sorry forgot to add > Im running a V3 MailScanner > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf > Of darren > Sent: 15 June 2005 08:15 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Raq3 f-prot problem > > > Hi > > This has started to appear in my mail logs. I cant update to the latest > MailScanner because there is a problem installing the perl modules on the > Raq. Anyone have an idea what I can do? > > Thanks > > > Jun 15 07:07:37 www mailscanner[9912]: Either you've found a bug in > MailScanner's F-Prot output parser, or F-Prot's output format has changed! > F-Prot said this "Search: .". Please mail the author of MailScanner Jun 15 > 07:07:37 www mailscanner[9912]: Either you've found a bug in MailScanner's > F-Prot output parser, or F-Prot's output format has changed! F-Prot said > this "Action: Report only". Please mail the author of MailScanner Jun 15 > 07:07:37 www mailscanner[9912]: Either you've found a bug in MailScanner's > F-Prot output parser, or F-Prot's output format has changed! F-Prot said > this "Files: "Dumb" scan of all files". Please mail the author of > MailScanner Jun 15 07:07:37 www mailscanner[9912]: Either you've found a bug > in MailScanner's F-Prot output parser, or F-Prot's output format has > changed! F-Prot said this "Switches: -ARCHIVE -PACKED -SERVER -OLD". Please > mail the author of MailScanner > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > mailscanner' in the body of the email. Before posting, read the Wiki > (http://wiki.mailscanner.info/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Wed Jun 15 10:09:07 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:30:02 2006 Subject: Messages in log unseen before. Message-ID: Ken Goods wrote: > Ugo Bellavance wrote: >> Ken Goods wrote: >>> Ugo Bellavance wrote: >>> >>>> Ken Goods wrote: >>>> >>>>> I've seen quite a few of these in the logs since late last week... >>>>> >>>>> Jun 6 14:30:06 gw-mail MailScanner[14436]: Commercial scanner >>>>> clamav timed out! Jun 6 14:30:06 gw-mail MailScanner[14436]: >>>>> Virus Scanning: Denial Of Service attack detected! >>>>> >>>>> Can anyone shed some light? Something I should be concerned about? >>>> >>>> What version of clamAV are you using? >>>> >>> >>> >>> MailScanner 4.40.11 >>> ClamAV 0.83 >>> Spamassassin 3.0.2 >>> >>> I know they are a little dated but would that cause the above >>> messages? >>> >> >> Possibly for ClamAV. You should upgrade to 0.85.1. >> >>> Thanks, >>> Ken >>> >> > > I upgraded clamav to 0.85.1 last Wednesday and I still get these > messages: > > Jun 14 08:25:09 gw-mail MailScanner[5408]: Commercial scanner clamav > timed out! > Jun 14 08:25:09 gw-mail MailScanner[5408]: Virus Scanning: Denial Of > Service attack detected! > > I don't remember ever seeing these before and I couldn't find > anything with a google or ClamAV site/archive search. > > Can anyone give me a clue as to what these are and whether I should be > concerned, or are these messages not even generated by MailScanner? > (in which case I'll post to the clamav list) > > Thanks > Ken > Is it for every message, or for some? If you run the clamav-wrapper, does it take an inordinate time to finish? -- Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From devonharding at gmail.com Wed Jun 15 11:32:28 2005 From: devonharding at gmail.com (Devon Harding) Date: Thu Jan 12 21:30:02 2006 Subject: FSL Quarantine Report Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Anyone? On 6/14/05, Devon Harding wrote: For some reason, I have the FSL Quarantine Report setup, but its not sending out emails. This is what I get in /var/log/maillog after manually running the script from /usr/local/bin: Jun 13 14:24:34 art4 QuarantineReport[25500]: Starts Jun 13 14:24:37 art4 QuarantineReport[25500]: Ends What causes this? -Devon ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From usergroups at THEARGONCOMPANY.COM Wed Jun 15 12:06:22 2005 From: usergroups at THEARGONCOMPANY.COM (Atul Morey) Date: Thu Jan 12 21:30:02 2006 Subject: Oversized zip notification. Message-ID: Hi, I am using MailScanner 4.31.6-1 and clamav 0.80 on a Cobalt RaQ500 server with sendmail 8.11.6-1C7stackguard as the MTA. There have been instances that few archives (zip) are quarantined on our server due to "Oversized.zip", however the notifications are not sent to the sender or the receiver. This seems to be scary, isn't either one of the sender or the receiver be notified about the same ? Would appreciate any hints / clues . Regards, Atul ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Wed Jun 15 12:16:03 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:30:02 2006 Subject: Oversized zip notification. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Atul Morey wrote: > Hi, > > I am using MailScanner 4.31.6-1 and clamav 0.80 on a Cobalt RaQ500 server with > sendmail 8.11.6-1C7stackguard as the MTA. > > There have been instances that few archives (zip) are quarantined on our > server due to "Oversized.zip", however the notifications are not sent to the > sender or the receiver. > > This seems to be scary, isn't either one of the sender or the receiver be > notified about the same ? > > Would appreciate any hints / clues . > > Regards, > > Atul > Check your logs, the oversized zip file was probably detected as a virus by clam and hence no notifications were sent.. Also check clamd.conf for these lines.. # Mark archives as viruses (e.g. RAR.ExceededFileSize, Zip.ExceededFilesLimit) # if ArchiveMaxFiles, ArchiveMaxFileSize, or ArchiveMaxRecursion limit is # reached. # Default: disabled If you can use clamavmodule, some parameters for clam can be set in MailScanner.conf itself. Hope this helps, - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jun 15 10:13:12 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:02 2006 Subject: Messages in foreign languages Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 If your English is good enough to be able to explain a technical problem, then you will get more response if you post in English. But if it's nowhere near good enough, then you will get more response if you post in your native language, or a language in which you are good enough. This list doesn't need any stoopid rules about only being able to post in English. If we do that, then I am going to start insisting that you spell "colour" and "aluminium" correctly, too. If it's going to be English, then it's going to be *English* and not American. But it's not going to come to that. On 15 Jun 2005, at 07:17, Dörfler Andreas wrote: > active writers are not enough to split the lists > bad idea ... > > i agree with dennis. > my english isnt that good but i always post here > in english. > this is my respect to julian and the community. > > greetings > andy > > --free your mind, use open source > http://www.mono-project.com > > ASCII ribbon campaign ( ) > - against HTML email X > & vCards / \ > > > >> -----Original Message----- >> From: MailScanner mailing list >> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Alex Neuman >> > > >> We *could* open a list in spanish if need be. I'd be glad to >> contribute. >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQq/xKhH2WUcUFbZUEQIa+gCfTnTbIohPeAact8jixgWRttsWjfkAnjpn T2hbAUCCG5OYuNixabkvPTc+ =ybQ0 -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From karthik.kiruba at INMAIL.TRANQUILMONEY.COM Wed Jun 15 12:06:00 2005 From: karthik.kiruba at INMAIL.TRANQUILMONEY.COM (Karthik kiruba) Date: Thu Jan 12 21:30:02 2006 Subject: mails not recieved Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi all, This is regarding a problem with one of the user account - to which one particular mail - that has HTML content embeded in it is not reaching the person. Mails similar having HTML content is been reaching him. I also tried enabling conversion of HTML to text with Mailscanner - but it remains the same. So plz let me know how this can be troubleshooted or how to scan any particular mail thro Mailscanner - so that we can find the casuse. Thanks in advance, Karthik.k CONFIDENTIALITY NOTICE: This e-mail and its attachments may contain PRIVILEGED and CONFIDENTIAL INFORMATION and/or PROTECTED PATIENT HEALTH INFORMATION intended solely for the use of Tranquilmoney Inc. it's clients and the recipient(s) named above. If you are not the intended recipient, or the employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any review, dissemination, distribution, printing, or copying of this e-mail message and/or any attachments is strictly prohibited. If you have received this transmission in error, please notify the sender immediately and permanently delete this e-mail [shred the document] and any attachments. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Wed Jun 15 12:19:57 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:30:02 2006 Subject: problema Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Miguel Koren OBrien de Lacy wrote: > Raul; > > Lo único que le agregaria a lo que dice Alex es que veas si FC3 tiene > un update de zlib disponible por yum o mecanismo parecido. Vi en esta > lista hace unos meses alguien que perdió su servidor por esa > actualización. > > Saludos. > > Miguel > > -- > Konsultex Informatica (http://www.konsultex.com.br) > > ---------- Original Message ----------- > From: Alex Neuman > To: MAILSCANNER@JISCMAIL.AC.UK > Sent: Tue, 14 Jun 2005 16:26:45 -0500 > Subject: Re: problema > >> Raul Urqueta Sierra wrote: >> >>> rpm >>> >>> -----Mensaje original----- >>> De: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] En >>> nombre de Ugo Bellavance Enviado el: Martes, 14 de Junio de 2005 >>> 16:33 >>> Para: MAILSCANNER@JISCMAIL.AC.UK >>> Asunto: Re: problema >>> >>> Raul Urqueta Sierra wrote: >>> >>> >>>> -rwxr-xr-x 1 root root 49533 May 18 14:34 freshclam >>>> >>>> clamscan -V >>>> ClamAV 0.85.1/880/Mon May 16 11:00:02 2005 >>>> >>>> >>> >>> Installacion para rpm o source? >>> >>> Qual es la fecha de /usr/bin/freshclam? >>> >>> >>> >>>> # MailScanner -V >>>> Running on >>>> Linux servsrna.munilaserena.cl 2.6.9-1.667 #1 Tue Nov 2 14:41:25 >>>> EST 2004 i686 i686 i386 GNU/Linux This is Fedora Core release 3 >>>> (Heidelberg) >>>> This is Perl version 5.008005 (5.8.5) >>>> >>>> This is MailScanner version 4.41.3 >>>> >>>> >>>> No... qual es la version de ClamAV? Y MailScanner? >>>> >>>> Qual es la fecha de /usr/bin/freshclam? >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>>> >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >> Mal hecho ;) ... jejeje... lo que pasa es que muchas veces los rpms >> ponen las cosas donde no deben o el empaquetador que lo creó (algún >> fulano en algún lado con una idea de cómo deben ser las cosas que no >> necesariamente es igual que la tuya) se le ocurrió hacerlo de una >> manera más "kosher". >> >> En cualquier caso, quita el RPM y mándate a bajar el fuente, >> compilarlo, etc. .. lo puedes hacer así: >> >> 1. Baja el tar.gz del clamav >> 2. vete a zlib.net y bájatelo, se instala igual que muchos otros >> fuentes con ./configure && make && make install >> 3. Te vas al sitio donde descomprimiste el tar.gz del clamav, le das >> ./configure && make && make install y editas >> /usr/local/etc/freshclam.conf y /usr/local/etc/clamav.conf para que >> se ajuste a tu configuración. Como mínimo tienes que quitar el # de >> por delante del "example" y designar tu país para los mirrors de la >> bajada de los updates. >> 4. Corre freshclam y cruza los dedos ;) >> >> Saludos, >> >> Alex >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> -- >> Esta mensagem foi verificada pelo sistema de antivírus e >> acredita-se estar livre de perigo. > ------- End of Original Message ------- Um, not that I really understand what you're saying (not being a speaker (at all) of the language you're using), but isn't Rauls problem solely that the line clamav /usr/lib/MailScanner/clamav-wrapper /usr/local in /etc/MailScanner/virus.scanners.conf should read clamav /usr/lib/MailScanner/clamav-wrapper /usr instead? Sure, I too think it best to buld clamav from source, but... He really don't need to, to solve this... Or did you already cover this in Cheers -- Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jun 15 09:56:08 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:02 2006 Subject: Messages in foreign languages Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 14 Jun 2005, at 22:23, Matt Kettler wrote: > Denis Beauchemin wrote: > >> Hello, >> >> Is it just me who has problems with messages not in English? I >> know I >> don't write perfect English because my main language is French but at >> least I always post in English. >> >> Why does it bother me? Maybe because whenever I see something I >> can't >> read I feel I cannot help the other person. This list is so >> valuable to >> people because so many people help others. Whenever someone use a >> foreign language, they can't get as much support because many people >> don't speak that language. >> > > True, although I generally figure that is the risk the poster takes. > > They're posting in a language outside the norm for the list, so > they're taking a > risk they might not get the help they need. But that's their > problem, not mine. > > If they get help, great, if not, there's nothing I can do about it. > Either way, > it doesn't bother me. > > Sometimes if I see someone posting in a foreign language and > getting no answers > I'll point out the obvious and suggest they try translating. > > Otherwise I just ignore the messages I can't read with a shrug. Seconded. One of the things I like about this list is the ability to post in whatever language you feel more comfortable in, knowing that anyone who knows that language will try to help you out. I would much rather see people post in their favourite language. Yes, they won't get help from other people who don't know the language. But there are a lot of you out there prepared to help people, so the likelihood is that someone will understand you and help. The alternative is the Google-translated version of English, which is almost unintelligible a lot of the time. It takes 10 times as long to help them out because you can only deduce the meaning of 1 sentence in 10. I spend a lot of my time trying to help people using the machine-translator services, and it's very hard work. Remember that MailScanner is used in at least 70 countries. Diversity is good! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQq/tKRH2WUcUFbZUEQKS3ACguvdtKcTlN9ktsmjLGtF4DLp57u4AoIDO dzfvrq2Yi6zdIfuoV5F1opSm =uVcF -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Wed Jun 15 12:27:06 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:30:02 2006 Subject: Messages in foreign languages Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > If your English is good enough to be able to explain a technical > problem, then you will get more response if you post in English. But > if it's nowhere near good enough, then you will get more response if > you post in your native language, or a language in which you are good > enough. > > This list doesn't need any stoopid rules about only being able to > post in English. If we do that, then I am going to start insisting > that you spell "colour" and "aluminium" correctly, too. If it's going > to be English, then it's going to be *English* and not American. > > But it's not going to come to that. > Thus spake root again.. and i agree in totality (if thats the right word) On the lighter side, the latest bofh (on bayes and the queen's english) on the register is worth a read. http://www.theregister.co.uk/2005/06/03/bofh_2005_episode_18/ cheers, - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From usergroups at THEARGONCOMPANY.COM Wed Jun 15 12:56:29 2005 From: usergroups at THEARGONCOMPANY.COM (Atul Morey) Date: Thu Jan 12 21:30:02 2006 Subject: Oversized zip notification. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Dhawal, Thanks for your help. Usually the MailScanner sends a notification to the receiver in case it detects a virus in a message. In this case it did not notify the receiver nor the sender. > Check your logs, the oversized zip file was probably detected as a virus > by clam and hence no notifications were sent.. Also check clamd.conf for > these lines.. Thanks and Regards, Atul. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From campbell at cnpapers.com Wed Jun 15 14:04:23 2005 From: campbell at cnpapers.com (Steve Campbell) Date: Thu Jan 12 21:30:02 2006 Subject: Messages in foreign languages Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > If your English is good enough to be able to explain a technical > problem, then you will get more response if you post in English. But > if it's nowhere near good enough, then you will get more response if > you post in your native language, or a language in which you are good > enough. > > This list doesn't need any stoopid rules about only being able to > post in English. If we do that, then I am going to start insisting > that you spell "colour" and "aluminium" correctly, too. If it's going > to be English, then it's going to be *English* and not American. I think they're all wrong. Back here in the hollers of West Virginia, my dad always called it alunium. And we invented that stuff, I believe, so we should know how to say it. No, maybe that was Al Gore. Anyway, keep up the good work. Steve Campbell > > But it's not going to come to that. > > On 15 Jun 2005, at 07:17, Dörfler Andreas wrote: >> active writers are not enough to split the lists >> bad idea ... >> >> i agree with dennis. >> my english isnt that good but i always post here >> in english. >> this is my respect to julian and the community. >> >> greetings >> andy >> >> --free your mind, use open source >> http://www.mono-project.com >> >> ASCII ribbon campaign ( ) >> - against HTML email X >> & vCards / \ >> >> >> >>> -----Original Message----- >>> From: MailScanner mailing list >>> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Alex Neuman >>> >> >> >>> We *could* open a list in spanish if need be. I'd be glad to >>> contribute. >>> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.1 (Build 2185) > > iQA/AwUBQq/xKhH2WUcUFbZUEQIa+gCfTnTbIohPeAact8jixgWRttsWjfkAnjpn > T2hbAUCCG5OYuNixabkvPTc+ > =ybQ0 > -----END PGP SIGNATURE----- > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Wed Jun 15 13:54:56 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:02 2006 Subject: Messages in foreign languages Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > > Seconded. > > One of the things I like about this list is the ability to post in > whatever language you feel more comfortable in, knowing that anyone > who knows that language will try to help you out. I would much rather > see people post in their favourite language. Yes, they won't get help > from other people who don't know the language. But there are a lot of > you out there prepared to help people, so the likelihood is that > someone will understand you and help. I would gladly offer my help on a french list, but it looks like there aren't many french-speaking people who can't write in english. And I'd do my best on for a spanish list. However, as Julian said, the traffic probably wouldn't be worth the trouble of having a second mailing list. A suggestion would be to have people who understand the language try to translate into english, so that it can reach the bulk of users. Is it a good idea? Ugo ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jun 15 14:10:36 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:02 2006 Subject: mails not recieved Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Start by looking in your maillog to see what was logged about the message in question. That should give you a good idea of what happened. On 15 Jun 2005, at 12:06, Karthik kiruba wrote: > Hi all, > > This is regarding a problem with one of the user account - to which > one > particular mail - that has HTML content embeded in it is not > reaching the > person. > > Mails similar having HTML content is been reaching him. > > I also tried enabling conversion of HTML to text with Mailscanner - > but it > remains the same. > > So plz let me know how this can be troubleshooted or how to scan any > particular mail thro Mailscanner - so that we can find the casuse. > > Thanks in advance, > Karthik.k > > > > > > CONFIDENTIALITY NOTICE: This e-mail and its attachments may contain > PRIVILEGED and CONFIDENTIAL INFORMATION and/or PROTECTED PATIENT > HEALTH INFORMATION intended solely for the use of Tranquilmoney > Inc. it's clients and the recipient(s) named above. If you are not > the intended recipient, or the employee or agent responsible for > delivering this message to the intended recipient, you are hereby > notified that any review, dissemination, distribution, printing, or > copying of this e-mail message and/or any attachments is strictly > prohibited. If you have received this transmission in error, please > notify the sender immediately and permanently delete this e-mail > [shred the document] and any attachments. > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQrAozhH2WUcUFbZUEQIx2QCgm8u8SQysnELPM9equH3k7zW7bVcAni/p bf9xSlGFKExZXTYx2W7AkTz3 =uIXh -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Wed Jun 15 13:57:02 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:02 2006 Subject: mails not recieved Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Karthik kiruba wrote: > Hi all, > > This is regarding a problem with one of the user account - to which one > particular mail - that has HTML content embeded in it is not reaching the > person. > > Mails similar having HTML content is been reaching him. > > I also tried enabling conversion of HTML to text with Mailscanner - but it > remains the same. > > So plz let me know how this can be troubleshooted or how to scan any > particular mail thro Mailscanner - so that we can find the casuse. > > Thanks in advance, > Karthik.k Please give us more info. Logs and versions, especially. http://wiki.mailscanner.info/doku.php?id=maq:index#posting_rules ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Wed Jun 15 14:25:13 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:30:02 2006 Subject: Oversized zip notification. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Atul Morey wrote: > Hi Dhawal, > > Thanks for your help. > > Usually the MailScanner sends a notification to the receiver in case it > detects a virus in a message. In this case it did not notify the receiver nor > the sender. > > >>Check your logs, the oversized zip file was probably detected as a virus >>by clam and hence no notifications were sent.. Also check clamd.conf for >>these lines.. > What are the values of these parameters in MailScanner.conf? Silent Viruses Notify Senders Of Viruses Still Deliver Silent Viruses Non-Forging Viruses - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Wed Jun 15 14:36:28 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:30:02 2006 Subject: Messages in foreign languages Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ugo Bellavance wrote: > Julian Field wrote: > >> >> Seconded. >> >> One of the things I like about this list is the ability to post in >> whatever language you feel more comfortable in, knowing that anyone >> who knows that language will try to help you out. I would much rather >> see people post in their favourite language. Yes, they won't get help >> from other people who don't know the language. But there are a lot of >> you out there prepared to help people, so the likelihood is that >> someone will understand you and help. > > I would gladly offer my help on a french list, but it looks like there > aren't many french-speaking people who can't write in english. And > I'd do my best on for a spanish list. > > However, as Julian said, the traffic probably wouldn't be worth the > trouble of having a second mailing list. A suggestion would be to > have people who understand the language try to translate into > english, so that it can reach the bulk of users. > > Is it a good idea? > > Ugo Jodå, den duger... Er, well yes, it's good enough:) -- Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Richard.Hall at INGENTA.COM Wed Jun 15 14:32:13 2005 From: Richard.Hall at INGENTA.COM (Richard.Hall) Date: Thu Jan 12 21:30:02 2006 Subject: OT: Blocking oversized messages during SMTP transaction Message-ID: Jim, On Tue, 14 Jun 2005, Jim Holland wrote: [...] > We have only very limited bandwidth - 64k for 2,500 (yes) e-mail users - Ouch :-( > so need to utilise our bandwidth as efficiently as possible. We have > therefore configured the maximum message size in sendmail 8.13.1 to 1.5 MB. > This normally works fine with intelligent mail systems that understand > what "250-SIZE 1500000" means. > > However some systems such as Yahoo and, surprisingly, GoogleMail, fail to > use the SIZE extension when sending us mail. The result is that we accept > large messages from them as we don't know what the message size is going > to be in advance, and then when the specified size limit is reached for > the temporary mail file, sendmail still stupidly insists on continuing > with the transaction even though it will no longer write to disk. [...] > Is there any automated solution to this? We need to be able to terminate > the session with an appropriate error message the moment it is apparent > that the message is too large. Can sendmail be made to issue a fatal > error message during the DATA phase of the SMTP transaction? Or is the > crunch time when we need to bite the bullet and change to say Exim instead? [...] Much as I love Exim, and despite the fact that sendmail's config makes me feel nauseous, I don't believe that Exim can help you here. But nor can sendmail IMHO. The problem is the SMTP protocol itself, which only gives you two (relevant) points at which you can reject the message:- 1) immediately after receiving the DATA command - but that is obviously too soon for you, as you don't yet know the size; 2) after the terminating '.', when you do know the size - but by then it is too late, as you clearly appreciate. In between those two points the traffic is all "one-way". The SMTP protocol does not define any way to stop the data transmission in mid-stream, except by dropping the connection. And the other end will treat that as a temporary failure, and retry later. Ah, you know that ... > This evening some idiot tried to send us 12 separate copies of a 4,5 MB > message! Killing the connections doesn't work as Yahoo obviously just > keeps resending. I had to wait until it became apparent who the sender > was, then blacklist them in the access file and only then kill the > connections. The best I can suggest at the moment is that you limit the number of simultaneous connections from one IP address, eg so that you only have one rogue connection at a time. Exim can certainly do that; I don't know about sendmail. (Anyway, it's not foolproof - there are all sorts of trivial counter-examples - but it might help a bit.) HTH, Richard ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From zichovsky at TRUL.CZ Wed Jun 15 14:47:10 2005 From: zichovsky at TRUL.CZ (Pavel Zichovsky) Date: Thu Jan 12 21:30:02 2006 Subject: OT Sendmail help on new sendmail/MS/SA install Message-ID: Hi there! > Although the advice by other listmembers is extremely thorough, you only > need a few things in order to have SMTP AUTH working out-of-the-box on > CentOS/RH/FC or whatever other distro... > > 1. Have saslauthd running > 2. Have the following on /etc/mail/sendmail.mc: > TRUST_AUTH_MECH(`LOGIN PLAIN')dnl > define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl > define(`confAUTH_OPTIONS', `A')dnl Is anywhere "manual" how to inject these settings directly into sendmail.cf ?? In my instalation there is no sendmail-cf package (it is not problem to install it), and (what is problem) many settings were done directly into sendmail.cf (without mc) by server supplier. Unfortunately suppliers says that SMTP Auth cannot be enabled in current configuration (I read it like "we do not know how to enable it") and wants a lot of money for complete reinstalling/reconfiguration of server software (postfix instead of sendmail). So using of mc is no good for me, because it would mean building up complete .mc file from scratch :-( With regards Pavel Zichovsky (zichovsky@trul.cz) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vagabondking at gmail.com Wed Jun 15 15:01:56 2005 From: vagabondking at gmail.com (Matt Salerno) Date: Thu Jan 12 21:30:02 2006 Subject: No mail processed unless I restart MailScanner Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > Is there anything in the hold directory besides queue files? > > > -- The only other file in the hold queue is the razor-agent.log. -- Matthew J. Salerno ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Jun 15 15:06:49 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:02 2006 Subject: No mail processed unless I restart MailScanner Message-ID: Matt that's the problem then. I you can move elsewhere MS will be fine. Like I said MS really does not like anything else in the queue directories other than email. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Matt Salerno wrote: >>Is there anything in the hold directory besides queue files? >> >> >>-- > > > > The only other file in the hold queue is the razor-agent.log. > > ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Wed Jun 15 15:14:11 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:30:02 2006 Subject: No mail processed unless I restart MailScanner Message-ID: Matt Salerno wrote: >> Is there anything in the hold directory besides queue files? >> >> >> -- > > > The only other file in the hold queue is the razor-agent.log. Well, there's your problem then. Remove that file, then make sure razor can create it somewhere a bit more sane, as the postfix user. Personally, I do this by running the discovery as postfix after chmoding so that postfix has write perms on it's home dir, then chmoding back to the usual "cannot write to $HOME"... But there has been at least a couple of threads over the last few weeks about this problem that detail other, perhaps better, solutions ... so take a look in the list archives if you'd like some olternatives. -- Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vagabondking at gmail.com Wed Jun 15 15:30:18 2005 From: vagabondking at gmail.com (Matt Salerno) Date: Thu Jan 12 21:30:02 2006 Subject: No mail processed unless I restart MailScanner Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 6/15/05, Martin Hepworth wrote: > Matt > > that's the problem then. I you can move elsewhere MS will be fine. > > Like I said MS really does not like anything else in the queue > directories other than email. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > File deleted, and everything works great. Now I just need to figure out why Razor put it in the hold queue. Thanks ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Wed Jun 15 15:39:27 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:30:02 2006 Subject: No mail processed unless I restart MailScanner Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Matt Salerno wrote: > On 6/15/05, Martin Hepworth wrote: > >>Matt >> >>that's the problem then. I you can move elsewhere MS will be fine. >> >>Like I said MS really does not like anything else in the queue >>directories other than email. >> >>-- >>Martin Hepworth >>Snr Systems Administrator >>Solid State Logic >>Tel: +44 (0)1865 842300 >> > > > File deleted, and everything works great. Now I just need to figure > out why Razor put it in the hold queue. > Just put a line in razor-agent.conf where you want razor home to exist. razorhome = /path/to/.razor Also ensure spam.assassin.prefs.conf contains a line pointing to the right razor-agent.conf razor_config /path/to/.razor/razor-agent.conf - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kodak at FRONTIERHOMEMORTGAGE.COM Wed Jun 15 17:46:14 2005 From: kodak at FRONTIERHOMEMORTGAGE.COM (Jason Balicki) Date: Thu Jan 12 21:30:02 2006 Subject: OT: "OMG YOU SENT TEH VIRUSESS" Message-ID: Like a lot of you, I'm on a lot of mailing lists. Because of this, I get a large amount of garbage mail. One particular type of garbage mail is mis-configured mail scanning suites that send "virus received" warning messages. You all know why this is bad, so I won't discuss this. I'll just say that it annoys me greatly -- especially when my users receive them and I have to go through the incredibly boring explanation of what happened yet again. What I'd like to know, though, is what the general consensus is in regards to dealing with these. Is it bad form to track down the admin and explain (gently) that it's a bad idea to send these? I've sent mail to admins of domains before, but I've never received an "ok, we understand" (sign for OK!) back, and for the most part it does no good, because I get the same messages over and over. The Samba users mailing list is especially bad for this sort of behavior. It's not like it's bad enough for me to black list them, and threatening to blacklist their domain from my domain is kinda pointless -- chances are they'd never need to send or receive mail from us, ever. But they're still contributing to the problem of too much garbage traffic and not the solution. Has anyone had any success with these situations before? Any magic words that seem to help straighten out the offending parties? --J(K) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Wed Jun 15 17:45:57 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:02 2006 Subject: OT Sendmail help on new sendmail/MS/SA install Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Pavel Zichovsky said the following on 6/15/2005 6:47 AM: > Hi there! > > >>Although the advice by other listmembers is extremely thorough, you only >>need a few things in order to have SMTP AUTH working out-of-the-box on >>CentOS/RH/FC or whatever other distro... >> >>1. Have saslauthd running >>2. Have the following on /etc/mail/sendmail.mc: >>TRUST_AUTH_MECH(`LOGIN PLAIN')dnl >>define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl >>define(`confAUTH_OPTIONS', `A')dnl > > > Is anywhere "manual" how to inject these settings directly into sendmail.cf > ?? > > In my instalation there is no sendmail-cf package (it is not problem to > install it), and (what is problem) many settings were done directly into > sendmail.cf (without mc) by server supplier. Unfortunately suppliers says > that SMTP Auth cannot be enabled in current configuration (I read it like > "we do not know how to enable it") and wants a lot of money for complete > reinstalling/reconfiguration of server software (postfix instead of > sendmail). > So using of mc is no good for me, because it would mean building up complete > .mc file from scratch :-( > Is your sendmail system doing anything out of the ordinary? You could backup your sendmail.cf, run through the macro processor, and diff the new file to your backup. You could get a better idea of what is in the original, and maybe you could get a handle on some of the needed .mc commands to get something resembling your current configuration. Your mail server wouldn't have to be off line more then 5 minutes while you did this, or you could do the experimenting on another machine, and have no downtime at all. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Jun 15 18:03:53 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:02 2006 Subject: OT: "OMG YOU SENT TEH VIRUSESS" Message-ID: Jason a good SA rule for this is Tim Jackson's bogus virus warnings set. http://www.timj.co.uk/linux/bogus-virus-warnings.cf however you'll need to turn a few off by putting the following in spam.assassin.prefs.conf - otherwise various MS based systems will trigger the rules.. score VIRUS_WARNING15 0 score VIRUS_WARNING28 0 score VIRUS_WARNING33 0 score VIRUS_WARNING62 0 score VIRUS_WARNING66 0 score VIRUS_WARNING226 0 score VIRUS_WARNING250 0 score VIRUS_WARNING300 0 score VIRUS_WARNING326 0 score VIRUS_WARNING339 0 score VIRUS_WARNING340 0 -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Jason Balicki wrote: > Like a lot of you, I'm on a lot of mailing lists. > > Because of this, I get a large amount of garbage > mail. One particular type of garbage mail is > mis-configured mail scanning suites that send > "virus received" warning messages. You all know > why this is bad, so I won't discuss this. I'll > just say that it annoys me greatly -- especially > when my users receive them and I have to go > through the incredibly boring explanation of > what happened yet again. > > What I'd like to know, though, is what the general > consensus is in regards to dealing with these. Is > it bad form to track down the admin and explain > (gently) that it's a bad idea to send these? > > I've sent mail to admins of domains before, but > I've never received an "ok, we understand" (sign > for OK!) back, and for the most part it does no > good, because I get the same messages over and > over. The Samba users mailing list is especially > bad for this sort of behavior. > > It's not like it's bad enough for me to black > list them, and threatening to blacklist their > domain from my domain is kinda pointless -- > chances are they'd never need to send or > receive mail from us, ever. But they're still > contributing to the problem of too much garbage > traffic and not the solution. > > Has anyone had any success with these situations > before? Any magic words that seem to help > straighten out the offending parties? > > --J(K) > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Wed Jun 15 17:52:59 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:02 2006 Subject: OT: Blocking oversized messages during SMTP transaction Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jim Holland said the following on 6/14/2005 2:00 PM: > Hi all > > Sorry to be a little off topic here, but we have a sendmail issue that I > hope someone might be able to assist with. It is driving us mad! > > We have only very limited bandwidth - 64k for 2,500 (yes) e-mail users - > so need to utilise our bandwidth as efficiently as possible. We have > therefore configured the maximum message size in sendmail 8.13.1 to 1.5 MB. > This normally works fine with intelligent mail systems that understand > what "250-SIZE 1500000" means. > > However some systems such as Yahoo and, surprisingly, GoogleMail, fail to > use the SIZE extension when sending us mail. The result is that we accept > large messages from them as we don't know what the message size is going > to be in advance, and then when the specified size limit is reached for > the temporary mail file, sendmail still stupidly insists on continuing > with the transaction even though it will no longer write to disk. That > means that if Yahoo sends us an 8 MB file we accept the first 1,5 MB and > write that to disk but then keep accepting the remaining 6,5 MB bytes only > to chuck them into the bit bucket. Only when the transaction is complete > does sendmail inform the sender that the message is too large. Clearly > this is a total waste of time and bandwidth. > > This evening some idiot tried to send us 12 separate copies of a 4,5 MB > message! Killing the connections doesn't work as Yahoo obviously just > keeps resending. I had to wait until it became apparent who the sender > was, then blacklist them in the access file and only then kill the > connections. > > Is there any automated solution to this? We need to be able to terminate > the session with an appropriate error message the moment it is apparent > that the message is too large. Can sendmail be made to issue a fatal > error message during the DATA phase of the SMTP transaction? Or is the > crunch time when we need to bite the bullet and change to say Exim instead? > > With the increase in size of messages allowed by systems such as Yahoo and > Gmail this is going to be more and more of a problem for us. If the above > messages had arrived during the day they would have killed our bandwidth > completely for several hours. > > Any help would be most appreciated - apologies for being off-topic, but I > know the gurus are here on this list! > Maybe a better option would be to rent a virtual server out on the net to act as a mail gateway. That way you could kill the large messages, as well as the bandwidth choking spam and viruses, and then pass the "clean" messages on to your server. I think several people on this list host servers, and it might not be too expensive. It would be cheaper then more bandwidth! -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Wed Jun 15 18:07:55 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:30:02 2006 Subject: OT: "OMG YOU SENT TEH VIRUSESS" Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jason Balicki wrote: > Like a lot of you, I'm on a lot of mailing lists. > > Because of this, I get a large amount of garbage > mail. One particular type of garbage mail is > mis-configured mail scanning suites that send > "virus received" warning messages. You all know > why this is bad, so I won't discuss this. I'll > just say that it annoys me greatly -- especially > when my users receive them and I have to go > through the incredibly boring explanation of > what happened yet again. > [snip] > > Has anyone had any success with these situations > before? Any magic words that seem to help > straighten out the offending parties? > If i understand correctly you need Tim Jackson's (et al) bogus virus warnings from http://www.rulesemporium.com/rules/bogus-virus-warnings.cf rules_du_jour will take care of this downloading on a daily basis. Just make sure you remove some MailScanner (yup a badly / PHB configured MailScanner can also generate this garbage) related stuff or add the following in spam.assassin.prefs.conf score VIRUS_WARNING15 0 score VIRUS_WARNING28 0 score VIRUS_WARNING33 0 score VIRUS_WARNING62 0 score VIRUS_WARNING66 0 score VIRUS_WARNING226 0 score VIRUS_WARNING250 0 score VIRUS_WARNING300 0 score VIRUS_WARNING326 0 score VIRUS_WARNING339 0 score VIRUS_WARNING340 0 - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Wed Jun 15 18:16:34 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:30:02 2006 Subject: "OMG YOU SENT TEH VIRUSESS" Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Jason Balicki > Sent: Wednesday, June 15, 2005 12:46 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: OT: "OMG YOU SENT TEH VIRUSESS" > > Like a lot of you, I'm on a lot of mailing lists. > > Because of this, I get a large amount of garbage > mail. One particular type of garbage mail is > mis-configured mail scanning suites that send > "virus received" warning messages. You all know > why this is bad, so I won't discuss this. I'll > just say that it annoys me greatly -- especially > when my users receive them and I have to go > through the incredibly boring explanation of > what happened yet again. > > What I'd like to know, though, is what the general > consensus is in regards to dealing with these. Is > it bad form to track down the admin and explain > (gently) that it's a bad idea to send these? > > I've sent mail to admins of domains before, but > I've never received an "ok, we understand" (sign > for OK!) back, and for the most part it does no > good, because I get the same messages over and > over. The Samba users mailing list is especially > bad for this sort of behavior. > > It's not like it's bad enough for me to black > list them, and threatening to blacklist their > domain from my domain is kinda pointless -- > chances are they'd never need to send or > receive mail from us, ever. But they're still > contributing to the problem of too much garbage > traffic and not the solution. > > Has anyone had any success with these situations > before? Any magic words that seem to help > straighten out the offending parties? We use a modified version of the # bogus-virus-warnings.cf: http://www.timj.co.uk/linux/bogus-virus-warnings.cf Our Version is modified to disable some rules that might catch valid MailScanner messages / reports. Very few bogus virus warnings make it through this ruleset. A copy of: Our version of bogus-virus-warnings.cf Rules_Du_Jour Our Rules_Du_Jour wrapper script An install script for Linux systems that use /etc/cron.daily Is available from: www.fsl.con/support Steve Steve Swaney President Fort Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kodak at FRONTIERHOMEMORTGAGE.COM Wed Jun 15 18:15:50 2005 From: kodak at FRONTIERHOMEMORTGAGE.COM (Jason Balicki) Date: Thu Jan 12 21:30:02 2006 Subject: OT: "OMG YOU SENT TEH VIRUSESS" Message-ID: Martin Hepworth <> wrote: > a good SA rule for this is Tim Jackson's bogus virus warnings set. > > http://www.timj.co.uk/linux/bogus-virus-warnings.cf Martin, I appreciate this, but I was more concerned with getting the offending parties to stop wasting network resources than I am with tagging the messages. If nobody else is interested in this, that's fine -- I was just trying to provide a friendly community service for these folks before they get themselves blacklisted. --J(K) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Wed Jun 15 18:24:05 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:30:02 2006 Subject: OT: "OMG YOU SENT TEH VIRUSESS" Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jason Balicki wrote: > Like a lot of you, I'm on a lot of mailing lists. > > Because of this, I get a large amount of garbage > mail. One particular type of garbage mail is > mis-configured mail scanning suites that send > "virus received" warning messages. You all know > why this is bad, so I won't discuss this. I'll > just say that it annoys me greatly -- especially > when my users receive them and I have to go > through the incredibly boring explanation of > what happened yet again. > > What I'd like to know, though, is what the general > consensus is in regards to dealing with these. Is > it bad form to track down the admin and explain > (gently) that it's a bad idea to send these? I personally don't think it's bad form to gently warn them about sending such things. I also take the step of warning the admin if it continues, and outright blacklisting their server with an /etc/mail/access entry if I get more than 5 from them in a 24 hour period. Once warned, I treat such things as nothing short of intentional misconfiguration to support DDoS attacks, and I treat the offending networks accordingly. Although I've not seen such a case so far, I don't think it would be inappropriate to call an upstream provider and request they be shutdown if the load ever broke 2000 attempts/hr (about 1 every 2 seconds). At that point it's turned into an outright flooding attack. While all that might sound a little extreme, how many of you would block traffic from a known smurf amplifier that kept being used to hit your network? To me, there's no difference between a post-delivery virus/spam autoresponder and a smurf amplifier, it's just TCP/SMTP based instead of ICMP/echo. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Wed Jun 15 18:17:34 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:02 2006 Subject: Messages in foreign languages Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Matt Kettler said the following on 6/14/2005 7:07 PM: > Server > >>admins should definitely look into learning at least enough English to >>get their point across - although I know a few native English speakers >>who aren't too fluent when it comes to posting either ;) > > > Hey, I resemble that remark! > > In my case this is mostly due to last-minute editing and hitting send without > re-reading it. > > Although others might also say it's because I don't know how to spell color > correctly, I think they're the ones that are confused ;) > Hey, the King's english is still english! But then I guess I'm just one of those rude, pushy Americans! -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Wed Jun 15 18:30:27 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:30:02 2006 Subject: OT: "OMG YOU SENT TEH VIRUSESS" Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jason Balicki wrote: > Martin Hepworth <> wrote: > >>a good SA rule for this is Tim Jackson's bogus virus warnings set. >> >>http://www.timj.co.uk/linux/bogus-virus-warnings.cf > > > Martin, > > I appreciate this, but I was more concerned with > getting the offending parties to stop wasting > network resources than I am with tagging the messages. > > If nobody else is interested in this, that's fine -- > I was just trying to provide a friendly community > service for these folks before they get themselves > blacklisted. > Jason, This is simply not in your / our control, this is all about awareness on howto properly configure a mailserver The best one can do is to have an automated system where you send a mail to the abuse / postmaster of the problematic domain AND possibly block them using a local rbl (for repeat offenders). If their outgoing mails to your domain are important they'll change soon enough. Also if you / someone can write up and link about some best-practices for mailservers in such a situation, i'll personally spam the link to all mailadmins that i know of ;-) - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From KGoods at AIAINSURANCE.COM Wed Jun 15 18:29:36 2005 From: KGoods at AIAINSURANCE.COM (Ken Goods) Date: Thu Jan 12 21:30:02 2006 Subject: Messages in log unseen before. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Steen, Glenn wrote: >> I upgraded clamav to 0.85.1 last Wednesday and I still get these >> messages: >> >> Jun 14 08:25:09 gw-mail MailScanner[5408]: Commercial scanner clamav >> timed out! Jun 14 08:25:09 gw-mail MailScanner[5408]: Virus >> Scanning: Denial Of Service attack detected! >> >> I don't remember ever seeing these before and I couldn't find >> anything with a google or ClamAV site/archive search. >> >> Can anyone give me a clue as to what these are and whether I should >> be concerned, or are these messages not even generated by >> MailScanner? (in which case I'll post to the clamav list) >> >> Thanks >> Ken >> > > Is it for every message, or for some? If you run the clamav-wrapper, > does > it take an inordinate time to finish? > > -- Glenn Doesn't seem to be hitting on every message. Seems to happen every 7-9 minutes. This output is from: grep timed maillog Jun 15 03:55:38 gw-mail MailScanner[21501]: Commercial scanner clamav timed out! Jun 15 04:02:49 gw-mail MailScanner[21860]: Commercial scanner clamav timed out! Jun 15 04:11:14 gw-mail MailScanner[21951]: Commercial scanner clamav timed out! Jun 15 04:18:57 gw-mail MailScanner[21757]: Commercial scanner clamav timed out! Jun 15 04:27:11 gw-mail MailScanner[22314]: Commercial scanner clamav timed out! Jun 15 04:34:09 gw-mail MailScanner[22713]: Commercial scanner clamav timed out! Jun 15 04:41:09 gw-mail MailScanner[22838]: Commercial scanner clamav timed out! Jun 15 04:48:38 gw-mail MailScanner[23053]: Commercial scanner clamav timed out! Jun 15 04:56:26 gw-mail MailScanner[21809]: Commercial scanner clamav timed out! Jun 15 05:03:40 gw-mail MailScanner[21383]: Commercial scanner clamav timed out! Jun 15 05:10:59 gw-mail MailScanner[22939]: Commercial scanner clamav timed out! Jun 15 05:18:03 gw-mail MailScanner[23391]: Commercial scanner clamav timed out! Jun 15 05:25:27 gw-mail MailScanner[23304]: Commercial scanner clamav timed out! Jun 15 05:32:43 gw-mail MailScanner[23476]: Commercial scanner clamav timed out! Jun 15 05:39:52 gw-mail MailScanner[23578]: Commercial scanner clamav timed out! Jun 15 05:46:53 gw-mail MailScanner[23618]: Commercial scanner clamav timed out! Jun 15 05:54:08 gw-mail MailScanner[23207]: Commercial scanner clamav timed out! Jun 15 06:01:39 gw-mail MailScanner[23690]: Commercial scanner clamav timed out! Jun 15 06:08:44 gw-mail MailScanner[23801]: Commercial scanner clamav timed out! Jun 15 06:15:43 gw-mail MailScanner[23509]: Commercial scanner clamav timed out! Jun 15 06:23:17 gw-mail MailScanner[23937]: Commercial scanner clamav timed out! Jun 15 06:30:40 gw-mail MailScanner[23100]: Commercial scanner clamav timed out! Jun 15 06:38:09 gw-mail MailScanner[24120]: Commercial scanner clamav timed out! Jun 15 06:46:33 gw-mail MailScanner[24053]: Commercial scanner clamav timed out! Jun 15 06:53:29 gw-mail MailScanner[24387]: Commercial scanner clamav timed out! Jun 15 07:00:43 gw-mail MailScanner[23734]: Commercial scanner clamav timed out! Jun 15 07:08:18 gw-mail MailScanner[24253]: Commercial scanner clamav timed out! Jun 15 07:15:14 gw-mail MailScanner[24756]: Commercial scanner clamav timed out! Jun 15 07:23:25 gw-mail MailScanner[24509]: Commercial scanner clamav timed out! Jun 15 07:30:57 gw-mail MailScanner[24591]: Commercial scanner clamav timed out! Jun 15 07:38:09 gw-mail MailScanner[24948]: Commercial scanner clamav timed out! Jun 15 07:46:17 gw-mail MailScanner[25173]: Commercial scanner clamav timed out! Jun 15 07:53:19 gw-mail MailScanner[24895]: Commercial scanner clamav timed out! Jun 15 08:00:53 gw-mail MailScanner[25077]: Commercial scanner clamav timed out! Jun 15 08:08:33 gw-mail MailScanner[24322]: Commercial scanner clamav timed out! Jun 15 08:15:59 gw-mail MailScanner[25238]: Commercial scanner clamav timed out! Jun 15 08:23:18 gw-mail MailScanner[25485]: Commercial scanner clamav timed out! Jun 15 08:30:13 gw-mail MailScanner[25882]: Commercial scanner clamav timed out! Jun 15 08:37:57 gw-mail MailScanner[26077]: Commercial scanner clamav timed out! Jun 15 08:45:55 gw-mail MailScanner[26174]: Commercial scanner clamav timed out! Jun 15 08:53:41 gw-mail MailScanner[26398]: Commercial scanner clamav timed out! Jun 15 09:01:20 gw-mail MailScanner[25378]: Commercial scanner clamav timed out! Jun 15 09:09:39 gw-mail MailScanner[25703]: Commercial scanner clamav timed out! Jun 15 09:17:46 gw-mail MailScanner[26562]: Commercial scanner clamav timed out! Jun 15 09:25:20 gw-mail MailScanner[26732]: Commercial scanner clamav timed out! Jun 15 09:32:42 gw-mail MailScanner[26904]: Commercial scanner clamav timed out! Jun 15 09:40:15 gw-mail MailScanner[27267]: Commercial scanner clamav timed out! Jun 15 09:47:31 gw-mail MailScanner[27135]: Commercial scanner clamav timed out! Jun 15 09:55:47 gw-mail MailScanner[27448]: Commercial scanner clamav timed out! Jun 15 10:04:13 gw-mail MailScanner[25988]: Commercial scanner clamav timed out! I can't imagine what would be happening during that timeframe. This all started a couple weeks ago and at the same time my load went from averaging .3 to 1-2. I did not make any changes to the system and it has been running well since the last MailScanner/Spamassassin/ClamAV upgrade a couple months ago. MailScanner does use the clamav-wrapper but I can't tell how long clamscan is taking to complete. Is it more efficient to use the clamavmodule? If so I'll look into getting it configured and running. Any insight would be appreciated much. Thanks, Ken Ken Goods Network Administrator AIA Insurance, Inc. MIS Dept. 111 Main St. Lewiston, ID 83501 (208)799-9023 http://www.cropusainsurance.com kgoods@aiainsurance.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kodak at FRONTIERHOMEMORTGAGE.COM Wed Jun 15 18:38:46 2005 From: kodak at FRONTIERHOMEMORTGAGE.COM (Jason Balicki) Date: Thu Jan 12 21:30:02 2006 Subject: OT: "OMG YOU SENT TEH VIRUSESS" Message-ID: Dhawal Doshy <> wrote: > Also if you / someone can write up and link about some best-practices > for mailservers in such a situation, i'll personally spam the link to > all mailadmins that i know of ;-) Good idea, that might be a possibility. Unfortunately, I think a lot of these domains are set up by guys in screwdriver shops who don't know any better, and probably don't normally communicate beyond their own very small circle. If anyone has suggestions to include in a document like this, shoot them to me. Of course, a good place to start is http://rfc-ignorant.org :) --J(K) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michael at NOMENNESCIO.NET Wed Jun 15 18:42:42 2005 From: michael at NOMENNESCIO.NET (Mike) Date: Thu Jan 12 21:30:02 2006 Subject: "OMG YOU SENT TEH VIRUSESS" Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Stephen Swaney [cut] > Is available from: > > www.fsl.con/support ^ Are you trying to con us? ;-) > Steve Mike. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kodak at FRONTIERHOMEMORTGAGE.COM Wed Jun 15 18:42:56 2005 From: kodak at FRONTIERHOMEMORTGAGE.COM (Jason Balicki) Date: Thu Jan 12 21:30:02 2006 Subject: OT: "OMG YOU SENT TEH VIRUSESS" Message-ID: Matt Kettler <> wrote: [snip] > While all that might sound a little extreme, how many of you would > block traffic from a known smurf amplifier that kept being used to > hit your network? To me, there's no difference between a > post-delivery virus/spam autoresponder and a smurf amplifier, it's > just TCP/SMTP based instead of ICMP/echo. I don't think that's extreme at all. As a matter of fact, a lot of times when I'm trying to track down the responsible party for a domain I discover that they don't have an "abuse" or "postmaster" address set up. If I can I'll send a friendly warning. If not, or if the warning goes ignored for a few days then I submit the domain to rfc-ignorant.org. Sometimes I feel like I'm trying to plug a firehose with a cotton ball, but I do what I can. --J(K) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Wed Jun 15 18:41:28 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:02 2006 Subject: Raq3 f-prot problem Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Martin Hepworth said the following on 6/15/2005 1:00 AM: > Darren > > Then you'd better upgrade to V4.latest. V3 has not been supported for > many moons....(assuming Julian puts a new version every month, V4 is > well over 3 years old now..) > If I remember correctly, you pretty much have to replace the outdated perl on the raq to get it working with mailscanner. Try this link; http://hitechsavvy.com/modules.php?op=modload&name=News&file=article&sid=193&mode=thread&order=0&thold=0 I left whitespace around it in case of wrap. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Wed Jun 15 18:51:02 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:02 2006 Subject: Messages in log unseen before. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ken Goods wrote: > Steen, Glenn wrote: > > > > >>>I upgraded clamav to 0.85.1 last Wednesday and I still get these >>>messages: >>> >>>Jun 14 08:25:09 gw-mail MailScanner[5408]: Commercial scanner clamav >>>timed out! Jun 14 08:25:09 gw-mail MailScanner[5408]: Virus >>>Scanning: Denial Of Service attack detected! >>> >>>I don't remember ever seeing these before and I couldn't find >>>anything with a google or ClamAV site/archive search. >>> >>>Can anyone give me a clue as to what these are and whether I should >>>be concerned, or are these messages not even generated by >>>MailScanner? (in which case I'll post to the clamav list) >>> >>>Thanks >>>Ken >>> >> >>Is it for every message, or for some? If you run the clamav-wrapper, >>does >>it take an inordinate time to finish? >> >>-- Glenn > > > Doesn't seem to be hitting on every message. Seems to happen every 7-9 > minutes. > > This output is from: grep timed maillog > > Jun 15 03:55:38 gw-mail MailScanner[21501]: Commercial scanner clamav timed > out! > Jun 15 04:02:49 gw-mail MailScanner[21860]: Commercial scanner clamav timed > out! > Jun 15 04:11:14 gw-mail MailScanner[21951]: Commercial scanner clamav timed > out! > Jun 15 04:18:57 gw-mail MailScanner[21757]: Commercial scanner clamav timed > out! > Jun 15 04:27:11 gw-mail MailScanner[22314]: Commercial scanner clamav timed > out! > Jun 15 04:34:09 gw-mail MailScanner[22713]: Commercial scanner clamav timed > out! > Jun 15 04:41:09 gw-mail MailScanner[22838]: Commercial scanner clamav timed > out! > Jun 15 04:48:38 gw-mail MailScanner[23053]: Commercial scanner clamav timed > out! > Jun 15 04:56:26 gw-mail MailScanner[21809]: Commercial scanner clamav timed > out! > Jun 15 05:03:40 gw-mail MailScanner[21383]: Commercial scanner clamav timed > out! > Jun 15 05:10:59 gw-mail MailScanner[22939]: Commercial scanner clamav timed > out! > Jun 15 05:18:03 gw-mail MailScanner[23391]: Commercial scanner clamav timed > out! > Jun 15 05:25:27 gw-mail MailScanner[23304]: Commercial scanner clamav timed > out! > Jun 15 05:32:43 gw-mail MailScanner[23476]: Commercial scanner clamav timed > out! > Jun 15 05:39:52 gw-mail MailScanner[23578]: Commercial scanner clamav timed > out! > Jun 15 05:46:53 gw-mail MailScanner[23618]: Commercial scanner clamav timed > out! > Jun 15 05:54:08 gw-mail MailScanner[23207]: Commercial scanner clamav timed > out! > Jun 15 06:01:39 gw-mail MailScanner[23690]: Commercial scanner clamav timed > out! > Jun 15 06:08:44 gw-mail MailScanner[23801]: Commercial scanner clamav timed > out! > Jun 15 06:15:43 gw-mail MailScanner[23509]: Commercial scanner clamav timed > out! > Jun 15 06:23:17 gw-mail MailScanner[23937]: Commercial scanner clamav timed > out! > Jun 15 06:30:40 gw-mail MailScanner[23100]: Commercial scanner clamav timed > out! > Jun 15 06:38:09 gw-mail MailScanner[24120]: Commercial scanner clamav timed > out! > Jun 15 06:46:33 gw-mail MailScanner[24053]: Commercial scanner clamav timed > out! > Jun 15 06:53:29 gw-mail MailScanner[24387]: Commercial scanner clamav timed > out! > Jun 15 07:00:43 gw-mail MailScanner[23734]: Commercial scanner clamav timed > out! > Jun 15 07:08:18 gw-mail MailScanner[24253]: Commercial scanner clamav timed > out! > Jun 15 07:15:14 gw-mail MailScanner[24756]: Commercial scanner clamav timed > out! > Jun 15 07:23:25 gw-mail MailScanner[24509]: Commercial scanner clamav timed > out! > Jun 15 07:30:57 gw-mail MailScanner[24591]: Commercial scanner clamav timed > out! > Jun 15 07:38:09 gw-mail MailScanner[24948]: Commercial scanner clamav timed > out! > Jun 15 07:46:17 gw-mail MailScanner[25173]: Commercial scanner clamav timed > out! > Jun 15 07:53:19 gw-mail MailScanner[24895]: Commercial scanner clamav timed > out! > Jun 15 08:00:53 gw-mail MailScanner[25077]: Commercial scanner clamav timed > out! > Jun 15 08:08:33 gw-mail MailScanner[24322]: Commercial scanner clamav timed > out! > Jun 15 08:15:59 gw-mail MailScanner[25238]: Commercial scanner clamav timed > out! > Jun 15 08:23:18 gw-mail MailScanner[25485]: Commercial scanner clamav timed > out! > Jun 15 08:30:13 gw-mail MailScanner[25882]: Commercial scanner clamav timed > out! > Jun 15 08:37:57 gw-mail MailScanner[26077]: Commercial scanner clamav timed > out! > Jun 15 08:45:55 gw-mail MailScanner[26174]: Commercial scanner clamav timed > out! > Jun 15 08:53:41 gw-mail MailScanner[26398]: Commercial scanner clamav timed > out! > Jun 15 09:01:20 gw-mail MailScanner[25378]: Commercial scanner clamav timed > out! > Jun 15 09:09:39 gw-mail MailScanner[25703]: Commercial scanner clamav timed > out! > Jun 15 09:17:46 gw-mail MailScanner[26562]: Commercial scanner clamav timed > out! > Jun 15 09:25:20 gw-mail MailScanner[26732]: Commercial scanner clamav timed > out! > Jun 15 09:32:42 gw-mail MailScanner[26904]: Commercial scanner clamav timed > out! > Jun 15 09:40:15 gw-mail MailScanner[27267]: Commercial scanner clamav timed > out! > Jun 15 09:47:31 gw-mail MailScanner[27135]: Commercial scanner clamav timed > out! > Jun 15 09:55:47 gw-mail MailScanner[27448]: Commercial scanner clamav timed > out! > Jun 15 10:04:13 gw-mail MailScanner[25988]: Commercial scanner clamav timed > out! > > I can't imagine what would be happening during that timeframe. This all > started a couple weeks ago and at the same time my load went from averaging > .3 to 1-2. I did not make any changes to the system and it has been running > well since the last MailScanner/Spamassassin/ClamAV upgrade a couple months > ago. > > MailScanner does use the clamav-wrapper but I can't tell how long clamscan > is taking to complete. Is it more efficient to use the clamavmodule? If so > I'll look into getting it configured and running. > > Any insight would be appreciated much. Have you upgraded MailScanner to the latest stable version as well? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From KGoods at AIAINSURANCE.COM Wed Jun 15 19:14:41 2005 From: KGoods at AIAINSURANCE.COM (Ken Goods) Date: Thu Jan 12 21:30:02 2006 Subject: Messages in log unseen before. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ugo Bellavance wrote: > Ken Goods wrote: >> >> I can't imagine what would be happening during that timeframe. This >> all started a couple weeks ago and at the same time my load went >> from averaging .3 to 1-2. I did not make any changes to the system >> and it has been running well since the last >> MailScanner/Spamassassin/ClamAV upgrade a couple months ago. >> >> MailScanner does use the clamav-wrapper but I can't tell how long >> clamscan is taking to complete. Is it more efficient to use the >> clamavmodule? If so I'll look into getting it configured and running. >> >> Any insight would be appreciated much. > > Have you upgraded MailScanner to the latest stable version as well? > Not yet... it always seems like it turns into a bigger job than it should be. With Citrix, Oracle, 2 SQL servers, an AS400, Exchange Server, DNS, IIS 4.0 and 6.0, 15 websites, in-house programming, and all together 8 servers to maintain, time is short and email is not my only responsibility. I tend to forget how I did the upgrade the last time and end up with path/permission problems up the ying-yang. I know... I know... wha wha wha woo woo woo... nobody feels sorry for me, at least I have a job! :) Thanks Ugo... I'll upgrade the whole works and see what happens. Perhaps this time I will document everything so I remember how I did it for the next time. Kind regards, Ken ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From spamtrap71892316634 at ANIME.NET Wed Jun 15 19:21:43 2005 From: spamtrap71892316634 at ANIME.NET (Dan Hollis) Date: Thu Jan 12 21:30:02 2006 Subject: OT: "OMG YOU SENT TEH VIRUSESS" Message-ID: On Wed, 15 Jun 2005, Jason Balicki wrote: > Has anyone had any success with these situations > before? Any magic words that seem to help > straighten out the offending parties? The only one that works for me is "554 5.7.1 fix your broken antivirus filters" If they cant be bothered to fix it then their mail obviously isnt that important. -Dan ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Wed Jun 15 19:37:35 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:30:02 2006 Subject: "OMG YOU SENT TEH VIRUSESS" Message-ID: Mike wrote: >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>Behalf Of Stephen Swaney >> >> > >[cut] > > > >>Is available from: >> >> www.fsl.con/support >> >> Oops. Maybe that should be www.fsl.com/support >Are you trying to con us? ;-) ^ Nah. This just proves I can't spell. but hey - you new that alreddy. >Mike. BTW I just updated the Rules_Du_Jour package to include Tim's latest bogus-virus-warnings.cf with all of the MailScanner rule that are on Martin's list disabled. Steve Steve Swaney steve.swaney@fsl.com www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Wed Jun 15 19:24:23 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:02 2006 Subject: Messages in log unseen before. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ken Goods wrote: > Ugo Bellavance wrote: > >>Ken Goods wrote: >> >>>I can't imagine what would be happening during that timeframe. This >>>all started a couple weeks ago and at the same time my load went >>>from averaging .3 to 1-2. I did not make any changes to the system >>>and it has been running well since the last >>>MailScanner/Spamassassin/ClamAV upgrade a couple months ago. >>> >>>MailScanner does use the clamav-wrapper but I can't tell how long >>>clamscan is taking to complete. Is it more efficient to use the >>>clamavmodule? If so I'll look into getting it configured and running. >>> >>>Any insight would be appreciated much. >> >>Have you upgraded MailScanner to the latest stable version as well? >> > > > Not yet... it always seems like it turns into a bigger job than it should > be. > With Citrix, Oracle, 2 SQL servers, an AS400, Exchange Server, DNS, IIS 4.0 > and 6.0, 15 websites, in-house programming, and all together 8 servers to > maintain, > time is short and email is not my only responsibility. I tend to forget how > I did the upgrade the last time and end up with path/permission > problems up the ying-yang. > > I know... I know... wha wha wha woo woo woo... nobody feels sorry for me, > at least I have a job! :) > > Thanks Ugo... I'll upgrade the whole works and see what happens. > Perhaps this time I will document everything so I remember how I did it for > the next time. You say you had trouble upgrading the last time? What OS? Had a look at this? http://wiki.mailscanner.info/doku.php?id=maq:index#upgrade_rpm > > Kind regards, > Ken > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Wed Jun 15 19:36:33 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:02 2006 Subject: OT: "OMG YOU SENT TEH VIRUSESS" Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jason Balicki said the following on 6/15/2005 10:15 AM: > Martin Hepworth <> wrote: > >>a good SA rule for this is Tim Jackson's bogus virus warnings set. >> >>http://www.timj.co.uk/linux/bogus-virus-warnings.cf > > > Martin, > > I appreciate this, but I was more concerned with > getting the offending parties to stop wasting > network resources than I am with tagging the messages. > > If nobody else is interested in this, that's fine -- > I was just trying to provide a friendly community > service for these folks before they get themselves > blacklisted. > > --J(K) > Until they upgrade SMTP with a "slap" button, there is little you can do but sigh and complain (and delete). I know this forum has asked, pleaded and begged for sysop's to not respond to viruses (virii?). MailScanners defaults are to not respond to "silent viruses". But so many executives just think that e-mail is like sending a postal certified letter, and it must be comming from the address of the sender. They usually ask for this, because they think they are warning the sender, but there goes another load of "viral spam"! RANT RANT rant ran... I've calmed down now. Should have taken the blue pill! -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Wed Jun 15 19:55:57 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:30:02 2006 Subject: "OMG YOU SENT TEH VIRUSESS" Message-ID: Stephen Swaney wrote: > Oops. Maybe that should be www.fsl.com/support > >> Are you trying to con us? ;-) > ^ > Nah. This just proves I can't spell. but hey - you new that alreddy. Oh. I just thought it was the Queen's English! Bwahahahahahaha... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From sailer at BNL.GOV Wed Jun 15 20:11:56 2005 From: sailer at BNL.GOV (Tim Sailer) Date: Thu Jan 12 21:30:02 2006 Subject: OT: "OMG YOU SENT TEH VIRUSESS" Message-ID: On Wed, Jun 15, 2005 at 11:36:33AM -0700, Scott Silva wrote: > RANT RANT rant ran... > I've calmed down now. > Should have taken the blue pill! The blue pill? Ah. Valium. Yeah. :) Tim -- Tim Sailer Information and Special Technologies Program Office of CounterIntelligence Brookhaven National Laboratory (631) 344-3001 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Wed Jun 15 20:28:57 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:02 2006 Subject: Messages in log unseen before. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ken Goods said the following on 6/15/2005 11:14 AM: > Ugo Bellavance wrote: > >>Ken Goods wrote: >> >>>I can't imagine what would be happening during that timeframe. This >>>all started a couple weeks ago and at the same time my load went >>>from averaging .3 to 1-2. I did not make any changes to the system >>>and it has been running well since the last >>>MailScanner/Spamassassin/ClamAV upgrade a couple months ago. >>> >>>MailScanner does use the clamav-wrapper but I can't tell how long >>>clamscan is taking to complete. Is it more efficient to use the >>>clamavmodule? If so I'll look into getting it configured and running. >>> >>>Any insight would be appreciated much. >> >>Have you upgraded MailScanner to the latest stable version as well? >> > > > Not yet... it always seems like it turns into a bigger job than it should > be. > With Citrix, Oracle, 2 SQL servers, an AS400, Exchange Server, DNS, IIS 4.0 > and 6.0, 15 websites, in-house programming, and all together 8 servers to > maintain, > time is short and email is not my only responsibility. I tend to forget how > I did the upgrade the last time and end up with path/permission > problems up the ying-yang. > > I know... I know... wha wha wha woo woo woo... nobody feels sorry for me, > at least I have a job! :) Sounds as if you have 3 peoples jobs! > > Thanks Ugo... I'll upgrade the whole works and see what happens. > Perhaps this time I will document everything so I remember how I did it for > the next time. > > Kind regards, > Ken > You sound like me: Too many hats, not enough heads! -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From sean at NISD.NET Wed Jun 15 21:05:16 2005 From: sean at NISD.NET (Sean Embry) Date: Thu Jan 12 21:30:02 2006 Subject: OT: "OMG YOU SENT TEH VIRUSESS" Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] >>> kodak@FRONTIERHOMEMORTGAGE.COM 6/15/2005 11:46:14 AM >>> Like a lot of you, I'm on a lot of mailing lists. snip Has anyone had any success with these situations before? Any magic words that seem to help straighten out the offending parties? >>> kodak@FRONTIERHOMEMORTGAGE.COM 6/15/2005 11:46:14 AM >>> A SpamCop listing seems to get them to pay attention when all else fails. Sean Embry Systems/Database Administrator NISD.NET - 165.111.0.0/16 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From craig at WESTPRESS.COM Wed Jun 15 21:45:47 2005 From: craig at WESTPRESS.COM (Craig Daters) Date: Thu Jan 12 21:30:02 2006 Subject: OT: "OMG YOU SENT TEH VIRUSESS" Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Jun 15, 2005, at 10:24 AM, Matt Kettler wrote: > I personally don't think it's bad form to gently warn them about > sending such > things. > > I also take the step of warning the admin if it continues, and outright > blacklisting their server with an /etc/mail/access entry if I get more > than 5 > from them in a 24 hour period. > > Once warned, I treat such things as nothing short of intentional > misconfiguration to support DDoS attacks, and I treat the offending > networks > accordingly. > > Although I've not seen such a case so far, I don't think it would be > inappropriate to call an upstream provider and request they be > shutdown if the > load ever broke 2000 attempts/hr (about 1 every 2 seconds). At that > point it's > turned into an outright flooding attack. > > While all that might sound a little extreme, how many of you would > block traffic > from a known smurf amplifier that kept being used to hit your network? > To me, > there's no difference between a post-delivery virus/spam autoresponder > and a > smurf amplifier, it's just TCP/SMTP based instead of ICMP/echo. > I agree with Matt, and I found a good solution for handling floods to be "Vispan" (http://www.while.homeunix.net/mailstats). This throttles flood attacks and will modify the Sendmail access file appropriately. It is very configurable, and after a set time limit will remove IP addresses it has added. I found this to really come in handy for "Virus Warning" messages. It also provides very nice graphical statistics for your mailserver. It can be set to add a mailserver's IP address to the access file if it sees X amount of messages from that server in X amount of minutes. It can be set to email someone when it adds to the access database or not. Since I have upgraded to RHEL4, I have had trouble getting it installed however, so I am without it at the moment and missing it :) Maybe this can help you Jason? - --- Craig Daters (craig@westpress.com) Systems Administrator West Press 1663 West Grant Road Tucson, Arizona 85745 (520) 624-4939 x208 (520) 624-2715 fax www.westpress.com -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBQrCTfxBVT8XLuTbnEQKHAgCgxJ0zV5dngKa9Lu5BONtwkyzDqYwAoORa ylcmOMQyMG6vKseR8cnj6qxS =zE33 -----END PGP SIGNATURE----- -- Please note: It is the policy of West Press that all e-mail sent to and from any @westpress.com address may be recorded and monitored. Unless it is West Press related business, please do not send any material of a private, personal, or confidential nature to this or any @westpress.com e-mail address. This message has been scanned for UCE (spam), viruses, and dangerous content, and is believed to be clean ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Wed Jun 15 22:03:50 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:30:02 2006 Subject: SV: "OMG YOU SENT TEH VIRUSESS" Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Ursprungligt meddelande----- > Från: MailScanner mailing list genom Jason Balicki > Skickat: on 2005-06-15 18:46 > Till: MAILSCANNER@JISCMAIL.AC.UK > Kopia: > Ämne: OT: "OMG YOU SENT TEH VIRUSESS" > > Like a lot of you, I'm on a lot of mailing lists. > (snippety-snip) > Has anyone had any success with these situations > before? Any magic words that seem to help > straighten out the offending parties? > > --J(K) Only when we have some form of formal relationship with them, and usually only when I pick up the phone ... and shout at them (in a *kind* way:-). Otherwise, most seem to have set postmaster as an alias for /dev/null ... -- Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Wed Jun 15 22:18:39 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:30:02 2006 Subject: SV: Messages in log unseen before. Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Suspiciously(sp?) regular intervals there... Look into what cronjobs you have running, and since you should be able to figure out when the next should be happening, perhaps try monitoring it closely (top, vmstat, iostat, netstat etc). I was thinking you could just run the wrapper (as called from within MS) by hand, but perhaps thats not really needed... The clamavmodule will not have any fork/exec penalty since it calls clamav library functions directly from perl. Well worth a go. But do look at the usual performance measurement tools too. -- Glenn -----Ursprungligt meddelande----- Från: MailScanner mailing list genom Ken Goods Skickat: on 2005-06-15 19:29 Till: MAILSCANNER@JISCMAIL.AC.UK Kopia: Ämne: Re: Messages in log unseen before. Steen, Glenn wrote: >> I upgraded clamav to 0.85.1 last Wednesday and I still get these >> messages: >> >> Jun 14 08:25:09 gw-mail MailScanner[5408]: Commercial scanner clamav >> timed out! Jun 14 08:25:09 gw-mail MailScanner[5408]: Virus >> Scanning: Denial Of Service attack detected! >> >> I don't remember ever seeing these before and I couldn't find >> anything with a google or ClamAV site/archive search. >> >> Can anyone give me a clue as to what these are and whether I should >> be concerned, or are these messages not even generated by >> MailScanner? (in which case I'll post to the clamav list) >> >> Thanks >> Ken >> > > Is it for every message, or for some? If you run the clamav-wrapper, > does > it take an inordinate time to finish? > > -- Glenn Doesn't seem to be hitting on every message. Seems to happen every 7-9 minutes. This output is from: grep timed maillog Jun 15 03:55:38 gw-mail MailScanner[21501]: Commercial scanner clamav timed out! Jun 15 04:02:49 gw-mail MailScanner[21860]: Commercial scanner clamav timed out! Jun 15 04:11:14 gw-mail MailScanner[21951]: Commercial scanner clamav timed out! Jun 15 04:18:57 gw-mail MailScanner[21757]: Commercial scanner clamav timed out! Jun 15 04:27:11 gw-mail MailScanner[22314]: Commercial scanner clamav timed out! Jun 15 04:34:09 gw-mail MailScanner[22713]: Commercial scanner clamav timed out! Jun 15 04:41:09 gw-mail MailScanner[22838]: Commercial scanner clamav timed out! Jun 15 04:48:38 gw-mail MailScanner[23053]: Commercial scanner clamav timed out! Jun 15 04:56:26 gw-mail MailScanner[21809]: Commercial scanner clamav timed out! Jun 15 05:03:40 gw-mail MailScanner[21383]: Commercial scanner clamav timed out! Jun 15 05:10:59 gw-mail MailScanner[22939]: Commercial scanner clamav timed out! Jun 15 05:18:03 gw-mail MailScanner[23391]: Commercial scanner clamav timed out! Jun 15 05:25:27 gw-mail MailScanner[23304]: Commercial scanner clamav timed out! Jun 15 05:32:43 gw-mail MailScanner[23476]: Commercial scanner clamav timed out! Jun 15 05:39:52 gw-mail MailScanner[23578]: Commercial scanner clamav timed out! Jun 15 05:46:53 gw-mail MailScanner[23618]: Commercial scanner clamav timed out! Jun 15 05:54:08 gw-mail MailScanner[23207]: Commercial scanner clamav timed out! Jun 15 06:01:39 gw-mail MailScanner[23690]: Commercial scanner clamav timed out! Jun 15 06:08:44 gw-mail MailScanner[23801]: Commercial scanner clamav timed out! Jun 15 06:15:43 gw-mail MailScanner[23509]: Commercial scanner clamav timed out! Jun 15 06:23:17 gw-mail MailScanner[23937]: Commercial scanner clamav timed out! Jun 15 06:30:40 gw-mail MailScanner[23100]: Commercial scanner clamav timed out! Jun 15 06:38:09 gw-mail MailScanner[24120]: Commercial scanner clamav timed out! Jun 15 06:46:33 gw-mail MailScanner[24053]: Commercial scanner clamav timed out! Jun 15 06:53:29 gw-mail MailScanner[24387]: Commercial scanner clamav timed out! Jun 15 07:00:43 gw-mail MailScanner[23734]: Commercial scanner clamav timed out! Jun 15 07:08:18 gw-mail MailScanner[24253]: Commercial scanner clamav timed out! Jun 15 07:15:14 gw-mail MailScanner[24756]: Commercial scanner clamav timed out! Jun 15 07:23:25 gw-mail MailScanner[24509]: Commercial scanner clamav timed out! Jun 15 07:30:57 gw-mail MailScanner[24591]: Commercial scanner clamav timed out! Jun 15 07:38:09 gw-mail MailScanner[24948]: Commercial scanner clamav timed out! Jun 15 07:46:17 gw-mail MailScanner[25173]: Commercial scanner clamav timed out! Jun 15 07:53:19 gw-mail MailScanner[24895]: Commercial scanner clamav timed out! Jun 15 08:00:53 gw-mail MailScanner[25077]: Commercial scanner clamav timed out! Jun 15 08:08:33 gw-mail MailScanner[24322]: Commercial scanner clamav timed out! Jun 15 08:15:59 gw-mail MailScanner[25238]: Commercial scanner clamav timed out! Jun 15 08:23:18 gw-mail MailScanner[25485]: Commercial scanner clamav timed out! Jun 15 08:30:13 gw-mail MailScanner[25882]: Commercial scanner clamav timed out! Jun 15 08:37:57 gw-mail MailScanner[26077]: Commercial scanner clamav timed out! Jun 15 08:45:55 gw-mail MailScanner[26174]: Commercial scanner clamav timed out! Jun 15 08:53:41 gw-mail MailScanner[26398]: Commercial scanner clamav timed out! Jun 15 09:01:20 gw-mail MailScanner[25378]: Commercial scanner clamav timed out! Jun 15 09:09:39 gw-mail MailScanner[25703]: Commercial scanner clamav timed out! Jun 15 09:17:46 gw-mail MailScanner[26562]: Commercial scanner clamav timed out! Jun 15 09:25:20 gw-mail MailScanner[26732]: Commercial scanner clamav timed out! Jun 15 09:32:42 gw-mail MailScanner[26904]: Commercial scanner clamav timed out! Jun 15 09:40:15 gw-mail MailScanner[27267]: Commercial scanner clamav timed out! Jun 15 09:47:31 gw-mail MailScanner[27135]: Commercial scanner clamav timed out! Jun 15 09:55:47 gw-mail MailScanner[27448]: Commercial scanner clamav timed out! Jun 15 10:04:13 gw-mail MailScanner[25988]: Commercial scanner clamav timed out! I can't imagine what would be happening during that timeframe. This all started a couple weeks ago and at the same time my load went from averaging .3 to 1-2. I did not make any changes to the system and it has been running well since the last MailScanner/Spamassassin/ClamAV upgrade a couple months ago. MailScanner does use the clamav-wrapper but I can't tell how long clamscan is taking to complete. Is it more efficient to use the clamavmodule? If so I'll look into getting it configured and running. Any insight would be appreciated much. Thanks, Ken Ken Goods Network Administrator AIA Insurance, Inc. MIS Dept. 111 Main St. Lewiston, ID 83501 (208)799-9023 http://www.cropusainsurance.com kgoods@aiainsurance.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From craig at WESTPRESS.COM Wed Jun 15 22:22:24 2005 From: craig at WESTPRESS.COM (Craig Daters) Date: Thu Jan 12 21:30:02 2006 Subject: SV: "OMG YOU SENT TEH VIRUSESS" Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'm not 100% positive, but doesn't that violate an RFC standard or something? I just recall from somewhere that each domain is require (or strongly encouraged) to provide a valid postmaster address...? On Jun 15, 2005, at 2:03 PM, Steen, Glenn wrote: >> -----Ursprungligt meddelande----- >> FrÃ¥n: MailScanner mailing list genom Jason Balicki >> Skickat: on 2005-06-15 18:46 >> Till: MAILSCANNER@JISCMAIL.AC.UK >> Kopia: >> Ã^Ämne: OT: "OMG YOU SENT TEH VIRUSESS" >> >> Like a lot of you, I'm on a lot of mailing lists. >> > (snippety-snip) >> Has anyone had any success with these situations >> before? Any magic words that seem to help >> straighten out the offending parties? >> >> --J(K) > Only when we have some form of formal relationship with them, > and usually only when I pick up the phone ... and shout at > them (in a *kind* way:-). > Otherwise, most seem to have set postmaster as an alias for > /dev/null ... > > -- Glenn > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > - --- Craig Daters (craig@westpress.com) Systems Administrator West Press 1663 West Grant Road Tucson, Arizona 85745 (520) 624-4939 x208 (520) 624-2715 fax www.westpress.com -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBQrCcFRBVT8XLuTbnEQJkIACg6IytM8GYAtPLAdGxNzZ7NBzSe9sAoMbV CGIA/ozU7/0owK/pt6CNH9zQ =rU9h -----END PGP SIGNATURE----- -- Please note: It is the policy of West Press that all e-mail sent to and from any @westpress.com address may be recorded and monitored. Unless it is West Press related business, please do not send any material of a private, personal, or confidential nature to this or any @westpress.com e-mail address. This message has been scanned for UCE (spam), viruses, and dangerous content, and is believed to be clean ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mikea at MIKEA.ATH.CX Wed Jun 15 22:27:53 2005 From: mikea at MIKEA.ATH.CX (mikea) Date: Thu Jan 12 21:30:02 2006 Subject: SV: "OMG YOU SENT TEH VIRUSESS" Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Wed, Jun 15, 2005 at 02:22:24PM -0700, Craig Daters wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I'm not 100% positive, but doesn't that violate an RFC standard or > something? > > I just recall from somewhere that each domain is require (or strongly > encouraged) to provide a valid postmaster address...? > > On Jun 15, 2005, at 2:03 PM, Steen, Glenn wrote: > > >> -----Ursprungligt meddelande----- > >> Från: MailScanner mailing list genom Jason Balicki > >> Skickat: on 2005-06-15 18:46 > >> Till: MAILSCANNER@JISCMAIL.AC.UK > >> Kopia: > >> Ämne: OT: "OMG YOU SENT TEH VIRUSESS" > >> > >> Like a lot of you, I'm on a lot of mailing lists. > >> > > (snippety-snip) > >> Has anyone had any success with these situations > >> before? Any magic words that seem to help > >> straighten out the offending parties? > >> > >> --J(K) > > Only when we have some form of formal relationship with them, > > and usually only when I pick up the phone ... and shout at > > them (in a *kind* way:-). > > Otherwise, most seem to have set postmaster as an alias for > > /dev/null ... Well, yes, the postmaster@ address is required by RFC to exist and to be read (presumably by a live human being), but when has RFC compliance ever been a major item on management's agenda? I've send my share of "Don't Send These! The Address Is Forged!" notices, and actually have got some action as a result, but most of my notices seem to have been forwarded to Dave Null. *sigh* That hasn't stopped me from sending them, though, or from making phone calls where it's not a toll call. -- Mike Andrews, W5EGO mikea@mikea.ath.cx Tired old sysadmin ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From KGoods at AIAINSURANCE.COM Wed Jun 15 22:27:09 2005 From: KGoods at AIAINSURANCE.COM (Ken Goods) Date: Thu Jan 12 21:30:02 2006 Subject: SV: Messages in log unseen before. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Steen, Glenn wrote: > Suspiciously(sp?) regular intervals there... Look into what cronjobs > you have running, and since you should be able to figure out when the > next should be happening, perhaps try monitoring it closely (top, > vmstat, iostat, netstat etc). > > I was thinking you could just run the wrapper (as called from within > MS) by hand, but perhaps thats not really needed... > The clamavmodule will not have any fork/exec penalty since it calls > clamav library functions directly from perl. Well worth a go. But do > look at the usual performance measurement tools too. > > -- Glenn > > Thanks Glenn, All good advice. Still feeling my way around *nix. At this point I don't really have much time to sort this out and troubleshooting *nix takes some time for me. I'll have a quick look at the cron schedule but won't be able to do much else. I'm thinking about cleaning everything out (with .conf backups of course) and doing a clean install of everything. Thanks for the ideas.. I'm sure they will come in handy Kind regards, Ken Ken Goods Network Administrator AIA Insurance, Inc. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Wed Jun 15 22:32:23 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:30:02 2006 Subject: SV: SV: "OMG YOU SENT TEH VIRUSESS" Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] No, you're quite right. One of the reasons they food for rfc-ignorant... -- Glenn -----Ursprungligt meddelande----- Från: MailScanner mailing list genom Craig Daters Skickat: on 2005-06-15 23:22 Till: MAILSCANNER@JISCMAIL.AC.UK Kopia: Ämne: Re: SV: "OMG YOU SENT TEH VIRUSESS" -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'm not 100% positive, but doesn't that violate an RFC standard or something? I just recall from somewhere that each domain is require (or strongly encouraged) to provide a valid postmaster address...? On Jun 15, 2005, at 2:03 PM, Steen, Glenn wrote: >> -----Ursprungligt meddelande----- >> Från: MailScanner mailing list genom Jason Balicki >> Skickat: on 2005-06-15 18:46 >> Till: MAILSCANNER@JISCMAIL.AC.UK >> Kopia: >> Ämne: OT: "OMG YOU SENT TEH VIRUSESS" >> >> Like a lot of you, I'm on a lot of mailing lists. >> > (snippety-snip) >> Has anyone had any success with these situations >> before? Any magic words that seem to help >> straighten out the offending parties? >> >> --J(K) > Only when we have some form of formal relationship with them, > and usually only when I pick up the phone ... and shout at > them (in a *kind* way:-). > Otherwise, most seem to have set postmaster as an alias for > /dev/null ... > > -- Glenn > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > - --- Craig Daters (craig@westpress.com) Systems Administrator West Press 1663 West Grant Road Tucson, Arizona 85745 (520) 624-4939 x208 (520) 624-2715 fax www.westpress.com -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBQrCcFRBVT8XLuTbnEQJkIACg6IytM8GYAtPLAdGxNzZ7NBzSe9sAoMbV CGIA/ozU7/0owK/pt6CNH9zQ =rU9h -----END PGP SIGNATURE----- -- Please note: It is the policy of West Press that all e-mail sent to and from any @westpress.com address may be recorded and monitored. Unless it is West Press related business, please do not send any material of a private, personal, or confidential nature to this or any @westpress.com e-mail address. This message has been scanned for UCE (spam), viruses, and dangerous content, and is believed to be clean ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Wed Jun 15 22:32:11 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:30:02 2006 Subject: SV: "OMG YOU SENT TEH VIRUSESS" Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Craig Daters wrote: > I'm not 100% positive, but doesn't that violate an RFC standard or > something? > > I just recall from somewhere that each domain is require (or strongly > encouraged) to provide a valid postmaster address...? Yes, but that doesn't stop anyone. Let's face it, if RFC compliance was important to the average sysadmin there would be a whole lot fewer mailservers out there. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Wed Jun 15 22:59:44 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:30:02 2006 Subject: Messages in foreign languages Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Steen, Glenn wrote: > Jodå, den duger... Er, well yes, it's good enough:) Kul att se Svenska på denna lista, det är nog första gången. -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kodak at FRONTIERHOMEMORTGAGE.COM Wed Jun 15 23:26:08 2005 From: kodak at FRONTIERHOMEMORTGAGE.COM (Jason Balicki) Date: Thu Jan 12 21:30:02 2006 Subject: "OMG YOU SENT TEH VIRUSESS" Message-ID: As an update to this, I received a response today. Does anyone have any ammo I can use in response to this: Begin quote: As for the virus notifications, as pointless as it may seem to you, it's our company policy to attempt to inform possibly infected systems (whether they are forged or not) if they have sent us an infected message and/or spam. This company policy has proven effective on many occasions over the past 7 years of having internet capable e-mail. In one such case we alerted a very large public safety organization of a virus breakout on their network. If our policy is causing grief for your mailing list, let me know which software you are using to manage it, I will personally do the research to show you how to properly filter out these messages. No-where in the RFC for SMTP mail does it cover virus notifications. In fact, the concept of silently deleting messages that could not be delivered can be construed as contravening the RFC 1123. Once an SMTP system accepts the message with th 250 (OK) message in response to the DATA command, it has the responsibility of delivering the message or informing the sender (via return-path or from header). If you can point out a relevant RFC that prohibits these notifications, I will officially turn them off. End quote. --J(K) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From technician at CENPAC.NET.NR Wed Jun 15 23:31:48 2005 From: technician at CENPAC.NET.NR (Jon Leeman) Date: Thu Jan 12 21:30:02 2006 Subject: "OMG YOU SENT TEH VIRUSESS" Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jason Balicki wrote: > As an update to this, I received a response today. > > Does anyone have any ammo I can use in response to > this: Ammo no.......solution yes.......firewall the MX ;) Regards, Jon ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From henker at S-H-COM.DE Wed Jun 15 23:44:46 2005 From: henker at S-H-COM.DE (Steffan Henke) Date: Thu Jan 12 21:30:02 2006 Subject: "OMG YOU SENT TEH VIRUSESS" Message-ID: On Wed, 15 Jun 2005, Jason Balicki wrote: > Begin quote: > As for the virus notifications, as pointless as it may seem to you, it's > our company policy to attempt to inform possibly infected systems http://attrition.org/security/rant/av-spammers.html Regards, Steffan ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Thu Jun 16 00:02:33 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:30:02 2006 Subject: "OMG YOU SENT TEH VIRUSESS" Message-ID: Jason Balicki wrote: > As an update to this, I received a response today. > > Does anyone have any ammo I can use in response to > this: > > Begin quote: > As for the virus notifications, as pointless as it may seem to you, > it's our company policy to attempt to inform possibly infected systems > (whether they are forged or not) if they have sent us an infected > message and/or spam. This company policy has proven effective on many > occasions over the past 7 years of having internet capable e-mail. In > one such case we alerted a very large public safety organization of a > virus breakout on their network. > > If our policy is causing grief for your mailing list, let me know > which software you are using to manage it, I will personally do the > research to show you how to properly filter out these messages. > > No-where in the RFC for SMTP mail does it cover virus notifications. > In fact, the concept of silently deleting messages that could not be > delivered can be construed as contravening the RFC 1123. Once an SMTP > system accepts the message with th 250 (OK) message in response to the > DATA command, it has the responsibility of delivering the message or > informing the sender (via return-path or from header). If you can > point out a relevant RFC that prohibits these notifications, I will > officially turn them off. > End quote. Can MailScanner still *selectively* bounce spam? Just flag his messages as spam, and bounce them back to him! ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Thu Jun 16 00:10:37 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:30:02 2006 Subject: "OMG YOU SENT TEH VIRUSESS" Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] That is a great read, thanks. MailScanner get a bit a spray in there though :) Steffan Henke wrote: > On Wed, 15 Jun 2005, Jason Balicki wrote: > >> Begin quote: >> As for the virus notifications, as pointless as it may seem to you, it's >> our company policy to attempt to inform possibly infected systems > > > http://attrition.org/security/rant/av-spammers.html > > Regards, > > Steffan > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kodak at FRONTIERHOMEMORTGAGE.COM Thu Jun 16 00:18:54 2005 From: kodak at FRONTIERHOMEMORTGAGE.COM (Jason Balicki) Date: Thu Jan 12 21:30:02 2006 Subject: "OMG YOU SENT TEH VIRUSESS" Message-ID: Kevin Miller <> wrote: > Can MailScanner still *selectively* bounce spam? Just flag his > messages as spam, and bounce them back to him! That's nice and evil and whatnot, but I don't know how much good it would do in this case -- I don't really get that much mail from this particular domain. I just happened to notice that this domain was sending a lot of virus warnings to the samba mailing list. And by "a lot" I mean probably three to six a day. I doubt that would be enough for anyone there to take action. Maybe I can send him *all* of my bogus virus warnings just in case, you know, he happens to know who actually sent it. :) --J(K) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kodak at FRONTIERHOMEMORTGAGE.COM Thu Jun 16 00:22:10 2005 From: kodak at FRONTIERHOMEMORTGAGE.COM (Jason Balicki) Date: Thu Jan 12 21:30:02 2006 Subject: "OMG YOU SENT TEH VIRUSESS" Message-ID: Peter Russell <> wrote: > That is a great read, thanks. MailScanner get a bit a spray in there > though :) He's talking about an old version of MailScanner. "Update 1/29/04 - It has been brought to my attention that MailScanner is a) freeware, b) receives its virus naming from other software and c) defaults to not sending such warnings. Kudos to the MailScanner devs for recognizing the problem and reconfiguring long before this article appeared." --J(K) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Thu Jun 16 00:30:39 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:30:02 2006 Subject: "OMG YOU SENT TEH VIRUSESS" Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jason Balicki wrote: > As an update to this, I received a response today. > > Does anyone have any ammo I can use in response to > this: > > Begin quote: > As for the virus notifications, as pointless as it may seem to you, it's > our company policy to attempt to inform possibly infected systems > (whether they are forged or not) if they have sent us an infected > message and/or spam. This company policy has proven effective on many > occasions over the past 7 years of having internet capable e-mail. In > one such case we alerted a very large public safety organization of a > virus breakout on their network. > > If our policy is causing grief for your mailing list, let me know which > software you are using to manage it, I will personally do the research > to show you how to properly filter out these messages. > > No-where in the RFC for SMTP mail does it cover virus notifications. In > fact, the concept of silently deleting messages that could not be > delivered can be construed as contravening the RFC 1123. Once an SMTP > system accepts the message with th 250 (OK) message in response to the > DATA command, it has the responsibility of delivering the message or > informing the sender (via return-path or from header). If you can point > out a relevant RFC that prohibits these notifications, I will officially > turn them off. First, I would be greatly interested to hear if the public safety organization incident occurred within the past 2 years. It sounds quite typical of something which might have happened 5 years ago, but not today. Five years ago, virus notices made sense, as nobody had yet invented the forging mail worm. Today, nearly all viruses and spam have forged returns. Bear in mind that when you detect a virus in a message (modern era, not past) you have proved with a great deal of certainty that the return-path and from are forged. Now you must ask yourself, is it within the spirit of the RFCs to generate failure notices directed to addresses which are known to not be the source of the email? I would suggest a read of RFC 3884 for some general RFC level discussion of this topic. This RFC makes general recommendations for any autoresoponder, including virus scanners. Section 2 is highly worthwhile reading. http://www.faqs.org/rfcs/rfc3834.html Although your behavior is not outright prohibited by this RFC, the RFC does suggest in section 2 that responders should avoid responding to messages which appear malformed, and should take measures to avoid responding to forgeries and other activities that allow it to be abused. As for RFC 1123, RFC 3834 clearly condones discarding normal responses when a responder has good reason to believe the response will be misdirected. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu Jun 16 00:37:49 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:02 2006 Subject: OT: "OMG YOU SENT TEH VIRUSESS" Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Sean Embry said the following on 6/15/2005 1:05 PM: >>>> kodak@FRONTIERHOMEMORTGAGE.COM 6/15/2005 11:46:14 AM >>> > Like a lot of you, I'm on a lot of mailing lists. > snip > > Has anyone had any success with these situations > before? Any magic words that seem to help > straighten out the offending parties? >>>> kodak@FRONTIERHOMEMORTGAGE.COM 6/15/2005 11:46:14 AM >>> > A SpamCop listing seems to get them to pay attention when all else fails. But isn't this kind of report against spamcop's rules? They suggest contacting the isp for virus related stuff. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Thu Jun 16 00:53:26 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:30:02 2006 Subject: Problem Email Again (retry) Message-ID: I tried attaching the problem qf/df pair and it was rejected so I have uploaded the archive here: http://www.abby.com/problem_email.tar.gz I emailed the list a week or so ago about certain emails getting stuck in /var/spool/mqueue.in, being processed over and over again. It happened again today. I restarted MailScanner in debug mode and didn't see anything useful there: Jun 15 18:39:11 mail sendmail[4248]: alias database /etc/aliases rebuilt by root Jun 15 18:39:11 mail sendmail[4248]: /etc/aliases: 73 aliases, longest 17 bytes, 768 bytes total Jun 15 18:39:11 mail sendmail[4258]: starting daemon (8.13.4): SMTP Jun 15 18:39:11 mail sm-msp-queue[4263]: starting daemon (8.13.4): queueing@00:15:00 Jun 15 18:39:12 mail sendmail[4269]: starting daemon (8.13.4): queueing@00:15:00 Jun 15 18:39:13 mail MailScanner[4285]: MailScanner E-Mail Virus Scanner version 4.41.3 starting... Jun 15 18:39:16 mail MailScanner[4285]: SophosSAVI 3.94 (engine 2.30) recognizing 105435 viruses Jun 15 18:39:16 mail MailScanner[4285]: SophosSAVI using 109 IDE files Jun 15 18:39:17 mail MailScanner[4285]: lock.pl sees Config LockType = posix Jun 15 18:39:17 mail MailScanner[4285]: lock.pl sees have_module = 0 Jun 15 18:39:17 mail MailScanner[4285]: Using locktype = posix Jun 15 18:39:17 mail MailScanner[4285]: Creating hardcoded struct_flock subroutine for linux (Linux-type) Jun 15 18:39:17 mail MailScanner[4285]: New Batch: Scanning 1 messages, 9206 bytes Jun 15 18:39:17 mail MailScanner[4285]: Created attachment dirs for 1 messages Jun 15 18:39:17 mail MailScanner[4285]: Spam Checks: Starting Jun 15 18:39:17 mail MailScanner[4285]: RBL Checks: returned 0 Jun 15 18:39:19 mail MailScanner[4285]: SpamAssassin returned 0 Jun 15 18:39:19 mail MailScanner[4285]: Message j5FJvISb003617 from 66.163.175.82 (service@paypal.com) to abby.com is spam, SpamAssassin (score=12.606, required 5.7, AWL -0.01, BAYES_40 -1.10, DCC_CHECK 2.17, DIGEST_MULTIPLE 0.10, FORGED_MUA_OUTLOOK 3.92, FORGED_OUTLOOK_HTML 0.63, FORGED_OUTLOOK_TAGS 0.07, HTML_80_90 0.15, HTML_MESSAGE 0.00, MIME_HTML_ONLY 0.18, MSGID_FROM_MTA_HEADER 0.05, MSGID_FROM_MTA_ID 1.72, RAZOR2_CHECK 1.51, URIBL_OB_SURBL 3.21) Jun 15 18:39:19 mail MailScanner[4285]: Spam Checks: Found 1 spam messages Jun 15 18:39:19 mail MailScanner[4285]: Spam Actions: message j5FJvISb003617 actions are delete Jun 15 18:39:19 mail MailScanner[4285]: Virus and Content Scanning: Starting Jun 15 18:39:19 mail MailScanner[4285]: Commencing scanning by clamavmodule... Jun 15 18:39:19 mail MailScanner[4285]: ClamAVModule::INFECTED:: HTML.Phishing.Pay-24:: ./j5FJvISb003617/msg-4285-1.html Jun 15 18:39:19 mail MailScanner[4285]: Completed scanning by clamavmodule Jun 15 18:39:19 mail MailScanner[4285]: Virus Scanning: ClamAV Module found 1 infections Jun 15 18:39:19 mail MailScanner[4285]: Commencing scanning by sophossavi... Jun 15 18:39:20 mail MailScanner[4285]: Completed scanning by sophossavi Jun 15 18:39:20 mail MailScanner[4285]: Infected message j5FJvISb003617 came from 66.163.175.82 Jun 15 18:39:20 mail MailScanner[4285]: MailScanner child dying of old age I am attaching the associated qf/df pair...maybe someone can recreate the problem on their end TIA Mike ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kodak at FRONTIERHOMEMORTGAGE.COM Thu Jun 16 00:55:08 2005 From: kodak at FRONTIERHOMEMORTGAGE.COM (Jason Balicki) Date: Thu Jan 12 21:30:02 2006 Subject: "OMG YOU SENT TEH VIRUSESS" Message-ID: Matt Kettler <> wrote: > I would suggest a read of RFC 38[3]4 for some general RFC level Matt, that's exactly what I was looking for -- thanks! --J(K) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu Jun 16 00:49:09 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:02 2006 Subject: SV: "OMG YOU SENT TEH VIRUSESS" Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Craig Daters said the following on 6/15/2005 2:22 PM: > I'm not 100% positive, but doesn't that violate an RFC standard or > something? > > I just recall from somewhere that each domain is require (or strongly > encouraged) to provide a valid postmaster address...? Encouraged, yes required, unfortunately no. But you can report them to RFC Ignorant and they will be on another rbl list. We all need to contribute to a list and call it something like mail_admin_ignorant and block them all! -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu Jun 16 00:53:26 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:03 2006 Subject: SV: Messages in log unseen before. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ken Goods said the following on 6/15/2005 2:27 PM: > Steen, Glenn wrote: > >>Suspiciously(sp?) regular intervals there... Look into what cronjobs >>you have running, and since you should be able to figure out when the >>next should be happening, perhaps try monitoring it closely (top, >>vmstat, iostat, netstat etc). >> >>I was thinking you could just run the wrapper (as called from within >>MS) by hand, but perhaps thats not really needed... >>The clamavmodule will not have any fork/exec penalty since it calls >>clamav library functions directly from perl. Well worth a go. But do >>look at the usual performance measurement tools too. >> >>-- Glenn >> >> > > > Thanks Glenn, > All good advice. Still feeling my way around *nix. At this point I don't > really have much time to sort this out and troubleshooting *nix takes > some time for me. I'll have a quick look at the cron schedule but > won't be able to do much else. I'm thinking about cleaning everything > out (with .conf backups of course) and doing a clean install of > everything. > > Thanks for the ideas.. I'm sure they will come in handy > > Kind regards, > Ken > > Might be worth just removing any clamav stuff wherever you can find it and re-install just it. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From taz at TAZ-MANIA.COM Thu Jun 16 01:12:10 2005 From: taz at TAZ-MANIA.COM (Dennis Willson) Date: Thu Jan 12 21:30:03 2006 Subject: SV: "OMG YOU SENT TEH VIRUSESS" Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Someone should send a bunch of Virus infected Spam to him with SpamCop and a couple of other top blacklists as the From address so they sent their messages to the blacklists. This is a fast way for them to wind up on a couple of the larger blacklists. Having his out going mail fairly crippled by being on a couple of major blacklists he may just change his mind on his policies. Just a thought   ; ) Dennis Scott Silva wrote: Craig Daters said the following on 6/15/2005 2:22 PM: I'm not 100% positive, but doesn't that violate an RFC standard or something? I just recall from somewhere that each domain is require (or strongly encouraged) to provide a valid postmaster address...? Encouraged, yes required, unfortunately no. But you can report them to RFC Ignorant and they will be on another rbl list. We all need to contribute to a list and call it something like mail_admin_ignorant and block them all! -- ________________________________________________________________________________ [IMAGE]Dennis Willson taz@taz-mania.com taz@scubatech.org www.taz-mania.com Ham: KA6LSW GMRS: WPSJ953 SCUBA: Rescue, Wreck, Night, EANx, Nitrox Blender, UW Photographer, Equip, Altitude Life should not be a journey to the grave with the intention of arriving safely in a nice looking and well preserved body, but rather to skid in broadside, thoroughly used up, totally worn out, and loudly proclaiming, "WOW! WHAT A RIDE!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2.2, Image/GIF 866bytes. ] [ Unable to print this part. ] From ssilva at SGVWATER.COM Thu Jun 16 00:57:41 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:03 2006 Subject: "OMG YOU SENT TEH VIRUSESS" Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Matt Kettler said the following on 6/15/2005 4:30 PM: > Jason Balicki wrote: > >>As an update to this, I received a response today. >> >>Does anyone have any ammo I can use in response to >>this: >> >>Begin quote: >>As for the virus notifications, as pointless as it may seem to you, it's >>our company policy to attempt to inform possibly infected systems >>(whether they are forged or not) if they have sent us an infected >>message and/or spam. This company policy has proven effective on many >>occasions over the past 7 years of having internet capable e-mail. In >>one such case we alerted a very large public safety organization of a >>virus breakout on their network. >> >>If our policy is causing grief for your mailing list, let me know which >>software you are using to manage it, I will personally do the research >>to show you how to properly filter out these messages. >> >>No-where in the RFC for SMTP mail does it cover virus notifications. In >>fact, the concept of silently deleting messages that could not be >>delivered can be construed as contravening the RFC 1123. Once an SMTP >>system accepts the message with th 250 (OK) message in response to the >>DATA command, it has the responsibility of delivering the message or >>informing the sender (via return-path or from header). If you can point >>out a relevant RFC that prohibits these notifications, I will officially >>turn them off. > > > First, I would be greatly interested to hear if the public safety organization > incident occurred within the past 2 years. It sounds quite typical of something > which might have happened 5 years ago, but not today. > > Five years ago, virus notices made sense, as nobody had yet invented the forging > mail worm. Today, nearly all viruses and spam have forged returns. > > Bear in mind that when you detect a virus in a message (modern era, not past) > you have proved with a great deal of certainty that the return-path and from are > forged. > > Now you must ask yourself, is it within the spirit of the RFCs to generate > failure notices directed to addresses which are known to not be the source of > the email? > > I would suggest a read of RFC 3884 for some general RFC level discussion of this > topic. This RFC makes general recommendations for any autoresoponder, including > virus scanners. Section 2 is highly worthwhile reading. > > http://www.faqs.org/rfcs/rfc3834.html > > > Although your behavior is not outright prohibited by this RFC, the RFC does > suggest in section 2 that responders should avoid responding to messages which > appear malformed, and should take measures to avoid responding to forgeries and > other activities that allow it to be abused. > > As for RFC 1123, RFC 3834 clearly condones discarding normal responses when a > responder has good reason to believe the response will be misdirected. > That's great! -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu Jun 16 00:51:10 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:03 2006 Subject: "OMG YOU SENT TEH VIRUSESS" Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jason Balicki said the following on 6/15/2005 3:26 PM: > As an update to this, I received a response today. > > Does anyone have any ammo I can use in response to > this: > > Begin quote: > As for the virus notifications, as pointless as it may seem to you, it's > our company policy to attempt to inform possibly infected systems > (whether they are forged or not) if they have sent us an infected > message and/or spam. This company policy has proven effective on many > occasions over the past 7 years of having internet capable e-mail. In > one such case we alerted a very large public safety organization of a > virus breakout on their network. > > If our policy is causing grief for your mailing list, let me know which > software you are using to manage it, I will personally do the research > to show you how to properly filter out these messages. > > No-where in the RFC for SMTP mail does it cover virus notifications. In > fact, the concept of silently deleting messages that could not be > delivered can be construed as contravening the RFC 1123. Once an SMTP > system accepts the message with th 250 (OK) message in response to the > DATA command, it has the responsibility of delivering the message or > informing the sender (via return-path or from header). If you can point > out a relevant RFC that prohibits these notifications, I will officially > turn them off. > End quote. > > --J(K) > But they are not informing the "sender" they are informing the other collateral victim. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at nkpanama.com Thu Jun 16 02:20:03 2005 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Jan 12 21:30:03 2006 Subject: problema Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Steen, Glenn wrote: >Miguel Koren OBrien de Lacy wrote: > > >>Raul; >> >>Lo único que le agregaria a lo que dice Alex es que veas si FC3 tiene >>un update de zlib disponible por yum o mecanismo parecido. Vi en esta >>lista hace unos meses alguien que perdió su servidor por esa >>actualización. >> >>Saludos. >> >>Miguel >> >>-- >>Konsultex Informatica (http://www.konsultex.com.br) >> >>---------- Original Message ----------- >>From: Alex Neuman >>To: MAILSCANNER@JISCMAIL.AC.UK >>Sent: Tue, 14 Jun 2005 16:26:45 -0500 >>Subject: Re: problema >> >> >> >>>Raul Urqueta Sierra wrote: >>> >>> >>> >>>>rpm >>>> >>>>-----Mensaje original----- >>>>De: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] En >>>>nombre de Ugo Bellavance Enviado el: Martes, 14 de Junio de 2005 >>>>16:33 >>>>Para: MAILSCANNER@JISCMAIL.AC.UK >>>>Asunto: Re: problema >>>> >>>>Raul Urqueta Sierra wrote: >>>> >>>> >>>> >>>> >>>>>-rwxr-xr-x 1 root root 49533 May 18 14:34 freshclam >>>>> >>>>>clamscan -V >>>>>ClamAV 0.85.1/880/Mon May 16 11:00:02 2005 >>>>> >>>>> >>>>> >>>>> >>>>Installacion para rpm o source? >>>> >>>>Qual es la fecha de /usr/bin/freshclam? >>>> >>>> >>>> >>>> >>>> >>>>># MailScanner -V >>>>>Running on >>>>>Linux servsrna.munilaserena.cl 2.6.9-1.667 #1 Tue Nov 2 14:41:25 >>>>>EST 2004 i686 i686 i386 GNU/Linux This is Fedora Core release 3 >>>>>(Heidelberg) >>>>>This is Perl version 5.008005 (5.8.5) >>>>> >>>>>This is MailScanner version 4.41.3 >>>>> >>>>> >>>>>No... qual es la version de ClamAV? Y MailScanner? >>>>> >>>>>Qual es la fecha de /usr/bin/freshclam? >>>>> >>>>>------------------------ MailScanner list ------------------------ >>>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>'leave mailscanner' in the body of the email. >>>>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>> >>>>>Support MailScanner development - buy the book off the website! >>>>> >>>>> >>>>> >>>>> >>>>> >>>>------------------------ MailScanner list ------------------------ >>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>'leave mailscanner' in the body of the email. >>>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>>Support MailScanner development - buy the book off the website! >>>> >>>>------------------------ MailScanner list ------------------------ >>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>'leave mailscanner' in the body of the email. >>>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>>Support MailScanner development - buy the book off the website! >>>> >>>> >>>> >>>> >>>Mal hecho ;) ... jejeje... lo que pasa es que muchas veces los rpms >>>ponen las cosas donde no deben o el empaquetador que lo creó (algún >>>fulano en algún lado con una idea de cómo deben ser las cosas que no >>>necesariamente es igual que la tuya) se le ocurrió hacerlo de una >>>manera más "kosher". >>> >>>En cualquier caso, quita el RPM y mándate a bajar el fuente, >>>compilarlo, etc. .. lo puedes hacer así: >>> >>>1. Baja el tar.gz del clamav >>>2. vete a zlib.net y bájatelo, se instala igual que muchos otros >>>fuentes con ./configure && make && make install >>>3. Te vas al sitio donde descomprimiste el tar.gz del clamav, le das >>>./configure && make && make install y editas >>>/usr/local/etc/freshclam.conf y /usr/local/etc/clamav.conf para que >>>se ajuste a tu configuración. Como mínimo tienes que quitar el # de >>>por delante del "example" y designar tu país para los mirrors de la >>>bajada de los updates. >>>4. Corre freshclam y cruza los dedos ;) >>> >>>Saludos, >>> >>>Alex >>> >>>------------------------ MailScanner list ------------------------ >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>'leave mailscanner' in the body of the email. >>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>Support MailScanner development - buy the book off the website! >>> >>>-- >>>Esta mensagem foi verificada pelo sistema de antivírus e >>> acredita-se estar livre de perigo. >>> >>> >>------- End of Original Message ------- >> >> > >Um, not that I really understand what you're saying (not being a >speaker (at all) of the language you're using), but isn't Rauls >problem solely that the line >clamav /usr/lib/MailScanner/clamav-wrapper /usr/local >in /etc/MailScanner/virus.scanners.conf should read >clamav /usr/lib/MailScanner/clamav-wrapper /usr >instead? Sure, I too think it best to buld clamav from source, but... >He really don't need to, to solve this... Or did you already cover >this in > >Cheers >-- Glenn > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > Correcto, pero en cualquier caso no conozco de ningún caso que se hayan "echado al traste el servidor", por no decir algo más feo, por instalar el zlib nuevo. Tendría que ser, a mi parecer, un RedHat -3.0 o algo así super super viejo pa que se dañe. Yo he hecho el "baja-compila-instala" del zlib desde RedHat 8 hasta CentOS 4.1 y funciona a las mil maravillas. Como siempre, YMMV (tu millaje puede variar). ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at nkpanama.com Thu Jun 16 02:21:42 2005 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Jan 12 21:30:03 2006 Subject: Raq3 f-prot problem Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Scott Silva wrote: >Martin Hepworth said the following on 6/15/2005 1:00 AM: > > >>Darren >> >>Then you'd better upgrade to V4.latest. V3 has not been supported for >>many moons....(assuming Julian puts a new version every month, V4 is >>well over 3 years old now..) >> >> >> >If I remember correctly, you pretty much have to replace the outdated >perl on the raq to get it working with mailscanner. Try this link; > >http://hitechsavvy.com/modules.php?op=modload&name=News&file=article&sid=193&mode=thread&order=0&thold=0 > >I left whitespace around it in case of wrap. > > > > Is it just me or did this thread become hijacked? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at nkpanama.com Thu Jun 16 02:21:18 2005 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Jan 12 21:30:03 2006 Subject: Messages in foreign languages Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Matt Kettler wrote: > Server > > >>admins should definitely look into learning at least enough English to >>get their point across - although I know a few native English speakers >>who aren't too fluent when it comes to posting either ;) >> >> > >Hey, I resemble that remark! > >In my case this is mostly due to last-minute editing and hitting send without >re-reading it. > >Although others might also say it's because I don't know how to spell color >correctly, I think they're the ones that are confused ;) > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > Don't you mean "resent", instead of resemble? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at nkpanama.com Thu Jun 16 02:25:23 2005 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Jan 12 21:30:03 2006 Subject: Messages in foreign languages Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Peter Bonivart wrote: > Steen, Glenn wrote: > >> Jodå, den duger... Er, well yes, it's good enough:) > > > Kul att se Svenska på denna lista, det är nog första gången. > Eso mismo digo yo. En serio, si alguien pone algo en español aquí, pidan traducción... si yo lo leo y puedo (léase, tengo tiempo), les doy la mano con la traducción, si es que no puedo resolverlo... Saludos... ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From usergroups at THEARGONCOMPANY.COM Thu Jun 16 05:50:08 2005 From: usergroups at THEARGONCOMPANY.COM (Atul Morey) Date: Thu Jan 12 21:30:03 2006 Subject: Oversized zip notification. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > Silent Viruses Silent Viruses = HTML-IFrame All-Viruses HTML-Codebase HTML-Form > Notify Senders Of Viruses Notify Senders Of Viruses = no This is deliberately done so that the invalid IDs are not sent the notifications in case of forge addresses from viruses. > Still Deliver Silent Viruses Still Deliver Silent Viruses = no > Non-Forging Viruses Non-Forging Viruses = Joke/ OF97/ WM97/ W97M/ Regards, Atul ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu Jun 16 08:58:10 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:03 2006 Subject: OT: "OMG YOU SENT TEH VIRUSESS" Message-ID: Jason oh - you'll find alot of these systems have been set and forgot. IE there's no one at the site with a clue about IT and/or the mail gateway thing. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Jason Balicki wrote: > Martin Hepworth <> wrote: > >>a good SA rule for this is Tim Jackson's bogus virus warnings set. >> >>http://www.timj.co.uk/linux/bogus-virus-warnings.cf > > > Martin, > > I appreciate this, but I was more concerned with > getting the offending parties to stop wasting > network resources than I am with tagging the messages. > > If nobody else is interested in this, that's fine -- > I was just trying to provide a friendly community > service for these folks before they get themselves > blacklisted. > > --J(K) > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu Jun 16 09:04:55 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:03 2006 Subject: Messages in log unseen before. Message-ID: Scott Silva wrote: > Ken Goods said the following on 6/15/2005 11:14 AM: > >>Ugo Bellavance wrote: >> >> >>>Ken Goods wrote: >>> >>> >>>>I can't imagine what would be happening during that timeframe. This >>>>all started a couple weeks ago and at the same time my load went >>> >>>>from averaging .3 to 1-2. I did not make any changes to the system >>> >>>>and it has been running well since the last >>>>MailScanner/Spamassassin/ClamAV upgrade a couple months ago. >>>> >>>>MailScanner does use the clamav-wrapper but I can't tell how long >>>>clamscan is taking to complete. Is it more efficient to use the >>>>clamavmodule? If so I'll look into getting it configured and running. >>>> >>>>Any insight would be appreciated much. >>> >>>Have you upgraded MailScanner to the latest stable version as well? >>> >> >> >>Not yet... it always seems like it turns into a bigger job than it should >>be. >>With Citrix, Oracle, 2 SQL servers, an AS400, Exchange Server, DNS, IIS 4.0 >>and 6.0, 15 websites, in-house programming, and all together 8 servers to >>maintain, >>time is short and email is not my only responsibility. I tend to forget how >>I did the upgrade the last time and end up with path/permission >>problems up the ying-yang. >> >>I know... I know... wha wha wha woo woo woo... nobody feels sorry for me, >>at least I have a job! :) > > Sounds as if you have 3 peoples jobs! > >>Thanks Ugo... I'll upgrade the whole works and see what happens. >>Perhaps this time I will document everything so I remember how I did it for >>the next time. >> >>Kind regards, >>Ken >> > > You sound like me: > Too many hats, not enough heads! > > Ken documentation! It's easy to do the upgrades, and even I've managed to put up a local document on our intranet with a quick reminder of the stage I go through. I'm running the tar.gz so I have copy the rules files etc over. Normally takes me around 10 minutes from that start of download to starting the new version. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu Jun 16 09:11:14 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:03 2006 Subject: [Fwd: Denial of Service Vulnerability in Apache SpamAssassin 3.0.1-3.0.3] Message-ID: Folks FYI Oh and if anyone is still running SA 2.63 there's a DOS problem with it as well. Upgrade to 2.64 if you don't want to make to jump to 3.0.4 -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 -------- Original Message -------- Subject: Denial of Service Vulnerability in Apache SpamAssassin 3.0.1-3.0.3 Date: Wed, 15 Jun 2005 13:00:46 -0700 From: Daniel Quinlan Reply-To: users@spamassassin.apache.org To: announce@spamassassin.apache.org CC: users@spamassassin.apache.org, dev@spamassassin.apache.org Apache SpamAssassin 3.0.4 was recently released [0], and fixes a denial of service vulnerability in versions 3.0.1, 3.0.2, and 3.0.3. The vulnerability allows certain misformatted long message headers to cause spam checking to take a very long time. While the exploit has yet to be seen in the wild, we are concerned that there may be attempts to abuse the vulnerability in the future. Therefore, we strongly recommend all users of these versions upgrade to Apache SpamAssassin 3.0.4 as soon as possible. This issue has been assigned CVE id CAN-2005-1266 [1]. To contact the Apache SpamAssassin security team, please e-mail security at spamassassin.apache.org. For more information about Apache SpamAssassin, visit the http://spamassassin.apache.org/ web site. Apache SpamAssassin Security Team [0]: http://mail-archives.apache.org/mod_mbox/spamassassin-dev/200506.mbox/%3c20050606223631.GG11538@kluge.net%3e [1]: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1266 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Thu Jun 16 09:21:43 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:30:03 2006 Subject: SV: Messages in foreign languages Message-ID: Alex Neuman van der Hans wrote: > Matt Kettler wrote: > (snip) >> Hey, I resemble that remark! (snip) > Don't you mean "resent", instead of resemble? I'm not too sure Alex, but I think it was an intentional error... And kind of fun too (I felt an urge to reply "No, you don't look anything like that remark" ... but it passed:-). BTW, I'm exploring my "thread-breaking woes", so this should be such a message (that breaks threading). Sorry for that, but ... I need a handle on this so... -- Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Thu Jun 16 09:34:58 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:30:03 2006 Subject: Messages in foreign languages Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Peter Bonivart wrote: > Steen, Glenn wrote: >> Jodå, den duger... Er, well yes, it's good enough:) > > Kul att se Svenska på denna lista, det är nog första gången. Tja, du har ju ett antal svenskar på listan (Tony-vad-han-nu-heter ... på svenska kyrkan, Carl Boberg (något museum i sthlm om jag minns rätt), Andreas Svennson på Hallsbergs kommun och säkert en skrälldus fler som jag missat:-), så det var väl tvunget att ske förr eller senare:-):-). Känns bra att äntligen gå i bräschen för nåt;) Jag hade nog inte tippat på att du var svensk dock:). Ah, kollade just på ucgbook.com ... Väldigt svenskt. And now back to your regular programming... -- Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jun 16 09:36:57 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:03 2006 Subject: "OMG YOU SENT TEH VIRUSESS" Message-ID: There's a footnote at the bottom which corrects his view of MailScanner. I found him very co-operative when he first wrote it, and was quite happy with my point of view. On 16 Jun 2005, at 00:10, Peter Russell wrote: > That is a great read, thanks. MailScanner get a bit a spray in > there though :) > > > > Steffan Henke wrote: > >> On Wed, 15 Jun 2005, Jason Balicki wrote: >> >>> Begin quote: >>> As for the virus notifications, as pointless as it may seem to >>> you, it's >>> our company policy to attempt to inform possibly infected systems >>> >> http://attrition.org/security/rant/av-spammers.html >> Regards, >> Steffan >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> Support MailScanner development - buy the book off the website! >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jun 16 09:48:12 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:03 2006 Subject: Upgrading -- was Re: Messages in log unseen before. Message-ID: On 16 Jun 2005, at 09:04, Martin Hepworth wrote: > documentation! It's easy to do the upgrades, and even I've managed > to put up a local document on our intranet with a quick reminder of > the stage I go through. I'm running the tar.gz so I have copy the > rules files etc over. Normally takes me around 10 minutes from that > start of download to starting the new version. That's the aim! It should be a 10-minute job on many systems, particularly RPM-based ones. I put more effort into the RPM-based distributions as an inexperienced sysadmin will usually opt for an RPM-based Linux distribution when needing to set up a Linux box. There are a lot of sysadmins out there who no little about *nix, and so I need to put more effort into making their life easier. The attitude of a lot of other developers is "well go and learn how to do it then", and "if you can't even run Linux then you shouldn't be running a mail server". A tad unhelpful, to put it mildly. These people obviously don't remember that once a upon a time, they knew nothing about it either, and probably also had a boss breathing down their neck to get this problem solved. It's like learner drivers on the road: be nice to them, you were there once too. Your average Solaris or Irix admin, on the other hand, tends to be far more experienced and doesn't need hand-holding at all. In fact, they often resent it and prefer to do it all themselves. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Rainer.Blaes at SPACE.EADS.NET Thu Jun 16 12:23:18 2005 From: Rainer.Blaes at SPACE.EADS.NET (Rainer Blaes) Date: Thu Jan 12 21:30:03 2006 Subject: Disclaimer only for outgoing mail? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dear experts, we are using the "Sign clean message" feature to add our firm's Disclaimer/footer to each mail. It's working quite well but has of course the effect that also the incoming mails carry this text. Is there any way within Mailscanner.conf to restrict the Disclaimer attachment only to our outgoing mail? Many thanks in advance! Rainer DISCLAIMER: This email (including any attachments) may contain confidential and/or privileged information. This email is for the intended addressee only. If you have received it in error, please notify the sender immediately and delete this email and any copies. Any use of this email is prohibited without the senders prior consent. This email may not reflect the views of EADS SPACE Transportation (EADS-ST). Nothing in this email shall bind EADS-ST unless endorsed by a duly authorised representative and subject to a formal notification independent of this email either by fax or by post mail. EADS-ST and the other companies of the EADS group refuse any and all liabilities if this email transmission was virus corrupted, altered or falsified. HINWEIS: Diese E-Mail (einschliesslich ihrer eventuellen Anlagen) kann vertrauliche und/oder geschuetzte Informationen beinhalten. Diese E-Mail ist nur fuer den beabsichtigten Adressaten bestimmt. Falls Sie diese E-Mail irrtuemlich erhalten haben, informieren Sie bitte sofort den Absender und loeschen diese E-Mail und jegliche Kopie. Jegliche Nutzung oder Verwendung dieser E-Mail ist ohne vorheriges Einverstaendnis des Absenders untersagt. Diese E-Mail entspricht nicht unbedingt der Meinung oder den Positionen von EADS SPACE Transportation (EADS-ST). Der Inhalt dieser E-Mail verpflichtet EADS-ST nur, wenn er durch eine hierzu autorisierte Person bestaetigt ist und ferner vorbehaltlich einer separaten formellen Notifizierung durch Fax oder per Post. EADS-ST und die anderen Firmen der EADS Gruppe uebernehmen keinerlei Haftung, falls diese E-Mail mit Viren behaftet ist oder im Wege ihrer Uebertragung geaendert oder verfaelscht wurde. ========================================================= EADS SPACE Transportation GmbH (Amtsgericht Bremen, HRB-Nr. 21713) - Huenefeldstrasse 1-5 - 28199 Bremen - Deutschland/Germany ================ http://www.eads.net ========================= ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu Jun 16 12:40:56 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:03 2006 Subject: Disclaimer only for outgoing mail? Message-ID: Rainer create a ruleset for the sign clean messages so it only works for emails 'from' your LAN ip-addresses.... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Rainer Blaes wrote: > Dear experts, > we are using the "Sign clean message" feature to add our firm's > Disclaimer/footer to each mail. > It's working quite well but has of course the effect that also the > incoming mails carry this text. > Is there any way within Mailscanner.conf to restrict the Disclaimer > attachment only to our outgoing mail? > > Many thanks in advance! > > Rainer > > DISCLAIMER: This email (including any attachments) may contain > confidential and/or privileged information. This email is for the > intended addressee only. If you have received it in error, please notify > the sender immediately and delete this email and any copies. Any use of > this email is prohibited without the senders prior consent. > This email may not reflect the views of EADS SPACE Transportation > (EADS-ST). Nothing in this email shall bind EADS-ST unless endorsed by a > duly authorised representative and subject to a formal notification > independent of this email either by fax or by post mail. > EADS-ST and the other companies of the EADS group refuse any and all > liabilities if this email transmission was virus corrupted, altered or > falsified. > > HINWEIS: Diese E-Mail (einschliesslich ihrer eventuellen Anlagen) kann > vertrauliche und/oder geschuetzte Informationen beinhalten. Diese E-Mail > ist nur fuer den beabsichtigten Adressaten bestimmt. Falls Sie diese > E-Mail irrtuemlich erhalten haben, informieren Sie bitte sofort den > Absender und loeschen diese E-Mail und jegliche Kopie. Jegliche Nutzung > oder Verwendung dieser E-Mail ist ohne vorheriges Einverstaendnis des > Absenders untersagt. > Diese E-Mail entspricht nicht unbedingt der Meinung oder den Positionen > von EADS SPACE Transportation (EADS-ST). Der Inhalt dieser E-Mail > verpflichtet EADS-ST nur, wenn er durch eine hierzu autorisierte Person > bestaetigt ist und ferner vorbehaltlich einer separaten formellen > Notifizierung durch Fax oder per Post. > EADS-ST und die anderen Firmen der EADS Gruppe uebernehmen keinerlei > Haftung, falls diese E-Mail mit Viren behaftet ist oder im Wege ihrer > Uebertragung geaendert oder verfaelscht wurde. > ========================================================= > EADS SPACE Transportation GmbH (Amtsgericht Bremen, HRB-Nr. 21713) - > Huenefeldstrasse 1-5 - 28199 Bremen - Deutschland/Germany > ================ http://www.eads.net ========================= > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rakesh at NETCORE.CO.IN Thu Jun 16 13:06:16 2005 From: rakesh at NETCORE.CO.IN (Rakesh) Date: Thu Jan 12 21:30:03 2006 Subject: Disclaimer only for outgoing mail? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rainer Blaes wrote: > Dear experts, > we are using the "Sign clean message" feature to add our firm's > Disclaimer/footer to each mail. > It's working quite well but has of course the effect that also the > incoming mails carry this text. > Is there any way within Mailscanner.conf to restrict the Disclaimer > attachment only to our outgoing mail? > > Many thanks in advance! Oh boy you have got a really big disclaimer :-) the solution to your prob Sign Clean Messages = %rules-dir%/disclaimer.rules In disclaimer.rules if you want to put disclaimers for outgoing mails only then From: yourdomain.com And To: yourdomain.com no FromOrTo: default yes In this mails having from address as "yourdomain.com" to "yourdomain.com" will not have disclaimers, but from "yourdomain.com" to "yahoo.com" will have disclaimer. Incase of Multiple Recipients, the default rules will apply.... i.e. disclaimer will be attached provided you have Use Default Rules With Multiple Recipients = yes Rakesh ---------------------------------------------------------- Netcore Solutions Pvt. Ltd. Website: http://www.netcore.co.in Spamtraps: http://cleanmail.netcore.co.in/directory.html ---------------------------------------------------------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkehler at WRHA.MB.CA Thu Jun 16 13:26:08 2005 From: mkehler at WRHA.MB.CA (Matt Kehler) Date: Thu Jan 12 21:30:03 2006 Subject: Disclaimer only for outgoing mail? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] More on this; is there any way to have the disclaimer only applied ONCE? Meaning if someone from your company (who gets the disclaimer appended on outgoing) sends an email back and forth to someone on the 'outside' 5 times...every time you reply out, the disclaimer will get appended again. Bottom line is, if you reply back and forth like this..your message ends up getting filled up by pages and pages of disclaimers (in our case, its big, and in 2 languages...). thx Matt >>> rakesh@NETCORE.CO.IN 6/16/2005 7:06 AM >>> Rainer Blaes wrote: > Dear experts, > we are using the "Sign clean message" feature to add our firm's > Disclaimer/footer to each mail. > It's working quite well but has of course the effect that also the > incoming mails carry this text. > Is there any way within Mailscanner.conf to restrict the Disclaimer > attachment only to our outgoing mail? > > Many thanks in advance! Oh boy you have got a really big disclaimer :-) the solution to your prob Sign Clean Messages = %rules-dir%/disclaimer.rules In disclaimer.rules if you want to put disclaimers for outgoing mails only then From: yourdomain.com And To: yourdomain.com no FromOrTo: default yes In this mails having from address as "yourdomain.com" to "yourdomain.com" will not have disclaimers, but from "yourdomain.com" to "yahoo.com" will have disclaimer. Incase of Multiple Recipients, the default rules will apply.... i.e. disclaimer will be attached provided you have Use Default Rules With Multiple Recipients = yes Rakesh ---------------------------------------------------------- Netcore Solutions Pvt. Ltd. Website: http://www.netcore.co.in Spamtraps: http://cleanmail.netcore.co.in/directory.html ---------------------------------------------------------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Thu Jun 16 13:29:09 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:30:03 2006 Subject: Denial of Service Vulnerability in Apache SpamAssassin 3.0.1-3.0.3 Message-ID: FYI. A good reason to upgrade to SpamAssassin 3.0.4. Can someone confirm that similar vulnerabilities exist in SpamAssassin 2.63 / 2.64 > From announce-return-9-paddy=panici.net@spamassassin.apache.org Wed > Jun 15 21:12:13 2005 > From: Daniel Quinlan > To: announce@spamassassin.apache.org > Subject: Denial of Service Vulnerability in Apache SpamAssassin > 3.0.1-3.0.3 > > Apache SpamAssassin 3.0.4 was recently released [0], and fixes a > denial of service vulnerability in versions 3.0.1, 3.0.2, and 3.0.3. > The vulnerability allows certain misformatted long message headers to > cause spam checking to take a very long time. > > While the exploit has yet to be seen in the wild, we are concerned > that there may be attempts to abuse the vulnerability in the future. > Therefore, we strongly recommend all users of these versions upgrade > to Apache SpamAssassin 3.0.4 as soon as possible. > > This issue has been assigned CVE id CAN-2005-1266 [1]. > > To contact the Apache SpamAssassin security team, please e-mail > security at spamassassin.apache.org. For more information about > Apache SpamAssassin, visit the http://spamassassin.apache.org/ web site. > > Apache SpamAssassin Security Team > > [0]: > http://mail-archives.apache.org/mod_mbox/spamassassin-dev/200506.mbox/ > %3c20050606223631.GG11538@kluge.net%3e > > [1]: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1266 Steve Swaney President Fort Systems Ltd. www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jun 16 13:52:10 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:03 2006 Subject: Disclaimer only for outgoing mail? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] The "Sign Messages Already Processed" option will stop you getting multiple sigs from multiple passes through MailScanner. But you are trying to look for your signature text appearing in some (quite possibly quoted in some random fashion) form at or near the bottom of your messages. You will need a Custom Function to do this which controls the "Sign Clean Messages" option, and works by looking for bits out of your sig near the end of the message. Impossibly to do in the generic case, but you could do it if you know what sort of words you are looking for, and where you might want to look. It will take a bit of coding, but shouldn't be a huge job. Once you've got it right, it will probably only be 20 lines of code, it's just 20 lines that might take a little while to write. If you want to pay me to do it, then I will, but this would be at full consulting rates. On 16 Jun 2005, at 13:26, Matt Kehler wrote: More on this; is there any way to have the disclaimer only applied ONCE?   Meaning if someone from your company (who gets the disclaimer appended on outgoing) sends an email back and forth to someone on the 'outside' 5 times...every time you reply out, the disclaimer will get appended again.   Bottom line is, if you reply back and forth like this..your message ends up getting filled up by pages and pages of disclaimers (in our case, its big, and in 2 languages...).    thx Matt >>> rakesh@NETCORE.CO.IN 6/16/2005 7:06 AM >>> Rainer Blaes wrote: > Dear experts, > we are using the "Sign clean message" feature to add our firm's > Disclaimer/footer to each mail. > It's working quite well but has of course the effect that also the > incoming mails carry this text. > Is there any way within Mailscanner.conf to restrict the Disclaimer > attachment only to our outgoing mail? > > Many thanks in advance! Oh boy you have got a really big disclaimer :-) the solution to your prob Sign Clean Messages = %rules-dir%/disclaimer.rules In disclaimer.rules if you want to put disclaimers for outgoing mails only then From: yourdomain.com And To: yourdomain.com   no FromOrTo: default yes In this mails having from address as "yourdomain.com" to "yourdomain.com"  will not have disclaimers, but from "yourdomain.com" to "yahoo.com" will have disclaimer. Incase of Multiple Recipients, the default rules will apply.... i.e. disclaimer will be attached provided you have Use Default Rules With Multiple Recipients = yes Rakesh ---------------------------------------------------------- Netcore Solutions Pvt. Ltd. Website:  http://www.netcore.co.in Spamtraps: http://cleanmail.netcore.co.in/directory.html ---------------------------------------------------------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! --  Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Thu Jun 16 14:03:35 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:03 2006 Subject: FYI New version of Razor: 2.71 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Send razor-announce mailing list submissions to razor-announce@lists.sourceforge.net To subscribe or unsubscribe via the World Wide Web, visit https://lists.sourceforge.net/lists/listinfo/razor-announce or, via email, send a message with subject or body 'help' to razor-announce-request@lists.sourceforge.net You can reach the person managing the list at razor-announce-admin@lists.sourceforge.net When replying, please edit your Subject line so it is more specific than "Re: Contents of razor-announce digest..." Today's Topics: 1. ANNOUNCE: razor-agents 2.70 (Vipul Ved Prakash) 2. ANNOUNCE: razor-agents 2.71 (Vipul Ved Prakash) --__--__-- Message: 1 Date: Thu, 16 Jun 2005 05:28:43 -0700 From: Vipul Ved Prakash To: razor-users@lists.sourceforge.net Cc: razor-announce@lists.sourceforge.net Reply-To: mail@vipul.net Subject: [razor-announce] ANNOUNCE: razor-agents 2.70 Folks, Version 2.70 of Razor Agents in now available. You can download this release from SourceForge at: http://prdownloads.sourceforge.net/razor/razor-agents-2.70.tar.gz?download This is an IMPORTANT bugfix and accuracy release. I recommend everyone upgrade as soon as possible. If you are a package maintainer for Razor Agents, I'd strongly recommend building and releasing a new package. Here's the changelog: * Fixed preprocessing of unusual HTML messages. This resolves the segfault issue in razor-agents. [Bug #1001417] * Fixed handling of certain malformed headers. * Explicitly specify the record separator as "\n" when reading files, to ensure that someone else hasn't set it to undef. [Patch #537813] * "razorzone" is no longer supported and has been removed from the documentation. * Allow the config file to set razorhome. [Bug #1074391] * Razor Agents no longer go into an infinite loop when discovery fails. [Bug #1016039] * Properly creates "razor-*" symlinks after installation. [Bug #874468] * Default to PERLPREFIX instead of PREFIX when installing man5 pages. [Bug #1001320] * Removed a call to $sha1->reset() which was breaking SHA1 calculation. [Bug #1004858] * "use_engines" is no longer supported and has been removed from the documentation. [Bug #1120311] * Shuffle the discovery, catalogue, and nomination server lists after loading them from disk; this prevents razor-agents from always starting with the same catalogue server. * Replace the complex DNS lookup logic for discovery servers with a single DNS round robin. [Bug #604679] * Remove the ICMP ping logic for finding the "fastest" catalogue server; the configuration option for this logic is now ignored. [Support #739464] * Removed stale engine code for various signature types that are no longer used. cheers, vipul -- Vipul Ved Prakash "Sir, are you classified as human?" "Uh, negative. I am a meat popsicle." www.vipul.net www.cloudmark.com -- The Fifth Element --__--__-- Message: 2 Date: Wed, 15 Jun 2005 18:51:51 -0700 From: Vipul Ved Prakash To: razor-users@list.sourceforge.net, razor-announce@lists.sourceforge.net Reply-To: mail@vipul.net Subject: [razor-announce] ANNOUNCE: razor-agents 2.71 There was a minor installation bug that was fixed in 2.71. Please download 2.71 instead of 2.70. It's available at: http://prdownloads.sourceforge.net/razor/razor-agents-2.71.tar.gz?download Here are orginial release notes for 2.70: This is an IMPORTANT bugfix and accuracy release. I recommend everyone upgrade as soon as possible. If you are a package maintainer for Razor Agents, I'd strongly recommend building and releasing a new package. Here's the changelog: * Fixed preprocessing of unusual HTML messages. This resolves the segfault issue in razor-agents. [Bug #1001417] * Fixed handling of certain malformed headers. * Explicitly specify the record separator as "\n" when reading files, to ensure that someone else hasn't set it to undef. [Patch #537813] * "razorzone" is no longer supported and has been removed from the documentation. * Allow the config file to set razorhome. [Bug #1074391] * Razor Agents no longer go into an infinite loop when discovery fails. [Bug #1016039] * Properly creates "razor-*" symlinks after installation. [Bug #874468] * Default to PERLPREFIX instead of PREFIX when installing man5 pages. [Bug #1001320] * Removed a call to $sha1->reset() which was breaking SHA1 calculation. [Bug #1004858] * "use_engines" is no longer supported and has been removed from the documentation. [Bug #1120311] * Shuffle the discovery, catalogue, and nomination server lists after loading them from disk; this prevents razor-agents from always starting with the same catalogue server. * Replace the complex DNS lookup logic for discovery servers with a single DNS round robin. [Bug #604679] * Remove the ICMP ping logic for finding the "fastest" catalogue server; the configuration option for this logic is now ignored. [Support #739464] * Removed stale engine code for various signature types that are no longer used. cheers, vipul -- Vipul Ved Prakash "Sir, are you classified as human?" "Uh, negative. I am a meat popsicle." www.vipul.net www.cloudmark.com -- The Fifth Element --__--__-- _______________________________________________ razor-announce mailing list razor-announce@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/razor-announce End of razor-announce Digest ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kodak at FRONTIERHOMEMORTGAGE.COM Thu Jun 16 14:24:18 2005 From: kodak at FRONTIERHOMEMORTGAGE.COM (Jason Balicki) Date: Thu Jan 12 21:30:03 2006 Subject: Disclaimer only for outgoing mail? Message-ID: Matt Kehler <> wrote: > Bottom line is, if you reply back and forth like this..your message > ends up getting filled up by pages and pages of disclaimers (in our > case, its big, and in 2 languages...). I know this is kind of a weird concept, but you can avoid pages and pages of disclaimers by, you know, editing your messages. This gives the added benefits of clarity, conciseness and readability. This is a craft that appears to be lost in this world of: > >>>> >>> >>>>>>>>>>>>>>>>> [5000 lines deleted] ME TOO!!!!111one1! --J(K) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkehler at WRHA.MB.CA Thu Jun 16 14:33:18 2005 From: mkehler at WRHA.MB.CA (Matt Kehler) Date: Thu Jan 12 21:30:03 2006 Subject: Disclaimer only for outgoing mail? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I can manually edit my messages, sure. Our 2000+ users, no. We get the 'other systems don't do that' routine, "i don't have time', etc etc. Any solutions out there? I don't really want to get into a discussion about 'how users should do things'. thanks Matt >>> kodak@FRONTIERHOMEMORTGAGE.COM 6/16/2005 8:24:18 AM >>> Matt Kehler <> wrote: > Bottom line is, if you reply back and forth like this..your message > ends up getting filled up by pages and pages of disclaimers (in our > case, its big, and in 2 languages...). I know this is kind of a weird concept, but you can avoid pages and pages of disclaimers by, you know, editing your messages. This gives the added benefits of clarity, conciseness and readability. This is a craft that appears to be lost in this world of: > >>>> >>> >>>>>>>>>>>>>>>>> [5000 lines deleted] ME TOO!!!!111one1! --J(K) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Thu Jun 16 14:15:39 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:03 2006 Subject: Denial of Service Vulnerability in Apache SpamAssassin 3.0.1-3.0.3 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Stephen Swaney wrote: > FYI. A good reason to upgrade to SpamAssassin 3.0.4. Can someone confirm > that similar vulnerabilities exist in SpamAssassin 2.63 / 2.64 From martinh at SOLID-STATE-LOGIC.COM Thu Jun 16 14:39:39 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:03 2006 Subject: Denial of Service Vulnerability in Apache SpamAssassin 3.0.1-3.0.3 Message-ID: Ugo 2.63 is vulnerable to a different DOS problem, not the one annouced for 3.0.[1-3] -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Ugo Bellavance wrote: > Stephen Swaney wrote: > >>FYI. A good reason to upgrade to SpamAssassin 3.0.4. Can someone confirm >>that similar vulnerabilities exist in SpamAssassin 2.63 / 2.64 > > > From an earlier post from Martin Hepworth, 2.63 is vulnerable while 2.64 > isn't. > > Regards, > > Ugo > > >> >>>From announce-return-9-paddy=panici.net@spamassassin.apache.org Wed >> >>>Jun 15 21:12:13 2005 >>>From: Daniel Quinlan >>>To: announce@spamassassin.apache.org >>>Subject: Denial of Service Vulnerability in Apache SpamAssassin >>>3.0.1-3.0.3 >>> >>>Apache SpamAssassin 3.0.4 was recently released [0], and fixes a >>>denial of service vulnerability in versions 3.0.1, 3.0.2, and 3.0.3. >>>The vulnerability allows certain misformatted long message headers to >>>cause spam checking to take a very long time. >>> >>>While the exploit has yet to be seen in the wild, we are concerned >>>that there may be attempts to abuse the vulnerability in the future. >>>Therefore, we strongly recommend all users of these versions upgrade >>>to Apache SpamAssassin 3.0.4 as soon as possible. >>> >>>This issue has been assigned CVE id CAN-2005-1266 [1]. >>> >>>To contact the Apache SpamAssassin security team, please e-mail >>>security at spamassassin.apache.org. For more information about >>>Apache SpamAssassin, visit the http://spamassassin.apache.org/ web site. >>> >>>Apache SpamAssassin Security Team >>> >>>[0]: >>>http://mail-archives.apache.org/mod_mbox/spamassassin-dev/200506.mbox/ >>>%3c20050606223631.GG11538@kluge.net%3e >>> >>>[1]: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1266 >> >> >>Steve Swaney >>President >>Fort Systems Ltd. >>www.fsl.com >>steve.swaney@fsl.com >> > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From wayne at NIGHTSOL.NET Thu Jun 16 14:49:55 2005 From: wayne at NIGHTSOL.NET (Wayne) Date: Thu Jan 12 21:30:03 2006 Subject: Renamed attachments Message-ID: Hey Guys, Anybody seen whereby an attachment gets renamed to say "Application" or "application 1" Some were within zip files, although Im not sure that all were. Still checking it out, just wondering if anybody else has seen it? Thanks, Wayne ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rakesh at NETCORE.CO.IN Thu Jun 16 14:53:32 2005 From: rakesh at NETCORE.CO.IN (Rakesh) Date: Thu Jan 12 21:30:03 2006 Subject: Disclaimer only for outgoing mail? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Matt Kehler wrote: > I can manually edit my messages, sure. Our 2000+ users, no. We get > the 'other systems don't do that' routine, "i don't have time', etc etc. > > Any solutions out there? > I hope you have seen Julian's reply to this topic by now :-) ---------------------------------------------------------- Netcore Solutions Pvt. Ltd. Website: http://www.netcore.co.in Spamtraps: http://cleanmail.netcore.co.in/directory.html ---------------------------------------------------------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rakesh at NETCORE.CO.IN Thu Jun 16 15:00:27 2005 From: rakesh at NETCORE.CO.IN (Rakesh) Date: Thu Jan 12 21:30:03 2006 Subject: Renamed attachments Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Wayne wrote: >Hey Guys, > >Anybody seen whereby an attachment gets renamed to say >"Application" or "application 1" >Some were within zip files, although Im not sure that all were. >Still checking it out, just wondering if anybody else has seen it? > > Sounds weird, never heard abt that, can you give us more info like version of MailScanner, MTA and Virus Scanners ? All I know is tht MailScanner creates a temporary copy of the attachments but doesnt mingle with the original ones and performs filetype/name checks and gives the path to the virus scanners, who only perform read operations and depending on the return flags it decides whether it should requeue the mail. Other wise it doesn't tamper with the original queue file at all. More inputs will be appreciated Rakesh ---------------------------------------------------------- Netcore Solutions Pvt. Ltd. Website: http://www.netcore.co.in Spamtraps: http://cleanmail.netcore.co.in/directory.html ---------------------------------------------------------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Thu Jun 16 14:50:28 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:03 2006 Subject: Denial of Service Vulnerability in Apache SpamAssassin 3.0.1-3.0.3 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Martin Hepworth wrote: > Ugo > > 2.63 is vulnerable to a different DOS problem, not the one annouced for > 3.0.[1-3] Oupsy. Sorry. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lars+lister.mailscanner at ADVENTURAS.NO Thu Jun 16 15:16:56 2005 From: lars+lister.mailscanner at ADVENTURAS.NO (Lars Kristiansen) Date: Thu Jan 12 21:30:03 2006 Subject: SV: "OMG YOU SENT TEH VIRUSESS" Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > Craig Daters said the following on 6/15/2005 2:22 PM: >> I'm not 100% positive, but doesn't that violate an RFC standard or >> something? >> >> I just recall from somewhere that each domain is require (or strongly >> encouraged) to provide a valid postmaster address...? > Encouraged, yes > required, unfortunately no. > But you can report them to RFC Ignorant and they will be on another rbl > list. > We all need to contribute to a list and call it something like > mail_admin_ignorant and block them all! Hello! About the postmaster missing for so many domains. Could this not be considered to also be some fault of the default sendmail configuration that sends double-bounces to postmaster? (Dont know how other mta handles this.) Why? When a beginner first get that mailbox flooded they might null it in a hurry. And forget it. Instead of reading through more documentation. They could be encouraged to configure in sendmail.mc or hostname.mc: define(`confDOUBLE_BOUNCE_ADDRESS', `exampleaddress')dnl or: define(`confDOUBLE_BOUNCE_ADDRESS', `postmaster+notify')dnl or possible: define(`confDOUBLE_BOUNCE_ADDRESS', `')dnl To send it to an alternative address, submailbox or just drop it. Or for those who dont use m4, something like this in sendmail.cf: O DoubleBounceAddress=postmaster+notify Or alternatively these mails can be filtered based on subject by sieve or procmail or something. Or maybe sendmail could be encouraged to change their defaults to? Just thought it would be nice to add some suggestions for these people to this thread. -- Hilsen from Lars ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rurqueta at MUNILASERENA.CL Thu Jun 16 15:25:36 2005 From: rurqueta at MUNILASERENA.CL (Raul Urqueta Sierra) Date: Thu Jan 12 21:30:03 2006 Subject: problema Message-ID: Hi, I change that line, but now I see this error in maillog file: MailScanner[3751]: Can't run commercial checker clamav ("/usr/lib/MailScanner/Clamav-wrapper"): No such file or directory Do I need to reinstall the Clamv?? Sorry, my English is no good.... I hope you understand me.... -------ooooo------- Um, not that I really understand what you're saying (not being a speaker (at all) of the language you're using), but isn't Rauls problem solely that the line clamav /usr/lib/MailScanner/clamav-wrapper /usr/local in /etc/MailScanner/virus.scanners.conf should read clamav /usr/lib/MailScanner/clamav-wrapper /usr instead? Sure, I too think it best to buld clamav from source, but... He really don't need to, to solve this... Or did you already cover this in Cheers -- Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From craig at WESTPRESS.COM Thu Jun 16 16:02:14 2005 From: craig at WESTPRESS.COM (Craig Daters) Date: Thu Jan 12 21:30:03 2006 Subject: OT: "OMG YOU SENT TEH VIRUSESS" Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Jun 15, 2005, at 4:37 PM, Scott Silva wrote: > Sean Embry said the following on 6/15/2005 1:05 PM: >>>>> kodak@FRONTIERHOMEMORTGAGE.COM 6/15/2005 11:46:14 AM >>> >> Like a lot of you, I'm on a lot of mailing lists. >> snip >> >> Has anyone had any success with these situations >> before? Any magic words that seem to help >> straighten out the offending parties? >>>>> kodak@FRONTIERHOMEMORTGAGE.COM 6/15/2005 11:46:14 AM >>> >> A SpamCop listing seems to get them to pay attention when all else >> fails. > > But isn't this kind of report against spamcop's rules? > They suggest contacting the isp for virus related stuff. The ISP yes, the forged email addresses no. As an admin, I would notify the admin from the originating network with the information on the offending messages and that would be the end of it. I would not send notices back to the people listed in the "From:" portion of the emails. This is where that particular admin is out of line. He (the offending company admin) notified Jason that it was their policy to notify the entity appearing in the "From:" portion of the email, forged or not. Thus he is contributing to the flood of useless mail that circulates on the internet. Consider the percentage of legitimate hits they get with their notifications? I bet that it is far lower than the amount of messages that are forged. I admire that this particular admin is trying to "do the right thing", but he just isn't grounded in reality. - --- Craig Daters (craig@westpress.com) Systems Administrator West Press 1663 West Grant Road Tucson, Arizona 85745 (520) 624-4939 x208 (520) 624-2715 fax www.westpress.com -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBQrGUehBVT8XLuTbnEQJIjACghMHTNc5xpuqFlko0AaHXw0uDcCkAnRy8 JePekhaf7SZkgzwlhYasmPyW =am1u -----END PGP SIGNATURE----- -- Please note: It is the policy of West Press that all e-mail sent to and from any @westpress.com address may be recorded and monitored. Unless it is West Press related business, please do not send any material of a private, personal, or confidential nature to this or any @westpress.com e-mail address. This message has been scanned for UCE (spam), viruses, and dangerous content, and is believed to be clean ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From craig at WESTPRESS.COM Thu Jun 16 16:03:37 2005 From: craig at WESTPRESS.COM (Craig Daters) Date: Thu Jan 12 21:30:03 2006 Subject: SV: "OMG YOU SENT TEH VIRUSESS" Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Jun 15, 2005, at 4:49 PM, Scott Silva wrote: > Craig Daters said the following on 6/15/2005 2:22 PM: >> I'm not 100% positive, but doesn't that violate an RFC standard or >> something? >> >> I just recall from somewhere that each domain is require (or strongly >> encouraged) to provide a valid postmaster address...? > Encouraged, yes > required, unfortunately no. > But you can report them to RFC Ignorant and they will be on another rbl > list. > We all need to contribute to a list and call it something like > mail_admin_ignorant and block them all! :) That sure would open some eyes! - --- Craig Daters (craig@westpress.com) Systems Administrator West Press 1663 West Grant Road Tucson, Arizona 85745 (520) 624-4939 x208 (520) 624-2715 fax www.westpress.com -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBQrGUyRBVT8XLuTbnEQLo0QCcDee6+6RiBv9xQL9YLAiER/v3aJ0An16N ixa76Vp9J3G9RC2z1IMWKSdn =n6al -----END PGP SIGNATURE----- -- Please note: It is the policy of West Press that all e-mail sent to and from any @westpress.com address may be recorded and monitored. Unless it is West Press related business, please do not send any material of a private, personal, or confidential nature to this or any @westpress.com e-mail address. This message has been scanned for UCE (spam), viruses, and dangerous content, and is believed to be clean ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Thu Jun 16 16:10:31 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:30:03 2006 Subject: problema Message-ID: Raul Urqueta Sierra wrote: > Hi, I change that line, but now I see this error in maillog file: > > MailScanner[3751]: Can't run commercial checker clamav > ("/usr/lib/MailScanner/Clamav-wrapper"): No such file or directory Look closely... Clamav-wrapper != clamav-wrapper ... *nix is case sensitive about this:-). Probably happened by accident when you edited the file. Just go back and change the capital "C" to a common "c" and you should be fine. > > Do I need to reinstall the Clamv?? Probably not, no. > Sorry, my English is no good.... I hope you understand me.... Nor is mine:-). But I *think* we're communicating OK;) Cheers -- Glenn > > -------ooooo------- > Um, not that I really understand what you're saying (not being a > speaker (at all) of the language you're using), but isn't Rauls > problem solely that the line > clamav /usr/lib/MailScanner/clamav-wrapper /usr/local > in /etc/MailScanner/virus.scanners.conf should read > clamav /usr/lib/MailScanner/clamav-wrapper /usr > instead? Sure, I too think it best to buld clamav from source, but... > He really don't need to, to solve this... Or did you already cover > this in > > Cheers > -- Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at MANGO.ZW Thu Jun 16 16:06:50 2005 From: mailscanner at MANGO.ZW (Jim Holland) Date: Thu Jan 12 21:30:03 2006 Subject: OT: Blocking oversized messages during SMTP transaction Message-ID: Hi On Tue, 14 Jun 2005, Matt Kettler wrote: > > I used only the MAX_MESSAGE_SIZE option. Would the SMTP_MAILER_MAX option > > work differently and achieve what we need? > > In general, MAX_MESSAGE_SIZE should be the correct way to do it. > > However, if you are having problems like you describe, you might try > setting the SMTP_MAILER_MAX. This should limit the size of the SMTP > session. > > I'd look around and see if there's a sendmail bug somewhere on the issue. > Sendmail should enforce the MAX_MESSAGE_SIZE with an error and not a stuck > connection. Thanks for the feedback. I have tried SMTP_MAILER_MAX as well as MAX_MESSAGE_SIZE and it doesn't help unfortunately. I am using sendmail 8.13.1 which is fairly current I think. The connection doesn't get stuck in this situation - it simply continues until the sending server has finished sending megabytes of unwanted mail and then it terminates normally once our server has indicated that the message is too large. Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at MANGO.ZW Thu Jun 16 16:23:00 2005 From: mailscanner at MANGO.ZW (Jim Holland) Date: Thu Jan 12 21:30:03 2006 Subject: OT: Blocking oversized messages during SMTP transaction Message-ID: Hi On Wed, 15 Jun 2005, Richard.Hall wrote: > > We have only very limited bandwidth - 64k for 2,500 (yes) e-mail users > Ouch :-( Well would you believe that the same 2,500 users collect their mail via a bank of only 6 dialin modems set up on a hunting line? We are able to make this quite workable by getting 97% of our users to use ancient FidoNet software that sends mail in compressed format and sends attachments in binary format. > > Is there any automated solution to this? We need to be able to terminate > > the session with an appropriate error message the moment it is apparent > > that the message is too large. Can sendmail be made to issue a fatal > > error message during the DATA phase of the SMTP transaction? Or is the > > crunch time when we need to bite the bullet and change to say Exim instead? > [...] > > Much as I love Exim, and despite the fact that sendmail's config makes me > feel nauseous, I don't believe that Exim can help you here. But nor can > sendmail IMHO. The problem is the SMTP protocol itself, which only gives > you two (relevant) points at which you can reject the message:- > > 1) immediately after receiving the DATA command - but that is obviously > too soon for you, as you don't yet know the size; > > 2) after the terminating '.', when you do know the size - but by then it > is too late, as you clearly appreciate. > > In between those two points the traffic is all "one-way". The SMTP > protocol does not define any way to stop the data transmission in > mid-stream, except by dropping the connection. And the other end will > treat that as a temporary failure, and retry later. Ah, you know that ... Thanks for the confirmation. It is what I feared. However I had hoped that as some virus scanners could be configured to block a virus during the SMTP session this meant that it was possible to send a termination signal during the DATA phase. Presumably they do in fact also have to wait until the very end of the DATA phase and then reject the virus at that point. > The best I can suggest at the moment is that you limit the number of > simultaneous connections from one IP address, eg so that you only have > one rogue connection at a time. Exim can certainly do that; I don't know > about sendmail. (Anyway, it's not foolproof - there are all sorts of > trivial counter-examples - but it might help a bit.) sendmail can do that. However the number of times I have such a problem has been so small that the drawbacks would outweigh the benefits. (Now I see that I have 3 oversize Yahoo messages in the mqueue.in directory as I write :-( What is wrong with Yahoo and Google Mail??? Surely it would be to their benefit to adopt the well-known SIZE extension? Perhaps they have so much bandwidth that they simply don't care. Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at MANGO.ZW Thu Jun 16 16:29:41 2005 From: mailscanner at MANGO.ZW (Jim Holland) Date: Thu Jan 12 21:30:03 2006 Subject: OT: Blocking oversized messages during SMTP transaction Message-ID: Hi On Wed, 15 Jun 2005, Scott Silva wrote: > > However some systems such as Yahoo and, surprisingly, GoogleMail, fail to > > use the SIZE extension when sending us mail. The result is that we accept > > large messages from them as we don't know what the message size is going > > to be in advance, and then when the specified size limit is reached for > > the temporary mail file, sendmail still stupidly insists on continuing > > with the transaction even though it will no longer write to disk. > Maybe a better option would be to rent a virtual server out on the net > to act as a mail gateway. That way you could kill the large messages, as > well as the bandwidth choking spam and viruses, and then pass the > "clean" messages on to your server. I think several people on this list > host servers, and it might not be too expensive. It would be cheaper > then more bandwidth! Thanks - this is a good suggestion. I wish I could do it as proposed, but unfortunately, as those who have followed what is going on in Zimbabwe at the moment may appreciate, it is not possible - foreign exchange for such purposes is not available via legal channels. However we do have a local partner who has more bandwidth than we do who acts as our secondary MX. I will experiment with setting up a 450 error message for incoming Yahoo mail to make Yahoo servers leave us alone and dump their mail on our secondary. Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Thu Jun 16 16:30:59 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:30:03 2006 Subject: SV: Messages in foreign languages Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Steen, Glenn wrote: > Alex Neuman van der Hans wrote: > >>Matt Kettler wrote: >> > > (snip) > >>>Hey, I resemble that remark! > > (snip) > >>Don't you mean "resent", instead of resemble? > > > I'm not too sure Alex, but I think it was an intentional error... And > kind of fun too (I felt an urge to reply "No, you don't look anything > like that remark" ... but it passed:-). Yes it was intentional. It's an old line from Daffy Duck and/or Buggs Bunny cartoons. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dan.farmer at PHONEDIR.COM Thu Jun 16 16:42:22 2005 From: dan.farmer at PHONEDIR.COM (Dan Farmer) Date: Thu Jan 12 21:30:03 2006 Subject: SV: Messages in foreign languages Message-ID: On Jun 16, 2005, at 2:21 AM, Steen, Glenn wrote: > Alex Neuman van der Hans wrote: > >>> Matt Kettler wrote: >>> Hey, I resemble that remark! >> >> Don't you mean "resent", instead of resemble? > > I'm not too sure Alex, but I think it was an intentional error I'm sure it was. I think the phrase originated/became popular with either the Three Stooges or the Marx Brothers, if you google for "i resemble that remark" you'll get thousands of hits for that exact phrase. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From housey at SME-ECOM.CO.UK Thu Jun 16 16:48:50 2005 From: housey at SME-ECOM.CO.UK (Paul Houselander) Date: Thu Jan 12 21:30:03 2006 Subject: kernel: MailScanner: mremap moved 33 cows? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Not sure if this is anything to worry about but I get lots of the following message in my /var/log/messages kernel: MailScanner: mremap moved 33 cows I dont get any, then all of a sudden ill get 30-40 in the space of a couple of hours? Any ideal whats causing them? System is Fedora Core 2 running 2.6.5-1.358smp MailScanner 4.40.11 Thanks Paul ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Cleveland at WINNEFOX.ORG Thu Jun 16 17:16:27 2005 From: Cleveland at WINNEFOX.ORG (Jody Cleveland) Date: Thu Jan 12 21:30:03 2006 Subject: In configuration - Sendmail = ? When using Postfix? Message-ID: Hello, I'm running MailScanner 4.42.9-1 with SpamAssassin 3.0.4 and Postfix on a redhat 3.0 AS server. I've got this in my MailScanner configuration: # Set whether to use postfix, sendmail, exim or zmailer. # If you are using postfix, then see the "SpamAssassin User State Dir" # setting near the end of this file MTA = postfix # Set how to invoke MTA when sending messages MailScanner has created # (e.g. to sender/recipient saying "found a virus in your message") # This can also be the filename of a ruleset. Sendmail = /usr/sbin/sendmail I'd rather use postfix's sendmail. What would I change that line to in order to do that? -- Jody Cleveland Computer Support Specialist cleveland@winnefox.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at nkpanama.com Thu Jun 16 17:15:15 2005 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Jan 12 21:30:03 2006 Subject: SV: Messages in foreign languages Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dan Farmer wrote: > On Jun 16, 2005, at 2:21 AM, Steen, Glenn wrote: > >> Alex Neuman van der Hans wrote: >> >>>> Matt Kettler wrote: >>>> Hey, I resemble that remark! >>> >>> >>> Don't you mean "resent", instead of resemble? >> >> >> I'm not too sure Alex, but I think it was an intentional error > > > I'm sure it was. I think the phrase originated/became popular with > either the Three Stooges or the Marx Brothers, if you google for "i > resemble that remark" you'll get thousands of hits for that exact > phrase. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! I had forgotten about that one ... ;) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at nkpanama.com Thu Jun 16 17:15:33 2005 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Jan 12 21:30:03 2006 Subject: Messages in foreign languages Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Steen, Glenn wrote: >Peter Bonivart wrote: > > >>Steen, Glenn wrote: >> >> >>>Jodå, den duger... Er, well yes, it's good enough:) >>> >>> >>Kul att se Svenska på denna lista, det är nog första gången. >> >> > >Tja, du har ju ett antal svenskar på listan (Tony-vad-han-nu-heter ... >på svenska kyrkan, Carl Boberg (något museum i sthlm om jag minns rätt), >Andreas Svennson på Hallsbergs kommun och säkert en skrälldus fler som >jag missat:-), så det var väl tvunget att ske förr eller senare:-):-). > >Känns bra att äntligen gå i bräschen för nåt;) > >Jag hade nog inte tippat på att du var svensk dock:). Ah, kollade just >på ucgbook.com ... Väldigt svenskt. > >And now back to your regular programming... > >-- Glenn > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > Bork bork bork ;) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Thu Jun 16 17:20:03 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:30:03 2006 Subject: kernel: MailScanner: mremap moved 33 cows? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Paul Houselander wrote: > Hi > > Not sure if this is anything to worry about but I get lots of the following > message in my /var/log/messages > > kernel: MailScanner: mremap moved 33 cows > > I dont get any, then all of a sudden ill get 30-40 in the space of a couple > of hours? > > Any ideal whats causing them? Some explanation: http://lwn.net/Articles/80869/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rurqueta at MUNILASERENA.CL Thu Jun 16 17:20:24 2005 From: rurqueta at MUNILASERENA.CL (Raul Urqueta Sierra) Date: Thu Jan 12 21:30:03 2006 Subject: problema Message-ID: Ok, I change the capital "C", how can I know if the clamav is updated and running?? raul -----Mensaje original----- De: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] En nombre de Steen, Glenn Enviado el: Jueves, 16 de Junio de 2005 11:11 Para: MAILSCANNER@JISCMAIL.AC.UK Asunto: Re: problema Raul Urqueta Sierra wrote: > Hi, I change that line, but now I see this error in maillog file: > > MailScanner[3751]: Can't run commercial checker clamav > ("/usr/lib/MailScanner/Clamav-wrapper"): No such file or directory Look closely... Clamav-wrapper != clamav-wrapper ... *nix is case sensitive about this:-). Probably happened by accident when you edited the file. Just go back and change the capital "C" to a common "c" and you should be fine. > > Do I need to reinstall the Clamv?? Probably not, no. > Sorry, my English is no good.... I hope you understand me.... Nor is mine:-). But I *think* we're communicating OK;) Cheers -- Glenn > > -------ooooo------- > Um, not that I really understand what you're saying (not being a > speaker (at all) of the language you're using), but isn't Rauls > problem solely that the line > clamav /usr/lib/MailScanner/clamav-wrapper /usr/local > in /etc/MailScanner/virus.scanners.conf should read > clamav /usr/lib/MailScanner/clamav-wrapper /usr > instead? Sure, I too think it best to buld clamav from source, but... > He really don't need to, to solve this... Or did you already cover > this in > > Cheers > -- Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Thu Jun 16 18:02:51 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:03 2006 Subject: problema Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Raul Urqueta Sierra wrote: > Ok, I change the capital "C", > > how can I know if the clamav is updated and running?? > see the clamav update log in /tmp or do a clamscan -V to see your version ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rurqueta at MUNILASERENA.CL Thu Jun 16 18:25:31 2005 From: rurqueta at MUNILASERENA.CL (Raul Urqueta Sierra) Date: Thu Jan 12 21:30:03 2006 Subject: problema Message-ID: I only have this files in /tmp: ClamAVBusy.lock gconfd-root And still have this error in the maillog file ClamAV-autoupdate[14520]: ClamAV updater /usr/bin/bin/freshclam cannot be run This is the ersion, but don't tell if the clamav is updated # clamscan -V ClamAV 0.85.1/880/Mon May 16 11:00:02 2005 Raul.- -----Mensaje original----- De: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] En nombre de Ugo Bellavance Enviado el: Jueves, 16 de Junio de 2005 13:03 Para: MAILSCANNER@JISCMAIL.AC.UK Asunto: Re: problema Raul Urqueta Sierra wrote: > Ok, I change the capital "C", > > how can I know if the clamav is updated and running?? > see the clamav update log in /tmp or do a clamscan -V to see your version ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rurqueta at MUNILASERENA.CL Thu Jun 16 18:27:54 2005 From: rurqueta at MUNILASERENA.CL (Raul Urqueta Sierra) Date: Thu Jan 12 21:30:03 2006 Subject: problema Message-ID: Sorry, now I see te error /bin/bin oops -----Mensaje original----- De: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] En nombre de Raul Urqueta Sierra Enviado el: Jueves, 16 de Junio de 2005 13:26 Para: MAILSCANNER@JISCMAIL.AC.UK Asunto: Re: problema I only have this files in /tmp: ClamAVBusy.lock gconfd-root And still have this error in the maillog file ClamAV-autoupdate[14520]: ClamAV updater /usr/bin/bin/freshclam cannot be run This is the ersion, but don't tell if the clamav is updated # clamscan -V ClamAV 0.85.1/880/Mon May 16 11:00:02 2005 Raul.- -----Mensaje original----- De: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] En nombre de Ugo Bellavance Enviado el: Jueves, 16 de Junio de 2005 13:03 Para: MAILSCANNER@JISCMAIL.AC.UK Asunto: Re: problema Raul Urqueta Sierra wrote: > Ok, I change the capital "C", > > how can I know if the clamav is updated and running?? > see the clamav update log in /tmp or do a clamscan -V to see your version ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kodak at FRONTIERHOMEMORTGAGE.COM Thu Jun 16 18:31:41 2005 From: kodak at FRONTIERHOMEMORTGAGE.COM (Jason Balicki) Date: Thu Jan 12 21:30:03 2006 Subject: problema Message-ID: Raul Urqueta Sierra <> wrote: > ClamAV-autoupdate[14520]: ClamAV updater /usr/bin/bin/freshclam cannot > be run Sorry, I haven't been following this thread. Is that really set as /usr/bin/bin/freshclam? Notice the extra "bin". If that's not right, you need to fix it. If that's just a typo, what happens when you try running freshclam from a shell? --J(K) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jun 16 18:49:05 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:03 2006 Subject: problema Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 If you clamscan and freshclam are in /usr/bin/clamscan and /usr/bin/freshclam, then the last bit of the "clamav" line in virus.scanners.conf should be /usr If you clamscan and freshclam are in /usr/local/bin/clamscan and /usr/local/bin/freshclam, then the last bit of the "clamav" line in virus.scanners.conf should be /usr/local Jason Balicki wrote: >Raul Urqueta Sierra <> wrote: > > >>ClamAV-autoupdate[14520]: ClamAV updater /usr/bin/bin/freshclam cannot >>be run >> >> > >Sorry, I haven't been following this thread. > >Is that really set as /usr/bin/bin/freshclam? Notice the >extra "bin". If that's not right, you need to fix it. > >If that's just a typo, what happens when you try running >freshclam from a shell? > >--J(K) > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQrG7khH2WUcUFbZUEQKykwCaA/lXmyLp65H/uW7S8bDeOWNEveAAoIWH kykQPoKdeNL93AsIVLDQ0CRn =0VVW -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu Jun 16 18:53:28 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:03 2006 Subject: Raq3 f-prot problem Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Alex Neuman van der Hans said the following on 6/15/2005 6:21 PM: > Scott Silva wrote: > >> Martin Hepworth said the following on 6/15/2005 1:00 AM: >> >> >>> Darren >>> >>> Then you'd better upgrade to V4.latest. V3 has not been supported for >>> many moons....(assuming Julian puts a new version every month, V4 is >>> well over 3 years old now..) >>> >>> >> >> If I remember correctly, you pretty much have to replace the outdated >> perl on the raq to get it working with mailscanner. Try this link; >> >> http://hitechsavvy.com/modules.php?op=modload&name=News&file=article&sid=193&mode=thread&order=0&thold=0 >> >> >> I left whitespace around it in case of wrap. >> >> >> >> > Is it just me or did this thread become hijacked? > I guess you get so used to it you just don't notice anymore! -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Thu Jun 16 18:56:25 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:03 2006 Subject: problema Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Raul Urqueta Sierra wrote: > I only have this files in /tmp: > > ClamAVBusy.lock gconfd-root > > And still have this error in the maillog file > > ClamAV-autoupdate[14520]: ClamAV updater /usr/bin/bin/freshclam cannot > be run > It looks like you're still having problems with your path. Are you sure you double-checked your path in /etc/MailScanner/virus.scanner.conf you can determine where is your freshclam with this command 'which freshclam' > This is the ersion, but don't tell if the clamav is updated > > # clamscan -V > ClamAV 0.85.1/880/Mon May 16 11:00:02 2005 [root@host dir]# clamscan -V ClamAV 0.85.1/942/Thu Jun 16 08:16:06 2005 Your server is not up to date. > > Raul.- > > -----Mensaje original----- > De: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] En > nombre de Ugo Bellavance > Enviado el: Jueves, 16 de Junio de 2005 13:03 > Para: MAILSCANNER@JISCMAIL.AC.UK > Asunto: Re: problema > > Raul Urqueta Sierra wrote: > >>Ok, I change the capital "C", >> >>how can I know if the clamav is updated and running?? >> > > > see the clamav update log in /tmp or do a clamscan -V to see your > version > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Thu Jun 16 19:12:22 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:30:03 2006 Subject: Problem Email Again (retry) Message-ID: bump? -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mike Kercher Sent: Wednesday, June 15, 2005 6:53 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Problem Email Again (retry) I tried attaching the problem qf/df pair and it was rejected so I have uploaded the archive here: http://www.abby.com/problem_email.tar.gz I emailed the list a week or so ago about certain emails getting stuck in /var/spool/mqueue.in, being processed over and over again. It happened again today. I restarted MailScanner in debug mode and didn't see anything useful there: Jun 15 18:39:11 mail sendmail[4248]: alias database /etc/aliases rebuilt by root Jun 15 18:39:11 mail sendmail[4248]: /etc/aliases: 73 aliases, longest 17 bytes, 768 bytes total Jun 15 18:39:11 mail sendmail[4258]: starting daemon (8.13.4): SMTP Jun 15 18:39:11 mail sm-msp-queue[4263]: starting daemon (8.13.4): queueing@00:15:00 Jun 15 18:39:12 mail sendmail[4269]: starting daemon (8.13.4): queueing@00:15:00 Jun 15 18:39:13 mail MailScanner[4285]: MailScanner E-Mail Virus Scanner version 4.41.3 starting... Jun 15 18:39:16 mail MailScanner[4285]: SophosSAVI 3.94 (engine 2.30) recognizing 105435 viruses Jun 15 18:39:16 mail MailScanner[4285]: SophosSAVI using 109 IDE files Jun 15 18:39:17 mail MailScanner[4285]: lock.pl sees Config LockType = posix Jun 15 18:39:17 mail MailScanner[4285]: lock.pl sees have_module = 0 Jun 15 18:39:17 mail MailScanner[4285]: Using locktype = posix Jun 15 18:39:17 mail MailScanner[4285]: Creating hardcoded struct_flock subroutine for linux (Linux-type) Jun 15 18:39:17 mail MailScanner[4285]: New Batch: Scanning 1 messages, 9206 bytes Jun 15 18:39:17 mail MailScanner[4285]: Created attachment dirs for 1 messages Jun 15 18:39:17 mail MailScanner[4285]: Spam Checks: Starting Jun 15 18:39:17 mail MailScanner[4285]: RBL Checks: returned 0 Jun 15 18:39:19 mail MailScanner[4285]: SpamAssassin returned 0 Jun 15 18:39:19 mail MailScanner[4285]: Message j5FJvISb003617 from 66.163.175.82 (service@paypal.com) to abby.com is spam, SpamAssassin (score=12.606, required 5.7, AWL -0.01, BAYES_40 -1.10, DCC_CHECK 2.17, DIGEST_MULTIPLE 0.10, FORGED_MUA_OUTLOOK 3.92, FORGED_OUTLOOK_HTML 0.63, FORGED_OUTLOOK_TAGS 0.07, HTML_80_90 0.15, HTML_MESSAGE 0.00, MIME_HTML_ONLY 0.18, MSGID_FROM_MTA_HEADER 0.05, MSGID_FROM_MTA_ID 1.72, RAZOR2_CHECK 1.51, URIBL_OB_SURBL 3.21) Jun 15 18:39:19 mail MailScanner[4285]: Spam Checks: Found 1 spam messages Jun 15 18:39:19 mail MailScanner[4285]: Spam Actions: message j5FJvISb003617 actions are delete Jun 15 18:39:19 mail MailScanner[4285]: Virus and Content Scanning: Starting Jun 15 18:39:19 mail MailScanner[4285]: Commencing scanning by clamavmodule... Jun 15 18:39:19 mail MailScanner[4285]: ClamAVModule::INFECTED:: HTML.Phishing.Pay-24:: ./j5FJvISb003617/msg-4285-1.html Jun 15 18:39:19 mail MailScanner[4285]: Completed scanning by clamavmodule Jun 15 18:39:19 mail MailScanner[4285]: Virus Scanning: ClamAV Module found 1 infections Jun 15 18:39:19 mail MailScanner[4285]: Commencing scanning by sophossavi... Jun 15 18:39:20 mail MailScanner[4285]: Completed scanning by sophossavi Jun 15 18:39:20 mail MailScanner[4285]: Infected message j5FJvISb003617 came from 66.163.175.82 Jun 15 18:39:20 mail MailScanner[4285]: MailScanner child dying of old age I am attaching the associated qf/df pair...maybe someone can recreate the problem on their end TIA Mike ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu Jun 16 19:03:07 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:03 2006 Subject: SV: "OMG YOU SENT TEH VIRUSESS" Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dennis Willson said the following on 6/15/2005 5:12 PM: > Someone should send a bunch of Virus infected Spam to him with SpamCop > and a couple of other top blacklists as the From address so they sent > their messages to the blacklists. This is a fast way for them to wind up > on a couple of the larger blacklists. Having his out going mail fairly > crippled by being on a couple of major blacklists he may just change his > mind on his policies. > > Just a thought ; ) > That sounds just plain rotten. Who's going first! -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu Jun 16 20:03:08 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:03 2006 Subject: Problem Email Again (retry) Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Mike Kercher said the following on 6/15/2005 4:53 PM: > I tried attaching the problem qf/df pair and it was rejected so I have > uploaded the archive here: > > http://www.abby.com/problem_email.tar.gz > > > > I emailed the list a week or so ago about certain emails getting stuck in > /var/spool/mqueue.in, being processed over and over again. It happened > again today. I restarted MailScanner in debug mode and didn't see anything > useful there: > > Jun 15 18:39:11 mail sendmail[4248]: alias database /etc/aliases rebuilt by > root > > Jun 15 18:39:11 mail sendmail[4248]: /etc/aliases: 73 aliases, longest 17 > bytes, 768 bytes total > > Jun 15 18:39:11 mail sendmail[4258]: starting daemon (8.13.4): SMTP > > Jun 15 18:39:11 mail sm-msp-queue[4263]: starting daemon (8.13.4): > queueing@00:15:00 > > Jun 15 18:39:12 mail sendmail[4269]: starting daemon (8.13.4): > queueing@00:15:00 > > Jun 15 18:39:13 mail MailScanner[4285]: MailScanner E-Mail Virus Scanner > version 4.41.3 starting... > > Jun 15 18:39:16 mail MailScanner[4285]: SophosSAVI 3.94 (engine 2.30) > recognizing 105435 viruses > > Jun 15 18:39:16 mail MailScanner[4285]: SophosSAVI using 109 IDE files > > Jun 15 18:39:17 mail MailScanner[4285]: lock.pl sees Config LockType = > posix > > Jun 15 18:39:17 mail MailScanner[4285]: lock.pl sees have_module = 0 > > Jun 15 18:39:17 mail MailScanner[4285]: Using locktype = posix > > Jun 15 18:39:17 mail MailScanner[4285]: Creating hardcoded struct_flock > subroutine for linux (Linux-type) > > Jun 15 18:39:17 mail MailScanner[4285]: New Batch: Scanning 1 messages, 9206 > bytes > > Jun 15 18:39:17 mail MailScanner[4285]: Created attachment dirs for 1 > messages > > Jun 15 18:39:17 mail MailScanner[4285]: Spam Checks: Starting > > Jun 15 18:39:17 mail MailScanner[4285]: RBL Checks: returned 0 > > Jun 15 18:39:19 mail MailScanner[4285]: SpamAssassin returned 0 > > Jun 15 18:39:19 mail MailScanner[4285]: Message j5FJvISb003617 from > 66.163.175.82 (service@paypal.com) to abby.com is spam, SpamAssassin > (score=12.606, required 5.7, AWL -0.01, BAYES_40 -1.10, DCC_CHECK 2.17, > DIGEST_MULTIPLE 0.10, FORGED_MUA_OUTLOOK 3.92, FORGED_OUTLOOK_HTML 0.63, > FORGED_OUTLOOK_TAGS 0.07, HTML_80_90 0.15, HTML_MESSAGE 0.00, MIME_HTML_ONLY > 0.18, MSGID_FROM_MTA_HEADER 0.05, MSGID_FROM_MTA_ID 1.72, RAZOR2_CHECK 1.51, > URIBL_OB_SURBL 3.21) > > Jun 15 18:39:19 mail MailScanner[4285]: Spam Checks: Found 1 spam messages > > Jun 15 18:39:19 mail MailScanner[4285]: Spam Actions: message j5FJvISb003617 > actions are delete > > Jun 15 18:39:19 mail MailScanner[4285]: Virus and Content Scanning: Starting > > > Jun 15 18:39:19 mail MailScanner[4285]: Commencing scanning by > clamavmodule... > > Jun 15 18:39:19 mail MailScanner[4285]: ClamAVModule::INFECTED:: > HTML.Phishing.Pay-24:: ./j5FJvISb003617/msg-4285-1.html > > Jun 15 18:39:19 mail MailScanner[4285]: Completed scanning by clamavmodule > > Jun 15 18:39:19 mail MailScanner[4285]: Virus Scanning: ClamAV Module found > 1 infections > > Jun 15 18:39:19 mail MailScanner[4285]: Commencing scanning by sophossavi... > > > Jun 15 18:39:20 mail MailScanner[4285]: Completed scanning by sophossavi > > Jun 15 18:39:20 mail MailScanner[4285]: Infected message j5FJvISb003617 came > from 66.163.175.82 > > Jun 15 18:39:20 mail MailScanner[4285]: MailScanner child dying of old age > > I am attaching the associated qf/df pair...maybe someone can recreate the > problem on their end > > TIA > > Mike > Not the slightest problem here. Maybe a virus scanner is choking on your system? Here are the results I got; The following e-mails were found to have: Virus Detected Sender: service@paypal.com IP Address: 66.163.175.82 Recipient: northbelt@abby.com Subject: Account Verification Notice! MessageID: j5FJvISb003617 Quarantine: /var/spool/MailScanner/quarantine/20050616/j5FJvISb003617 Report: ClamAV Module: msg-21678-13.html was infected: HTML.Phishing.Pay-24 Full headers are: Return-Path: <^Ág> Received: from smtp005.bizmail.sc5.yahoo.com (smtp005.bizmail.sc5.yahoo.com [66.163.175.82]) by mail.abby.com (8.13.4/8.13.4) with SMTP id j5FJvISb003617 for ; Wed, 15 Jun 2005 14:57:26 -0500 Message-Id: <200506151957.j5FJvISb003617@mail.abby.com> Received: from unknown (HELO admin@wangod.com) (admin@wangod.com@203.210.212.110 with login) by smtp005.bizmail.sc5.yahoo.com with SMTP; 15 Jun 2005 19:58:31 -0000 Reply-To: "service@paypal.com" From: "service@paypal.com" To: Subject: Account Verification Notice! Date: Thu, 16 Jun 2005 02:58:12 +0700 MIME-Version: 1.0 Content-Type: text/html; charset="us-ascii" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drolland at KDINET.COM Thu Jun 16 20:28:42 2005 From: drolland at KDINET.COM (Diane Rolland) Date: Thu Jan 12 21:30:04 2006 Subject: Archive Mail - ruleset question Message-ID: I've set up an Archive Mail ruleset, and it appears that I must restart MS for it to take affect. Is that correct behavior? I don't believe that I do that when I modify whitelist and blacklist rulesets (but I could be wrong; it's been a while since I added any). Thanks, Diane ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kodak at FRONTIERHOMEMORTGAGE.COM Thu Jun 16 21:01:37 2005 From: kodak at FRONTIERHOMEMORTGAGE.COM (Jason Balicki) Date: Thu Jan 12 21:30:04 2006 Subject: Archive Mail - ruleset question Message-ID: Diane Rolland <> wrote: > I've set up an Archive Mail ruleset, and it appears that I must > restart MS for it to take affect. > > Is that correct behavior? I don't believe that I do that when I > modify whitelist and blacklist rulesets (but I could be wrong; it's > been a while since I added any). I think MailScanner periodicaly re-reads its config files, but you can force it to do so if you're impatient (like me!) with a HUP, without actually having to restart the service. I always just send a HUP to all MS processes when I make a change -- because I'm impatient. :) --J(K) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dan.farmer at PHONEDIR.COM Thu Jun 16 21:11:37 2005 From: dan.farmer at PHONEDIR.COM (Dan Farmer) Date: Thu Jan 12 21:30:04 2006 Subject: Archive Mail - ruleset question Message-ID: On Jun 16, 2005, at 2:01 PM, Jason Balicki wrote: > Diane Rolland <> wrote: > >> I've set up an Archive Mail ruleset, and it appears that I must >> restart MS for it to take affect. > > I think MailScanner periodicaly re-reads its config files, > but you can force it to do so if you're impatient (like me!) > with a HUP, without actually having to restart the service. > from MailScanner.conf: (restart every 4 hrs default) # To avoid resource leaks, re-start periodically Restart Every = 14400 to have MailScanner immediately reload it's config files after making changes: service MailScanner reload ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Thu Jun 16 21:51:42 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:30:04 2006 Subject: Messages in foreign languages Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Drifting dramatically off-topuc here... You've been warned;) Well, speaking of the swedish cook, you should know that he (in the muppet guise) don't sound swedish at all. If one knows the story of the real swedish cook, and really strains ones ears and imagination, then perhaps one can hear it, but mostly ... not. The story about the original swedish cook is pretty funny, in a sad twisted way... But this is probably not the forum for it:-):-)- Eushke-beushke-beu on you too. bork bork bork:) -- Glenn -----Ursprungligt meddelande----- Från: MailScanner mailing list genom Alex Neuman van der Hans Skickat: to 2005-06-16 18:15 Till: MAILSCANNER@JISCMAIL.AC.UK Kopia: Ämne: Re: Messages in foreign languages Steen, Glenn wrote: >Peter Bonivart wrote: > > >>Steen, Glenn wrote: >> >> >>>Jodå, den duger... Er, well yes, it's good enough:) >>> >>> >>Kul att se Svenska på denna lista, det är nog första gången. >> >> > >Tja, du har ju ett antal svenskar på listan (Tony-vad-han-nu-heter ... >på svenska kyrkan, Carl Boberg (något museum i sthlm om jag minns rätt), >Andreas Svennson på Hallsbergs kommun och säkert en skrälldus fler som >jag missat:-), så det var väl tvunget att ske förr eller senare:-):-). > >Känns bra att äntligen gå i bräschen för nåt;) > >Jag hade nog inte tippat på att du var svensk dock:). Ah, kollade just >på ucgbook.com ... Väldigt svenskt. > >And now back to your regular programming... > >-- Glenn > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > Bork bork bork ;) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Thu Jun 16 21:57:29 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:30:04 2006 Subject: problema Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] :-) .... Stepwise refinement.... a fine way of improving ones systems...:-) When that's been fixed, do an "update_virus_scanners", then look in /tmp for a file Clamav.update.log, as well as running "clamscan -V" ... Should be fine now. -- Glenn -----Ursprungligt meddelande----- Från: MailScanner mailing list genom Raul Urqueta Sierra Skickat: to 2005-06-16 19:27 Till: MAILSCANNER@JISCMAIL.AC.UK Kopia: Ämne: Re: problema Sorry, now I see te error /bin/bin oops -----Mensaje original----- De: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] En nombre de Raul Urqueta Sierra Enviado el: Jueves, 16 de Junio de 2005 13:26 Para: MAILSCANNER@JISCMAIL.AC.UK Asunto: Re: problema I only have this files in /tmp: ClamAVBusy.lock gconfd-root And still have this error in the maillog file ClamAV-autoupdate[14520]: ClamAV updater /usr/bin/bin/freshclam cannot be run This is the ersion, but don't tell if the clamav is updated # clamscan -V ClamAV 0.85.1/880/Mon May 16 11:00:02 2005 Raul.- -----Mensaje original----- De: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] En nombre de Ugo Bellavance Enviado el: Jueves, 16 de Junio de 2005 13:03 Para: MAILSCANNER@JISCMAIL.AC.UK Asunto: Re: problema Raul Urqueta Sierra wrote: > Ok, I change the capital "C", > > how can I know if the clamav is updated and running?? > see the clamav update log in /tmp or do a clamscan -V to see your version ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Thu Jun 16 22:02:16 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:30:04 2006 Subject: SV: "OMG YOU SENT TEH VIRUSESS" Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Are we turning just a bit ... evil ... here?-) I thought we were the good guys (just to paraphrase "Falling down":). -- Glenn -----Ursprungligt meddelande----- Från: MailScanner mailing list genom Scott Silva Skickat: to 2005-06-16 20:03 Till: MAILSCANNER@JISCMAIL.AC.UK Kopia: Ämne: Re: SV: "OMG YOU SENT TEH VIRUSESS" Dennis Willson said the following on 6/15/2005 5:12 PM: > Someone should send a bunch of Virus infected Spam to him with SpamCop > and a couple of other top blacklists as the From address so they sent > their messages to the blacklists. This is a fast way for them to wind up > on a couple of the larger blacklists. Having his out going mail fairly > crippled by being on a couple of major blacklists he may just change his > mind on his policies. > > Just a thought ; ) > That sounds just plain rotten. Who's going first! -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Thu Jun 16 22:05:00 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:30:04 2006 Subject: Messages in foreign languages Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Steen, Glenn > Sent: Thursday, June 16, 2005 4:52 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Messages in foreign languages > > Drifting dramatically off-topuc here... You've been warned;) > > Well, speaking of the swedish cook, you should know that he (in the muppet > guise) don't sound swedish at all. If one knows the story of the real > swedish cook, and really strains ones ears and imagination, then perhaps > one can hear it, but mostly ... not. > > The story about the original swedish cook is pretty funny, in a sad > twisted way... But this is probably not the forum for it:-):-)- > Eushke-beushke-beu on you too. bork bork bork:) > > -- Glenn > > Just one more still way off topic. Anthony Howe doesn't just write milters - Bork Bork Bork! 0.8 A Mozilla Firefox 1.0+ & Thunderbird 1.0+ extension. View web pages or mail as spoken by the Swedish Chef. http://www.snert.com/Software/software.html :) Steve Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Thu Jun 16 23:59:43 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:30:04 2006 Subject: In configuration - Sendmail = ? When using Postfix? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Postfix handles this for you no need to change anything. As long as Postfix is installed (default options will be fine) and MTA= Postfix then MailScanner is using postfix. Jody Cleveland wrote: > Hello, > > I'm running MailScanner 4.42.9-1 with SpamAssassin 3.0.4 and Postfix on > a redhat 3.0 > AS server. > > I've got this in my MailScanner configuration: > > # Set whether to use postfix, sendmail, exim or zmailer. > # If you are using postfix, then see the "SpamAssassin User State Dir" > # setting near the end of this file > MTA = postfix > > # Set how to invoke MTA when sending messages MailScanner has created > # (e.g. to sender/recipient saying "found a virus in your message") > # This can also be the filename of a ruleset. > Sendmail = /usr/sbin/sendmail > > I'd rather use postfix's sendmail. What would I change that line to in > order to do that? > > -- > Jody Cleveland > Computer Support Specialist > cleveland@winnefox.org > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Fri Jun 17 00:43:45 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:30:04 2006 Subject: [Smgateway-announce] SMGateway version 1.65 is now available Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi there, are there any plans to expand on the user log in feature so that when an AD user logs on they can see spam within certain limits? Eg if the spam scored under XX then the user can see it in thier qarantine if the spam scores of XX they cant see it, or cant action without admin access. Our users woudlnt want to be to be making changes to spam settings witho8ut being able to understand what the result of those changes, which can be kinda of abstract if you dont have access to mail logs or quarantines? From the users page this would make is super easy for an admins to view by user also? Anyway i reckon it owuld be an awesome feature :) Pete smgateway-announce@lists.fsl.com wrote: > The SMGateway team is pleased to announce that SMGateway, version 1.65, is > now available for download from our website: > > http://www.fsl.com > > After you fill in the registration form, you will be e-mailed instructions > that will allow you to download either the entire 1.65 application or, if > you installed the current version, just the files needed to update version > 1.5 to version 1.65. > > Both packages contain primarily application fixes as well as an update to > ClamAV version 0.85-1. It is our intention to release complete updates for > all included applications and some new features in our next release. > > Please read all of the instructions before installing either the Full > Installation or the Update. If you are installing the update, be sure to > read the specific instruction on backing up your files before beginning the > update. > > To find out about our support options please visit > > http://www.fsl.com/products/fsmg-support.html > > Please give us your feedback via: > > http://www.fsl.com/feedback/feedback.php > > Thank you for your support. > > The Development Team at Fort Systems Ltd. > info@fsl.com > www.fsl.com > > > _______________________________________________ > Smgateway-announce mailing list > Smgateway-announce@lists.fsl.com > http://lists.fsl.com/mailman/listinfo/smgateway-announce > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Fri Jun 17 01:00:47 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:30:04 2006 Subject: Problem Email Again (retry) Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Scott Silva Sent: Thursday, June 16, 2005 2:03 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Problem Email Again (retry) Mike Kercher said the following on 6/15/2005 4:53 PM: > I tried attaching the problem qf/df pair and it was rejected so I have > uploaded the archive here: > > http://www.abby.com/problem_email.tar.gz > > > > I emailed the list a week or so ago about certain emails getting stuck > in /var/spool/mqueue.in, being processed over and over again. It > happened again today. I restarted MailScanner in debug mode and > didn't see anything useful there: > > Jun 15 18:39:11 mail sendmail[4248]: alias database /etc/aliases > rebuilt by root Not the slightest problem here. Maybe a virus scanner is choking on your system? Here are the results I got; The following e-mails were found to have: Virus Detected Sender: service@paypal.com IP Address: 66.163.175.82 Recipient: northbelt@abby.com Subject: Account Verification Notice! MessageID: j5FJvISb003617 Quarantine: /var/spool/MailScanner/quarantine/20050616/j5FJvISb003617 Report: ClamAV Module: msg-21678-13.html was infected: HTML.Phishing.Pay-24 Full headers are: Return-Path: <^Ág> Received: from smtp005.bizmail.sc5.yahoo.com (smtp005.bizmail.sc5.yahoo.com [66.163.175.82]) by mail.abby.com (8.13.4/8.13.4) with SMTP id j5FJvISb003617 for ; Wed, 15 Jun 2005 14:57:26 -0500 Message-Id: <200506151957.j5FJvISb003617@mail.abby.com> Received: from unknown (HELO admin@wangod.com) (admin@wangod.com@203.210.212.110 with login) by smtp005.bizmail.sc5.yahoo.com with SMTP; 15 Jun 2005 19:58:31 -0000 Reply-To: "service@paypal.com" From: "service@paypal.com" To: Subject: Account Verification Notice! Date: Thu, 16 Jun 2005 02:58:12 +0700 MIME-Version: 1.0 Content-Type: text/html; charset="us-ascii" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the This server also detects the Phish, but for some reason, it never gets moved out of /var/spool/mqueue.in, thus it gets processed over and over. Mike ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Fri Jun 17 02:40:51 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:30:04 2006 Subject: Problem Email Again (retry) Message-ID: Mike Kercher wrote: > > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf >Of Scott Silva >Sent: Thursday, June 16, 2005 2:03 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Problem Email Again (retry) > >Mike Kercher said the following on 6/15/2005 4:53 PM: > > >>I tried attaching the problem qf/df pair and it was rejected so I have >>uploaded the archive here: >> >>http://www.abby.com/problem_email.tar.gz >> >> >> >>I emailed the list a week or so ago about certain emails getting stuck >>in /var/spool/mqueue.in, being processed over and over again. It >>happened again today. I restarted MailScanner in debug mode and >>didn't see anything useful there: >> >>Jun 15 18:39:11 mail sendmail[4248]: alias database /etc/aliases >>rebuilt by root >> >> > > > > No problem here. Our results- Spam Score is off the map and it's also seen as infected by Clam AV (PayPal phishing scheme): Jun 16 21:10:55 tester3 MailScanner[32203]: Message j5FJvISb003617 from 66.163.175.82 (service@paypal.com) to abby.com is spam, SpamAssassin (score=123.739, required 5, autolearn=spam, BAYES_50 0.00, DCC_CHECK 2.17, DIGEST_MULTIPLE 0.10, FORGED_MUA_OUTLOOK 3.92, FORGED_OUTLOOK_HTML 0.63, FORGED_OUTLOOK_TAGS 0.07, HTML_80_90 0.15, HTML_MESSAGE 0.00, MIME_HTML_ONLY 0.18, MSGID_FROM_MTA_HEADER 0.05, MSGID_FROM_MTA_ID 1.72, PYZOR_CHECK 3.45, RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK 1.51, RCVD_IN_BL_SPAMCOP_NET 1.22, SARE_FORGED_PAYPAL 104.00, SARE_FORGED_PAYPAL_C 1.30, URIBL_OB_SURBL 3.21) Jun 16 21:10:56 tester3 MailScanner[32203]: Spam Actions: message j5FJvISb003617 actions are store Jun 16 21:10:56 tester3 MailScanner[32203]: ClamAVModule::INFECTED:: HTML.Phishing.Pay-24:: ./j5FJvISb003617/msg-32203-2.html Jun 16 21:10:57 tester3 MailScanner[32203]: Infected message j5FJvISb003617 came from 66.163.175.82 Jun 16 21:10:57 tester3 MailScanner[32203]: Saved entire message to /var/spool/MailScanner/quarantine/20050616/j5FJvISb003617 Jun 16 21:10:57 tester3 MailScanner[32203]: Saved infected "msg-32203-2.html" to /var/spool/MailScanner/quarantine/20050616/j5FJvISb003617 what do your logs report when you try and feed it through? Steve Steve@fsl.com www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Fri Jun 17 03:16:57 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:30:04 2006 Subject: Problem Email Again (retry) Message-ID: -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Stephen Swaney Sent: Thursday, June 16, 2005 8:41 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Problem Email Again (retry) Mike Kercher wrote: > > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf >Of Scott Silva >Sent: Thursday, June 16, 2005 2:03 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Problem Email Again (retry) > >Mike Kercher said the following on 6/15/2005 4:53 PM: > > >>I tried attaching the problem qf/df pair and it was rejected so I have >>uploaded the archive here: >> >>http://www.abby.com/problem_email.tar.gz >> >> >> >>I emailed the list a week or so ago about certain emails getting stuck >>in /var/spool/mqueue.in, being processed over and over again. It >>happened again today. I restarted MailScanner in debug mode and >>didn't see anything useful there: >> >>Jun 15 18:39:11 mail sendmail[4248]: alias database /etc/aliases >>rebuilt by root >> >> > > > > No problem here. Our results- Spam Score is off the map and it's also seen as infected by Clam AV (PayPal phishing scheme): Jun 16 21:10:55 tester3 MailScanner[32203]: Message j5FJvISb003617 from 66.163.175.82 (service@paypal.com) to abby.com is spam, SpamAssassin (score=123.739, required 5, autolearn=spam, BAYES_50 0.00, DCC_CHECK 2.17, DIGEST_MULTIPLE 0.10, FORGED_MUA_OUTLOOK 3.92, FORGED_OUTLOOK_HTML 0.63, FORGED_OUTLOOK_TAGS 0.07, HTML_80_90 0.15, HTML_MESSAGE 0.00, MIME_HTML_ONLY 0.18, MSGID_FROM_MTA_HEADER 0.05, MSGID_FROM_MTA_ID 1.72, PYZOR_CHECK 3.45, RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK 1.51, RCVD_IN_BL_SPAMCOP_NET 1.22, SARE_FORGED_PAYPAL 104.00, SARE_FORGED_PAYPAL_C 1.30, URIBL_OB_SURBL 3.21) Jun 16 21:10:56 tester3 MailScanner[32203]: Spam Actions: message j5FJvISb003617 actions are store Jun 16 21:10:56 tester3 MailScanner[32203]: ClamAVModule::INFECTED:: HTML.Phishing.Pay-24:: ./j5FJvISb003617/msg-32203-2.html Jun 16 21:10:57 tester3 MailScanner[32203]: Infected message j5FJvISb003617 came from 66.163.175.82 Jun 16 21:10:57 tester3 MailScanner[32203]: Saved entire message to /var/spool/MailScanner/quarantine/20050616/j5FJvISb003617 Jun 16 21:10:57 tester3 MailScanner[32203]: Saved infected "msg-32203-2.html" to /var/spool/MailScanner/quarantine/20050616/j5FJvISb003617 what do your logs report when you try and feed it through? Steve Steve@fsl.com www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------------ This from my original post: Jun 15 18:39:19 mail MailScanner[4285]: Message j5FJvISb003617 from 66.163.175.82 (service@paypal.com) to abby.com is spam, SpamAssassin (score=12.606, required 5.7, AWL -0.01, BAYES_40 -1.10, DCC_CHECK 2.17, DIGEST_MULTIPLE 0.10, FORGED_MUA_OUTLOOK 3.92, FORGED_OUTLOOK_HTML 0.63, FORGED_OUTLOOK_TAGS 0.07, HTML_80_90 0.15, HTML_MESSAGE 0.00, MIME_HTML_ONLY 0.18, MSGID_FROM_MTA_HEADER 0.05, MSGID_FROM_MTA_ID 1.72, RAZOR2_CHECK 1.51, URIBL_OB_SURBL 3.21) A score of 12.606 is beyond my High Scoring Spam threshold and would be deleted by default as shown here: Jun 15 18:39:19 mail MailScanner[4285]: Spam Checks: Found 1 spam messages Jun 15 18:39:19 mail MailScanner[4285]: Spam Actions: message j5FJvISb003617 actions are delete ClamAV also picks it up as a Phish. So, it is being detected as both spam (by SA) and as a virus (by ClamAV). The problem is that it never leaves the mqueue.in, so it gets processed over and over again. The continuous processing of the same message(s) drives the load up over 6 on this box when it normally about .17 or so. Mike ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From admin at thenamegame.com Fri Jun 17 05:20:22 2005 From: admin at thenamegame.com (Michael Freeman) Date: Thu Jan 12 21:30:04 2006 Subject: Local mail to root always takes longer to deliver! Message-ID: Why is it that local mail, mostly mail sent by the system to a root account or to an admin account, does it go though a number of failure before its finally delivered. I always see this with mail being delivered by MailScanner to the root user on the localhost. Eg; 2005-06-17 00:03:05 1Dj84P-0002Ku-Gw <= root@srv07.efastservers.com U=root P=local S=20589 2005-06-17 00:03:05 1Dj84P-0002Kv-Hr <= root@srv07.efastservers.com U=root P=local S=4251 2005-06-17 00:03:05 1Dj84P-0002Kv-Hr == root@srv07.efastservers.com R=defer_router defer (-1): All deliveries are handled by MailScanner 2005-06-17 00:03:05 1Dj84P-0002Kv-Hr ** root@srv07.efastservers.com: retry timeout exceeded 2005-06-17 00:03:05 1Dj84P-0002Ky-ME <= <> R=1Dj84P-0002Kv-Hr U=mailnull P=local S=5145 2005-06-17 00:03:05 1Dj84P-0002Ky-ME == root@srv07.efastservers.com R=defer_router defer (-1): All deliveries are handled by MailScanner 2005-06-17 00:03:05 1Dj84P-0002Ky-ME ** root@srv07.efastservers.com: retry timeout exceeded 2005-06-17 00:03:05 1Dj84P-0002Ky-ME root@srv07.efastservers.com: error ignored 2005-06-17 00:03:05 1Dj84P-0002Ky-ME Completed 2005-06-17 00:03:05 1Dj84P-0002Kv-Hr Completed Finally it arrives. This happens every single time. Whats the reason that it happens with system mail? There have been times we never received the mail. Thank you. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Fri Jun 17 08:38:18 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:30:04 2006 Subject: In configuration - Sendmail = ? When using Postfix? Message-ID: Peter Russell wrote: > Postfix handles this for you no need to change anything. > > As long as Postfix is installed (default options will be fine) and > MTA= Postfix then MailScanner is using postfix. > > > > > Jody Cleveland wrote: >> Hello, >> >> I'm running MailScanner 4.42.9-1 with SpamAssassin 3.0.4 and Postfix >> on a redhat 3.0 AS server. >> >> I've got this in my MailScanner configuration: >> >> # Set whether to use postfix, sendmail, exim or zmailer. >> # If you are using postfix, then see the "SpamAssassin User State >> Dir" # setting near the end of this file >> MTA = postfix >> >> # Set how to invoke MTA when sending messages MailScanner has created >> # (e.g. to sender/recipient saying "found a virus in your message") >> # This can also be the filename of a ruleset. >> Sendmail = /usr/sbin/sendmail >> >> I'd rather use postfix's sendmail. What would I change that line to >> in order to do that? >> >> -- >> Jody Cleveland >> Computer Support Specialist >> cleveland@winnefox.org >> Assuming you've set RH3 to use postfix (via redhat-switch-mailor whatever they call it) that sendmail binary is actually postfixs "conveniance sendmail". So, as Pete rightly points out, you should be fine. There is quite a lot about postfix and MS on the wiki... Perhaps take a look at http://wiki.mailscanner.info/doku.php?id=&idx=documentation:configuratio n:mta:postfix (all on one line... There's whitespace around it, so you should be able to "reconstruct" the URL after linewrap has mangled it:). -- Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Andreas.Doerfler at KEMPTEN.DE Fri Jun 17 10:03:57 2005 From: Andreas.Doerfler at KEMPTEN.DE ([iso-8859-1] Dörfler Andreas) Date: Thu Jan 12 21:30:04 2006 Subject: 4.43.2-1, bug ? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] julian u changed the ordner of spam/virusscans in the beta ? this problem with ms beta and mailwatch realy drives me crazy :/ greetings andy --free your mind, use open source http://www.mono-project.com ASCII ribbon campaign ( ) - against HTML email X & vCards / \ > Keep Spam And MCP Archive Clean = yes > > in your MailScanner.conf. This will cause MailScanner to perform virus > checks before quarantining the mail. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rakesh at NETCORE.CO.IN Fri Jun 17 10:39:03 2005 From: rakesh at NETCORE.CO.IN (Rakesh) Date: Thu Jan 12 21:30:04 2006 Subject: 4.43.2-1, bug ? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dörfler Andreas wrote: >julian > >u changed the ordner of spam/virusscans in the beta ? >this problem with ms beta and mailwatch realy drives me crazy :/ > > > Andy, Can you elaborate your prob ? The spam and viruscan sequence hasn't changed in the beta. I am sure if Julian changes it, its going to be a major change and Julian would definitely mention it in his changelog. In his changelog he has mentioned about optimization of scanning when Spam and MCP archives are not kept clean. Please let us know what kind of problem you are facing. Rakesh ---------------------------------------------------------- Netcore Solutions Pvt. Ltd. Website: http://www.netcore.co.in Spamtraps: http://cleanmail.netcore.co.in/directory.html ---------------------------------------------------------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ddw at BAS.AC.UK Fri Jun 17 12:19:27 2005 From: ddw at BAS.AC.UK (Douglas Willis) Date: Thu Jan 12 21:30:04 2006 Subject: OT: CentOS and SELinux Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Terran Wright wrote: >Evening guys, > >The issue was raised concerning SELinux, could someone please shed some >light on why SELinux is bad and what problems it might pose. > >TIA > >Terran > > > The only problem I've come across with SELinux was when setting up cgi directories under an Apache server. I had to assign the httpd_sys_script_exec_t option to the directory before SELinux would allow the web server to execute them. I guess a profile for MailScanner would need to be created to make SELinux happy. -- Douglas Willis (ddw@bas.ac.uk) British Antarctic Survey High Cross, Madingley Road Cambridge, CB3 0ET, United Kingdom tel: +44 1223 221400, fax: +44 1223 362616 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From giulio.cervera at EDSPA.IT Sat Jun 18 12:58:51 2005 From: giulio.cervera at EDSPA.IT (Giulio Cervera) Date: Thu Jan 12 21:30:04 2006 Subject: minor bug with mcafee? Message-ID: [ The following text is in the "ISO-8859-15" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have some minor problem with MS and mcafee virus scan, virus are handled correctly but $message->{virusinfected} some times same to be not valued to 1, the strange is that occurs always with "Generic Malware.a!zip trojan" and other virus sames to be reported correctly -- Giulio Cervera ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Cleveland at WINNEFOX.ORG Fri Jun 17 16:31:22 2005 From: Cleveland at WINNEFOX.ORG (Jody Cleveland) Date: Thu Jan 12 21:30:04 2006 Subject: Hi scoring spam not being quarantined Message-ID: Hello, I'm running MailScanner 4.42.9-1 with SpamAssassin 3.0.4 and Postfix on a redhat 3.0 AS server. I've got this in my MailScanner configuration: High Scoring Spam Actions = store But, I still get mail being delivered, regardless of score. Is there another setting somewhere I need to change? -- Jody Cleveland Computer Support Specialist cleveland@winnefox.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Jun 17 16:50:47 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:04 2006 Subject: Hi scoring spam not being quarantined Message-ID: Jody you need the delete action also.. High Scoring Spam Actions = store delete -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Jody Cleveland wrote: > Hello, > > I'm running MailScanner 4.42.9-1 with SpamAssassin 3.0.4 and Postfix on > a redhat 3.0 > AS server. > > I've got this in my MailScanner configuration: > High Scoring Spam Actions = store > > But, I still get mail being delivered, regardless of score. Is there > another setting somewhere I need to change? > > -- > Jody Cleveland > Computer Support Specialist > cleveland@winnefox.org > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Jun 17 17:04:05 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:04 2006 Subject: Hi scoring spam not being quarantined Message-ID: Delete on its own should be fine. However, are you sure you are seeing high-scoring spam delivered, and not normal-scoring spam? On 17 Jun 2005, at 16:50, Martin Hepworth wrote: > Jody > > you need the delete action also.. > > High Scoring Spam Actions = store delete > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Jody Cleveland wrote: > >> Hello, >> I'm running MailScanner 4.42.9-1 with SpamAssassin 3.0.4 and >> Postfix on >> a redhat 3.0 >> AS server. >> I've got this in my MailScanner configuration: >> High Scoring Spam Actions = store >> But, I still get mail being delivered, regardless of score. Is there >> another setting somewhere I need to change? >> -- >> Jody Cleveland >> Computer Support Specialist >> cleveland@winnefox.org >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> Support MailScanner development - buy the book off the website! >> > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Cleveland at WINNEFOX.ORG Fri Jun 17 17:03:06 2005 From: Cleveland at WINNEFOX.ORG (Jody Cleveland) Date: Thu Jan 12 21:30:04 2006 Subject: Hi scoring spam not being quarantined Message-ID: Thank you!! > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth > Sent: Friday, June 17, 2005 10:51 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Hi scoring spam not being quarantined > > Jody > > you need the delete action also.. > > High Scoring Spam Actions = store delete > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Jody Cleveland wrote: > > Hello, > > > > I'm running MailScanner 4.42.9-1 with SpamAssassin 3.0.4 > and Postfix on > > a redhat 3.0 > > AS server. > > > > I've got this in my MailScanner configuration: > > High Scoring Spam Actions = store > > > > But, I still get mail being delivered, regardless of score. Is there > > another setting somewhere I need to change? > > > > -- > > Jody Cleveland > > Computer Support Specialist > > cleveland@winnefox.org > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Cleveland at WINNEFOX.ORG Fri Jun 17 17:08:15 2005 From: Cleveland at WINNEFOX.ORG (Jody Cleveland) Date: Thu Jan 12 21:30:04 2006 Subject: Hi scoring spam not being quarantined Message-ID: Hi Julian, Yes, scores in the 20's and 30's. I've got the setting at 10 for high scoring spam. - jody > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field > Sent: Friday, June 17, 2005 11:04 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Hi scoring spam not being quarantined > > Delete on its own should be fine. > However, are you sure you are seeing high-scoring spam > delivered, and > not normal-scoring spam? > > On 17 Jun 2005, at 16:50, Martin Hepworth wrote: > > > Jody > > > > you need the delete action also.. > > > > High Scoring Spam Actions = store delete > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > > > Jody Cleveland wrote: > > > >> Hello, > >> I'm running MailScanner 4.42.9-1 with SpamAssassin 3.0.4 and > >> Postfix on > >> a redhat 3.0 > >> AS server. > >> I've got this in my MailScanner configuration: > >> High Scoring Spam Actions = store > >> But, I still get mail being delivered, regardless of > score. Is there > >> another setting somewhere I need to change? > >> -- > >> Jody Cleveland > >> Computer Support Specialist > >> cleveland@winnefox.org > >> ------------------------ MailScanner list ------------------------ > >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >> 'leave mailscanner' in the body of the email. > >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and > >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> Support MailScanner development - buy the book off the website! > >> > > > > > ********************************************************************** > > > > This email and any files transmitted with it are confidential and > > intended solely for the use of the individual or entity to whom they > > are addressed. If you have received this email in error > please notify > > the system manager. > > > > This footnote confirms that this email message has been swept > > for the presence of computer viruses and is believed to be clean. > > > > > ********************************************************************** > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Grundmann at rz.uni-frankfurt.de Fri Jun 17 17:00:01 2005 From: Grundmann at rz.uni-frankfurt.de (Michael Grundmann) Date: Thu Jan 12 21:30:04 2006 Subject: log Mailer Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, is there a posibilty to log the User-Agent/X-Mailer in the logfiles? (similar to address and subject) thanks Michael -- Michael Grundmann Stud.Hilfskraft, HRZ Gruppe eMail, Universität Frankfurt ***** Antworten bitte nur an: mailadmin@uni-frankfurt.de ***** (So wird Ihre Mail vom ganzen Team gelesen und schneller bearbeitet) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Cleveland at WINNEFOX.ORG Fri Jun 17 17:41:54 2005 From: Cleveland at WINNEFOX.ORG (Jody Cleveland) Date: Thu Jan 12 21:30:04 2006 Subject: Hi scoring spam not being quarantined Message-ID: Just got one delivered to me that said this: X-WALS-MailScanner-SpamScore: 18 I set it to do store delete for anything 10 or over. - jody > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field > Sent: Friday, June 17, 2005 11:04 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Hi scoring spam not being quarantined > > Delete on its own should be fine. > However, are you sure you are seeing high-scoring spam > delivered, and > not normal-scoring spam? > > On 17 Jun 2005, at 16:50, Martin Hepworth wrote: > > > Jody > > > > you need the delete action also.. > > > > High Scoring Spam Actions = store delete > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > > > Jody Cleveland wrote: > > > >> Hello, > >> I'm running MailScanner 4.42.9-1 with SpamAssassin 3.0.4 and > >> Postfix on > >> a redhat 3.0 > >> AS server. > >> I've got this in my MailScanner configuration: > >> High Scoring Spam Actions = store > >> But, I still get mail being delivered, regardless of > score. Is there > >> another setting somewhere I need to change? > >> -- > >> Jody Cleveland > >> Computer Support Specialist > >> cleveland@winnefox.org > >> ------------------------ MailScanner list ------------------------ > >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >> 'leave mailscanner' in the body of the email. > >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and > >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> Support MailScanner development - buy the book off the website! > >> > > > > > ********************************************************************** > > > > This email and any files transmitted with it are confidential and > > intended solely for the use of the individual or entity to whom they > > are addressed. If you have received this email in error > please notify > > the system manager. > > > > This footnote confirms that this email message has been swept > > for the presence of computer viruses and is believed to be clean. > > > > > ********************************************************************** > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bpumphrey at WOODMACLAW.COM Fri Jun 17 18:08:30 2005 From: bpumphrey at WOODMACLAW.COM (Billy A. Pumphrey) Date: Thu Jan 12 21:30:04 2006 Subject: Still clamav update problems Message-ID: I have been fighting with this still. Thank you for all of your responses and it has helped me learn a good bit. I am still getting: --------------------- clam-update Begin ------------------------ daily.cvd updated **Unmatched Entries** WARNING: Your ClamAV installation is OUTDATED!: 10 Time(s) DON'T PANIC! Read http://www.clamav.net/faq.html: 10 Time(s) WARNING: Current functionality level = 4, recommended = 5: 10 Time(s) ---------------------- clam-update End ------------------------- If I log into my mailscanner machine and run "freshclam" it returns: [root@WoodenMS bpumphrey]# freshclam ClamAV update process started at Fri Jun 17 11:58:41 2005 main.cvd is up to date (version: 32, sigs: 34720, f-level: 5, builder: tkojm) daily.cvd is up to date (version: 944, sigs: 1001, f-level: 5, builder: arnaud) So this is a success. When I run the mailscanner update_virus_scanners the log returns: Jun 17 12:05:28 WoodenMS update.virus.scanners: Found bitdefender installed Jun 17 12:05:28 WoodenMS update.virus.scanners: Running autoupdate for bitdefend er Jun 17 12:05:47 WoodenMS update.virus.scanners: Found clamav installed Jun 17 12:05:47 WoodenMS update.virus.scanners: Running autoupdate for clamav Jun 17 12:05:47 WoodenMS ClamAV-autoupdate[27517]: ClamAV did not need updating Jun 17 12:05:47 WoodenMS update.virus.scanners: Found generic installed Jun 17 12:05:47 WoodenMS update.virus.scanners: Running autoupdate for generic So everything looks ok there. Side question - Why does it find a generic? My mailscanner.conf says: Virus Scanners = clamav bitdefender Does anyone know where the error is coming from? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mark at TIPPINGMAR.COM Fri Jun 17 18:33:28 2005 From: mark at TIPPINGMAR.COM (Mark Nienberg) Date: Thu Jan 12 21:30:04 2006 Subject: Still clamav update problems Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Billy A. Pumphrey wrote: >I have been fighting with this still. Thank you for all of your >responses and it has helped me learn a good bit. > >I am still getting: >--------------------- clam-update Begin ------------------------ > > daily.cvd updated > >**Unmatched Entries** > WARNING: Your ClamAV installation is OUTDATED!: 10 Time(s) > DON'T PANIC! Read http://www.clamav.net/faq.html: 10 Time(s) > WARNING: Current functionality level = 4, recommended = 5: 10 Time(s) > > ---------------------- clam-update End ------------------------- > > There is probably a script in your etc/cron.daily or etc/cron.hourly that is running freshclam. It was put there by your clamav install but MailScanner does its own updating so you can remove the one in cron. The error message just means that the version of clamav you have installed isn't the latest one. Or maybe you have two of them?. -- Mark Nienberg, SE Tipping Mar + associates 1906 Shattuck Ave Berkeley, CA 94704 http://www.tippingmar.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From brose at MED.WAYNE.EDU Fri Jun 17 19:40:21 2005 From: brose at MED.WAYNE.EDU (Rose, Bobby) Date: Thu Jan 12 21:30:04 2006 Subject: OT: Solaris 8, Sendmail and OpenSSL greater than 0.9.7d Message-ID: Has any solaris 8 (sparc) users out there had problems compiling sendmail against versions of openssl greater than 0.9.7d? I updated to the latest sendmail to resolve that cataddr: string too long issue presented in the later versions and it core dumps if I used the latest openssl versions. I've tried it on two different boxes and have used both sunfreeware and source compilations of openssl. Oddly, sendmail compiles without any errors but it just one start with presenting Illegal Instruction error and quitting. If I go back to 0.9.7d, everything is fine and I can update the libs to the latest version of openssl after compiling sendmail and it still runs fine. I found one google posting on it but not a solution. Just wondering if anyone else has seen it since I know there a some Solaris people using MailScanner also. Thanks -=Bobby ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From admin at thenamegame.com Fri Jun 17 19:49:31 2005 From: admin at thenamegame.com (Michael Freeman) Date: Thu Jan 12 21:30:04 2006 Subject: FW: Local mail to root always takes longer to deliver! Message-ID: Why is it that local mail, mostly mail sent by the system to a root account or to an admin account on the server, does it go though a number of failures before finally delivered. I always see this with mail being delivered by MailScanner to the root user on the localhost. It only happens mainly with the root deliveries. Eg; 2005-06-17 00:03:05 1Dj84P-0002Ku-Gw <= root@srv07.efastservers.com U=root P=local S=20589 2005-06-17 00:03:05 1Dj84P-0002Kv-Hr <= root@srv07.efastservers.com U=root P=local S=4251 2005-06-17 00:03:05 1Dj84P-0002Kv-Hr == root@srv07.efastservers.com R=defer_router defer (-1): All deliveries are handled by MailScanner 2005-06-17 00:03:05 1Dj84P-0002Kv-Hr ** root@srv07.efastservers.com: retry timeout exceeded 2005-06-17 00:03:05 1Dj84P-0002Ky-ME <= <> R=1Dj84P-0002Kv-Hr U=mailnull P=local S=5145 2005-06-17 00:03:05 1Dj84P-0002Ky-ME == root@srv07.efastservers.com R=defer_router defer (-1): All deliveries are handled by MailScanner 2005-06-17 00:03:05 1Dj84P-0002Ky-ME ** root@srv07.efastservers.com: retry timeout exceeded 2005-06-17 00:03:05 1Dj84P-0002Ky-ME root@srv07.efastservers.com: error ignored 2005-06-17 00:03:05 1Dj84P-0002Ky-ME Completed 2005-06-17 00:03:05 1Dj84P-0002Kv-Hr Completed Finally it arrives. This happens every single time. Whats the reason that it happens with system mail? There have been times we never received the mail. Thank you. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Fri Jun 17 20:19:05 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:30:04 2006 Subject: Hi scoring spam not being quarantined Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Did you remember to relaod/restart MS after editing MailScanner.conf? -- Glenn -----Ursprungligt meddelande----- Från: MailScanner mailing list genom Jody Cleveland Skickat: fr 2005-06-17 18:41 Till: MAILSCANNER@JISCMAIL.AC.UK Kopia: Ämne: Re: Hi scoring spam not being quarantined Just got one delivered to me that said this: X-WALS-MailScanner-SpamScore: 18 I set it to do store delete for anything 10 or over. - jody > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field > Sent: Friday, June 17, 2005 11:04 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Hi scoring spam not being quarantined > > Delete on its own should be fine. > However, are you sure you are seeing high-scoring spam > delivered, and > not normal-scoring spam? > > On 17 Jun 2005, at 16:50, Martin Hepworth wrote: > > > Jody > > > > you need the delete action also.. > > > > High Scoring Spam Actions = store delete > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > > > Jody Cleveland wrote: > > > >> Hello, > >> I'm running MailScanner 4.42.9-1 with SpamAssassin 3.0.4 and > >> Postfix on > >> a redhat 3.0 > >> AS server. > >> I've got this in my MailScanner configuration: > >> High Scoring Spam Actions = store > >> But, I still get mail being delivered, regardless of > score. Is there > >> another setting somewhere I need to change? > >> -- > >> Jody Cleveland > >> Computer Support Specialist > >> cleveland@winnefox.org > >> ------------------------ MailScanner list ------------------------ > >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >> 'leave mailscanner' in the body of the email. > >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and > >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> Support MailScanner development - buy the book off the website! > >> > > > > > ********************************************************************** > > > > This email and any files transmitted with it are confidential and > > intended solely for the use of the individual or entity to whom they > > are addressed. If you have received this email in error > please notify > > the system manager. > > > > This footnote confirms that this email message has been swept > > for the presence of computer viruses and is believed to be clean. > > > > > ********************************************************************** > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Cleveland at WINNEFOX.ORG Fri Jun 17 20:22:03 2005 From: Cleveland at WINNEFOX.ORG (Jody Cleveland) Date: Thu Jan 12 21:30:04 2006 Subject: Hi scoring spam not being quarantined Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I didn't do a restart, but I did: service MailScanner reload - jody > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Steen, Glenn > Sent: Friday, June 17, 2005 2:19 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Hi scoring spam not being quarantined > > Did you remember to relaod/restart MS after editing MailScanner.conf? > > -- Glenn > > > -----Ursprungligt meddelande----- > Från: MailScanner mailing list genom Jody Cleveland > Skickat: fr 2005-06-17 18:41 > Till: MAILSCANNER@JISCMAIL.AC.UK > Kopia: > Ämne: Re: Hi scoring spam not being quarantined > Just got one delivered to me that said this: > > X-WALS-MailScanner-SpamScore: 18 > > I set it to do store delete for anything 10 or over. > > - jody > > > -----Original Message----- > > From: MailScanner mailing list > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field > > Sent: Friday, June 17, 2005 11:04 AM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: Hi scoring spam not being quarantined > > > > Delete on its own should be fine. > > However, are you sure you are seeing high-scoring spam > > delivered, and > > not normal-scoring spam? > > > > On 17 Jun 2005, at 16:50, Martin Hepworth wrote: > > > > > Jody > > > > > > you need the delete action also.. > > > > > > High Scoring Spam Actions = store delete > > > > > > -- > > > Martin Hepworth > > > Snr Systems Administrator > > > Solid State Logic > > > Tel: +44 (0)1865 842300 > > > > > > > > > Jody Cleveland wrote: > > > > > >> Hello, > > >> I'm running MailScanner 4.42.9-1 with SpamAssassin 3.0.4 and > > >> Postfix on > > >> a redhat 3.0 > > >> AS server. > > >> I've got this in my MailScanner configuration: > > >> High Scoring Spam Actions = store > > >> But, I still get mail being delivered, regardless of > > score. Is there > > >> another setting somewhere I need to change? > > >> -- > > >> Jody Cleveland > > >> Computer Support Specialist > > >> cleveland@winnefox.org > > >> ------------------------ MailScanner list > ------------------------ > > >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > >> 'leave mailscanner' in the body of the email. > > >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > >> Support MailScanner development - buy the book off the website! > > >> > > > > > > > > > ********************************************************************** > > > > > > This email and any files transmitted with it are confidential and > > > intended solely for the use of the individual or entity > to whom they > > > are addressed. If you have received this email in error > > please notify > > > the system manager. > > > > > > This footnote confirms that this email message has been swept > > > for the presence of computer viruses and is believed to be clean. > > > > > > > > > ********************************************************************** > > > > > > ------------------------ MailScanner list ------------------------ > > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > > 'leave mailscanner' in the body of the email. > > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > > -- > > Julian Field > > www.MailScanner.info > > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Fri Jun 17 20:33:22 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:30:04 2006 Subject: SV: Still clamav update problems Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] As someone (Mark Nienberg was it?) mentioned, the "funcionality level" thing is a way for the clamav team to force you to upgrade your engine (ie install the latest clamav). If you ignore it, you'll eventually not get the signature updates, so best heed it. About the generic thing. Jules, in his infinite wisdom, has provided a stub AV scanner (scripts really) that we can use to ... implement our own scanner. This is called "generic". As with any scanner MS finds, it'll run its update script regardless of whether you use it or not (also due to Jules wisdom, it's a good thing, since it'll mean that the scanner is updated if/when you decide to use it). -- Glenn -----Ursprungligt meddelande----- Från: MailScanner mailing list genom Billy A. Pumphrey Skickat: fr 2005-06-17 19:08 Till: MAILSCANNER@JISCMAIL.AC.UK Kopia: Ämne: Still clamav update problems I have been fighting with this still. Thank you for all of your responses and it has helped me learn a good bit. I am still getting: --------------------- clam-update Begin ------------------------ daily.cvd updated **Unmatched Entries** WARNING: Your ClamAV installation is OUTDATED!: 10 Time(s) DON'T PANIC! Read http://www.clamav.net/faq.html: 10 Time(s) WARNING: Current functionality level = 4, recommended = 5: 10 Time(s) ---------------------- clam-update End ------------------------- If I log into my mailscanner machine and run "freshclam" it returns: [root@WoodenMS bpumphrey]# freshclam ClamAV update process started at Fri Jun 17 11:58:41 2005 main.cvd is up to date (version: 32, sigs: 34720, f-level: 5, builder: tkojm) daily.cvd is up to date (version: 944, sigs: 1001, f-level: 5, builder: arnaud) So this is a success. When I run the mailscanner update_virus_scanners the log returns: Jun 17 12:05:28 WoodenMS update.virus.scanners: Found bitdefender installed Jun 17 12:05:28 WoodenMS update.virus.scanners: Running autoupdate for bitdefend er Jun 17 12:05:47 WoodenMS update.virus.scanners: Found clamav installed Jun 17 12:05:47 WoodenMS update.virus.scanners: Running autoupdate for clamav Jun 17 12:05:47 WoodenMS ClamAV-autoupdate[27517]: ClamAV did not need updating Jun 17 12:05:47 WoodenMS update.virus.scanners: Found generic installed Jun 17 12:05:47 WoodenMS update.virus.scanners: Running autoupdate for generic So everything looks ok there. Side question - Why does it find a generic? My mailscanner.conf says: Virus Scanners = clamav bitdefender Does anyone know where the error is coming from? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Fri Jun 17 20:53:52 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:30:04 2006 Subject: ping Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Just a list ping, please ignore. -- Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Fri Jun 17 22:09:05 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:30:04 2006 Subject: Hi scoring spam not being quarantined Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jody Cleveland wrote: > I didn't do a restart, but I did: service MailScanner reload Could you please post headers from a delivered spam message? -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pascal.maes at ELEC.UCL.AC.BE Sat Jun 18 09:10:10 2005 From: pascal.maes at ELEC.UCL.AC.BE (Pascal Maes) Date: Thu Jan 12 21:30:04 2006 Subject: whitelist - content scanning Message-ID: I'm using a whitelist to avoid spam scanning for trusted domains and I would like to use the same list for content scanning. My problem is that the default for the "spam whitelist file" is "no" and the default for the content scanning is "disarm". How could I mix the two files ? Thanks -- -- Pascal -- -- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Sat Jun 18 09:23:29 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:30:04 2006 Subject: whitelist - content scanning Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 6/18/05, Pascal Maes wrote: > I'm using a whitelist to avoid spam scanning for trusted domains > and I would like to use the same list for content scanning. > > My problem is that the default for the "spam whitelist file" is "no" > and the default for the content scanning is "disarm". > > How could I mix the two files ? > > Thanks > > -- > -- Pascal -- IIRC you can do this in a way, by having the two files (spam and content respectively) contain something like FromOrTo /path/to/file/with/address-patterns/one/per/line where would be disarm in the one and yes in the other. Julian wrote a very much more informative message on the subject a while back... Perhaps you can find it if you look in the archives (either at gmane or jiscmail). HtH -- Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Sat Jun 18 09:30:11 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:30:04 2006 Subject: ping Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I just can't ignore myself.... For those who care, glenn.steen@gmail.com will henceforth be me. Sigh... Breaking out of the fortress, sort of:-). -- Glenn -----Ursprungligt meddelande----- Från: MailScanner mailing list genom Glenn Steen Skickat: fr 2005-06-17 21:53 Till: MAILSCANNER@JISCMAIL.AC.UK Kopia: Ämne: ping Just a list ping, please ignore. -- Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Felix.Schwarz at WEB.DE Sat Jun 18 15:05:01 2005 From: Felix.Schwarz at WEB.DE (Felix Schwarz) Date: Thu Jan 12 21:30:04 2006 Subject: Store viruses as queue files? Message-ID: Hallo, Michele Neylon:: Blacknight wrote: > Max Kipness wrote: >> I've currently got spam messages storing as queueu files so that they can >> be sent in case of a false/positive. >> >> I occasionally have file attachments that are named funny and need to be >> sent to the original recipient. Is there any way to have those stored as >> queue files as well? As it is, the file is just stored in a directory by >> the name of the message id and i have to copy it to the local webserver >> for download. >> > Which MTA? > If it's sendmail you don't need to worry about the attachments as the > the other files look after it for you I'm having a problem similar to the one described by Max. My MTA is Exim and the stored queue files don't contain the "virus" files. How can I configure MailScanner that these files will be included too? -- Felix ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jun 18 14:27:30 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:04 2006 Subject: Store viruses as queue files? Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Felix Schwarz wrote: >Hallo, > >Michele Neylon:: Blacknight wrote: > > >>Max Kipness wrote: >> >> >>>I've currently got spam messages storing as queueu files so that they can >>>be sent in case of a false/positive. >>> >>>I occasionally have file attachments that are named funny and need to be >>>sent to the original recipient. Is there any way to have those stored as >>>queue files as well? As it is, the file is just stored in a directory by >>>the name of the message id and i have to copy it to the local webserver >>>for download. >>> >>> >>> >>Which MTA? >>If it's sendmail you don't need to worry about the attachments as the >>the other files look after it for you >> >> > >I'm having a problem similar to the one described by Max. My MTA is >Exim and the stored queue files don't contain the "virus" files. How >can I configure MailScanner that these files will be included too? > > Take a look through the options containing the word "Quarantine" and you will hopefully find what you need. If you just "Quarantine Infections = yes" and "Quarantine Whole Message = no" then you will get just the attachments as normal files. If you want to store them as raw queue files so that you can just drop them in the outgoing queue, then "Quarantine Whole Messages As Queue Files = yes". Hopefully that helps a bit. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQrQhRBH2WUcUFbZUEQKH2QCgwF6nSWed2op/Goo/0jVCCqxNVGcAoLUJ IzTuWz7zJv2HiDO1M+XfIX1G =uKh1 -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at nkpanama.com Sat Jun 18 18:42:37 2005 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Jan 12 21:30:04 2006 Subject: Messages in foreign languages Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Stephen Swaney wrote: >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>Behalf Of Steen, Glenn >>Sent: Thursday, June 16, 2005 4:52 PM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: Messages in foreign languages >> >>Drifting dramatically off-topuc here... You've been warned;) >> >>Well, speaking of the swedish cook, you should know that he (in the muppet >>guise) don't sound swedish at all. If one knows the story of the real >>swedish cook, and really strains ones ears and imagination, then perhaps >>one can hear it, but mostly ... not. >> >>The story about the original swedish cook is pretty funny, in a sad >>twisted way... But this is probably not the forum for it:-):-)- >>Eushke-beushke-beu on you too. bork bork bork:) >> >>-- Glenn >> >> >> >> > >Just one more still way off topic. Anthony Howe doesn't just write milters - > >Bork Bork Bork! 0.8 >A Mozilla Firefox 1.0+ & Thunderbird 1.0+ extension. View web pages or mail >as spoken by the Swedish Chef. > > http://www.snert.com/Software/software.html > >:) > >Steve > >Steve Swaney >President >Fortress Systems Ltd. >Phone: 202 338-1670 >Cell: 202 352-3262 >www.fsl.com >steve.swaney@fsl.com > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > Something I read on Slashdot that reminded me of this thread, from "http://yro.slashdot.org/article.pl?sid=05/06/17/1948223": "The English language has a similar dependency upon capitalization. For example, in English, these two sentences, although containing the same words, have different meanings through the use of differing punctuation: 1. I must help my Uncle Jack off the horse. 2. I must help my uncle jack off the horse." ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Sun Jun 19 10:46:36 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:30:04 2006 Subject: ping Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 6/19/05, Pete Russell wrote: > Impossible to rectify your issues using the exchange enviornment? Have > you diagnosed the issue, maybe others can help? > > Pete > > Steen, Glenn wrote: > > I just can't ignore myself.... For those who care, glenn.steen@gmail.com will henceforth be me. Sigh... Breaking out of the fortress, sort of:-). > > > > -- Glenn > > > > > > -----Ursprungligt meddelande----- > > Från: MailScanner mailing list genom Glenn Steen > > Skickat: fr 2005-06-17 21:53 > > Till: MAILSCANNER@JISCMAIL.AC.UK > > Kopia: > > Ämne: ping > > Just a list ping, please ignore. > > > > -- Glenn > > Well, I finally gave up. I'm sure there should be something I could do with m-sexchange, but after receiving yet another big shrug from the guy admining it... I thought I'd have two ways to go: Ether "filter off" relevant maillist mails in the MX (where I'm king:-), or bend the rules about external mail accounts just a bit more (most everyone seems to be doing it at our place, for some reason:-). The latter (which obviously is the way I opted for) will land me in less trouble than the former... (And I really must say that that I'm pretty impressed with gmail so far... Sure, one can build nice systems on squirrel or whatever, but ... I really like the interface:-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at ucgbook.com Sun Jun 19 08:36:39 2005 From: peter at ucgbook.com (Peter Bonivart) Date: Thu Jan 12 21:30:04 2006 Subject: OT: Solaris 8, Sendmail and OpenSSL greater than 0.9.7d Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rose, Bobby wrote: > Has any solaris 8 (sparc) users out there had problems compiling > sendmail against versions of openssl greater than 0.9.7d? I updated to > the latest sendmail to resolve that cataddr: string too long issue > presented in the later versions and it core dumps if I used the latest > openssl versions. I've tried it on two different boxes and have used > both sunfreeware and source compilations of openssl. Oddly, sendmail > compiles without any errors but it just one start with presenting > Illegal Instruction error and quitting. If I go back to 0.9.7d, > everything is fine and I can update the libs to the latest version of > openssl after compiling sendmail and it still runs fine. I found one > google posting on it but not a solution. Just wondering if anyone else > has seen it since I know there a some Solaris people using MailScanner > also. Have you tried www.blastwave.org? They currently have Sendmail 8.13.4 with OpenSSL 0.9.7g. -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Sun Jun 19 02:52:12 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:30:04 2006 Subject: ping Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Impossible to rectify your issues using the exchange enviornment? Have you diagnosed the issue, maybe others can help? Pete Steen, Glenn wrote: > I just can't ignore myself.... For those who care, glenn.steen@gmail.com will henceforth be me. Sigh... Breaking out of the fortress, sort of:-). > > -- Glenn > > > -----Ursprungligt meddelande----- > Från: MailScanner mailing list genom Glenn Steen > Skickat: fr 2005-06-17 21:53 > Till: MAILSCANNER@JISCMAIL.AC.UK > Kopia: > Ämne: ping > Just a list ping, please ignore. > > -- Glenn > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Sun Jun 19 15:25:54 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:30:04 2006 Subject: Problem Email Again (retry) Message-ID: Mike Kercher <> scribbled on Wednesday, June 15, 2005 6:53 PM: > I tried attaching the problem qf/df pair and it was rejected so I > have uploaded the archive here: > > http://www.abby.com/problem_email.tar.gz > > > > I emailed the list a week or so ago about certain emails getting > stuck in /var/spool/mqueue.in, being processed over and over again. > It happened again today. I restarted MailScanner in debug mode and > didn't see anything useful there: > I think I have solved this strange problem. First I upgraded to the latest MS which did not help. I ended up changing the action for High Scoring Spam = from delete to forward dev_null (which is aliased to /dev/null). Since doing so, the problem has not come back yet. Mike ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From gdoris at rogers.com Sun Jun 19 17:43:17 2005 From: gdoris at rogers.com (Gerry Doris) Date: Thu Jan 12 21:30:04 2006 Subject: A quick sendmail question Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I hope the list will be tolerant of a quick sendmail question... My home system uses the standard MailScanner/sendmail setup. However, since it is a home system I set up my ISP's mail server as a smart host. My ISP uses yahoo to process mail. The ISP's mail server name is actually an alias to one of yahoo's mail servers. The problem is that the yahoo mail server name/ip change periodically. I authenticate my sendmail server using the Authinfo: directive in the access database. I can't find a way to use an alias in the Authinfo directive. It seems to need either the real server's name or ip? I'm getting pretty good at noticing my mail is being rejected, checking the logs for the new yahoo server name and changing the access entry appropriately. However, I would like to avoid the problem and use an alias if possible. Is there a way to do this? Gerry ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun Jun 19 17:57:09 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:04 2006 Subject: quick Wiki author request Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In SpamAssassin 3.1, they are disabling (by default) both DCC and Razor due to stoopid licensing problems. So the installation instructions for these two need to get a bit more complicated in the wiki. What is needed is a couple of extra lines added to the "init.pre" file. On Linux this is located in /etc/mail/spamassassin. On Solaris this is located in /usr/perl5//etc/mail/spamassassin. You need to add the following lines to it: # Use DCC loadplugin Mail::SpamAssassin::Plugin::DCC # Use Razor2 loadplugin Mail::SpamAssassin::Plugin::Razor2 Can someone document this in the DCC and Razor2 installation instructions please, and create any necessary pages. I'm not sure if the installation of these 2 is documented at all yet, but they certainly need to be. Thanks folks. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQrWj5xH2WUcUFbZUEQJ7eQCg7ND02CNISYbAW0rXb1QOy2Z0nqcAn1Ic dlrEEdp7RqjRIeF5ViyA5ILX =xg4K -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rpotter at RPCS.NET Mon Jun 20 00:01:22 2005 From: rpotter at RPCS.NET (Richard Potter) Date: Thu Jan 12 21:30:04 2006 Subject: Local mail to root always takes longer to deliver! Message-ID: On Sun, 19 Jun 2005, Michael Freeman wrote: > Can somebody answer this post please? > 2005-06-17 00:03:05 1Dj84P-0002Ku-Gw <= root@srv07.efastservers.com U=root > P=local S=20589 What log is this? What OS are you running? Richard ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From james at grayonline.id.au Sun Jun 19 22:52:53 2005 From: james at grayonline.id.au (James Gray) Date: Thu Jan 12 21:30:04 2006 Subject: MailScanner + Exim3 -> Exim4....or something else? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have a Debian + Exim3 based MailScanner box and it's been powering away for years with no problems at all. However, since upgrading to Sarge, it was noted by the Exim maintainers that Exim3 is no longer maintained upstream and they strongly recommend switching to Exim4. OK - so I upgraded some other boxes to Exim4 just get a feel for any configuration changes....oh dear. Seems Debian has split a nice, single, flat config file into an entire directory tree of config files. Gah. So if this is going to be the mind-job it appears, I'll switch to Sendmail (I use it on every other MailScanner box I operate). So my questions to the list: 1. Is the Exim3->Exim4 upgrade really as painful as it looks on Debian Sarge. 2. If #1 is "yes" then what other MTA is least painful? In light of #2, the MTA wish-list currently includes (without strange chanting and animal sacrifices): 1. High load stability (it will be running on a Celeron400!) 2. SQL-based virtual users (not implemented yet...but in planning) 3. Authenticated SMTP for incoming connections - preferably with SQL-based virtual users etc. If not PLAIN auth will do. 4. TLS/SSL ASMTP (again - not implemented but would be if I went users sending their passwords over the network - currently using TLS POP3) 5. Support milter-like plug-ins (currently using sendmail + milter-greylist on other boxes with great success!). Thoughts, opinions, flames? Cheers, James ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Mon Jun 20 07:24:51 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:30:04 2006 Subject: MailScanner + Exim3 -> Exim4....or something else? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of James Gray > Sent: Sunday, June 19, 2005 4:53 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: MailScanner + Exim3 -> Exim4....or something else? > > > I have a Debian + Exim3 based MailScanner box and it's been > powering away for > years with no problems at all. However, since upgrading to Sarge, it was > noted by the Exim maintainers that Exim3 is no longer maintained > upstream and > they strongly recommend switching to Exim4. OK - so I upgraded > some other > boxes to Exim4 just get a feel for any configuration changes....oh dear. > Seems Debian has split a nice, single, flat config file into an entire > directory tree of config files. Gah. > I haven't checked to see if you have asked on the exim list yet, but do so if you have not. IIRC there is a utility in deb for maintaining the files, and it seems there is either a program to merge them into one or there is an optional package that contains a monolithic configuration. I have heard the deb guys argue as to which is easier many times. Personally, even though I am not using debian I do split my ACLs into separate files for ease of maintenance, and of course just include them into the main exim config(s) Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Andreas.Doerfler at KEMPTEN.DE Mon Jun 20 08:13:32 2005 From: Andreas.Doerfler at KEMPTEN.DE ([iso-8859-1] Dörfler Andreas) Date: Thu Jan 12 21:30:04 2006 Subject: 4.43.2-1, bug ? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] morning, thats it. my default setting is Keep Spam And MCP Archive Clean = no it worked up to the betainstall without any problems. with the beta i must set it to yes, otherwise mailwatch doesnt shows me the mail as virus, only as spam it isnt a real problem, outline and declaration the listing inside mailwatch is broken with clean = no greetings andy --free your mind, use open source http://www.mono-project.com ASCII ribbon campaign ( ) - against HTML email X & vCards / \ > In > his changelog he has mentioned about optimization of scanning > when Spam > and MCP archives are not kept clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dot at DOTAT.AT Mon Jun 20 08:12:05 2005 From: dot at DOTAT.AT (Tony Finch) Date: Thu Jan 12 21:30:04 2006 Subject: MailScanner + Exim3 -> Exim4....or something else? Message-ID: James Gray wrote: > >OK - so I upgraded some other boxes to Exim4 just get a feel for any >configuration changes....oh dear. Seems Debian has split a nice, single, >flat config file into an entire directory tree of config files. Gah. You should read /usr/doc/exim4/README (or whatever the file is called) that describes the Debian Exim configuration system. If you decide you don't want Debian's "help" then you can just put all your configuration in /etc/exim4/exim.conf. Tony. -- f.a.n.finch http://dotat.at/ LYME REGIS TO LANDS END INCLUDING THE ISLES OF SCILLY: NORTHWEST 3 OR 4 BACKING WEST OR SOUTHWEST 2 OR 3. MAINLY FAIR. MODERATE OR GOOD. SMOOTH OR SLIGHT, LOCALLY MODERATE IN WEST AT FIRST. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Andreas.Doerfler at KEMPTEN.DE Mon Jun 20 09:21:41 2005 From: Andreas.Doerfler at KEMPTEN.DE ([iso-8859-1] Dörfler Andreas) Date: Thu Jan 12 21:30:04 2006 Subject: OT: dos vulnerability in sa 3.0.1 - 3.0.3 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] think the most ppl here knows it, just for infomation: http://marc.theaimsgroup.com/?l=spamassassin-announce&m=111886630726077&w=2 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Andreas.Doerfler at KEMPTEN.DE Mon Jun 20 09:32:26 2005 From: Andreas.Doerfler at KEMPTEN.DE ([iso-8859-1] Dörfler Andreas) Date: Thu Jan 12 21:30:04 2006 Subject: 4.43.2-1, bug ? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] forgoten: and Notices To = antivirus (antivirus is a local user) does not work with Keep Spam And MCP Archive Clean = no > > > morning, > > thats it. my default setting is > Keep Spam And MCP Archive Clean = no > it worked up to the betainstall without any problems. > with the beta i must set it to yes, otherwise > mailwatch doesnt shows me the mail as virus, only > as spam > it isnt a real problem, outline and declaration the > listing inside mailwatch is broken with clean = no > > greetings > andy > > --free your mind, use open source > http://www.mono-project.com > > ASCII ribbon campaign ( ) > - against HTML email X > & vCards / \ > > > > > In > > his changelog he has mentioned about optimization of scanning > > when Spam > > and MCP archives are not kept clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Mon Jun 20 09:54:59 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:30:04 2006 Subject: 4.43.2-1, bug ? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 6/20/05, Dörfler Andreas wrote: > morning, > > thats it. my default setting is > Keep Spam And MCP Archive Clean = no > it worked up to the betainstall without any problems. > with the beta i must set it to yes, otherwise > mailwatch doesnt shows me the mail as virus, only > as spam > it isnt a real problem, outline and declaration the > listing inside mailwatch is broken with clean = no > > greetings > andy > > --free your mind, use open source > http://www.mono-project.com > > ASCII ribbon campaign ( ) > - against HTML email X > & vCards / \ > > > > > In > > his changelog he has mentioned about optimization of scanning > > when Spam > > and MCP archives are not kept clean. > Um, that's been as is for ages. I used to "solve" it by forwarding any spam to /dev/null. And I'm not sure I'd term it an "error in mailwatch", when it is MailScanner only behaviour. True, one could perhaps document it more prominently, but it isn't exactly hidden:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jun 20 10:06:08 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:04 2006 Subject: 4.43.2-1, bug ? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I use the same settings on my own systems, which are running 4.43.2 and have no problems at all. On 20 Jun 2005, at 09:32, Dörfler Andreas wrote: > forgoten: > > and > Notices To = antivirus > (antivirus is a local user) > > does not work with > Keep Spam And MCP Archive Clean = no > > > > >> >> >> morning, >> >> thats it. my default setting is >> Keep Spam And MCP Archive Clean = no >> it worked up to the betainstall without any problems. >> with the beta i must set it to yes, otherwise >> mailwatch doesnt shows me the mail as virus, only >> as spam >> it isnt a real problem, outline and declaration the >> listing inside mailwatch is broken with clean = no >> >> greetings >> andy >> >> --free your mind, use open source >> http://www.mono-project.com >> >> ASCII ribbon campaign ( ) >> - against HTML email X >> & vCards / \ >> >> >> >> >>> In >>> his changelog he has mentioned about optimization of scanning >>> when Spam >>> and MCP archives are not kept clean. >>> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Andreas.Doerfler at KEMPTEN.DE Mon Jun 20 10:34:35 2005 From: Andreas.Doerfler at KEMPTEN.DE ([iso-8859-1] Dörfler Andreas) Date: Thu Jan 12 21:30:04 2006 Subject: 4.43.2-1, bug ? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] it works Keep Spam And MCP Archive Clean = yes for me, but not with Keep Spam And MCP Archive Clean = no everything was fine, until the update from 4.42.9 to beta 4.43.2 well it´s not that importent, im just wondering why ... greetings andy --free your mind, use open source http://www.mono-project.com ASCII ribbon campaign ( ) - against HTML email X & vCards / \ > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field > Sent: Monday, June 20, 2005 11:06 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: 4.43.2-1, bug ? > > > I use the same settings on my own systems, which are running 4.43.2 > and have no problems at all. > > On 20 Jun 2005, at 09:32, Dörfler Andreas wrote: > > > forgoten: > > > > and > > Notices To = antivirus > > (antivirus is a local user) > > > > does not work with > > Keep Spam And MCP Archive Clean = no > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From david.weber at BACKBONESECURITY.COM Mon Jun 20 14:36:27 2005 From: david.weber at BACKBONESECURITY.COM (David C.M. Weber) Date: Thu Jan 12 21:30:04 2006 Subject: Web Interface Status Message-ID: I remember reading a while ago about how there was to be an "authorized" MailScanner web interface. I just wanted to know the status of this. I'm considering working on a semi-fork of the MailWatch, to make it a little easier to modify/understand (using Smarty Templates) as well as adding/utilizing the HttpRequest object for the dynamic portions of the site. Hopefully going to be adding a little better functionality, while trying to maintain the same general "look and feel" of the existing mailwatch (especially considering that it hasn't been updated in over a year). Before I imbarked on this journey, I was just curious about whether I was just wasting my time, due to the "authorized" one already (presumably) in progress. I searched the archives, but didn't find anything really on the status. Thanks ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jun 20 14:57:34 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:04 2006 Subject: Web Interface Status Message-ID: SMGateway is available from Fort Systems Ltd at www.fsl.com. On 20 Jun 2005, at 14:36, David C.M. Weber wrote: > I remember reading a while ago about how there was to be an > "authorized" > MailScanner web interface. I just wanted to know the status of this. > > I'm considering working on a semi-fork of the MailWatch, to make it a > little easier to modify/understand (using Smarty Templates) as well as > adding/utilizing the HttpRequest object for the dynamic portions of > the > site. Hopefully going to be adding a little better functionality, > while > trying to maintain the same general "look and feel" of the existing > mailwatch (especially considering that it hasn't been updated in > over a > year). > > Before I imbarked on this journey, I was just curious about whether I > was just wasting my time, due to the "authorized" one already > (presumably) in progress. I searched the archives, but didn't find > anything really on the status. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Mon Jun 20 16:10:19 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:30:04 2006 Subject: Web Interface Status Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 6/20/05, David C.M. Weber wrote: > I remember reading a while ago about how there was to be an "authorized" > MailScanner web interface. I just wanted to know the status of this. > > I'm considering working on a semi-fork of the MailWatch, to make it a > little easier to modify/understand (using Smarty Templates) as well as > adding/utilizing the HttpRequest object for the dynamic portions of the > site. Hopefully going to be adding a little better functionality, while > trying to maintain the same general "look and feel" of the existing > mailwatch (especially considering that it hasn't been updated in over a > year). > > Before I imbarked on this journey, I was just curious about whether I > was just wasting my time, due to the "authorized" one already > (presumably) in progress. I searched the archives, but didn't find > anything really on the status. > > Thanks Steve is "working on it", and has made a sort of todo-list for the next version. Look through the mailwatch-list archive for it... Like this perhaps: http://sourceforge.net/mailarchive/forum.php?forum_id=34994&max_rows=25&style=flat&viewmonth=200504&viewday=2 I'm sure he's open to sugegstions, but a bit short on time:). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Mon Jun 20 16:24:56 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:04 2006 Subject: ping Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Glenn Steen said the following on 6/19/2005 2:46 AM: > On 6/19/05, Pete Russell wrote: > >>Impossible to rectify your issues using the exchange enviornment? Have >>you diagnosed the issue, maybe others can help? >> >>Pete >> >>Steen, Glenn wrote: >> >>>I just can't ignore myself.... For those who care, glenn.steen@gmail.com will henceforth be me. Sigh... Breaking out of the fortress, sort of:-). >>> >>>-- Glenn >>> >>> >>>-----Ursprungligt meddelande----- >>>Från: MailScanner mailing list genom Glenn Steen >>>Skickat: fr 2005-06-17 21:53 >>>Till: MAILSCANNER@JISCMAIL.AC.UK >>>Kopia: >>>Ämne: ping >>>Just a list ping, please ignore. >>> >>>-- Glenn >>> > > Well, I finally gave up. I'm sure there should be something I could do > with m-sexchange, but after receiving yet another big shrug from the > guy admining it... I thought I'd have two ways to go: Ether "filter > off" relevant maillist mails in the MX (where I'm king:-), or bend the > rules about external mail accounts just a bit more (most everyone > seems to be doing it at our place, for some reason:-). > The latter (which obviously is the way I opted for) will land me in > less trouble than the former... (And I really must say that that I'm > pretty impressed with gmail so far... Sure, one can build nice systems > on squirrel or whatever, but ... I really like the interface:-) > Did you consider using gmane.org through a newsreader? -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dnsadmin at 1BIGTHINK.COM Sun Jun 19 18:16:53 2005 From: dnsadmin at 1BIGTHINK.COM (DNSAdmin) Date: Thu Jan 12 21:30:04 2006 Subject: OT: new sendmail config does not relay for 127.0.0.1 Message-ID: Hello All, First, I would like to thank all who replied to my other OT message last week. I have SMTP_Auth working well thanks to all replies. I am unable to send from one user to to another on the machine, now. At least she is locked-down! But, a bit too much for functionality. Jun 19 13:08:11 mxt sendmail[10596]: j5JH8BVY010596: from=root, size=54437, class=0, nrcpts=1, msgid=<200506191708.j5JH8BVY010596@mxt.1bigthink.com>, relay=root@localhost Jun 19 13:08:11 mxt sendmail[10596]: j5JH8BVY010596: to=dnsadmin@1bigthink.com, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=84437, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1] Any suggestions for fixing this that would not expose me? Is this due to the authentication that I am enforcing for SMTP or is it a relay issue? Ask for my sendmail.mc if neccessary. I have 127.0.0.1, localhost, {IP-address}, hostname listed in access and cw file. Thanks, Glenn PArsons -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. http://www.sng.ecs.soton.ac.uk/mailscanner/ Configuration by Glenn Parsons dnsadmin-at-1bigthink.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Sun Jun 19 19:48:14 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:30:04 2006 Subject: new sendmail config does not relay for 127.0.0.1 Message-ID: Do you have this line in your sendmail.mc? DAEMON_OPTIONS(`Port=smtp,Name=MTA')dnl Mike -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of DNSAdmin Sent: Sunday, June 19, 2005 12:17 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: OT: new sendmail config does not relay for 127.0.0.1 Hello All, First, I would like to thank all who replied to my other OT message last week. I have SMTP_Auth working well thanks to all replies. I am unable to send from one user to to another on the machine, now. At least she is locked-down! But, a bit too much for functionality. Jun 19 13:08:11 mxt sendmail[10596]: j5JH8BVY010596: from=root, size=54437, class=0, nrcpts=1, msgid=<200506191708.j5JH8BVY010596@mxt.1bigthink.com>, relay=root@localhost Jun 19 13:08:11 mxt sendmail[10596]: j5JH8BVY010596: to=dnsadmin@1bigthink.com, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=84437, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1] Any suggestions for fixing this that would not expose me? Is this due to the authentication that I am enforcing for SMTP or is it a relay issue? Ask for my sendmail.mc if neccessary. I have 127.0.0.1, localhost, {IP-address}, hostname listed in access and cw file. Thanks, Glenn PArsons -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. http://www.sng.ecs.soton.ac.uk/mailscanner/ Configuration by Glenn Parsons dnsadmin-at-1bigthink.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From admin at thenamegame.com Sun Jun 19 19:57:10 2005 From: admin at thenamegame.com (Michael Freeman) Date: Thu Jan 12 21:30:04 2006 Subject: Local mail to root always takes longer to deliver! Message-ID: Can somebody answer this post please? ________________________________________________________________________________ From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Michael Freeman Sent: Friday, June 17, 2005 2:50 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: FW: Local mail to root always takes longer to deliver! Why is it that local mail, mostly mail sent by the system to a root account or to an admin account on the server, does it go though a number of failures before finally delivered. I always see this with mail being delivered by MailScanner to the root user on the localhost. It only happens mainly with the root deliveries. Eg; 2005-06-17 00:03:05 1Dj84P-0002Ku-Gw <= root@srv07.efastservers.com U=root P=local S=20589 2005-06-17 00:03:05 1Dj84P-0002Kv-Hr <= root@srv07.efastservers.com U=root P=local S=4251 2005-06-17 00:03:05 1Dj84P-0002Kv-Hr == root@srv07.efastservers.com R=defer_router defer (-1): All deliveries are handled by MailScanner 2005-06-17 00:03:05 1Dj84P-0002Kv-Hr ** root@srv07.efastservers.com: retry timeout exceeded 2005-06-17 00:03:05 1Dj84P-0002Ky-ME <= <> R=1Dj84P-0002Kv-Hr U=mailnull P=local S=5145 2005-06-17 00:03:05 1Dj84P-0002Ky-ME == root@srv07.efastservers.com R=defer_router defer (-1): All deliveries are handled by MailScanner 2005-06-17 00:03:05 1Dj84P-0002Ky-ME ** root@srv07.efastservers.com: retry timeout exceeded 2005-06-17 00:03:05 1Dj84P-0002Ky-ME root@srv07.efastservers.com: error ignored 2005-06-17 00:03:05 1Dj84P-0002Ky-ME Completed 2005-06-17 00:03:05 1Dj84P-0002Kv-Hr Completed Finally it arrives. This happens every single time. Whats the reason that it happens with system mail? There have been times we never received the mail. Thank you. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From david.weber at BACKBONESECURITY.COM Mon Jun 20 18:23:37 2005 From: david.weber at BACKBONESECURITY.COM (David C.M. Weber) Date: Thu Jan 12 21:30:04 2006 Subject: Web Interface Status Message-ID: Just took a look at SMGateway, and I've got a few questions. I have an existing MailScanner/MailWatch setup. Granted MailWatch isn't perfect, but it's easier to manage than going in via the command line. SMGateway looks sort of like a rebranding of MailScanner w/ its own bells and whistles. It looked like they want you to blow away your mail gateway, and reinstall w/ their software in RPM form. All fine and good, but I have a fully functional mail gateway where there really isn't an option to do this. Is/Was the "next version" of MailScanner's interface to have a "lighter weight" version of an interface similar to MailWatch, or more industrial similar to this SMGateway? Is there anyway to roll out this "updated" version on the same box? It's kind of nervous that I'd be committing to essentially a fork of the MailWatch project. What are the chances that they deviate significant? Thanks for any additional info. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Tue Jun 21 13:48:01 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:30:04 2006 Subject: MailScanner block zip attach file Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 6/21/05, Meshbah Uddin Ahmed wrote: > In MailScannerc.onf, it was > Maximum Archive Depth = 2 > > i set it 0. then zip files sent. But if i attach zip > file, which contains virus, it also sent, clamav didnt > chk it. > > where as if i set Maximum Archive Depth = 2, > MailScanner block all attach file which ext is .zip > > pls, advice. > > > > > --- Glenn Steen wrote: > > > On 6/21/05, Meshbah Uddin Ahmed > > wrote: > > > Hi, > > > > > > I use Postfix + MailScanner + ClamAV + > > SpamAssassin in > > > Debian. All are works fine. I faced a problem, > > when i > > > want to send mail with zip attach included .exe, > > > mailscanner blocks it. But if i create that folder > > > with tgz extension then it successfully send. > > > > > > In my filenames.rules.conf file, both /.zip and > > > /.t?gz > > > are allowed. > > > > > > Plaese advice me, what should i do to recover it. > > > > > > Reagrds > > > Meshbah > > > > > Hm, shouldn't the tgz-ball have been stoped too? > > Anyway, if you read > > the comments just above > > Maximum Archive Depth = > > you'll see that you should perhaps set it to 0. > > > > -- > > -- Glenn > > email: glenn < dot > steen < at > gmail < dot > com > > work: glenn < dot > steen < at > ap1 < dot > se > > Would clamscan find that virus *outside* of MS? As it says in the comments, this should have nothing to do with whether clamav can find a virus or not. Look at virus.scanners.conf, use the second and third column for clamav like this: /usr/lib/MailScanner/clamav-wrapper /usr/local -r --disable-summary --stdout /path/to/file.with.virus.zip (all on one line, in case that got wrapped:). Does that detect it? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Tue Jun 21 13:42:07 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:30:04 2006 Subject: MailScanner block zip attach file Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Meshbah Uddin Ahmed wrote: >In MailScannerc.onf, it was >Maximum Archive Depth = 2 > >i set it 0. then zip files sent. But if i attach zip >file, which contains virus, it also sent, clamav didnt >chk it. > >where as if i set Maximum Archive Depth = 2, >MailScanner block all attach file which ext is .zip > >pls, advice. > > > Are you sure there was a virus in your test zip file? MailScanner virus scans all attachments, even zip files. The Maximum Archive Depth parameter is just for MS' private use (filename and filetype tests). No virus scanner will be affected by this. Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From meshbahuddin at YAHOO.COM Tue Jun 21 12:03:20 2005 From: meshbahuddin at YAHOO.COM (Meshbah Uddin Ahmed) Date: Thu Jan 12 21:30:04 2006 Subject: MailScanner block zip attach file Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] In MailScannerc.onf, it was Maximum Archive Depth = 2 i set it 0. then zip files sent. But if i attach zip file, which contains virus, it also sent, clamav didnt chk it. where as if i set Maximum Archive Depth = 2, MailScanner block all attach file which ext is .zip pls, advice. --- Glenn Steen wrote: > On 6/21/05, Meshbah Uddin Ahmed > wrote: > > Hi, > > > > I use Postfix + MailScanner + ClamAV + > SpamAssassin in > > Debian. All are works fine. I faced a problem, > when i > > want to send mail with zip attach included .exe, > > mailscanner blocks it. But if i create that folder > > with tgz extension then it successfully send. > > > > In my filenames.rules.conf file, both /.zip and > > /.t?gz > > are allowed. > > > > Plaese advice me, what should i do to recover it. > > > > Reagrds > > Meshbah > > > Hm, shouldn't the tgz-ball have been stoped too? > Anyway, if you read > the comments just above > Maximum Archive Depth = > you'll see that you should perhaps set it to 0. > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > > ------------------------ MailScanner list > ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with > the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki > (http://wiki.mailscanner.info/) and > the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off > the website! > ____________________________________________________ Yahoo! Sports Rekindle the Rivalries. Sign up for Fantasy Football http://football.fantasysports.yahoo.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From linux at LEUTE.SERVER.DE Tue Jun 21 12:00:23 2005 From: linux at LEUTE.SERVER.DE (Muenz, Michael) Date: Thu Jan 12 21:30:04 2006 Subject: ClamAV 0.86 released Monday 20th June Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, > > got no problems the last 4 hours > Anyone upgraded yet - all OK? me too with clamavmodule. Michael ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From gennari at ECO.UNIBS.IT Tue Jun 21 11:11:58 2005 From: gennari at ECO.UNIBS.IT (Daniele Gennari) Date: Thu Jan 12 21:30:04 2006 Subject: Problem after installing SpamAssasin Message-ID: Hello, today I have decided to install SpamAssasin to get a better control over Spam. I have downloaded the package http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz and installed it using the install.sh script. And here start the problems: restarting Mailscanner I obtain the following message bash-2.05# ./check_mailscanner Starting MailScanner... Bad arg length for Socket::pack_sockaddr_in, length is 0, should be 4 at /usr/local/lib/perl5/5.8.7/i86pc-solaris/Socket.pm line 373. So I tried to upgrade the single Perl package, the whole Perl distribution ( as you can see, now I have perl5.8.7), and Mailscanner but with no results. Someone can help me to debug the problem? Or there is a manner to revert to the past situation. This I the configuration I use: Pc with solaris5.9 (Intel version) Mailscanner F-prot ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Andreas.Doerfler at KEMPTEN.DE Tue Jun 21 10:57:00 2005 From: Andreas.Doerfler at KEMPTEN.DE ([iso-8859-1] Dörfler Andreas) Date: Thu Jan 12 21:30:04 2006 Subject: ClamAV 0.86 released Monday 20th June Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] got no problems the last 4 hours > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Nigel kendrick > Sent: Tuesday, June 21, 2005 10:09 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: ClamAV 0.86 released Monday 20th June > > > Anyone upgraded yet - all OK? > > Nigel ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From support-lists at PETDOCTORS.CO.UK Tue Jun 21 09:08:46 2005 From: support-lists at PETDOCTORS.CO.UK (Nigel kendrick) Date: Thu Jan 12 21:30:04 2006 Subject: ClamAV 0.86 released Monday 20th June Message-ID: Anyone upgraded yet - all OK? Nigel ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From trystenx at gmail.com Tue Jun 21 10:34:31 2005 From: trystenx at gmail.com (Senthu) Date: Thu Jan 12 21:30:04 2006 Subject: mailscanner declaring mails from local domains as spam Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] hi all i have problem with certain domains in my mail server when Mailscanner checks for spam. i am running multiple domains in my mail server for email clients and i have clients accessing email from multiple area's. I have just upgraded my mail server to Mailscanner to 4.42.9 and spamassassin 3.0.4, i am receiving the following messages when the users sends email either to local users in the mail server or any external email. MailScanner[21233]: Message j5L0ucoa021789 from 203.114.14.161 (jasmin@arianworks.com) to priv asia.com is spam, SpamAssassin (score=26.854, required 6, autolearn=spam, BAYES_99 3.50, HELO_DYNAMIC_DHCP 1.25, HELO_DYNAMIC_I PADDR 4.40, HTML_50_60 0.09, HTML_FONT_BIG 0.14, HTML_LINK_PUSH_HERE 0.87, HTML_MESSAGE 0.00, MIME_HTML_ONLY 0.18, RCVD_IN_NJA BL_DUL 0.09, RCVD_IN_SORBS_DUL 1.99, URIBL_AB_SURBL 0.42, URIBL_JP_SURBL 4.00, URIBL_OB_SURBL 3.21, URIBL_SBL 1.00, URIBL_SC_S URBL 4.26, URIBL_WS_SURBL 1.46) MailScanner[21188]: Spam Checks: Starting Jun 21 11:07:29 jupiter@mig.com MailScanner[21188]: RBL checks: j5L36udC027409 found in SBL+XBL Jun 21 11:07:33 jupiter@mig.com MailScanner[21188]: Message j5L36udC027409 from 203.114.14.161 (jasmin@arianworks.com) to priv asia.com is spam, SBL+XBL how can i over come this problem please help. regards trysten ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Tue Jun 21 10:26:24 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:30:05 2006 Subject: MailScanner block zip attach file Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 6/21/05, Meshbah Uddin Ahmed wrote: > Hi, > > I use Postfix + MailScanner + ClamAV + SpamAssassin in > Debian. All are works fine. I faced a problem, when i > want to send mail with zip attach included .exe, > mailscanner blocks it. But if i create that folder > with tgz extension then it successfully send. > > In my filenames.rules.conf file, both /.zip and > /.t?gz > are allowed. > > Plaese advice me, what should i do to recover it. > > Reagrds > Meshbah > Hm, shouldn't the tgz-ball have been stoped too? Anyway, if you read the comments just above Maximum Archive Depth = you'll see that you should perhaps set it to 0. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From meshbahuddin at YAHOO.COM Tue Jun 21 09:45:23 2005 From: meshbahuddin at YAHOO.COM (Meshbah Uddin Ahmed) Date: Thu Jan 12 21:30:05 2006 Subject: MailScanner block zip attach file Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, I use Postfix + MailScanner + ClamAV + SpamAssassin in Debian. All are works fine. I faced a problem, when i want to send mail with zip attach included .exe, mailscanner blocks it. But if i create that folder with tgz extension then it successfully send. In my filenames.rules.conf file, both /.zip and /.t?gz are allowed. Plaese advice me, what should i do to recover it. Reagrds Meshbah ____________________________________________________ Yahoo! Sports Rekindle the Rivalries. Sign up for Fantasy Football http://football.fantasysports.yahoo.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dannyh at aac-services.co.uk Tue Jun 21 09:51:12 2005 From: dannyh at aac-services.co.uk (Dan Harris) Date: Thu Jan 12 21:30:05 2006 Subject: MailScanner + Exim3 -> Exim4....or something else? Message-ID: James Gray scribbled on 19 June 2005 22:53: > I have a Debian + Exim3 based MailScanner box and it's been powering > away for years with no problems at all. However, since upgrading to > Sarge, it was noted by the Exim maintainers that Exim3 is no longer > maintained upstream and they strongly recommend switching to Exim4. > OK - so I upgraded some other boxes to Exim4 just get a feel for any > configuration changes....oh dear. Seems Debian has split a nice, > single, flat config file into an entire directory tree of config > files. Gah. > > Thoughts, opinions, flames? Take a look at /usr/share/doc/exim4-base/README.Debian.gz, which explains how to choose between the monolithic and directory methods of creating exim4.conf. It also explains the pros and cons of each approach, and gives some hints on upgrading. Staying with Exim4 is likely to give you fewer headaches in the future, as it is the default Debian MTA. Best Regards, Dan Harris. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From nats at SSCRMNL.EDU.PH Tue Jun 21 08:44:57 2005 From: nats at SSCRMNL.EDU.PH (nats) Date: Thu Jan 12 21:30:05 2006 Subject: test Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] test -- All messages that are coming from this domain is certified to be virus and spam free. If ever you have received any virus infected content or spam, please report it to the internet administrator of this domain nats@sscrmnl.edu.ph ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Tue Jun 21 08:36:08 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:30:05 2006 Subject: ping Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 6/20/05, Scott Silva wrote: > Glenn Steen said the following on 6/19/2005 2:46 AM: > > On 6/19/05, Pete Russell wrote: > > > >>Impossible to rectify your issues using the exchange enviornment? Have > >>you diagnosed the issue, maybe others can help? > >> > >>Pete > >> > >>Steen, Glenn wrote: > >> > >>>I just can't ignore myself.... For those who care, glenn.steen@gmail.com will henceforth be me. Sigh... Breaking out of the fortress, sort of:-). > >>> > >>>-- Glenn > >>> > >>> > >>>-----Ursprungligt meddelande----- > >>>Från: MailScanner mailing list genom Glenn Steen > >>>Skickat: fr 2005-06-17 21:53 > >>>Till: MAILSCANNER@JISCMAIL.AC.UK > >>>Kopia: > >>>Ämne: ping > >>>Just a list ping, please ignore. > >>> > >>>-- Glenn > >>> > > > > Well, I finally gave up. I'm sure there should be something I could do > > with m-sexchange, but after receiving yet another big shrug from the > > guy admining it... I thought I'd have two ways to go: Ether "filter > > off" relevant maillist mails in the MX (where I'm king:-), or bend the > > rules about external mail accounts just a bit more (most everyone > > seems to be doing it at our place, for some reason:-). > > The latter (which obviously is the way I opted for) will land me in > > less trouble than the former... (And I really must say that that I'm > > pretty impressed with gmail so far... Sure, one can build nice systems > > on squirrel or whatever, but ... I really like the interface:-) > > > Did you consider using gmane.org through a newsreader? > NNTP from the "fortress"? Not ...... likely. I'm happy that I've got _web_ access:-). I actually used to work in way more closed environments (high security things)... So call me stoopid, but this'll just work out dandy for me:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Mon Jun 20 23:23:23 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:30:05 2006 Subject: Web Interface Status Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] David C.M. Weber wrote: > Just took a look at SMGateway, and I've got a few questions. > > I have an existing MailScanner/MailWatch setup. Granted MailWatch isn't > perfect, but it's easier to manage than going in via the command line. > > SMGateway looks sort of like a rebranding of MailScanner w/ its own > bells and whistles. It looked like they want you to blow away your mail > gateway, and reinstall w/ their software in RPM form. All fine and > good, but I have a fully functional mail gateway where there really > isn't an option to do this. > In this case you are correct, it is a replacement to your existing mailscanner implmentation , it is a commercial product that they are kindly allowing us to use without charge. AFAIK it cant be used just as a gui to your existing gateway. > Is/Was the "next version" of MailScanner's interface to have a "lighter > weight" version of an interface similar to MailWatch, or more industrial > similar to this SMGateway? Is there anyway to roll out this "updated" > version on the same box? It's kind of nervous that I'd be committing to > essentially a fork of the MailWatch project. What are the chances that > they deviate significant? I wonder if you have spoken to Steve at all about MailWatch? Maybe he would welcome the help to his project, and probably new features etc? > > Thanks for any additional info. > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Tue Jun 21 13:42:07 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:30:05 2006 Subject: MailScanner block zip attach file Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Meshbah Uddin Ahmed wrote: >In MailScannerc.onf, it was >Maximum Archive Depth = 2 > >i set it 0. then zip files sent. But if i attach zip >file, which contains virus, it also sent, clamav didnt >chk it. > >where as if i set Maximum Archive Depth = 2, >MailScanner block all attach file which ext is .zip > >pls, advice. > > > Are you sure there was a virus in your test zip file? MailScanner virus scans all attachments, even zip files. The Maximum Archive Depth parameter is just for MS' private use (filename and filetype tests). No virus scanner will be affected by this. Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From meshbahuddin at YAHOO.COM Tue Jun 21 12:03:20 2005 From: meshbahuddin at YAHOO.COM (Meshbah Uddin Ahmed) Date: Thu Jan 12 21:30:05 2006 Subject: MailScanner block zip attach file Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] In MailScannerc.onf, it was Maximum Archive Depth = 2 i set it 0. then zip files sent. But if i attach zip file, which contains virus, it also sent, clamav didnt chk it. where as if i set Maximum Archive Depth = 2, MailScanner block all attach file which ext is .zip pls, advice. --- Glenn Steen wrote: > On 6/21/05, Meshbah Uddin Ahmed > wrote: > > Hi, > > > > I use Postfix + MailScanner + ClamAV + > SpamAssassin in > > Debian. All are works fine. I faced a problem, > when i > > want to send mail with zip attach included .exe, > > mailscanner blocks it. But if i create that folder > > with tgz extension then it successfully send. > > > > In my filenames.rules.conf file, both /.zip and > > /.t?gz > > are allowed. > > > > Plaese advice me, what should i do to recover it. > > > > Reagrds > > Meshbah > > > Hm, shouldn't the tgz-ball have been stoped too? > Anyway, if you read > the comments just above > Maximum Archive Depth = > you'll see that you should perhaps set it to 0. > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > > ------------------------ MailScanner list > ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with > the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki > (http://wiki.mailscanner.info/) and > the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off > the website! > ____________________________________________________ Yahoo! Sports Rekindle the Rivalries. Sign up for Fantasy Football http://football.fantasysports.yahoo.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From linux at LEUTE.SERVER.DE Tue Jun 21 12:00:23 2005 From: linux at LEUTE.SERVER.DE (Muenz, Michael) Date: Thu Jan 12 21:30:05 2006 Subject: ClamAV 0.86 released Monday 20th June Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, > > got no problems the last 4 hours > Anyone upgraded yet - all OK? me too with clamavmodule. Michael ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From gennari at ECO.UNIBS.IT Tue Jun 21 11:11:58 2005 From: gennari at ECO.UNIBS.IT (Daniele Gennari) Date: Thu Jan 12 21:30:05 2006 Subject: Problem after installing SpamAssasin Message-ID: Hello, today I have decided to install SpamAssasin to get a better control over Spam. I have downloaded the package http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz and installed it using the install.sh script. And here start the problems: restarting Mailscanner I obtain the following message bash-2.05# ./check_mailscanner Starting MailScanner... Bad arg length for Socket::pack_sockaddr_in, length is 0, should be 4 at /usr/local/lib/perl5/5.8.7/i86pc-solaris/Socket.pm line 373. So I tried to upgrade the single Perl package, the whole Perl distribution ( as you can see, now I have perl5.8.7), and Mailscanner but with no results. Someone can help me to debug the problem? Or there is a manner to revert to the past situation. This I the configuration I use: Pc with solaris5.9 (Intel version) Mailscanner F-prot ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Andreas.Doerfler at KEMPTEN.DE Tue Jun 21 10:57:00 2005 From: Andreas.Doerfler at KEMPTEN.DE ([iso-8859-1] Dörfler Andreas) Date: Thu Jan 12 21:30:05 2006 Subject: ClamAV 0.86 released Monday 20th June Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] got no problems the last 4 hours > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Nigel kendrick > Sent: Tuesday, June 21, 2005 10:09 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: ClamAV 0.86 released Monday 20th June > > > Anyone upgraded yet - all OK? > > Nigel ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From support-lists at PETDOCTORS.CO.UK Tue Jun 21 09:08:46 2005 From: support-lists at PETDOCTORS.CO.UK (Nigel kendrick) Date: Thu Jan 12 21:30:05 2006 Subject: ClamAV 0.86 released Monday 20th June Message-ID: Anyone upgraded yet - all OK? Nigel ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From trystenx at gmail.com Tue Jun 21 10:34:31 2005 From: trystenx at gmail.com (Senthu) Date: Thu Jan 12 21:30:05 2006 Subject: mailscanner declaring mails from local domains as spam Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] hi all i have problem with certain domains in my mail server when Mailscanner checks for spam. i am running multiple domains in my mail server for email clients and i have clients accessing email from multiple area's. I have just upgraded my mail server to Mailscanner to 4.42.9 and spamassassin 3.0.4, i am receiving the following messages when the users sends email either to local users in the mail server or any external email. MailScanner[21233]: Message j5L0ucoa021789 from 203.114.14.161 (jasmin@arianworks.com) to priv asia.com is spam, SpamAssassin (score=26.854, required 6, autolearn=spam, BAYES_99 3.50, HELO_DYNAMIC_DHCP 1.25, HELO_DYNAMIC_I PADDR 4.40, HTML_50_60 0.09, HTML_FONT_BIG 0.14, HTML_LINK_PUSH_HERE 0.87, HTML_MESSAGE 0.00, MIME_HTML_ONLY 0.18, RCVD_IN_NJA BL_DUL 0.09, RCVD_IN_SORBS_DUL 1.99, URIBL_AB_SURBL 0.42, URIBL_JP_SURBL 4.00, URIBL_OB_SURBL 3.21, URIBL_SBL 1.00, URIBL_SC_S URBL 4.26, URIBL_WS_SURBL 1.46) MailScanner[21188]: Spam Checks: Starting Jun 21 11:07:29 jupiter@mig.com MailScanner[21188]: RBL checks: j5L36udC027409 found in SBL+XBL Jun 21 11:07:33 jupiter@mig.com MailScanner[21188]: Message j5L36udC027409 from 203.114.14.161 (jasmin@arianworks.com) to priv asia.com is spam, SBL+XBL how can i over come this problem please help. regards trysten ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Tue Jun 21 10:26:24 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:30:05 2006 Subject: MailScanner block zip attach file Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 6/21/05, Meshbah Uddin Ahmed wrote: > Hi, > > I use Postfix + MailScanner + ClamAV + SpamAssassin in > Debian. All are works fine. I faced a problem, when i > want to send mail with zip attach included .exe, > mailscanner blocks it. But if i create that folder > with tgz extension then it successfully send. > > In my filenames.rules.conf file, both /.zip and > /.t?gz > are allowed. > > Plaese advice me, what should i do to recover it. > > Reagrds > Meshbah > Hm, shouldn't the tgz-ball have been stoped too? Anyway, if you read the comments just above Maximum Archive Depth = you'll see that you should perhaps set it to 0. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From meshbahuddin at YAHOO.COM Tue Jun 21 09:45:23 2005 From: meshbahuddin at YAHOO.COM (Meshbah Uddin Ahmed) Date: Thu Jan 12 21:30:05 2006 Subject: MailScanner block zip attach file Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, I use Postfix + MailScanner + ClamAV + SpamAssassin in Debian. All are works fine. I faced a problem, when i want to send mail with zip attach included .exe, mailscanner blocks it. But if i create that folder with tgz extension then it successfully send. In my filenames.rules.conf file, both /.zip and /.t?gz are allowed. Plaese advice me, what should i do to recover it. Reagrds Meshbah ____________________________________________________ Yahoo! Sports Rekindle the Rivalries. Sign up for Fantasy Football http://football.fantasysports.yahoo.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dannyh at aac-services.co.uk Tue Jun 21 09:51:12 2005 From: dannyh at aac-services.co.uk (Dan Harris) Date: Thu Jan 12 21:30:05 2006 Subject: MailScanner + Exim3 -> Exim4....or something else? Message-ID: James Gray scribbled on 19 June 2005 22:53: > I have a Debian + Exim3 based MailScanner box and it's been powering > away for years with no problems at all. However, since upgrading to > Sarge, it was noted by the Exim maintainers that Exim3 is no longer > maintained upstream and they strongly recommend switching to Exim4. > OK - so I upgraded some other boxes to Exim4 just get a feel for any > configuration changes....oh dear. Seems Debian has split a nice, > single, flat config file into an entire directory tree of config > files. Gah. > > Thoughts, opinions, flames? Take a look at /usr/share/doc/exim4-base/README.Debian.gz, which explains how to choose between the monolithic and directory methods of creating exim4.conf. It also explains the pros and cons of each approach, and gives some hints on upgrading. Staying with Exim4 is likely to give you fewer headaches in the future, as it is the default Debian MTA. Best Regards, Dan Harris. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From nats at SSCRMNL.EDU.PH Tue Jun 21 08:44:57 2005 From: nats at SSCRMNL.EDU.PH (nats) Date: Thu Jan 12 21:30:05 2006 Subject: test Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] test -- All messages that are coming from this domain is certified to be virus and spam free. If ever you have received any virus infected content or spam, please report it to the internet administrator of this domain nats@sscrmnl.edu.ph ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Tue Jun 21 08:36:08 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:30:05 2006 Subject: ping Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 6/20/05, Scott Silva wrote: > Glenn Steen said the following on 6/19/2005 2:46 AM: > > On 6/19/05, Pete Russell wrote: > > > >>Impossible to rectify your issues using the exchange enviornment? Have > >>you diagnosed the issue, maybe others can help? > >> > >>Pete > >> > >>Steen, Glenn wrote: > >> > >>>I just can't ignore myself.... For those who care, glenn.steen@gmail.com will henceforth be me. Sigh... Breaking out of the fortress, sort of:-). > >>> > >>>-- Glenn > >>> > >>> > >>>-----Ursprungligt meddelande----- > >>>Från: MailScanner mailing list genom Glenn Steen > >>>Skickat: fr 2005-06-17 21:53 > >>>Till: MAILSCANNER@JISCMAIL.AC.UK > >>>Kopia: > >>>Ämne: ping > >>>Just a list ping, please ignore. > >>> > >>>-- Glenn > >>> > > > > Well, I finally gave up. I'm sure there should be something I could do > > with m-sexchange, but after receiving yet another big shrug from the > > guy admining it... I thought I'd have two ways to go: Ether "filter > > off" relevant maillist mails in the MX (where I'm king:-), or bend the > > rules about external mail accounts just a bit more (most everyone > > seems to be doing it at our place, for some reason:-). > > The latter (which obviously is the way I opted for) will land me in > > less trouble than the former... (And I really must say that that I'm > > pretty impressed with gmail so far... Sure, one can build nice systems > > on squirrel or whatever, but ... I really like the interface:-) > > > Did you consider using gmane.org through a newsreader? > NNTP from the "fortress"? Not ...... likely. I'm happy that I've got _web_ access:-). I actually used to work in way more closed environments (high security things)... So call me stoopid, but this'll just work out dandy for me:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Mon Jun 20 23:23:23 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:30:05 2006 Subject: Web Interface Status Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] David C.M. Weber wrote: > Just took a look at SMGateway, and I've got a few questions. > > I have an existing MailScanner/MailWatch setup. Granted MailWatch isn't > perfect, but it's easier to manage than going in via the command line. > > SMGateway looks sort of like a rebranding of MailScanner w/ its own > bells and whistles. It looked like they want you to blow away your mail > gateway, and reinstall w/ their software in RPM form. All fine and > good, but I have a fully functional mail gateway where there really > isn't an option to do this. > In this case you are correct, it is a replacement to your existing mailscanner implmentation , it is a commercial product that they are kindly allowing us to use without charge. AFAIK it cant be used just as a gui to your existing gateway. > Is/Was the "next version" of MailScanner's interface to have a "lighter > weight" version of an interface similar to MailWatch, or more industrial > similar to this SMGateway? Is there anyway to roll out this "updated" > version on the same box? It's kind of nervous that I'd be committing to > essentially a fork of the MailWatch project. What are the chances that > they deviate significant? I wonder if you have spoken to Steve at all about MailWatch? Maybe he would welcome the help to his project, and probably new features etc? > > Thanks for any additional info. > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Tue Jun 21 14:58:11 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:05 2006 Subject: mailscanner declaring mails from local domains as spam Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Senthu wrote: > hi all > > i have problem with certain domains in my mail server when Mailscanner > checks for spam. i am running multiple domains in my mail server for > email clients and i have clients accessing email from multiple area's. > I have just upgraded my mail server to Mailscanner to 4.42.9 and > spamassassin 3.0.4, > i am receiving the following messages when the users sends email > either to local users in the mail server or any external email. > > MailScanner[21233]: Message j5L0ucoa021789 from 203.114.14.161 > (jasmin@arianworks.com) to priv > asia.com is spam, SpamAssassin (score=26.854, required 6, > autolearn=spam, BAYES_99 3.50, HELO_DYNAMIC_DHCP 1.25, HELO_DYNAMIC_I > PADDR 4.40, HTML_50_60 0.09, HTML_FONT_BIG 0.14, HTML_LINK_PUSH_HERE > 0.87, HTML_MESSAGE 0.00, MIME_HTML_ONLY 0.18, RCVD_IN_NJA > BL_DUL 0.09, RCVD_IN_SORBS_DUL 1.99, URIBL_AB_SURBL 0.42, > URIBL_JP_SURBL 4.00, URIBL_OB_SURBL 3.21, URIBL_SBL 1.00, URIBL_SC_S > URBL 4.26, URIBL_WS_SURBL 1.46) > > > MailScanner[21188]: Spam Checks: Starting > Jun 21 11:07:29 jupiter@mig.com MailScanner[21188]: RBL checks: > j5L36udC027409 found in SBL+XBL > Jun 21 11:07:33 jupiter@mig.com MailScanner[21188]: Message > j5L36udC027409 from 203.114.14.161 (jasmin@arianworks.com) to priv > asia.com is spam, SBL+XBL > > how can i over come this problem please help. > By whitelisting what you don't want to be considered as spam. However, you might want to investigate since many SpamAssassin rules have been hit that shouldn't. All the URIBL, RCVD_IN and the fact that it is on SBL+XBL should be corrected by the mail server admin. > > regards > trysten > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jun 21 16:17:46 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:05 2006 Subject: Announce: Beta 4.43.3 released Message-ID: I have just released version 4.43.3. I would particularly like Postfix users to try this out and tell me if there are any problems with it. If you ever had the problem where one or two messages were dumped into Postfix's "corrupt" queue, that will hopefully not happen again. Download as usual from www.mailscanner.info The full ChangeLog is: * New Features and Improvements * - "Allowed Sophos Error Messages" now works for SophosSAVI scanner as well as the command-line Sophos scanner. - "\n" can be used to insert line breaks in just about any configuration setting or languages.conf string. - Optimised scanning of messages when spam/mcp archive is not kept clean. This should noticeably improve performance. - Updated Clam+SpamAssassin package for SpamAssassin 3.0.4. * Fixes * - Fixed bug in upgrade_MailScanner_conf so that it puts in the new value of "MailScanner Version Number" rather than copying it over from the old one, and it now gets all the comments right around this option when the "--keep-comments" command-line switch is used. - Syslogging of files with allowed Sophos errors should now be correct. - Fixed missing syslog entry for MCP actions taken on a non-delivered message. - Fixed bug where infection could be reported for wrong message ID as well as correct message ID. - Modified panda-wrapper to process entire batch in one call instead of per message. - If message parsing failed, the pipe might not exist and this wasn't caught. - Improved fault auto-detection and auto-correcting of Postfix formatting problems. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue Jun 21 16:08:28 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:05 2006 Subject: ping Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] >> >> >>Did you consider using gmane.org through a newsreader? >> > > > NNTP from the "fortress"? Not ...... likely. I'm happy that I've got > _web_ access:-). > > I actually used to work in way more closed environments (high security > things)... So call me stoopid, but this'll just work out dandy for > me:-). > Sorry, now I see your environment works with OPM (other peoples money), so I understand the lockdown. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue Jun 21 16:14:54 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:05 2006 Subject: mailscanner declaring mails from local domains as spam Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Senthu said the following on 6/21/2005 2:34 AM: > hi all > > i have problem with certain domains in my mail server when Mailscanner > checks for spam. i am running multiple domains in my mail server for > email clients and i have clients accessing email from multiple area's. > I have just upgraded my mail server to Mailscanner to 4.42.9 and > spamassassin 3.0.4, > i am receiving the following messages when the users sends email > either to local users in the mail server or any external email. > > MailScanner[21233]: Message j5L0ucoa021789 from 203.114.14.161 > (jasmin@arianworks.com) to priv > asia.com is spam, SpamAssassin (score=26.854, required 6, > autolearn=spam, BAYES_99 3.50, HELO_DYNAMIC_DHCP 1.25, HELO_DYNAMIC_I > PADDR 4.40, HTML_50_60 0.09, HTML_FONT_BIG 0.14, HTML_LINK_PUSH_HERE > 0.87, HTML_MESSAGE 0.00, MIME_HTML_ONLY 0.18, RCVD_IN_NJA > BL_DUL 0.09, RCVD_IN_SORBS_DUL 1.99, URIBL_AB_SURBL 0.42, > URIBL_JP_SURBL 4.00, URIBL_OB_SURBL 3.21, URIBL_SBL 1.00, URIBL_SC_S > URBL 4.26, URIBL_WS_SURBL 1.46) > > > MailScanner[21188]: Spam Checks: Starting > Jun 21 11:07:29 jupiter@mig.com MailScanner[21188]: RBL checks: > j5L36udC027409 found in SBL+XBL > Jun 21 11:07:33 jupiter@mig.com MailScanner[21188]: Message > j5L36udC027409 from 203.114.14.161 (jasmin@arianworks.com) to priv > asia.com is spam, SBL+XBL > > how can i over come this problem please help. > > > regards > trysten > This looks like a user is definitely trying to send spam, and I hope you do not allow it. If you do, your servers will end up on several blacklists. Get the user to explain why they need to send such content. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Tue Jun 21 16:43:18 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:30:05 2006 Subject: ping Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 6/21/05, Scott Silva wrote: (snip) > Sorry, now I see your environment works with OPM (other peoples money), > so I understand the lockdown. > Yeah, all the pensionists in sweden thank us, while I keep cursing ... :-):-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Tue Jun 21 17:15:42 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:30:05 2006 Subject: ping Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Scott Silva said: > /-----------------------\ |~~\_____/~~\__ | > | MailScanner; The best |___________ \N1____====== )-+ > | protection on the net!| ~~~|/~~ | > \-----------------------/ () :-) What it is to be using the condom of e-mail!! Now I understand what all those 'wrapper' scripts are for :-D Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue Jun 21 17:29:23 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:05 2006 Subject: ping Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Drew Marshall said the following on 6/21/2005 9:15 AM: > Scott Silva said: > >>/-----------------------\ |~~\_____/~~\__ | >>| MailScanner; The best |___________ \N1____====== )-+ >>| protection on the net!| ~~~|/~~ | >>\-----------------------/ () > > > :-) > > What it is to be using the condom of e-mail!! Now I understand what all > those 'wrapper' scripts are for :-D > > Drew > > Keeps all the ETD's (e-mail transmitted diseases) out of our inboxes!! -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jacques at MONACO.NET Tue Jun 21 18:55:08 2005 From: jacques at MONACO.NET (Jacques Caruso) Date: Thu Jan 12 21:30:05 2006 Subject: Postfix: Mails aren't delivered with MS 4.41.3 Message-ID: [ The following text is in the "iso-8859-15" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Julian and everybody else, I encountered a weird problem today : our mail server (running Debian Testing) runs Postfix in a split-MTA fashion due to some constraints (I don't want relayed mail to be scanned, and I don't have a clue how to do this easily with the official installation method) and MailScanner along with SA and ClamAV (basically it's quite a standard setup, except for the two instances of Postfix running). Today, the server was upgraded to Postfix 2.2.3 and MailScanner 4.41.3, and we immediately encountered a problem : mails would just sit still in the outgoing Postfix's `incoming' queue after being processed by MS. I discovered that what bothered Postfix is that MS creates subdirectories in the outgoing queue directory ; apparently, Postfix 2.2 expects a flat, non-hashed hierarchy there, and won't process queue files hidden in subdirectories unless I manually do a `postqueue -f'. I tried searching the list archives, to no avail. But some further investigation yielded better results. Apparently, what happens is this : - Postfix is configured to have a hash depth of 1, but *only* for the `defer' and `deferred' queues (note this is by default, I didn't set these values in either of my main.cf files) : [root@sceuzi][~]# grep hash_queue /etc/postfix/main.cf /etc/postfix.in/main.cf [root@sceuzi][~]# postconf hash_queue_depth hash_queue_names hash_queue_depth = 1 hash_queue_names = deferred, defer - MailScanner tries to determine the hash depth, but it uses for this purpose one of the two queues with a hash depth of 1 : Jun 21 19:05:21 sceuzi MailScanner[13147]: JKF: Hash dir depth value being calculated Jun 21 19:05:21 sceuzi MailScanner[13147]: JKF: Reading . from dir . (/var/spool/postfix.in/deferred) Jun 21 19:05:21 sceuzi MailScanner[13147]: JKF: Reading .. from dir . (/var/spool/postfix.in/deferred) Jun 21 19:05:21 sceuzi MailScanner[13147]: JKF: Reading 4 from dir . (/var/spool/postfix.in/deferred) Jun 21 19:05:21 sceuzi MailScanner[13147]: JKF: Reading . from inner dir 4 Jun 21 19:05:21 sceuzi MailScanner[13147]: JKF: Reading .. from inner dir 4 Jun 21 19:05:21 sceuzi MailScanner[13147]: JKF: Reading 1293535005C from inner dir 4 Jun 21 19:05:21 sceuzi MailScanner[13147]: Postfix queue structure is depth 1 - It then proceeds to create files in the `incoming' queue with the same depth, but Postfix expects a depth of 0 in that queue, and doesn't process the files. Currently, I've just kludged the file PFDiskStore.pm to apply the steps for a depth of 0 even if the stated depth is 1, but this is ugly and wrong. It would be way better to modify FindHashDirDepth() to call postconf and check the depth directly with Postfix, but I'm not sure about how to do it exactly, as MailScanner is somewhat complex, and I don't want to break everything... Cheers, -- [ Jacques Caruso Développeur PHP ] [ Monaco Internet http://monaco-internet.mc/ ] [ Tél : (+377) 93 10 00 43 Clé PGP : 0x41F5C63D ] [ * To err is human; to make a real disaster requires a computer! * ] ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jun 21 19:11:16 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:05 2006 Subject: Postfix: Mails aren't delivered with MS 4.41.3 Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Can you just make the hash depth 0 for all the queues? Jacques Caruso wrote: >Hi Julian and everybody else, > >I encountered a weird problem today : our mail server (running Debian >Testing) runs Postfix in a split-MTA fashion due to some constraints (I >don't want relayed mail to be scanned, and I don't have a clue how to do >this easily with the official installation method) and MailScanner along >with SA and ClamAV (basically it's quite a standard setup, except for >the two instances of Postfix running). > >Today, the server was upgraded to Postfix 2.2.3 and MailScanner 4.41.3, >and we immediately encountered a problem : mails would just sit still in >the outgoing Postfix's `incoming' queue after being processed by MS. I >discovered that what bothered Postfix is that MS creates subdirectories >in the outgoing queue directory ; apparently, Postfix 2.2 expects a >flat, non-hashed hierarchy there, and won't process queue files hidden >in subdirectories unless I manually do a `postqueue -f'. I tried >searching the list archives, to no avail. But some further investigation >yielded better results. Apparently, what happens is this : > >- Postfix is configured to have a hash depth of 1, but *only* for the > `defer' and `deferred' queues (note this is by default, I didn't set > these values in either of my main.cf files) : > > [root@sceuzi][~]# grep hash_queue /etc/postfix/main.cf /etc/postfix.in/main.cf > [root@sceuzi][~]# postconf hash_queue_depth hash_queue_names > hash_queue_depth = 1 > hash_queue_names = deferred, defer > >- MailScanner tries to determine the hash depth, but it uses for this > purpose one of the two queues with a hash depth of 1 : > >Jun 21 19:05:21 sceuzi MailScanner[13147]: JKF: Hash dir depth value being calculated >Jun 21 19:05:21 sceuzi MailScanner[13147]: JKF: Reading . from dir . (/var/spool/postfix.in/deferred) >Jun 21 19:05:21 sceuzi MailScanner[13147]: JKF: Reading .. from dir . (/var/spool/postfix.in/deferred) >Jun 21 19:05:21 sceuzi MailScanner[13147]: JKF: Reading 4 from dir . (/var/spool/postfix.in/deferred) >Jun 21 19:05:21 sceuzi MailScanner[13147]: JKF: Reading . from inner dir 4 >Jun 21 19:05:21 sceuzi MailScanner[13147]: JKF: Reading .. from inner dir 4 >Jun 21 19:05:21 sceuzi MailScanner[13147]: JKF: Reading 1293535005C from inner dir 4 >Jun 21 19:05:21 sceuzi MailScanner[13147]: Postfix queue structure is depth 1 > >- It then proceeds to create files in the `incoming' queue with the same > depth, but Postfix expects a depth of 0 in that queue, and doesn't > process the files. > >Currently, I've just kludged the file PFDiskStore.pm to apply the steps >for a depth of 0 even if the stated depth is 1, but this is ugly and >wrong. It would be way better to modify FindHashDirDepth() to call >postconf and check the depth directly with Postfix, but I'm not sure >about how to do it exactly, as MailScanner is somewhat complex, and I >don't want to break everything... > > >Cheers, > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQrhYThH2WUcUFbZUEQKSeACfY5Pvt2toiZTSQDC2N0VIA/CoJ3sAoI4i boRHjrMtIuX+SjKrRIkBGHTO =Rcra -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vachanta at GMAIL.COM Tue Jun 21 19:13:51 2005 From: vachanta at GMAIL.COM (Venkata Achanta) Date: Thu Jan 12 21:30:05 2006 Subject: SpamAssassin installation could not be found Message-ID: Jun 21 11:12:10 tux MailScanner[18760]: SpamAssassin installation could not be found Just upgraded to spamasssassin 3.0.4 and i am getting this. Any ideas ? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jun 21 19:33:04 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:05 2006 Subject: SpamAssassin installation could not be found Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Do ls -l /usr/bin/perl ls -l /usr/local/bin/perl and show us what it says. Most likely is that you have 2 Perls installed. Venkata Achanta wrote: >Jun 21 11:12:10 tux MailScanner[18760]: SpamAssassin installation could not >be found > >Just upgraded to spamasssassin 3.0.4 and i am getting this. Any ideas ? > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQrhdYhH2WUcUFbZUEQJyIgCgkdckf8JHYiU1j+/CqPgOpkk3xTMAoJTa npuQNvVnGgPCStDz1Iuwq/CD =Ncta -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vachanta at gmail.com Tue Jun 21 19:46:52 2005 From: vachanta at gmail.com (Venkata Achanta) Date: Thu Jan 12 21:30:05 2006 Subject: SpamAssassin installation could not be found Message-ID: root@tux venkata # ls -l /usr/bin/perl -rwxr-xr-x 2 root root 1081392 Apr 29 2004 /usr/bin/perl root@asav venkata # ls -l /usr/local/bin/perl ls: /usr/local/bin/perl: No such file or directory On Tue, 21 Jun 2005 19:33:04 +0100, Julian Field wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >Do >ls -l /usr/bin/perl >ls -l /usr/local/bin/perl >and show us what it says. >Most likely is that you have 2 Perls installed. > >Venkata Achanta wrote: > >>Jun 21 11:12:10 tux MailScanner[18760]: SpamAssassin installation could not >>be found >> >>Just upgraded to spamasssassin 3.0.4 and i am getting this. Any ideas ? >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> > >- -- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > >-----BEGIN PGP SIGNATURE----- >Version: PGP Desktop 9.0.1 (Build 2185) > >iQA/AwUBQrhdYhH2WUcUFbZUEQJyIgCgkdckf8JHYiU1j+/CqPgOpkk3xTMAoJTa >npuQNvVnGgPCStDz1Iuwq/CD >=Ncta >-----END PGP SIGNATURE----- > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Tue Jun 21 19:35:42 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:05 2006 Subject: SpamAssassin installation could not be found Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Venkata Achanta wrote: > Jun 21 11:12:10 tux MailScanner[18760]: SpamAssassin installation could not > be found > > Just upgraded to spamasssassin 3.0.4 and i am getting this. Any ideas ? > How did you install it? RPM? Try the source or cpan. Pretty easy on cpan: perl -MCPAN -e 'install Mail::SpamAssassin' There is something I don't understand. You replied to a thread containing all sorts of info about this topic... did you read the thread? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vachanta at GMAIL.COM Tue Jun 21 20:19:26 2005 From: vachanta at GMAIL.COM (Venkata Achanta) Date: Thu Jan 12 21:30:05 2006 Subject: SpamAssassin installation could not be found Message-ID: >There is something I don't understand. You replied to a thread >containing all sorts of info about this topic... did you read the thread? I am not sure which one you are referring to. Anyways i got burnt on my gentoo portage version of the latest spamassassin-3.0.4 upgrade. There is something wrong with my portage i believe. I usually emerge it the gentoo way and this is the first time it bombed in years. Thanks for the quick responses.ok i have go back and dig up what happened to my gentoo portage...Thanks again ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue Jun 21 20:25:48 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:05 2006 Subject: ClamAV 0.86 released Monday 20th June Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Muenz, Michael said the following on 6/21/2005 4:00 AM: > Hi, > > >>>got no problems the last 4 hours >> >>Anyone upgraded yet - all OK? > > > me too with clamavmodule. > > > Michael > Great here after 4 hours plus. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Tue Jun 21 20:50:03 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:05 2006 Subject: Openrbl down Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, http://openrbl.org/ Website Offline 2005-06-19: Openrbl.org has been run on autopilot for the last couple of years. But now the site lost the backend where the databases was built twice per day. Unless somebody invests time to rebuild everything the website will remain offline. Similar services: * http://moensted.dk/spam/ * http://www.dnsstuff.com/tools/ip4r.ch Does it have any impact on MailScanner users? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Tue Jun 21 21:37:10 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:30:05 2006 Subject: Postfix: Mails aren't delivered with MS 4.41.3 Message-ID: [ The following text is in the "ISO-8859-15" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jacques Caruso wrote: Hi Julian and everybody else, I encountered a weird problem today : our mail server (running Debian Testing) runs Postfix in a split-MTA fashion due to some constraints (I don't want relayed mail to be scanned, and I don't have a clue how to do this easily with the official installation method) and MailScanner along with SA and ClamAV (basically it's quite a standard setup, except for the two instances of Postfix running). I would give your machine 2 IP addresses. One 'internal' and one external. The external one use the standard hold queue set up with, the second specify as int.ern.al.ip:smtp inet n - n - - smtpd -o receive_override_options=no_header_body_checks in master.cf so you get no MailScanner involvement at all. Today, the server was upgraded to Postfix 2.2.3 and MailScanner 4.41.3, and we immediately encountered a problem : mails would just sit still in the outgoing Postfix's `incoming' queue after being processed by MS. I discovered that what bothered Postfix is that MS creates subdirectories in the outgoing queue directory ; apparently, Postfix 2.2 expects a flat, non-hashed hierarchy there, and won't process queue files hidden in subdirectories unless I manually do a `postqueue -f'. I tried searching the list archives, to no avail. But some further investigation yielded better results. Apparently, what happens is this : - Postfix is configured to have a hash depth of 1, but *only* for the `defer' and `deferred' queues (note this is by default, I didn't set these values in either of my main.cf files) : [root@sceuzi][~]# grep hash_queue /etc/postfix/main.cf /etc/postfix.in/main.cf [root@sceuzi][~]# postconf hash_queue_depth hash_queue_names hash_queue_depth = 1 hash_queue_names = deferred, defer Which shouldn't be touched by MailScanner as it's using the proven to be unreliable defer method. you will end up with duplicated/ truncated messages. - MailScanner tries to determine the hash depth, but it uses for this purpose one of the two queues with a hash depth of 1 : Jun 21 19:05:21 sceuzi MailScanner[13147]: JKF: Hash dir depth value being calculated Jun 21 19:05:21 sceuzi MailScanner[13147]: JKF: Reading . from dir . (/var/spool/postfix.in/deferred) Jun 21 19:05:21 sceuzi MailScanner[13147]: JKF: Reading .. from dir . (/var/spool/postfix.in/deferred) Jun 21 19:05:21 sceuzi MailScanner[13147]: JKF: Reading 4 from dir . (/var/spool/postfix.in/deferred) Jun 21 19:05:21 sceuzi MailScanner[13147]: JKF: Reading . from inner dir 4 Jun 21 19:05:21 sceuzi MailScanner[13147]: JKF: Reading .. from inner dir 4 Jun 21 19:05:21 sceuzi MailScanner[13147]: JKF: Reading 1293535005C from inner dir 4 Jun 21 19:05:21 sceuzi MailScanner[13147]: Postfix queue structure is depth 1 - It then proceeds to create files in the `incoming' queue with the same depth, but Postfix expects a depth of 0 in that queue, and doesn't process the files. Yes but only because it detected that your defer queues are hashed. MailScanner has been re-designed to suit the hold queue method so I would suggest changing your setup. Either run 2 Postfix instances but have one listening on a non standard port for the out going relay or change your master.cf as I suggested above. The other option, which I would not recommend is to change to the following in main.cf; hash_queue_names = deferred, defer, incoming which will solve your problem, but not your setup. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Tue Jun 21 22:20:12 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:30:05 2006 Subject: Openrbl down Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 6/21/05, Ugo Bellavance wrote: > Hi, > > http://openrbl.org/ > > Website Offline > 2005-06-19: Openrbl.org has been run on autopilot for the last > couple of years. > But now the site lost the backend where the databases was built > twice per day. > Unless somebody invests time to rebuild everything the website will > remain offline. > > Similar services: > > * http://moensted.dk/spam/ > * http://www.dnsstuff.com/tools/ip4r.ch > > Does it have any impact on MailScanner users? If you use mailwatch it does. MW use openrbl in the details page.... But since the actual URL has changed a bit, I've changed that bit since before on my systems. If Steve F wants a patch I *might* squeeze that in before going on vacation. Basically I've added a link for each of the nice relevant tools on the http://wiki.mailscanner.info/doku.php?id=documentation:test_troubleshoot:mta:relay ... It sure aint rocket sience, but....:-). Btw, could you add http://moensted.dk/spam/ to that page, I seem to have forgotten my &))&¤%¤%& password:-)... -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From smf at F2S.COM Tue Jun 21 23:05:32 2005 From: smf at F2S.COM (Steve Freegard) Date: Thu Jan 12 21:30:05 2006 Subject: Openrbl down Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Glenn/Ugo, On Tue, 2005-06-21 at 23:20 +0200, Glenn Steen wrote: > On 6/21/05, Ugo Bellavance wrote: > > Hi, > > > > http://openrbl.org/ > > > > Website Offline > > 2005-06-19: Openrbl.org has been run on autopilot for the last > > couple of years. > > But now the site lost the backend where the databases was built > > twice per day. > > Unless somebody invests time to rebuild everything the website will > > remain offline. > > > > Similar services: > > > > * http://moensted.dk/spam/ > > * http://www.dnsstuff.com/tools/ip4r.ch > > > > Does it have any impact on MailScanner users? > > If you use mailwatch it does. > MW use openrbl in the details page.... But since the actual URL has > changed a bit, I've changed that bit since before on my systems. If > Steve F wants a patch I *might* squeeze that in before going on > vacation. Basically I've added a link for each of the nice relevant > tools on the http://wiki.mailscanner.info/doku.php?id=documentation:test_troubleshoot:mta:relay > ... It sure aint rocket sience, but....:-). Btw, could you add > http://moensted.dk/spam/ to that page, I seem to have forgotten my > &))&¤%¤%& password:-)... > I'd already fixed the link in MailWatch as OpenRBL changed their format a while ago. I think I'll probably put in several different sites as an option that can be picked by the admin ;-)) Kind regards, Steve. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Wed Jun 22 01:23:39 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:30:05 2006 Subject: postfix multi recipient Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have a problem where management insist on one user account not being scanned for spam at all. I have used ruleset to exclude the account. Trouble is that email to this account is always grouped with email other people. Postfix doest seem to automatically make separate copies of the email for each recipient, meaning that all of those recipients receive the spam. I see there are patches to make changes to sendmail, but cant find much on Postfix - is there no way of fixing this with postfix? I have asked if they would allow it to be scanned and marked as spam, rather than not scanned, allowing the user to use a outlook rule to filter them to another folder. But will i face the same issue as before with multiple recipients receiving an email with the subject marked as spam? Regards Pete ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From xplora at MEDIADESIGN.SCHOOL.NZ Wed Jun 22 01:13:01 2005 From: xplora at MEDIADESIGN.SCHOOL.NZ (Richard Smith) Date: Thu Jan 12 21:30:05 2006 Subject: spam.backlist.rules vs sendmail access file Message-ID: Been having issues with a virus using specific addresses as a from address that happens to be a valid address, but no one should be sending anything from it (a basic group mail address in /etc/aliases). At first I put "From: groupaddress@host yes" in spam.blacklist.rules however this has proved to be unreliable, I have sinced put "From: groupaddress@host REJECT" into my /etc/mail/access and while it's too soon to know the difference I'm expecting this to have better results. My question is, which is better to use when, I'm suspecting /etc/mail/ access is better to a point, but where is that point, do I really need to bother with spam.blacklist.rules at all? -- http://www.mediadesign.school.nz/ CAUTION: This communication is confidential and may be legally privileged. If you have received it in error you must not use, disclose, copy or retain it. Please immediately notify us by return email and then delete the email. This message has been scanned for viruses and dangerous content by MailScanner with McAfee UVScan, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at nkpanama.com Wed Jun 22 02:20:33 2005 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Jan 12 21:30:05 2006 Subject: spam.backlist.rules vs sendmail access file Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Richard Smith wrote: > Been having issues with a virus using specific addresses as a from > address that happens to be a valid address, but no one should be > sending anything from it (a basic group mail address in /etc/aliases). > > At first I put "From: groupaddress@host yes" in spam.blacklist.rules > however this has proved to be unreliable, I have sinced put "From: > groupaddress@host REJECT" into my /etc/mail/access and while it's too > soon to know the difference I'm expecting this to have better results. > > My question is, which is better to use when, I'm suspecting /etc/mail/ > access is better to a point, but where is that point, do I really > need to bother with spam.blacklist.rules at all? > Using /etc/mail/access is cleaner, because MailScanner doesn't even see the message coming. Using the rules file means messages are received, then processed. One exception: If you can't blacklist the IP for your backup MX because it's being provided by a service provider and not under your direct control, you would *have* to use the rules file. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Wed Jun 22 09:01:02 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:30:05 2006 Subject: Openrbl down Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 6/22/05, Steve Freegard wrote: > Hi Glenn/Ugo, > > On Tue, 2005-06-21 at 23:20 +0200, Glenn Steen wrote: > > On 6/21/05, Ugo Bellavance wrote: > > > Hi, > > > > > > http://openrbl.org/ > > > > > > Website Offline > > > 2005-06-19: Openrbl.org has been run on autopilot for the last > > > couple of years. > > > But now the site lost the backend where the databases was built > > > twice per day. > > > Unless somebody invests time to rebuild everything the website will > > > remain offline. > > > > > > Similar services: > > > > > > * http://moensted.dk/spam/ > > > * http://www.dnsstuff.com/tools/ip4r.ch > > > > > > Does it have any impact on MailScanner users? > > > > If you use mailwatch it does. > > MW use openrbl in the details page.... But since the actual URL has > > changed a bit, I've changed that bit since before on my systems. If > > Steve F wants a patch I *might* squeeze that in before going on > > vacation. Basically I've added a link for each of the nice relevant > > tools on the http://wiki.mailscanner.info/doku.php?id=documentation:test_troubleshoot:mta:relay > > ... It sure aint rocket sience, but....:-). Btw, could you add > > http://moensted.dk/spam/ to that page, I seem to have forgotten my > > &))&¤%¤%& password:-)... > > > > I'd already fixed the link in MailWatch as OpenRBL changed their format > a while ago. > > I think I'll probably put in several different sites as an option that > can be picked by the admin ;-)) > > Kind regards, > Steve. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > Good man! Thanks. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Wed Jun 22 11:27:37 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:30:05 2006 Subject: Openrbl down Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 6/22/05, Steve Freegard wrote: > Hi Glenn/Ugo, (snip) > I'd already fixed the link in MailWatch as OpenRBL changed their format > a while ago. > > I think I'll probably put in several different sites as an option that > can be picked by the admin ;-)) > > Kind regards, > Steve. This is what I put in there... I figured it was OK to waste the screen resources a bit, since it's in the details page. If drbcheck or dnsstuff should be "first choice" is a matter of taste:). ------ //$output .= "$relay"; $output .= "$relay"; $output .= " (dnsblinfo,"; $output .= " drbcheck,"; $output .= " SenderBase)"; ------ -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From housey at SME-ECOM.CO.UK Wed Jun 22 14:09:15 2005 From: housey at SME-ECOM.CO.UK (Paul Houselander) Date: Thu Jan 12 21:30:05 2006 Subject: Allow Form Tags = no Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Just been doing some testing as I saw a message come through that had been blocked (due to it containing a form tag) but part of the message still displayed I have Allow Form Tags = no Convert Dangerous HTML To Text = no Convert HTML To Text = no I sent myself a message with a form tag + some extra HTML e.g. table and some bullet points. When I recieved the email the form tag was stripped out, I got the warning message saying the mail had been blocked but the rest of the email was displayed but converted to plain text - is this correct? With the above settings I was thinking the whole email should be blocked? Im using the rpm version of 4.41.3 on a fedora core 2 box. Cheers Paul ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From meshbahuddin at YAHOO.COM Wed Jun 22 14:11:06 2005 From: meshbahuddin at YAHOO.COM (Meshbah Uddin Ahmed) Date: Thu Jan 12 21:30:05 2006 Subject: MailScanner cant detect virus Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] yes, u right, my scanner doesnt detect virus. pls advice me what can i do. here is my settings- in my virus.scanners.conf file, it is- clamav /etc/MailScanner/wrapper/clamav-wrapper /usr I have install all pkg like this apt-get install postfix mailscanner spamassassin but download clamav manually. then install it. my freshclam.conf is in- /usr/local/etc/ and *.cvd files are in- /var/lib/clamav/ in MailScanner.conf file- Virus Scanning = yes Virus Scanner = clamav Here is log, where an attach file eicar.com.txt which contains virus- Jun 22 18:48:42 mailx-bk postfix/smtpd[10404]: 1ABB3D6BC4: client=unknown[192.168.200.70] Jun 22 18:48:42 mailx-bk postfix/cleanup[10406]: 1ABB3D6BC4: message-id=<42B95C5F.7070908@myserver.com> Jun 22 18:48:42 mailx-bk postfix/qmgr[518]: 1ABB3D6BC4: from=, size=1037, nrcpt=1 (queue active) Jun 22 18:48:42 mailx-bk postfix/qmgr[518]: 1ABB3D6BC4: to=, relay=none, delay=0, status=deferred (delivery temporarily suspended: deferred transport) Jun 22 18:48:48 mailx-bk MailScanner[258]: Filename Checks: Allowing 1ABB3D6BC4.D76FB msg-258-1.txt Jun 22 18:48:48 mailx-bk MailScanner[258]: Filename Checks: Allowing 1ABB3D6BC4.D76FB eicar.com.txt Jun 22 18:48:48 mailx-bk MailScanner[258]: Requeue: 1ABB3D6BC4.D76FB to 5036F7F405 Please help me to resolve it. Thanks Meshbah --- Glenn Steen wrote: > On 6/21/05, Meshbah Uddin Ahmed > wrote: > > In MailScannerc.onf, it was > > Maximum Archive Depth = 2 > > > > i set it 0. then zip files sent. But if i attach > zip > > file, which contains virus, it also sent, clamav > didnt > > chk it. > > > > where as if i set Maximum Archive Depth = 2, > > MailScanner block all attach file which ext is > .zip > > > > pls, advice. > > > > > > > > > > --- Glenn Steen wrote: > > > > > On 6/21/05, Meshbah Uddin Ahmed > > > wrote: > > > > Hi, > > > > > > > > I use Postfix + MailScanner + ClamAV + > > > SpamAssassin in > > > > Debian. All are works fine. I faced a problem, > > > when i > > > > want to send mail with zip attach included > .exe, > > > > mailscanner blocks it. But if i create that > folder > > > > with tgz extension then it successfully send. > > > > > > > > In my filenames.rules.conf file, both /.zip > and > > > > /.t?gz > > > > are allowed. > > > > > > > > Plaese advice me, what should i do to recover > it. > > > > > > > > Reagrds > > > > Meshbah > > > > > > > Hm, shouldn't the tgz-ball have been stoped too? > > > Anyway, if you read > > > the comments just above > > > Maximum Archive Depth = > > > you'll see that you should perhaps set it to 0. > > > > > > -- > > > -- Glenn > > > email: glenn < dot > steen < at > gmail < dot > > com > > > work: glenn < dot > steen < at > ap1 < dot > se > > > > Would clamscan find that virus *outside* of MS? As > it says in the > comments, this should have nothing to do with > whether clamav can find > a virus or not. Look at virus.scanners.conf, use > the second and third > column for clamav like this: > /usr/lib/MailScanner/clamav-wrapper /usr/local -r > --disable-summary > --stdout /path/to/file.with.virus.zip > (all on one line, in case that got wrapped:). > Does that detect it? > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > > ------------------------ MailScanner list > ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with > the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki > (http://wiki.mailscanner.info/) and > the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off > the website! > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From David.While at UCE.AC.UK Wed Jun 22 14:17:30 2005 From: David.While at UCE.AC.UK (David While) Date: Thu Jan 12 21:30:05 2006 Subject: MailScanner cant detect virus Message-ID: Are you sure about the location of the wrapper script? /etc/MailScanner/wrapper looks odd to me - mine is /usr/lib/MailScanner/wrapper -------------------------------------------- David While BSc CEng MBCS CITP Department of Computing & Information University of Central England Tel: 0121 331 6211 -------------------------------------------- -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Meshbah Uddin Ahmed Sent: 22 June 2005 14:11 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: MailScanner cant detect virus yes, u right, my scanner doesnt detect virus. pls advice me what can i do. here is my settings- in my virus.scanners.conf file, it is- clamav /etc/MailScanner/wrapper/clamav-wrapper /usr I have install all pkg like this apt-get install postfix mailscanner spamassassin but download clamav manually. then install it. my freshclam.conf is in- /usr/local/etc/ and *.cvd files are in- /var/lib/clamav/ in MailScanner.conf file- Virus Scanning = yes Virus Scanner = clamav Here is log, where an attach file eicar.com.txt which contains virus- Jun 22 18:48:42 mailx-bk postfix/smtpd[10404]: 1ABB3D6BC4: client=unknown[192.168.200.70] Jun 22 18:48:42 mailx-bk postfix/cleanup[10406]: 1ABB3D6BC4: message-id=<42B95C5F.7070908@myserver.com> Jun 22 18:48:42 mailx-bk postfix/qmgr[518]: 1ABB3D6BC4: from=, size=1037, nrcpt=1 (queue active) Jun 22 18:48:42 mailx-bk postfix/qmgr[518]: 1ABB3D6BC4: to=, relay=none, delay=0, status=deferred (delivery temporarily suspended: deferred transport) Jun 22 18:48:48 mailx-bk MailScanner[258]: Filename Checks: Allowing 1ABB3D6BC4.D76FB msg-258-1.txt Jun 22 18:48:48 mailx-bk MailScanner[258]: Filename Checks: Allowing 1ABB3D6BC4.D76FB eicar.com.txt Jun 22 18:48:48 mailx-bk MailScanner[258]: Requeue: 1ABB3D6BC4.D76FB to 5036F7F405 Please help me to resolve it. Thanks Meshbah --- Glenn Steen wrote: > On 6/21/05, Meshbah Uddin Ahmed > wrote: > > In MailScannerc.onf, it was > > Maximum Archive Depth = 2 > > > > i set it 0. then zip files sent. But if i attach > zip > > file, which contains virus, it also sent, clamav > didnt > > chk it. > > > > where as if i set Maximum Archive Depth = 2, > > MailScanner block all attach file which ext is > .zip > > > > pls, advice. > > > > > > > > > > --- Glenn Steen wrote: > > > > > On 6/21/05, Meshbah Uddin Ahmed > > > wrote: > > > > Hi, > > > > > > > > I use Postfix + MailScanner + ClamAV + > > > SpamAssassin in > > > > Debian. All are works fine. I faced a problem, > > > when i > > > > want to send mail with zip attach included > .exe, > > > > mailscanner blocks it. But if i create that > folder > > > > with tgz extension then it successfully send. > > > > > > > > In my filenames.rules.conf file, both /.zip > and > > > > /.t?gz > > > > are allowed. > > > > > > > > Plaese advice me, what should i do to recover > it. > > > > > > > > Reagrds > > > > Meshbah > > > > > > > Hm, shouldn't the tgz-ball have been stoped too? > > > Anyway, if you read > > > the comments just above > > > Maximum Archive Depth = > > > you'll see that you should perhaps set it to 0. > > > > > > -- > > > -- Glenn > > > email: glenn < dot > steen < at > gmail < dot > > com > > > work: glenn < dot > steen < at > ap1 < dot > se > > > > Would clamscan find that virus *outside* of MS? As > it says in the > comments, this should have nothing to do with > whether clamav can find > a virus or not. Look at virus.scanners.conf, use > the second and third > column for clamav like this: > /usr/lib/MailScanner/clamav-wrapper /usr/local -r > --disable-summary > --stdout /path/to/file.with.virus.zip > (all on one line, in case that got wrapped:). > Does that detect it? > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > > ------------------------ MailScanner list > ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with > the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki > (http://wiki.mailscanner.info/) and > the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off > the website! > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Wed Jun 22 14:30:53 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:30:05 2006 Subject: spam.backlist.rules vs sendmail access file Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Richard Smith wrote: > Been having issues with a virus using specific addresses as a from > address that happens to be a valid address, but no one should be > sending anything from it (a basic group mail address in /etc/aliases). > > At first I put "From: groupaddress@host yes" in spam.blacklist.rules > however this has proved to be unreliable, I have sinced put "From: > groupaddress@host REJECT" into my /etc/mail/access and while it's too > soon to know the difference I'm expecting this to have better results. Richard, Just want to point out that there should be no space after From: in the access file. Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Wed Jun 22 14:22:35 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:05 2006 Subject: MailScanner cant detect virus Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Meshbah Uddin Ahmed wrote: > yes, u right, my scanner doesnt detect virus. pls > advice me what can i do. here is my settings- > > in my virus.scanners.conf file, it is- > clamav /etc/MailScanner/wrapper/clamav-wrapper /usr > > I have install all pkg like this > apt-get install postfix mailscanner spamassassin > > but download clamav manually. then install it. > my freshclam.conf is in- /usr/local/etc/ > and *.cvd files are in- /var/lib/clamav/ > > in MailScanner.conf file- > Virus Scanning = yes > Virus Scanner = clamav Where is clamscan? > > > Here is log, where an attach file eicar.com.txt which > contains virus- > > Jun 22 18:48:42 mailx-bk postfix/smtpd[10404]: > 1ABB3D6BC4: client=unknown[192.168.200.70] > Jun 22 18:48:42 mailx-bk postfix/cleanup[10406]: > 1ABB3D6BC4: message-id=<42B95C5F.7070908@myserver.com> > Jun 22 18:48:42 mailx-bk postfix/qmgr[518]: > 1ABB3D6BC4: from=, size=1037, > nrcpt=1 (queue active) > Jun 22 18:48:42 mailx-bk postfix/qmgr[518]: > 1ABB3D6BC4: to=, > relay=none, delay=0, status=deferred (delivery > temporarily suspended: deferred transport) > Jun 22 18:48:48 mailx-bk MailScanner[258]: Filename > Checks: Allowing 1ABB3D6BC4.D76FB msg-258-1.txt > Jun 22 18:48:48 mailx-bk MailScanner[258]: Filename > Checks: Allowing 1ABB3D6BC4.D76FB eicar.com.txt > Jun 22 18:48:48 mailx-bk MailScanner[258]: Requeue: > 1ABB3D6BC4.D76FB to 5036F7F405 > > > Please help me to resolve it. > > Thanks > Meshbah > > --- Glenn Steen wrote: > > >>On 6/21/05, Meshbah Uddin Ahmed >> wrote: >> >>>In MailScannerc.onf, it was >>>Maximum Archive Depth = 2 >>> >>>i set it 0. then zip files sent. But if i attach >> >>zip >> >>>file, which contains virus, it also sent, clamav >> >>didnt >> >>>chk it. >>> >>>where as if i set Maximum Archive Depth = 2, >>>MailScanner block all attach file which ext is >> >>.zip >> >>>pls, advice. >>> >>> >>> >>> >>>--- Glenn Steen wrote: >>> >>> >>>>On 6/21/05, Meshbah Uddin Ahmed >>>> wrote: >>>> >>>>>Hi, >>>>> >>>>>I use Postfix + MailScanner + ClamAV + >>>> >>>>SpamAssassin in >>>> >>>>>Debian. All are works fine. I faced a problem, >>>> >>>>when i >>>> >>>>>want to send mail with zip attach included >> >>.exe, >> >>>>>mailscanner blocks it. But if i create that >> >>folder >> >>>>>with tgz extension then it successfully send. >>>>> >>>>>In my filenames.rules.conf file, both /.zip >> >>and >> >>>>>/.t?gz >>>>>are allowed. >>>>> >>>>>Plaese advice me, what should i do to recover >> >>it. >> >>>>>Reagrds >>>>>Meshbah >>>>> >>>> >>>>Hm, shouldn't the tgz-ball have been stoped too? >>>>Anyway, if you read >>>>the comments just above >>>>Maximum Archive Depth = >>>>you'll see that you should perhaps set it to 0. >>>> >>>>-- >>>>-- Glenn >>>>email: glenn < dot > steen < at > gmail < dot > >> >>com >> >>>>work: glenn < dot > steen < at > ap1 < dot > se >>>> >> >>Would clamscan find that virus *outside* of MS? As >>it says in the >>comments, this should have nothing to do with >>whether clamav can find >>a virus or not. Look at virus.scanners.conf, use >>the second and third >>column for clamav like this: >>/usr/lib/MailScanner/clamav-wrapper /usr/local -r >>--disable-summary >>--stdout /path/to/file.with.virus.zip >>(all on one line, in case that got wrapped:). >>Does that detect it? >> >>-- >>-- Glenn >>email: glenn < dot > steen < at > gmail < dot > com >>work: glenn < dot > steen < at > ap1 < dot > se >> >>------------------------ MailScanner list >>------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with >>the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki >>(http://wiki.mailscanner.info/) and >>the archives >>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off >>the website! >> > > > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jacques at MONACO.NET Wed Jun 22 14:46:20 2005 From: jacques at MONACO.NET (Jacques Caruso) Date: Thu Jan 12 21:30:05 2006 Subject: Postfix: Mails aren't delivered with MS 4.41.3 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Le Mardi 21 Juin 2005 20:11, Julian Field a écrit : > Can you just make the hash depth 0 for all the queues? Yes, that way it seems to work. Note that I couldn't just add `hash_queue_depth = 0' in main.cf, as it complained the value must be >=1, nor could I use `hash_queue_names =' (it would then whine about the empty string), in the end `hash_queue_names = ""' worked for me. Thanks for the workaround ! PS : I'd suggest adding this to the Postfix installation procedure, as people will inevitably upgrade to 2.2.x over time. Cheers, -- [ Jacques Caruso Développeur PHP ] [ Monaco Internet http://monaco-internet.mc/ ] [ Tél : (+377) 93 10 00 43 Clé PGP : 0x41F5C63D ] [ * To err is human; to make a real disaster requires a computer! * ] ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jacques at MONACO.NET Wed Jun 22 15:10:37 2005 From: jacques at MONACO.NET (Jacques Caruso) Date: Thu Jan 12 21:30:05 2006 Subject: Postfix: Mails aren't delivered with MS 4.41.3 Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Le Mardi 21 Juin 2005 22:37, Drew Marshall a écrit : > I would give your machine 2 IP addresses. One 'internal' and one > external. The external one use the standard hold queue set up with, > the second specify as > [SNIP] > in master.cf so you get no MailScanner involvement at all. This won't work for me, as mails to be relayed also enter from the external queue (the server acts as a backup MX for several domains). The real solution would be to move the relay server to another, but this would involve modifying a number of DNS records, some of which I don't have control over. Hence, it is inconvenient to do at the moment. > Which shouldn't be touched by MailScanner as it's using the proven to > be unreliable defer method. you will end up with duplicated/ > truncated messages. Actually, this hasn't happened here since a *very* long time (at least one year), hence I consider the problem to be irrelevant. If it does reappear, I'll reconsider my position. > change your master.cf as I suggested above. The other option, which I > would not recommend is to change to the following in main.cf; > > hash_queue_names = deferred, defer, incoming Well, I just did the reverse (removing all hashing) as in the end, hashed queues aren't that useful (we haven't got any performance problems) and are more of a pain to work with than anything else. > which will solve your problem, but not your setup. Sure, but I'm reluctant to radically change the setup as it served me well for a long time now. « Never touch a working system », remember ? :-) Cheers, -- [ Jacques Caruso Développeur PHP ] [ Monaco Internet http://monaco-internet.mc/ ] [ Tél : (+377) 93 10 00 43 Clé PGP : 0x41F5C63D ] [ * To err is human; to make a real disaster requires a computer! * ] ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Wed Jun 22 15:52:06 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:30:05 2006 Subject: MailScanner cant detect virus Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 6/22/05, Meshbah Uddin Ahmed wrote: > yes, u right, my scanner doesnt detect virus. pls > advice me what can i do. here is my settings- > > in my virus.scanners.conf file, it is- > clamav /etc/MailScanner/wrapper/clamav-wrapper /usr > > I have install all pkg like this > apt-get install postfix mailscanner spamassassin > > but download clamav manually. then install it. > my freshclam.conf is in- /usr/local/etc/ > and *.cvd files are in- /var/lib/clamav/ > > in MailScanner.conf file- > Virus Scanning = yes > Virus Scanner = clamav (snip) Could you show the output from ls /etc/MailScanner/wrapper (just to verify that this is actually correct... Seems a bit odd:) ls -l /usr/bin/clamscan /usr/local/bin/clamscan (just to determine if the "final /usr" in virus.scanners.conf is correct). I'm guessing that the deb package might have things set a bit odd (at least compared to the usual rpm or tarball install of MailScanner)... And that the install of clamav from source that is "sort off biting you":-). If you have clamscan in /usr/local/bin, as would be normal with a straight build from source, then you'd probably only need change /usr to /usr/local in the third column for clamav (in virus.scanners.conf, of course:). HtH -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Wed Jun 22 16:16:43 2005 From: michele at BLACKNIGHT.IE (Michele Neylon) Date: Thu Jan 12 21:30:05 2006 Subject: Allow Form Tags = no Message-ID: Paul Houselander <> scribbled on 22 June 2005 14:09: > Hi > > Just been doing some testing as I saw a message come through that had > been blocked (due to it containing a form tag) but part of the > message still displayed > > I have > > Allow Form Tags = no > Convert Dangerous HTML To Text = no > Convert HTML To Text = no > > I sent myself a message with a form tag + some extra HTML e.g. table > and some bullet points. When I recieved the email the form tag was > stripped out, I got the warning message saying the mail had been > blocked but the rest of the email was displayed but converted to > plain text - is this correct? With the above settings I was thinking > the whole email should be blocked? > > Im using the rpm version of 4.41.3 on a fedora core 2 box. > Couple of things. It could be that you have conflicting setting in your MailScanner.conf You may also need to take into account that the html parser may not have picked up on all of the tags. Of course I could be imagining all this ... M Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. +353 (0) 59 9183072 Fax. +353 (0) 59 9164239 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jrudd at UCSC.EDU Wed Jun 22 16:54:48 2005 From: jrudd at UCSC.EDU (John Rudd) Date: Thu Jan 12 21:30:05 2006 Subject: Allow Form Tags = no Message-ID: On Jun 22, 2005, at 8:16 AM, Michele Neylon wrote: > Paul Houselander <> scribbled on 22 June 2005 14:09: > >> Hi >> >> Just been doing some testing as I saw a message come through that had >> been blocked (due to it containing a form tag) but part of the >> message still displayed >> >> I have >> >> Allow Form Tags = no >> Convert Dangerous HTML To Text = no >> Convert HTML To Text = no >> >> I sent myself a message with a form tag + some extra HTML e.g. table >> and some bullet points. When I recieved the email the form tag was >> stripped out, I got the warning message saying the mail had been >> blocked but the rest of the email was displayed but converted to >> plain text - is this correct? With the above settings I was thinking >> the whole email should be blocked? >> >> Im using the rpm version of 4.41.3 on a fedora core 2 box. >> > > Couple of things. > > It could be that you have conflicting setting in your MailScanner.conf > > You may also need to take into account that the html parser may not > have > picked up on all of the tags. > > Of course I could be imagining all this ... > It might also be that the original message had both an HTML segment and a Plain Text alternative segment. The above settings might have caused the removal of the HTML segment, leaving the Plain Text one as the only segment left. So it would appear that the HTML was converted to Plain Text by mailscanner, but it was actually done by the sender. (but that's just a SWAG on my part) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Wed Jun 22 17:30:48 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:30:05 2006 Subject: Postfix: Mails aren't delivered with MS 4.41.3 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jacques Caruso said: > Le Mardi 21 Juin 2005 22:37, Drew Marshall a écrit : >> I would give your machine 2 IP addresses. One 'internal' and one >> external. The external one use the standard hold queue set up with, >> the second specify as >> [SNIP] >> in master.cf so you get no MailScanner involvement at all. > > This won't work for me, as mails to be relayed also enter from the > external queue (the server acts as a backup MX for several domains). > The real solution would be to move the relay server to another, but > this would involve modifying a number of DNS records, some of which I > don't have control over. Hence, it is inconvenient to do at the moment. Fair enough > >> Which shouldn't be touched by MailScanner as it's using the proven to >> be unreliable defer method. you will end up with duplicated/ >> truncated messages. > > Actually, this hasn't happened here since a *very* long time (at least > one year), hence I consider the problem to be irrelevant. If it does > reappear, I'll reconsider my position. It's pleasing to hear and if you are happy to take the risk, that's good. > >> change your master.cf as I suggested above. The other option, which I >> would not recommend is to change to the following in main.cf; >> >> hash_queue_names = deferred, defer, incoming > > Well, I just did the reverse (removing all hashing) as in the end, > hashed queues aren't that useful (we haven't got any performance > problems) and are more of a pain to work with than anything else. Indeed. The problem is that MailScanner is checking the incoming directory (That is the one it is collecting from) and setting the out going one (The one it puts mail into when it's been cleaned etc) to be the same. So you can just remove hashing from the deferred queue and leave the defer as hashed if it's easier or what ever mix suits as long as both sides are the same (In this instance your problem came up because the Postfix defaults happen to be different from the eyes of MS) > >> which will solve your problem, but not your setup. > > Sure, but I'm reluctant to radically change the setup as it served me > well for a long time now. « Never touch a working system », > remember ? :-) Yeah, fair point well made :-) Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jun 22 18:10:55 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:05 2006 Subject: Postfix: Mails aren't delivered with MS 4.41.3 Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Can you add this to the Wiki please? I would like all the installation instructions to move into the Wiki, so if you could do this for the Postfix installation instructions, this would be very helpful. Jacques Caruso wrote: >Le Mardi 21 Juin 2005 20:11, Julian Field a écrit : > > >>Can you just make the hash depth 0 for all the queues? >> >> > >Yes, that way it seems to work. Note that I couldn't just add >`hash_queue_depth = 0' in main.cf, as it complained the value must be > > >>=1, nor could I use `hash_queue_names =' (it would then whine about >> >> >the empty string), in the end `hash_queue_names = ""' worked for me. >Thanks for the workaround ! > >PS : I'd suggest adding this to the Postfix installation procedure, as >people will inevitably upgrade to 2.2.x over time. > >Cheers, > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQrmbphH2WUcUFbZUEQKIdACgpKg23XEdZSBJRRgKlPohxe0VEqkAoPGH 4lV5ChBrithxh/tZpI9i916I =YBrf -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vasiliy at lohankin.com Wed Jun 22 18:56:43 2005 From: vasiliy at lohankin.com (Vasiliy Boulytchev) Date: Thu Jan 12 21:30:05 2006 Subject: MailScanner::Config::Value question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] In my custom function, is there a way to call something similar to MailScanner::Config::Value('spamchecks',$message) that can differentiate between addresses that are whitelisted versus ones that are simply not in the subscriber list? The above function seems to check both at once. Thanks, -- Vasiliy Boulytchev Colorado Information Technologies www.coinfotech.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jun 22 19:16:27 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:05 2006 Subject: MailScanner::Config::Value question Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 What do you mean by "the subscriber list"? Vasiliy Boulytchev wrote: > In my custom function, is there a way to call something similar to > MailScanner::Config::Value('spamchecks',$message) that can > differentiate between addresses that are whitelisted versus ones that > are simply not in the subscriber list? The above function seems to > check both at once. > > > > Thanks, > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQrmq/BH2WUcUFbZUEQIN+QCg+A2m2SZr4bdJ7zJUZxVPZqqovjkAoNOu gfR63r6QCS1GkX7iurkGkdso =n3XL -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drolland at KDINET.COM Wed Jun 22 19:54:05 2005 From: drolland at KDINET.COM (Diane Rolland) Date: Thu Jan 12 21:30:05 2006 Subject: stored messages question Message-ID: We have a situation where we would like to be able to store messages sent from a particular user on our system for review, then the Administrator would have the ability to send them on if they are found to be satisfactory. I was thinking about adding into my spam.blacklist.rules: From: user@ourdomain.com store But when I've seen message released from quarantine, they look like they come from the postmaster rather than the originating user. Is there a way that MailScanner can handle this? Thanks Diane ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drolland at KDINET.COM Wed Jun 22 20:09:15 2005 From: drolland at KDINET.COM (Diane Rolland) Date: Thu Jan 12 21:30:05 2006 Subject: stored messages question Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Diane Rolland > Sent: Wednesday, June 22, 2005 1:54 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: stored messages question > > We have a situation where we would like to be able to store messages sent > from a particular user on our system for review, then the Administrator > would have the ability to send them on if they are found to be > satisfactory. > > I was thinking about adding into my spam.blacklist.rules: > From: user@ourdomain.com store > > But when I've seen message released from quarantine, they look like they > come from the postmaster rather than the originating user. > > Is there a way that MailScanner can handle this? > > Thanks > Diane [Diane Rolland] p.s. We are also using MailWatch, and I'd like the ability to use that interface if possible to release messages. Thanks! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Wed Jun 22 20:07:17 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:05 2006 Subject: stored messages question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Diane Rolland wrote: > We have a situation where we would like to be able to store messages sent > from a particular user on our system for review, then the Administrator > would have the ability to send them on if they are found to be satisfactory. > > I was thinking about adding into my spam.blacklist.rules: > From: user@ourdomain.com store > > But when I've seen message released from quarantine, they look like they > come from the postmaster rather than the originating user. > > Is there a way that MailScanner can handle this? > > Thanks > Diane > By creating a ruleset for non-spam action, setting only 'store' for this user and 'deliver' as default. Or maybe using the 'Archive' setting. See MailScanner.conf ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drolland at KDINET.COM Wed Jun 22 20:34:48 2005 From: drolland at KDINET.COM (Diane Rolland) Date: Thu Jan 12 21:30:05 2006 Subject: stored messages question Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Ugo Bellavance > Sent: Wednesday, June 22, 2005 2:07 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: stored messages question > > By creating a ruleset for non-spam action, setting only 'store' for this > user and 'deliver' as default. > > Or maybe using the 'Archive' setting. See MailScanner.conf [Diane Rolland] The non-spam action ruleset does seem to do what we want, but how do I then resubmit it to the outbound queue? MailWatch does not have that option for these types of quarantined messages. Thanks! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Wed Jun 22 20:50:48 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:30:05 2006 Subject: stored messages question Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Diane Rolland > Sent: Wednesday, June 22, 2005 3:35 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: stored messages question > > > -----Original Message----- > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > > Behalf Of Ugo Bellavance > > Sent: Wednesday, June 22, 2005 2:07 PM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: stored messages question > > > > By creating a ruleset for non-spam action, setting only 'store' for this > > user and 'deliver' as default. > > > > Or maybe using the 'Archive' setting. See MailScanner.conf > > [Diane Rolland] > > The non-spam action ruleset does seem to do what we want, but how do I > then > resubmit it to the outbound queue? MailWatch does not have that option > for > these types of quarantined messages. > > Thanks! I'm pretty sure that you'd have to modify the MailWatch code to be able to release these messages from MailWatch but NOT have them sent by postmaster, Of course there are ways to release the messages manually but these depend on the format the messages are stored in. I'm pretty sure that most of the details for such manual release are in the MAQ. Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Wed Jun 22 20:51:13 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:05 2006 Subject: stored messages question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Diane Rolland wrote: >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>Behalf Of Ugo Bellavance >>Sent: Wednesday, June 22, 2005 2:07 PM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: stored messages question >> >>By creating a ruleset for non-spam action, setting only 'store' for this >>user and 'deliver' as default. >> >>Or maybe using the 'Archive' setting. See MailScanner.conf > > > [Diane Rolland] > > The non-spam action ruleset does seem to do what we want, but how do I then > resubmit it to the outbound queue? MailWatch does not have that option for > these types of quarantined messages. > > Thanks! > Possible Look at the wiki. Or maybe in the MAQ. There should be a command-line for your MTA. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ewallig at AEROCONTRACTORS.COM Wed Jun 22 21:19:39 2005 From: ewallig at AEROCONTRACTORS.COM (Ed Wallig) Date: Thu Jan 12 21:30:05 2006 Subject: MailScanner + webmail - issues? Message-ID: Hi, Brand new to MailScanner - using it in conjunction with ASSP for more complete content protection. Here's my config: Platform: CentOS 4 Server: HP Proliant 3GHz Xeon, 1GB RAM 80GB IDE MTA: Postfix Other: ASSP (assp.sf.net), @Mail (client mode only) I'm not even sure if MailScanner is the problem but my issue seems to have started after installing MS. This box acts as an SMTP relay in my DMZ. Mail travels in this manner: Incoming Channel: Internet-->Firewall-->ASSP (port 25)-->postfix (port 10025)-->Internal mail server Outgoing Channel: Internal Mail server-->ASSP (port 25)-->postfix (10025)-- >Firewall-->Internet. This is a normal installation when using ASSP and works fine. Postfix is configured to only relay traffic for my domain to my internal mail server. ASSP verifies that recipient is a valid internal recipient tyhrough the use of a flat file. I also have the @Mail (www.atmail.com) webmail client installed on this box. The client provides a webmail interface for my external users; it communicates with my internal mail server via IMAP. The @Mail client uses the SMTP engine on the internal mail server and not postfix and traffic from the webmail client routes in this manner: webmailclient-->internal mail server-->ASSP-->Postfix--> I know this is a round-about path, but it provides a more complete record of the activity on the webmail. After installing MailScanner, it is taking anywhere from 30 seconds to 3 minutes for an email message to be sent from the webmail interface. I don't understand this because I'm not sure how MS would interface with the traffic at this point, shouldn't it just scan the mail once it has returned to this box via the outgoing channel? In any event, I'm at my wits' end; support for @Mail is slow in coming so I'm hoping that someone else has had a similar issue. Any ideas? Thanks in advance... - Ed ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vasiliy at lohankin.com Wed Jun 22 22:03:56 2005 From: vasiliy at lohankin.com (Vasiliy Boulytchev) Date: Thu Jan 12 21:30:05 2006 Subject: MailScanner::Config::Value question Message-ID: Julian Field wrote: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 What do you mean by "the subscriber list"? Vasiliy Boulytchev wrote: In my custom function, is there a way to call something similar to MailScanner::Config::Value('spamchecks',$message) that can differentiate between addresses that are whitelisted versus ones that are simply not in the subscriber list? The above function seems to check both at once. Thanks, - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQrmq/BH2WUcUFbZUEQIN+QCg+A2m2SZr4bdJ7zJUZxVPZqqovjkAoNOu gfR63r6QCS1GkX7iurkGkdso =n3XL -----END PGP SIGNATURE----- Simple. We have a list (rule) of clients that either get spam filtering or not :) (same with virus) -- Vasiliy Boulytchev Colorado Information Technologies www.coinfotech.com From vasiliy at lohankin.com Wed Jun 22 22:03:56 2005 From: vasiliy at lohankin.com (Vasiliy Boulytchev) Date: Thu Jan 12 21:30:05 2006 Subject: MailScanner::Config::Value question Message-ID: Julian Field wrote: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 What do you mean by "the subscriber list"? Vasiliy Boulytchev wrote: In my custom function, is there a way to call something similar to MailScanner::Config::Value('spamchecks',$message) that can differentiate between addresses that are whitelisted versus ones that are simply not in the subscriber list? The above function seems to check both at once. Thanks, - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQrmq/BH2WUcUFbZUEQIN+QCg+A2m2SZr4bdJ7zJUZxVPZqqovjkAoNOu gfR63r6QCS1GkX7iurkGkdso =n3XL -----END PGP SIGNATURE----- Simple. We have a list (rule) of clients that either get spam filtering or not :) (same with virus) -- Vasiliy Boulytchev Colorado Information Technologies www.coinfotech.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Wed Jun 22 21:53:01 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:05 2006 Subject: MailScanner + webmail - issues? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ed Wallig wrote: > Hi, > > Brand new to MailScanner - using it in conjunction with ASSP for more > complete content protection. Here's my config: > > Platform: CentOS 4 > Server: HP Proliant 3GHz Xeon, 1GB RAM 80GB IDE > MTA: Postfix > Other: ASSP (assp.sf.net), @Mail (client mode only) > > I'm not even sure if MailScanner is the problem but my issue seems to have > started after installing MS. This box acts as an SMTP relay in my DMZ. > Mail travels in this manner: > > Incoming Channel: Internet-->Firewall-->ASSP (port 25)-->postfix (port > 10025)-->Internal mail server > > Outgoing Channel: Internal Mail server-->ASSP (port 25)-->postfix (10025)-- > >>Firewall-->Internet. > > > This is a normal installation when using ASSP and works fine. Postfix is > configured to only relay traffic for my domain to my internal mail server. > ASSP verifies that recipient is a valid internal recipient tyhrough the > use of a flat file. > > I also have the @Mail (www.atmail.com) webmail client installed on this > box. The client provides a webmail interface for my external users; it > communicates with my internal mail server via IMAP. The @Mail client uses > the SMTP engine on the internal mail server and not postfix and traffic > from the webmail client routes in this manner: > > webmailclient-->internal mail server-->ASSP-->Postfix--> > > I know this is a round-about path, but it provides a more complete record > of the activity on the webmail. > > After installing MailScanner, it is taking anywhere from 30 seconds to 3 > minutes for an email message to be sent from the webmail interface. I > don't understand this because I'm not sure how MS would interface with the > traffic at this point, shouldn't it just scan the mail once it has > returned to this box via the outgoing channel? > > In any event, I'm at my wits' end; support for @Mail is slow in coming so > I'm hoping that someone else has had a similar issue. > > Any ideas? Thanks in advance... > > - Ed > Well, MailScanner does increase the load on a server. If your server is swapping, that may explain the delays. http://wiki.mailscanner.info/doku.php?id=documentation:test_troubleshoot:performance ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From wright at CYBERVALE.COM Thu Jun 23 00:13:51 2005 From: wright at CYBERVALE.COM (Terran Wright) Date: Thu Jan 12 21:30:05 2006 Subject: OT: implementing RBL in sendmail Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Good day all, Our setup is such that the Mailscanner box is the MX and it relays mails to the actual email server, outgoing mails are sent directly from the mail server. Based on what I've seen alot of mails bypass the MailScanner box and the vast majority of them are Spam and contain infected files. I added the following two lines to the sendmail.mc recently and did a make -C /etc/mail FEATURE(`dnsbl',`dnsbl.njabl.org',`"550 Mail from " $&{client_addr} " rejected - see http://njabl.org/"')dnl FEATURE(`dnsbl',`cbl.abuseat.org',`"550 Mail from " $&{client_addr} " rejected - see http://cbl.abuseat.org/"')dnl as recently as today I got a complaint about a mail that got through even though the IP address was listed at cbl.abuseat.org any ideas guys? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at nkpanama.com Thu Jun 23 01:21:24 2005 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Jan 12 21:30:05 2006 Subject: OT: implementing RBL in sendmail Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Terran Wright wrote: >Good day all, > >Our setup is such that the Mailscanner box is the MX and it relays mails to >the actual email server, outgoing mails are sent directly from the mail >server. Based on what I've seen alot of mails bypass the MailScanner box and >the vast majority of them are Spam and contain infected files. > >I added the following two lines to the sendmail.mc recently and did a >make -C /etc/mail > >FEATURE(`dnsbl',`dnsbl.njabl.org',`"550 Mail from " $&{client_addr} " >rejected - see http://njabl.org/"')dnl >FEATURE(`dnsbl',`cbl.abuseat.org',`"550 Mail from " $&{client_addr} " >rejected - see http://cbl.abuseat.org/"')dnl > >as recently as today I got a complaint about a mail that got through even >though the IP address was listed at cbl.abuseat.org any ideas guys? > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > Is the actual email server available on the internet? If it is, people might be trying to connect straight to its SMTP port and gathering the info from the SMTP greeting message. If your actual server answers "220 BLABLAH.COM SMTP SERVER VERSION BLAH" then spammers will try to write to "whatever@BLABLAH.COM" in order to fish for valid addresses. You need to put your actual server behind a firewall or have it admit connections only from your mailscanner box. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From wright at CYBERVALE.COM Thu Jun 23 00:36:53 2005 From: wright at CYBERVALE.COM (Terran Wright) Date: Thu Jan 12 21:30:05 2006 Subject: OT: implementing RBL in sendmail Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] ----- Original Message ----- From: "Alex Neuman van der Hans" To: Sent: Wednesday, June 22, 2005 8:21 PM Subject: Re: OT: implementing RBL in sendmail > Terran Wright wrote: > > >Good day all, > > > >Our setup is such that the Mailscanner box is the MX and it relays mails to > >the actual email server, outgoing mails are sent directly from the mail > >server. Based on what I've seen alot of mails bypass the MailScanner box and > >the vast majority of them are Spam and contain infected files. > > > >I added the following two lines to the sendmail.mc recently and did a > >make -C /etc/mail > > > >FEATURE(`dnsbl',`dnsbl.njabl.org',`"550 Mail from " $&{client_addr} " > >rejected - see http://njabl.org/"')dnl > >FEATURE(`dnsbl',`cbl.abuseat.org',`"550 Mail from " $&{client_addr} " > >rejected - see http://cbl.abuseat.org/"')dnl > > > >as recently as today I got a complaint about a mail that got through even > >though the IP address was listed at cbl.abuseat.org any ideas guys? > > > Is the actual email server available on the internet? If it is, people > might be trying to connect straight to its SMTP port and gathering the > info from the SMTP greeting message. If your actual server answers "220 > BLABLAH.COM SMTP SERVER VERSION BLAH" then spammers will try to write to > "whatever@BLABLAH.COM" in order to fish for valid addresses. > > You need to put your actual server behind a firewall or have it admit > connections only from your mailscanner box. Yes the server is available on the internet. What impact will only accepting connections from the MailScanner box have on legitimate mails being delivered to the box. Isn't it the case that undelivered mails and the like are returned to the box that they come from and not to the MX of the domain they come from? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Lance at THEHAVERKAMPS.NET Thu Jun 23 02:25:06 2005 From: Lance at THEHAVERKAMPS.NET (Lance W. Haverkamp) Date: Thu Jan 12 21:30:05 2006 Subject: PGP encrypted mail as spam? [u] Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, Mailscanner is marking some PGP encrypted mail as spam. I'm also seeing some yahoogroups digests marked as spam as well. I have a cpanel system, I'm not entirely sure how cpanel gets mailscanner & spamassassin to work together. Spamassassin never seems to make this mistake, headers indicate that mailscanner has thought these are spam. Any suggestions? Thanks, Lance ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From webalizer at NWCWEB.COM Thu Jun 23 02:48:01 2005 From: webalizer at NWCWEB.COM (Dave Duffner - PSCGi) Date: Thu Jan 12 21:30:05 2006 Subject: PGP encrypted mail as spam? [u] Message-ID: Sounds like it's all MS finding the source domains in the blacklists you have set up. Ensim/cPanel/Plesk have all started using the combo now, it's got default settings so if you've never messed with those you're at the point where it's time to learn MS/SA! Check the headers on those, it should (by the default setups these HSP OS's are using that I've seen) contain info on what blacklists tripped it off as MailScanner spam vs. SpamAssassin spam. There are options in both conf files to change the Subjects to something like [SA-SPAM] and [SPAM-MS] like we do so you know which one tagged it. Again, from my experiences with HSP OS's setups of MS/SA, the logic flow is: Inbound, checks Sendmail (or your MTA) reject list Passes to MailScanner MS checks it against blacklists Passes it to SpamAssassin (unless you have SA on in MS) SpamAssassin checks rulesets for content violations If it passes all tests, marked clean and delivered. Lots of variables to that equation and options you can select, but that's where reading the docs & archives come into play for your best results. HTH! David J. Duffner President PSCGi Paradise Shore Communications Group www.pscginternet.com > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Lance W. Haverkamp > Sent: Wednesday, June 22, 2005 9:25 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: PGP encrypted mail as spam? [u] > > > Hi, > > Mailscanner is marking some PGP encrypted mail as spam. I'm > also seeing some yahoogroups digests marked as spam as well. > > I have a cpanel system, I'm not entirely sure how cpanel gets > mailscanner & spamassassin to work together. Spamassassin > never seems to make this mistake, headers indicate that > mailscanner has thought these are spam. > > Any suggestions? > > Thanks, > > Lance I--I Message scanned by MailScanner, and is believed to be clean. CONFIDENTIALITY NOTICE: This transmission intended for the specified destination and person. If this is not you, this e-mail must be deleted immediately. www.pscginternet.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From support-lists at PETDOCTORS.CO.UK Thu Jun 23 09:50:48 2005 From: support-lists at PETDOCTORS.CO.UK (Nigel kendrick) Date: Thu Jan 12 21:30:05 2006 Subject: MailScanner + webmail - issues? Message-ID: >Hi, > >Brand new to MailScanner - using it in conjunction with ASSP for more complete content protection. Here's my config: > >Platform: CentOS 4 >Server: HP Proliant 3GHz Xeon, 1GB RAM 80GB IDE >MTA: Postfix >Other: ASSP (assp.sf.net), @Mail (client mode only) > >[Snip] > >After installing MailScanner, it is taking anywhere from 30 seconds to 3 minutes for an email message to be sent from the webmail interface. I don't understand this because I'm not sure how MS would interface with the traffic at this point, shouldn't it just scan the mail once it has returned to this box via the outgoing channel? I possibly have the same (or similar) Proliant as you, with 768MB RAM running CentOS4, MailScanner and PostFix with Squirrelmail, ClamAV and SpamAssassin (2 x 300GB mirrored SATA disks) MailScaqnner delays are maybe 4-12 seconds and emails sent from our Web interface (Squirrelmail) are processed pretty much straightaway too. First thought it to check DNS resolution - are you running a caching name server on the box? Might be worth having a look through this howto and doing the first part to setup the caching name server bit: http://www.hughesjr.com/content/view/29/30/Guides Only do steps 1-5. Hope this helps. NK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu Jun 23 10:00:08 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:06 2006 Subject: MailScanner + webmail - issues? Message-ID: Ed basic debug on this one.... turn ASSP see what happens.. turn on ASSP then turn off MailScanner. this will give you a clue as where it's being slow and if it's MailScanner or not.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Ed Wallig wrote: > Hi, > > Brand new to MailScanner - using it in conjunction with ASSP for more > complete content protection. Here's my config: > > Platform: CentOS 4 > Server: HP Proliant 3GHz Xeon, 1GB RAM 80GB IDE > MTA: Postfix > Other: ASSP (assp.sf.net), @Mail (client mode only) > > I'm not even sure if MailScanner is the problem but my issue seems to have > started after installing MS. This box acts as an SMTP relay in my DMZ. > Mail travels in this manner: > > Incoming Channel: Internet-->Firewall-->ASSP (port 25)-->postfix (port > 10025)-->Internal mail server > > Outgoing Channel: Internal Mail server-->ASSP (port 25)-->postfix (10025)-- > >>Firewall-->Internet. > > > This is a normal installation when using ASSP and works fine. Postfix is > configured to only relay traffic for my domain to my internal mail server. > ASSP verifies that recipient is a valid internal recipient tyhrough the > use of a flat file. > > I also have the @Mail (www.atmail.com) webmail client installed on this > box. The client provides a webmail interface for my external users; it > communicates with my internal mail server via IMAP. The @Mail client uses > the SMTP engine on the internal mail server and not postfix and traffic > from the webmail client routes in this manner: > > webmailclient-->internal mail server-->ASSP-->Postfix--> > > I know this is a round-about path, but it provides a more complete record > of the activity on the webmail. > > After installing MailScanner, it is taking anywhere from 30 seconds to 3 > minutes for an email message to be sent from the webmail interface. I > don't understand this because I'm not sure how MS would interface with the > traffic at this point, shouldn't it just scan the mail once it has > returned to this box via the outgoing channel? > > In any event, I'm at my wits' end; support for @Mail is slow in coming so > I'm hoping that someone else has had a similar issue. > > Any ideas? Thanks in advance... > > - Ed > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jun 23 11:16:31 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:06 2006 Subject: The Book -- new edition Message-ID: I am working on a new edition of The Book(tm). Currently, I have just updated the content to reflect all the new options that have been added since the last edition, so that it is correct up to and including 4.43. What else would people like to see in the book? Minor changes and additions would be preferred to ideas that involve me writing another 100 pages! All ideas welcome, as usual. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From meshbahuddin at YAHOO.COM Thu Jun 23 11:21:24 2005 From: meshbahuddin at YAHOO.COM (Meshbah Uddin Ahmed) Date: Thu Jan 12 21:30:06 2006 Subject: MailScanner cant detect virus Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks Glenn now works. yes, i have install clamav from by tarball, is in in /usr/local/bin. but in virus.scanner.conf there was /usr instaed of /usr/local. Now its works fine. thank u so much. regards Meshbah --- Glenn Steen wrote: > On 6/22/05, Meshbah Uddin Ahmed > wrote: > > yes, u right, my scanner doesnt detect virus. pls > > advice me what can i do. here is my settings- > > > > in my virus.scanners.conf file, it is- > > clamav /etc/MailScanner/wrapper/clamav-wrapper > /usr > > > > I have install all pkg like this > > apt-get install postfix mailscanner spamassassin > > > > but download clamav manually. then install it. > > my freshclam.conf is in- /usr/local/etc/ > > and *.cvd files are in- /var/lib/clamav/ > > > > in MailScanner.conf file- > > Virus Scanning = yes > > Virus Scanner = clamav > (snip) > Could you show the output from > > ls /etc/MailScanner/wrapper > (just to verify that this is actually correct... > Seems a bit odd:) > > ls -l /usr/bin/clamscan /usr/local/bin/clamscan > (just to determine if the "final /usr" in > virus.scanners.conf is correct). > > I'm guessing that the deb package might have things > set a bit odd (at > least compared to the usual rpm or tarball install > of MailScanner)... > And that the install of clamav from source that is > "sort off biting > you":-). > If you have clamscan in /usr/local/bin, as would be > normal with a > straight build from source, then you'd probably only > need change /usr > to /usr/local in the third column for clamav (in > virus.scanners.conf, > of course:). > > HtH > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > > ------------------------ MailScanner list > ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with > the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki > (http://wiki.mailscanner.info/) and > the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off > the website! > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Thu Jun 23 11:23:20 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:30:06 2006 Subject: Postfix: Mails aren't delivered with MS 4.41.3 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field said: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Can you add this to the Wiki please? > > I would like all the installation instructions to move into the Wiki, so > if you could do this for the Postfix installation instructions, this > would be very helpful. Yes, no problem, I'll add it to the rest. I think the Postfix instructions are one of the more complete MTA sections in the Wiki (Along with the installation instructions for Exim from Martin). Anyone fancy writing some set up/ configuration details for Sendmail, qMail or Zmailer? These don't have any details at all currently and I know there is loads of good, usful information that could (Should?) be included. You can see the structure to follow from the Postfix pages http://wiki.mailscanner.info/doku.php?id=&idx=documentation:configuration:mta:postfix Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Thu Jun 23 11:53:43 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:30:06 2006 Subject: postfix multi recipient Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Would something like http://www.postfix.org/postconf.5.html#default_destination_recipient_limit default_destination_recipient_limit 1 work? Would this mean that i could take delivery of multi recipient messages normally from external but would only delivery them one recipient at a time? Pete Peter Russell wrote: > I have a problem where management insist on one user account not being > scanned for spam at all. I have used ruleset to exclude the account. > > Trouble is that email to this account is always grouped with email other > people. Postfix doest seem to automatically make separate copies of the > email for each recipient, meaning that all of those recipients receive > the spam. > > I see there are patches to make changes to sendmail, but cant find much > on Postfix - is there no way of fixing this with postfix? > > I have asked if they would allow it to be scanned and marked as spam, > rather than not scanned, allowing the user to use a outlook rule to > filter them to another folder. But will i face the same issue as before > with multiple recipients receiving an email with the subject marked as > spam? > > Regards > Pete > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From hywel.burris at COMTEC-EUROPE.CO.UK Thu Jun 23 12:05:49 2005 From: hywel.burris at COMTEC-EUROPE.CO.UK (Hywel Burris) Date: Thu Jan 12 21:30:06 2006 Subject: The Book -- new edition Message-ID: Julian, Whilst it's always nice to have a physical Mailscanner book is there any way we could subscribe (by paying of course) to a downloadable pdf. The books great but with mailscanner evolving so rapidy the book becomes out of date quickly. Rgds, Hywel > -----Original Message----- > From: Julian Field [mailto:MailScanner@ECS.SOTON.AC.UK] > Sent: 23 June 2005 11:17 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: The Book -- new edition > > I am working on a new edition of The Book(tm). Currently, I > have just updated the content to reflect all the new options > that have been added since the last edition, so that it is > correct up to and including 4.43. > > What else would people like to see in the book? Minor changes > and additions would be preferred to ideas that involve me > writing another 100 pages! > > All ideas welcome, as usual. > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store PGP > footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ************************************************************************ This e-mail and any attachments are strictly confidential and intended solely for the addressee. They may contain information which is covered by legal, professional or other privilege. If you are not the intended addressee, you must not copy the e-mail or the attachments, or use them for any purpose or disclose their contents to any other person. To do so may be unlawful. If you have received this transmission in error, please notify us as soon as possible and delete the message and attachments from all places in your computer where they are stored. Although we have scanned this e-mail and any attachments for viruses, it is your responsibility to ensure that they are actually virus free. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Thu Jun 23 12:07:59 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:30:06 2006 Subject: postfix multi recipient Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Pete Russell said: > Would something like > http://www.postfix.org/postconf.5.html#default_destination_recipient_limit > default_destination_recipient_limit 1 work? > > Would this mean that i could take delivery of multi recipient messages > normally from external but would only delivery them one recipient at a > time? Yes but _after_ MailScanner has scanned them not before, so it won't do what you want :-( I'm still trying to find ideas for this one... Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Thu Jun 23 12:13:34 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:30:06 2006 Subject: Postfix: Mails aren't delivered with MS 4.41.3 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field said: > Can you add this to the Wiki please? Done. http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:installation#error_messages -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jun 23 12:21:17 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:06 2006 Subject: The Book -- new edition Message-ID: My plan is to update the book twice a year at most. I'm sorry, but I am not going to give anyone the PDF. Too much scope for people to be able to rip me off. Shipping it in dead-tree format mostly stops that happening. On 23 Jun 2005, at 12:05, Hywel Burris wrote: > Julian, > > Whilst it's always nice to have a physical Mailscanner book is > there any > way we could subscribe (by paying of course) to a downloadable pdf. > The > books great but with mailscanner evolving so rapidy the book > becomes out > of date quickly. > > Rgds, > > Hywel > > >> -----Original Message----- >> From: Julian Field [mailto:MailScanner@ECS.SOTON.AC.UK] >> Sent: 23 June 2005 11:17 >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: The Book -- new edition >> >> I am working on a new edition of The Book(tm). Currently, I >> have just updated the content to reflect all the new options >> that have been added since the last edition, so that it is >> correct up to and including 4.43. >> >> What else would people like to see in the book? Minor changes >> and additions would be preferred to ideas that involve me >> writing another 100 pages! >> >> All ideas welcome, as usual. >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store PGP >> footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> ------------------------ MailScanner list >> ------------------------ To unsubscribe, email >> jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) >> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> >> > > ********************************************************************** > ** > This e-mail and any attachments are strictly confidential and > intended solely for the addressee. They may contain information > which is covered by legal, professional or other privilege. If you > are not the intended addressee, you must not copy the e-mail or the > attachments, or use them for any purpose or disclose their contents > to any other person. To do so may be unlawful. If you have received > this transmission in error, please notify us as soon as possible > and delete the message and attachments from all places in your > computer where they are stored. > > Although we have scanned this e-mail and any attachments for > viruses, it is your responsibility to ensure that they are actually > virus free. > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From hywel.burris at COMTEC-EUROPE.CO.UK Thu Jun 23 12:30:07 2005 From: hywel.burris at COMTEC-EUROPE.CO.UK (Hywel Burris) Date: Thu Jan 12 21:30:06 2006 Subject: The Book -- new edition Message-ID: Oh yeah I forgot there are nasty evil people out there ;) > -----Original Message----- > From: Julian Field [mailto:MailScanner@ECS.SOTON.AC.UK] > Sent: 23 June 2005 12:21 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: The Book -- new edition > > My plan is to update the book twice a year at most. > I'm sorry, but I am not going to give anyone the PDF. Too > much scope for people to be able to rip me off. Shipping it > in dead-tree format mostly stops that happening. > > On 23 Jun 2005, at 12:05, Hywel Burris wrote: > > > Julian, > > > > Whilst it's always nice to have a physical Mailscanner book > is there > > any way we could subscribe (by paying of course) to a downloadable > > pdf. > > The > > books great but with mailscanner evolving so rapidy the > book becomes > > out of date quickly. > > > > Rgds, > > > > Hywel > > > > > >> -----Original Message----- > >> From: Julian Field [mailto:MailScanner@ECS.SOTON.AC.UK] > >> Sent: 23 June 2005 11:17 > >> To: MAILSCANNER@JISCMAIL.AC.UK > >> Subject: The Book -- new edition > >> > >> I am working on a new edition of The Book(tm). Currently, > I have just > >> updated the content to reflect all the new options that have been > >> added since the last edition, so that it is correct up to and > >> including 4.43. > >> > >> What else would people like to see in the book? Minor changes and > >> additions would be preferred to ideas that involve me > writing another > >> 100 pages! > >> > >> All ideas welcome, as usual. > >> -- > >> Julian Field > >> www.MailScanner.info > >> Buy the MailScanner book at www.MailScanner.info/store PGP > >> footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >> > >> ------------------------ MailScanner list > >> ------------------------ To unsubscribe, email > >> jiscmail@jiscmail.ac.uk with the words: > >> 'leave mailscanner' in the body of the email. > >> Before posting, read the Wiki > (http://wiki.mailscanner.info/) and the > >> archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> > >> Support MailScanner development - buy the book off the website! > >> > >> > >> > > > > > ********************************************************************** > > ** > > This e-mail and any attachments are strictly confidential > and intended > > solely for the addressee. They may contain information which is > > covered by legal, professional or other privilege. If you > are not the > > intended addressee, you must not copy the e-mail or the > attachments, > > or use them for any purpose or disclose their contents to any other > > person. To do so may be unlawful. If you have received this > > transmission in error, please notify us as soon as possible > and delete > > the message and attachments from all places in your computer where > > they are stored. > > > > Although we have scanned this e-mail and any attachments > for viruses, > > it is your responsibility to ensure that they are actually > virus free. > > > > > > ------------------------ MailScanner list > ------------------------ To > > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki > (http://wiki.mailscanner.info/) and the > > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store PGP > footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ************************************************************************ This e-mail and any attachments are strictly confidential and intended solely for the addressee. They may contain information which is covered by legal, professional or other privilege. If you are not the intended addressee, you must not copy the e-mail or the attachments, or use them for any purpose or disclose their contents to any other person. To do so may be unlawful. If you have received this transmission in error, please notify us as soon as possible and delete the message and attachments from all places in your computer where they are stored. Although we have scanned this e-mail and any attachments for viruses, it is your responsibility to ensure that they are actually virus free. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Thu Jun 23 12:35:25 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:30:06 2006 Subject: quick Wiki author request Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I will add this tomorrow (anythign else needs documenting?) Pete Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > In SpamAssassin 3.1, they are disabling (by default) both DCC and Razor > due to stoopid licensing problems. > > So the installation instructions for these two need to get a bit more > complicated in the wiki. > > What is needed is a couple of extra lines added to the "init.pre" file. > On Linux this is located in /etc/mail/spamassassin. On Solaris this is > located in /usr/perl5//etc/mail/spamassassin. > > You need to add the following lines to it: > # Use DCC > loadplugin Mail::SpamAssassin::Plugin::DCC > > # Use Razor2 > loadplugin Mail::SpamAssassin::Plugin::Razor2 > > Can someone document this in the DCC and Razor2 installation > instructions please, and create any necessary pages. I'm not sure if the > installation of these 2 is documented at all yet, but they certainly > need to be. > > Thanks folks. > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.1 (Build 2185) > > iQA/AwUBQrWj5xH2WUcUFbZUEQJ7eQCg7ND02CNISYbAW0rXb1QOy2Z0nqcAn1Ic > dlrEEdp7RqjRIeF5ViyA5ILX > =xg4K > -----END PGP SIGNATURE----- > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ja at CONVIATOR.COM Thu Jun 23 12:45:12 2005 From: ja at CONVIATOR.COM (Jan Agermose) Date: Thu Jan 12 21:30:06 2006 Subject: SMGateway questions - OT? Message-ID: Hi Im looking for at forum to ask questions on SMGateway - is this the place or should I ask some where else? As im not really sure if its web-interface related or engine related :-) and if it's really the same firm/project? Best regards Jan ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From P.G.M.Peters at UTWENTE.NL Thu Jun 23 13:11:09 2005 From: P.G.M.Peters at UTWENTE.NL (Peter Peters) Date: Thu Jan 12 21:30:06 2006 Subject: The Book -- new edition Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote on 23-6-2005 12:16: > I am working on a new edition of The Book(tm). Currently, I have just > updated the content to reflect all the new options that have been added > since the last edition, so that it is correct up to and including 4.43. Does it have an ISBN? I have the oppertunity to buy a number of books this summer so I will throw MS into the shoppingcart. -- Peter Peters, senior beheerder (Security) Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Thu Jun 23 13:29:55 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:30:06 2006 Subject: OT: implementing RBL in sendmail Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 6/23/05, Terran Wright wrote: > ----- Original Message ----- > From: "Alex Neuman van der Hans" > To: > Sent: Wednesday, June 22, 2005 8:21 PM > Subject: Re: OT: implementing RBL in sendmail > > > > Terran Wright wrote: > > > > >Good day all, > > > > > >Our setup is such that the Mailscanner box is the MX and it relays mails > to > > >the actual email server, outgoing mails are sent directly from the mail > > >server. Based on what I've seen alot of mails bypass the MailScanner box > and > > >the vast majority of them are Spam and contain infected files. > > > > > >I added the following two lines to the sendmail.mc recently and did a > > >make -C /etc/mail > > > > > >FEATURE(`dnsbl',`dnsbl.njabl.org',`"550 Mail from " $&{client_addr} " > > >rejected - see http://njabl.org/"')dnl > > >FEATURE(`dnsbl',`cbl.abuseat.org',`"550 Mail from " $&{client_addr} " > > >rejected - see http://cbl.abuseat.org/"')dnl > > > > > >as recently as today I got a complaint about a mail that got through even > > >though the IP address was listed at cbl.abuseat.org any ideas guys? > > > > > Is the actual email server available on the internet? If it is, people > > might be trying to connect straight to its SMTP port and gathering the > > info from the SMTP greeting message. If your actual server answers "220 > > BLABLAH.COM SMTP SERVER VERSION BLAH" then spammers will try to write to > > "whatever@BLABLAH.COM" in order to fish for valid addresses. > > > > You need to put your actual server behind a firewall or have it admit > > connections only from your mailscanner box. > > Yes the server is available on the internet. > > What impact will only accepting connections from the MailScanner box have on > legitimate mails being delivered to the box. Isn't it the case that > undelivered mails and the like are returned to the box that they come from > and not to the MX of the domain they come from? "Seem" is the key phrase. And if you route outgoing mails through the MX "bastion", "seems" will equate "do". If you don't want the outgoing mails to be checked for virus or spam, simply whitelist the internal servers IP address. After all, what is the point of a condom if you don't use it properly:-):-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Thu Jun 23 13:31:54 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:30:06 2006 Subject: postfix multi recipient Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Drew Marshall wrote: > Pete Russell said: > >>Would something like >>http://www.postfix.org/postconf.5.html#default_destination_recipient_limit >>default_destination_recipient_limit 1 work? >> >>Would this mean that i could take delivery of multi recipient messages >>normally from external but would only delivery them one recipient at a >>time? > > > Yes but _after_ MailScanner has scanned them not before, so it won't do > what you want :-( > > I'm still trying to find ideas for this one... > > Drew > here is a thread on the neohapsis postfix archives, which if i understand correctly requires the same functionality.. Follow this thread.. http://archives.neohapsis.com/archives/postfix/2002-10/1141.html And read these 2 messages in particular http://archives.neohapsis.com/archives/postfix/2002-10/1469.html http://archives.neohapsis.com/archives/postfix/2002-10/1490.html - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From meshbahuddin at YAHOO.COM Thu Jun 23 13:44:56 2005 From: meshbahuddin at YAHOO.COM (Meshbah Uddin Ahmed) Date: Thu Jan 12 21:30:06 2006 Subject: MailScanner block attachment which contains .exe file Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] hi, i want to send mail with attachment zip (which contains .exe). but my mailscanner block it. i want- mailscanner enable it, then clamav detect is it virus or not? otherwise i cant send mail with exe attchment file. my mailscanner block all attachment which conatins .exe i have enabled " allow /.exe " from filename.rules.conf. then mailscanner allowed exe. clamav didnt chk it, whereas i have chked .exe (with virus and also without virus). all allowed. pls advice me, what should i do? reagrds meshbah __________________________________ Do you Yahoo!? Yahoo! Mail - Find what you need with new enhanced search. http://info.mail.yahoo.com/mail_250 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Thu Jun 23 13:57:59 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:30:06 2006 Subject: Postfix: Mails aren't delivered with MS 4.41.3 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 6/23/05, Drew Marshall wrote: > Julian Field said: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > Can you add this to the Wiki please? > > > > I would like all the installation instructions to move into the Wiki, so > > if you could do this for the Postfix installation instructions, this > > would be very helpful. > > Yes, no problem, I'll add it to the rest. I think the Postfix instructions > are one of the more complete MTA sections in the Wiki (Along with the > installation instructions for Exim from Martin). Anyone fancy writing some > set up/ configuration details for Sendmail, qMail or Zmailer? These don't > have any details at all currently and I know there is loads of good, usful > information that could (Should?) be included. You can see the structure to > follow from the Postfix pages > http://wiki.mailscanner.info/doku.php?id=&idx=documentation:configuration:mta:postfix > > Drew Not to be a stickler for details, but Leonardo Helmans instructions for Zmailer seems pretty solid to my "non-Zmailer-conversant" eyes:). Only trouble with it is that he stuck with the name "example" for the wiki file;-). -- -- Glenn (Who is preparing for the traditional Swedish sill-iness of Midsummers eve celebrations... Eating pickled herring, getting drunk and dancing really strange dances. Yes, tomorrow is the day of "the little froggies":-) email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Thu Jun 23 14:01:54 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:30:06 2006 Subject: quick Wiki author request Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 6/23/05, Pete Russell wrote: > I will add this tomorrow (anythign else needs documenting?) > Pete > > Julian Field wrote: (snip) Um, Pete ... look at the recent changes page... I think Mr Root and Michele did it all (and perhaps Ugo too) just minutes after this one went out;) -- -- Glenn ("Helan gåååår...", oops... Just preparing for the rowdiness:-) email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Thu Jun 23 13:55:46 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:06 2006 Subject: MailScanner block attachment which contains .exe file Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Meshbah Uddin Ahmed wrote: > hi, > i want to send mail with attachment zip (which > contains .exe). but my mailscanner block it. > > i want- mailscanner enable it, then clamav detect is > it virus or not? otherwise i cant send mail with exe > attchment file. > > my mailscanner block all attachment which conatins > .exe > > i have enabled " allow /.exe " from > filename.rules.conf. then mailscanner allowed exe. > clamav didnt chk it, whereas i have chked .exe (with > virus and also without virus). all allowed. > Hmm, that is a little unclear. If you set MailScanner to allow exe (and, btw, you probably need to allow executables in filetype.rules.conf), clamav shouldn't complain unless there is a virus in the .exe. > pls advice me, what should i do? > > reagrds > meshbah > > > > __________________________________ > Do you Yahoo!? > Yahoo! Mail - Find what you need with new enhanced search. > http://info.mail.yahoo.com/mail_250 > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Thu Jun 23 14:08:14 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:30:06 2006 Subject: SMGateway questions - OT? Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Jan Agermose > Sent: Thursday, June 23, 2005 7:45 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: SMGateway questions - OT? > > Hi > > Im looking for at forum to ask questions on SMGateway - is this the > place or should I ask some where else? > > As im not really sure if its web-interface related or engine related :-) > and if it's really the same firm/project? > There will be a separate list soon but for now, please send questions to me. Problems should be reported to http://www.fsl.com/feedback/feedback.php Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jun 23 14:14:04 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:06 2006 Subject: The Book -- new edition Message-ID: 0-85432-815-7 But I have been naughty and kept the same ISBN number for all the different versions of the book. It's too much paperwork to keep getting new ISBN numbers issued for what are relatively minor changes. I hope to have the new version ready in the next few weeks or less. I will let the list know when I have uploaded the new version. Preparing it all is quite a job. On 23 Jun 2005, at 13:11, Peter Peters wrote: > Julian Field wrote on 23-6-2005 12:16: > >> I am working on a new edition of The Book(tm). Currently, I have just >> updated the content to reflect all the new options that have been >> added >> since the last edition, so that it is correct up to and including >> 4.43. >> > > Does it have an ISBN? I have the oppertunity to buy a number of books > this summer so I will throw MS into the shoppingcart. > > -- > Peter Peters, senior beheerder (Security) > Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) > Universiteit Twente, Postbus 217, 7500 AE Enschede > telefoon: 053 - 489 2301, fax: 053 - 489 2383, http:// > www.utwente.nl/itbe > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Thu Jun 23 14:19:02 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:30:06 2006 Subject: Postfix: Mails aren't delivered with MS 4.41.3 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Glenn Steen said: > Not to be a stickler for details, but Leonardo Helmans instructions > for Zmailer seems pretty solid to my "non-Zmailer-conversant" eyes:). > Only trouble with it is that he stuck with the name "example" for the > wiki file;-). Oh bother, missed that one. I just read the file name not the content :-( My apologies. Take Zmailer off the list. > -- > -- Glenn (Who is preparing for the traditional Swedish sill-iness of > Midsummers eve celebrations... Eating pickled herring, getting drunk > and dancing really strange dances. Yes, tomorrow is the day of "the > little froggies":-) Froggies must be the Swedish alternative to the British hair of dog?? Or is this what you will be seeing having been a little over zealous with the Akvavit? Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jun 23 14:26:35 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:06 2006 Subject: The Book -- new edition Message-ID: Oh, here is the list of changes documented in the new version, to save you all asking later :-) .- "Allowed Sophos Error Messages" now works for SophosSAVI scanner as well . as the command-line Sophos scanner. .- "\n" can be used to insert line breaks in just about any configuration . setting or languages.conf string. .- Optimised scanning of messages when spam/mcp archive is not kept clean. .- Updated Clam+SpamAssassin package for SpamAssassin 3.0.4. .- Now automatically detects and warns if the "Incoming Work Directory" . setting contains any links. It also corrects the path (but not in the . MailScanner.conf file) and continues to work properly. .- SophosSAVI errors are detected as if they were viruses, and are not . ignored. .- New options "Disarmed Modify Subject" and "Disarmed Subject Text" now . provide the ability to alter the Subject: line if any HTML tags in the . body of the message were disarmed (by having their "Allow .... Tags" set . to "disarm". This is switched on by default. .- New option "Spam Lists To Be Spam" now provides the ability to set how . many Spam Lists a message must appear in before it is considered to be . spam. The default is 1 as that mimics the previous behaviour. .- Reversed spam and disarm tags to leave spam tag at start of Subject:. .- Improved install.sh to work on AMD64 Fedora Core 3 systems. .- Added * wildcard support to phishing.safe.sites.conf, so you can list . *.safedomain.com instead of having to list subdomains and other servers . individually. Useful for listing your own domain. .- Improved phishing net by adding detector for numeric IPs which do match . but warn as they might be part of a fraud. .- The "clamavmodule" scanner cannot unpack archives of RAR version 3. . 2 new configuration settings allow you to unpack the latest RAR archives . for testing by the "clamavmodule" scanner. . It also enables the contents of the RAR archive to be checked for illegal . filenames and filetypes, and also to see if they are password- protected. . Unrar Command = /usr/bin/unrar . Unrar Timeout = 50 .- "Allow Password-protected Archives" can now be a ruleset when using the . clamavmodule virus scanner. .- Multiple "Subject:" lines are removed. The 1st one is kept. .- If the "Unrar Command" is defined and points to an executable program, . it will automatically be used by the "clamav" scanner. No -wrapper . tweaking is needed to do this any more. .- You can now use shell environment variables such as $HOSTNAME or . ${HOSTNAME} in MailScanner.conf and its relatives. .- Changed the "Envelope-From" and "Envelope-To" headers to include your . organisation's name. .- Changed default supplied values for "Allow xxxxx Tags" to disarm all of . these tags. .- Added feature when IP address in a ruleset has all 4 numbers, so that a . full string match is done against the client IP, not a substring match. .- Added 4 new configuration options for setting all ClamAV settings when . using the "clamavmodule" scanner: . ClamAVmodule Maximum Recursion Level . ClamAVmodule Maximum Files . ClamAVmodule Maximum File Size . ClamAVmodule Maximum Compression Ratio .- Can now use $from, $id and $subject in inline signature for signing clean . messages. .- Any entry in the "Archive Mail" setting can contain _DATE_ which will be . replaced with the current date in yyyymmdd form, so you can backup or move . yesterday's archive safely knowing that it won't be written to today. .- Added "Also Find Numeric Phishing" setting (on by default) so that all . numeric IP addresses in links are flagged as being dangerous. - Added "$postmastername" to the list of variables available in many reports. - Postfix support added to "IPBlock" functionality for SMTP connection throttling. Many thanks to Rakesh for writing this. .- Added "Log Dangerous HTML Tags" configuration setting, and removed old . "Log IFrame Tags" configuration setting, so that all potentially dangerous . HTML tags are now logged. This helps when you are developing your white- . list of safe sources of HTML tags, such as newsletters and daily cartoons. .- Added "Phishing Safe Sites File" configuration setting to point to a file . containing a list of fully-qualified hostnames which are ignored in the . phishing detection tests. Any links to any of these hostnames are ignored . in the phishing tests. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jun 23 14:24:08 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:06 2006 Subject: Postfix: Mails aren't delivered with MS 4.41.3 Message-ID: >> -- Glenn (Who is preparing for the traditional Swedish sill-iness of >> Midsummers eve celebrations... Eating pickled herring, getting drunk >> and dancing really strange dances. Yes, tomorrow is the day of "the >> little froggies":-) >> > > Froggies must be the Swedish alternative to the British hair of > dog?? Or > is this what you will be seeing having been a little over zealous > with the > Akvavit? Pickled herring --- yummm. Complete with raw onion? My favourite. Glorious stuff but makes my stomach hurt something awful. Very nice as a treat though! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Thu Jun 23 14:22:57 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:30:06 2006 Subject: The Book -- new edition Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 6/23/05, Julian Field wrote: > I am working on a new edition of The Book(tm). Currently, I have just > updated the content to reflect all the new options that have been > added since the last edition, so that it is correct up to and > including 4.43. > > What else would people like to see in the book? Minor changes and > additions would be preferred to ideas that involve me writing another > 100 pages! > > All ideas welcome, as usual. > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > (flipping through my old copy (for 4.32... Ack! I need by the new one:-)....) Well, you (or rather Steve:) could add some reference to mailscanner.info in the preface, if not already there (perhaps a special mention of the wiki:-). And my old copy is a bit thin on the Phishing stuff, but that is perhaps covered in the current book? And perhaps make a note of the existance and relationship with SMGateway...? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Thu Jun 23 14:27:13 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:30:06 2006 Subject: MailScanner block attachment which contains .exe file Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 6/23/05, Ugo Bellavance wrote: > Meshbah Uddin Ahmed wrote: > > hi, > > i want to send mail with attachment zip (which > > contains .exe). but my mailscanner block it. > > > > i want- mailscanner enable it, then clamav detect is > > it virus or not? otherwise i cant send mail with exe > > attchment file. > > > > my mailscanner block all attachment which conatins > > .exe > > > > i have enabled " allow /.exe " from > > filename.rules.conf. then mailscanner allowed exe. > > clamav didnt chk it, whereas i have chked .exe (with > > virus and also without virus). all allowed. > > > > Hmm, that is a little unclear. > > If you set MailScanner to allow exe (and, btw, you probably need to > allow executables in filetype.rules.conf), clamav shouldn't complain > unless there is a virus in the .exe. > > > pls advice me, what should i do? > > > > reagrds > > meshbah > > > > > > > > __________________________________ > > Do you Yahoo!? > > Yahoo! Mail - Find what you need with new enhanced search. > > http://info.mail.yahoo.com/mail_250 > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > And now that we have clamav working (see the "other thread":), and if we set Archive Depth = 0, doesn't it behave as intended? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Thu Jun 23 14:47:11 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:30:06 2006 Subject: Postfix: Mails aren't delivered with MS 4.41.3 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 6/23/05, Drew Marshall wrote: (snip) > Froggies must be the Swedish alternative to the British hair of dog?? Or > is this what you will be seeing having been a little over zealous with the > Akvavit? > > Drew Nope, the most famous song/dance of a traditional Midsommarfirande is "Små grodorna", in which you sing about the small frogs looking funny since they have no ears nor tails, then going on to imitating said little froggies both in voice and motion.... All in time with the music, of course, a bit depending on your current snaps-level (measured as %Akvavit/liter blood....:-). Come saturday, that hair of dog will come into play, along with the usual shaving of tongue etc:-). Now, what you didn't pick up on was the Sill pun ... Sill is swedish for herring (unless the herring was caught in the Baltic sea, in which case it'll be strömming.... Why? Not a clue:-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Thu Jun 23 14:53:07 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:30:06 2006 Subject: Postfix: Mails aren't delivered with MS 4.41.3 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 6/23/05, Julian Field wrote: > >> -- Glenn (Who is preparing for the traditional Swedish sill-iness of > >> Midsummers eve celebrations... Eating pickled herring, getting drunk > >> and dancing really strange dances. Yes, tomorrow is the day of "the > >> little froggies":-) > >> > > > > Froggies must be the Swedish alternative to the British hair of > > dog?? Or > > is this what you will be seeing having been a little over zealous > > with the > > Akvavit? > > Pickled herring --- yummm. Complete with raw onion? My favourite. > Glorious stuff but makes my stomach hurt something awful. Very nice > as a treat though! > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Yep. And don't forget the Matjes (Yes, all you dutch people, we have our own variant of this, although it's not particularly close to yours:). I've always thought it must be the herring, not only when it comes to the stomach pains, but the dizziness and the headaches (at least the day after...:). Glad to see you're a fellow connoisseur! -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From richard.siddall at ELIRION.NET Thu Jun 23 14:55:10 2005 From: richard.siddall at ELIRION.NET (Richard Siddall) Date: Thu Jan 12 21:30:06 2006 Subject: The Book -- new edition Message-ID: Julian Field wrote: > 0-85432-815-7 > But I have been naughty and kept the same ISBN number for all the > different versions of the book. It's too much paperwork to keep getting > new ISBN numbers issued for what are relatively minor changes. > Sounds like you need an ISSN, not an ISBN: "The MailScanner Book, Summer 2005 edition." Richard. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Thu Jun 23 15:11:10 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:30:06 2006 Subject: OT: Cultural Education (Was Postfix: Mails Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Glenn Steen said: > On 6/23/05, Drew Marshall wrote: > (snip) >> Froggies must be the Swedish alternative to the British hair of dog?? Or >> is this what you will be seeing having been a little over zealous with >> the >> Akvavit? >> >> Drew > Nope, the most famous song/dance of a traditional Midsommarfirande is > "Små grodorna", in which you sing about the small frogs looking funny > since they have no ears nor tails, then going on to imitating said > little froggies both in voice and motion.... All in time with the > music, of course, a bit depending on your current snaps-level > (measured as %Akvavit/liter blood....:-). That must be quite something. Bet you could extort some nice funding based on video of a) The Boss, b) Other PHB, c) Other suitable individual in action. > > Come saturday, that hair of dog will come into play, along with the > usual shaving of tongue etc:-). :-D > > Now, what you didn't pick up on was the Sill pun ... Sill is swedish > for herring (unless the herring was caught in the Baltic sea, in which > case it'll be strömming.... Why? Not a clue:-) This is one of the things I love about this list, not only do I learn something new every day but I expand my cultural knowledge too. Perhaps we could have culture Friday? Must be Friday some where in the world by now! :-). Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Thu Jun 23 15:24:34 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:30:06 2006 Subject: OT: Cultural Education (Was Postfix: Mails Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 6/23/05, Drew Marshall wrote: > Glenn Steen said: > > On 6/23/05, Drew Marshall wrote: > > (snip) > >> Froggies must be the Swedish alternative to the British hair of dog?? Or > >> is this what you will be seeing having been a little over zealous with > >> the > >> Akvavit? > >> > >> Drew > > Nope, the most famous song/dance of a traditional Midsommarfirande is > > "Små grodorna", in which you sing about the small frogs looking funny > > since they have no ears nor tails, then going on to imitating said > > little froggies both in voice and motion.... All in time with the > > music, of course, a bit depending on your current snaps-level > > (measured as %Akvavit/liter blood....:-). > > That must be quite something. Bet you could extort some nice funding based > on video of a) The Boss, b) Other PHB, c) Other suitable individual in > action. Not really.... Most everyone does it (even King Carl XVI Gustav, on occasion... Don't believe I've seen Queen Silvia do it, but then she's german/brasilian so might explain why not:), so... Unless you plan on wholesale extotion of the entire nation....:-) > > > > Come saturday, that hair of dog will come into play, along with the > > usual shaving of tongue etc:-). > > :-D > > > > > Now, what you didn't pick up on was the Sill pun ... Sill is swedish > > for herring (unless the herring was caught in the Baltic sea, in which > > case it'll be strömming.... Why? Not a clue:-) > > This is one of the things I love about this list, not only do I learn > something new every day but I expand my cultural knowledge too. Perhaps we > could have culture Friday? Must be Friday some where in the world by now! > :-). > > Drew Well, for me it's not only "sort-of-friday" (since tomorrow is a national holiday), but also the last moments of work before a 4 week vacation (Yay! Haven't had that much in a *lot* of years)... Might excuse the frivolous nature of these posts:) So all that's left to do is unbind those clariions holding our databases, reset the router configs, turn off mailscanner ... and the phone... and sign off:-). Skål! Er, ... Cheers! -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Thu Jun 23 16:39:14 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:30:06 2006 Subject: The Book -- new edition Message-ID: Julian Field wrote: > I am working on a new edition of The Book(tm). Currently, I have just > updated the content to reflect all the new options that have been > added since the last edition, so that it is correct up to and > including 4.43. > > What else would people like to see in the book? Minor changes and > additions would be preferred to ideas that involve me writing another > 100 pages! > > All ideas welcome, as usual. I'd like to see an annual addendum put out that brings previous books up to date. Since you release so prolifically we could be ordering new books every six months! (Or maybe there's a method to your madness there? ) Since I have the original book, it's only really the new stuff that I need a reference to, so a small companion volume covering the deltas that maybe comes out quarterly (subscription based?) would be just dapper. I can see the start of a new dynasty here: Field Publishing. Watch out Tim O'Reilley. I'd also suggest a bit more discussion on the areas where there seems to be perennial confusion such as zipped file scan depth, bayes lock files (mine's still wonky), rules etc. There's some areas of the .conf file that one has to read through a couple times in order to get the big picture. Some additional verbage that isn't just an echo of the .conf comments would be helpful. You might also add an appendix on the joys/benefits of SMGateway over and above MS. A succinct description of the advantages of using SMGateway over a "roll your own" instance might help w/sales (good for you) and for those in an email admin role but whose primary job is not email administration it might help them make a case to their PHBs that buying a supported product is in their best interest (good for them). HTH... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at OMNICOMP.ORG Thu Jun 23 17:02:03 2005 From: MailScanner at OMNICOMP.ORG (Alan Dobkin) Date: Thu Jan 12 21:30:06 2006 Subject: The Book -- new edition Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 6/23/2005 9:14 AM, Julian Field wrote: > I hope to have the new version ready in the next few weeks or less. I > will let the list know when I have uploaded the new version. > Preparing it all is quite a job. Just my luck, I bought my first copy of your book about a week ago. I haven't even had a chance to really read it yet (just skimmed so far)! Maybe you could offer an upgrade for those of us with bad timing. :-) I also like Kevin's suggestion for some type of addendum, possibly subscription-based. Thanks, Alan ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Thu Jun 23 17:37:44 2005 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:30:06 2006 Subject: Thanks Guys Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I just want to say thank you to Julian and all the guys who helped set-up my system. If I did not have MS installed I would be fighting a Mytob invasion at the moment. It gives me such great pleasure to see all those virus found e-mails coming through to my mailbox. Thanks again Lance ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From andy at TIRESWING.NET Thu Jun 23 18:03:58 2005 From: andy at TIRESWING.NET (Andy Norris) Date: Thu Jan 12 21:30:06 2006 Subject: The Book -- new edition Message-ID: What he said! :-) &E; At 10:39 am 2005-06-23, you wrote: >Julian Field wrote: > > I am working on a new edition of The Book(tm). Currently, I have just > > updated the content to reflect all the new options that have been > > added since the last edition, so that it is correct up to and > > including 4.43. > > > > What else would people like to see in the book? Minor changes and > > additions would be preferred to ideas that involve me writing another > > 100 pages! > > > > All ideas welcome, as usual. > >I'd like to see an annual addendum put out that brings previous books up to >date. Since you release so prolifically we could be ordering new books >every six months! (Or maybe there's a method to your madness there? ) >Since I have the original book, it's only really the new stuff that I need a >reference to, so a small companion volume covering the deltas that maybe >comes out quarterly (subscription based?) would be just dapper. I can see >the start of a new dynasty here: Field Publishing. Watch out Tim O'Reilley. > >I'd also suggest a bit more discussion on the areas where there seems to be >perennial confusion such as zipped file scan depth, bayes lock files (mine's >still wonky), rules etc. There's some areas of the .conf file that one has >to read through a couple times in order to get the big picture. Some >additional verbage that isn't just an echo of the .conf comments would be >helpful. > >You might also add an appendix on the joys/benefits of SMGateway over and >above MS. A succinct description of the advantages of using SMGateway over >a "roll your own" instance might help w/sales (good for you) and for those >in an email admin role but whose primary job is not email administration it >might help them make a case to their PHBs that buying a supported product is >in their best interest (good for them). > >HTH... > >...Kevin >-- >Kevin Miller Registered Linux User No: 307357 >CBJ MIS Dept. Network Systems Admin., Mail Admin. >155 South Seward Street ph: (907) 586-0242 >Juneau, Alaska 99801 fax: (907 586-4500 > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jun 23 18:40:50 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:06 2006 Subject: The Book -- new edition Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 10:39 am 2005-06-23, you wrote: >> Julian Field wrote: >> > I am working on a new edition of The Book(tm). Currently, I have just >> > updated the content to reflect all the new options that have been >> > added since the last edition, so that it is correct up to and >> > including 4.43. >> > >> > What else would people like to see in the book? Minor changes and >> > additions would be preferred to ideas that involve me writing another >> > 100 pages! >> > >> > All ideas welcome, as usual. >> >> I'd also suggest a bit more discussion on the areas where there seems >> to be >> perennial confusion such as zipped file scan depth, > Done. >> bayes lock files (mine's >> still wonky), > What of this is MailScanner-related, and what is SpamAssassin's problem? What would you like me to add, and where? >> rules etc. > What extra would you like? I agree there is confusion, but I'm not sure what to do about it? It's a very simple system if you use it that way, just people don't get the hang of the fact that it just provides a method for creating the setting of an option dependent on where the message is from/to. I don't know why people don't get that bit, to my mind it's blindingly simple. I am obviously just not seeing the problem. Please help. >> There's some areas of the .conf file that one has >> to read through a couple times in order to get the big picture. > Such as? >> You might also add an appendix on the joys/benefits of SMGateway over >> and >> above MS. A succinct description of the advantages of using >> SMGateway over >> a "roll your own" instance might help w/sales (good for you) and for >> those >> in an email admin role but whose primary job is not email >> administration it >> might help them make a case to their PHBs that buying a supported >> product is >> in their best interest (good for them). > I'll mention that to Steve (Swaney and Freegard) and see what they can provide. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQrr0IxH2WUcUFbZUEQI6bQCgtFqUyR0oDb+c7dFzZchRKs0tMhsAoNBu YzfiCe9AMRrvHw9SVrgr54x1 =7b3Q -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From gdoris at rogers.com Thu Jun 23 20:30:16 2005 From: gdoris at rogers.com (Gerry Doris) Date: Thu Jan 12 21:30:06 2006 Subject: The Book -- new edition Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > I am working on a new edition of The Book(tm). Currently, I have just > updated the content to reflect all the new options that have been > added since the last edition, so that it is correct up to and > including 4.43. > > What else would people like to see in the book? Minor changes and > additions would be preferred to ideas that involve me writing another > 100 pages! > > All ideas welcome, as usual. > -- > Julian Field I just checked availability on amazon.ca and your MailScanner book is finally listed. The pricing was interesting... MailScanner New: $67.55 Cdn MailScanner Used: $71.92 Cdn Do these things get better with age...kinda like wine??? Gerry ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michael at NOMENNESCIO.NET Thu Jun 23 21:02:06 2005 From: michael at NOMENNESCIO.NET (Mike) Date: Thu Jan 12 21:30:06 2006 Subject: Rules problem with two "From:" statements Message-ID: Hi, I seem to have stumbled onto a rules bug/problem, unless I'm doing something wrong. I noticed that my rules aren't firing properly. For example, I would like the following (since I use MailWatch) in a ruleset (for instance "Spam Checks"): From: 127.0.0.1 and From: postmaster@ no In English: if the message is sent from the localhost AND has a sender of postmaster@, skip the Spam Checks (and Filename/type checks in other rulesets, etc.). The reason for this double check is that a check on "From: postmaster@" only is not strict enough, since it can be sent from any host. The "From: 127.0.0.1" localhost check only would bypass Spam Checks for ALL senders from the localhost. The rule above does not work at all. However, if I change it to: From: 127.0.0.1 and To: support@ no the rule DOES work. This seems to imply that a rule with "and" cannot have two "From:" statements (possibly the same holds for two "To:" statements, I haven't checked this). I've also tried to change the two "From:" statements to "FromOrTo:", but then MailScanner syslogs the following message (which makes sense): ========== Config Error: Cannot match against destination IP address when resolving configuration option "spamchecks" ========== Julian, can you confirm this behaviour and is it by design (i.e. "a feature and not a bug" to speak with the words of one L. Torvalds...)? Is what I want obscure or is it something others want as well (not sure if this can easily be changed in the code). Regards and thanks in advance, Mike Klinkert ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kodak at FRONTIERHOMEMORTGAGE.COM Thu Jun 23 22:07:34 2005 From: kodak at FRONTIERHOMEMORTGAGE.COM (Jason Balicki) Date: Thu Jan 12 21:30:06 2006 Subject: The Book -- new edition Message-ID: Julian Field <> wrote: > All ideas welcome, as usual. Julian, Someone mentoned to me when I was ranting about the virus warnings that maybe we should put together a list of "best practices" for mail admins -- not necessarily directly MailScanner related, but it couldn't hurt. If we, as a community, came up with something like that would you like to include it as an appendix? --J(K) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Thu Jun 23 22:38:38 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:30:06 2006 Subject: postfix multi recipient Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > Follow this thread.. > http://archives.neohapsis.com/archives/postfix/2002-10/1141.html > > And read these 2 messages in particular > http://archives.neohapsis.com/archives/postfix/2002-10/1469.html > http://archives.neohapsis.com/archives/postfix/2002-10/1490.html > > - dhawal well i emailed the guy who posted that and he responded with the following, but i am not sure how it helps. "The header X-Original-To: is now added by Postfix. Rahul On Thu, 23 Jun 2005, Pete Russell wrote: > HI there, hope you dont mind me emailing you directly. A few of us are discussing an issue you raised on the postifx list a couple of years ago. > > http://archives.neohapsis.com/archives/postfix/2002-10/1469.html > > Is it possible to split mail that has multiple recipients into seperate mails, without causing undue ineefficiency? > > Weitse remarks he will add it to tyhe permenant code, do you know if he did? > > What did you do to work around this properly? > > Kind regards and thanks for your time > Pete >" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vinet138 at YAHOO.COM Thu Jun 23 23:18:52 2005 From: vinet138 at YAHOO.COM (Bill Smith) Date: Thu Jan 12 21:30:06 2006 Subject: The Book -- new edition Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi There, What i think the book really should have is an example of every rule set (MailScanner.conf) so it make it easy to fowllow. explain how these rules set work and how to to create them. I have known people who find it hard to understand on how to create new rule set even after bought the book. escpecially their back ground is pure GUI. Hope it is not too much. Bill. Julian Field wrote: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 10:39 am 2005-06-23, you wrote: >> Julian Field wrote: >> > I am working on a new edition of The Book(tm). Currently, I have just >> > updated the content to reflect all the new options that have been >> > added since the last edition, so that it is correct up to and >> > including 4.43. >> > >> > What else would people like to see in the book? Minor changes and >> > additions would be preferred to ideas that involve me writing another >> > 100 pages! >> > >> > All ideas welcome, as usual. >> >> I'd also suggest a bit more discussion on the areas where there seems >> to be >> perennial confusion such as zipped file scan depth, > Done. ! >> bayes lock files (mine's >> still wonky), > What of this is MailScanner-related, and what is SpamAssassin's problem? What would you like me to add, and where? >> rules etc. > What extra would you like? I agree there is confusion, but I'm not sure what to do about it? It's a very simple system if you use it that way, just people don't get the hang of the fact that it just provides a method for creating the setting of an option dependent on where the message is from/to. I don't know why people don't get that bit, to my mind it's blindingly simple. I am obviously just not seeing the problem. Please help. >> There's some areas of the .conf file that one has >> to read through a couple times in order to get the big picture. > Such as? >> You might also add an appendix on the joys/benefits of SMGateway over >> and >> above MS. A succinct description o! f the advantages of using >> SMGateway over >> a "roll your own" instance might help w/sales (good for you) and for >> those >> in an email admin role but whose primary job is not email >> administration it >> might help them make a case to their PHBs that buying a supported >> product is >> in their best interest (good for them). > I'll mention that to Steve (Swaney and Freegard) and see what they can provide. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQrr0IxH2WUcUFbZUEQI6bQCgtFqUyR0oDb+c7dFzZchRKs0tMhsAoNBu YzfiCe9AMRrvHw9SVrgr54x1 =7b3Q -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Fri Jun 24 00:13:40 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:30:06 2006 Subject: The Book -- new edition Message-ID: Julian Field wrote: >>> I'd also suggest a bit more discussion on the areas where there >>> seems to be perennial confusion such as zipped file scan depth, >> > Done. Dang, you're fast! >>> bayes lock files (mine's >>> still wonky), >> > What of this is MailScanner-related, and what is SpamAssassin's > problem? What would you like me to add, and where? Well, that's where it all gets fuzzy. An overview of the various options, i.e. wait/don't wait, lock type (flock/posix), rebuild every = X, etc. perhaps including some cron scripts for stopping/starting MailScanner if running the bayes rebuild manually, that sort of thing. When I look at the FAQ/MAQ one can put all the pieces together but I've never felt entirely sure what "best practice" was. Currently I have it set to wait during rebuild, and to trigger every 86400 but I still get bayes.lock* files daily. Once in a blue moon I'll get a bayes_expiry* file (or whatever it's called). So is it MailScanner, spamassassin/bayes, the phase of the tide? I dunno, but it's all tied together so even though it may not be strictly MailScanner it is MS related and a frequent point of confusion. It would probably be a page or two of explanation of the options and sample scripts so maybe in an appendix? >>> rules etc. >> > What extra would you like? I agree there is confusion, but I'm not > sure what to do about it? It's a very simple system if you use it > that way, just people don't get the hang of the fact that it just > provides a method for creating the setting of an option dependent on > where the message is from/to. I don't know why people don't get that > bit, to my mind it's blindingly simple. I am obviously just not > seeing the problem. Please help. I think some real-world examples might help here, and this is maybe where some of the faithful could maybe pick up the burden. I don't use much in the way of rules - added a whitelist, and added entries to the blacklist but my particular needs are pretty humble. On the other hand there have been some slick examples of creative application of rules lists. Perhaps a few of the more accomplished folks could contribute a few, (which may need to be sanitized a bit) and those also added an appendix. There are, of course, several examples in the book already, but something a bit more indepth perhaps. I think the same on custom functions would be helpful to folks - again, perhaps those that have already written some could contribute them in the spirit of open source. >>> There's some areas of the .conf file that one has >>> to read through a couple times in order to get the big picture. >> > Such as? I'll try to carve out some time to print it out and look it over. The virus stuff comes to mind - what happens when this option is set but this one isn't, etc. It's well commented in the .conf file but I'll give it a think and see if I can come up w/more specific areas. >>> You might also add an appendix on the joys/benefits of SMGateway >>> over and above MS. A succinct description of the advantages of >>> using SMGateway over a "roll your own" instance might help w/sales >>> (good for you) and for those in an email admin role but whose >>> primary job is not email administration it might help them make a >>> case to their PHBs that buying a supported product is in their best >>> interest (good for them). >> > I'll mention that to Steve (Swaney and Freegard) and see what they can > provide. Thanks for all you do... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From axsomj at LOMPOCHOSPITAL.ORG Fri Jun 24 00:47:05 2005 From: axsomj at LOMPOCHOSPITAL.ORG (John Axsom) Date: Thu Jan 12 21:30:06 2006 Subject: The Book -- new edition Message-ID: Man, just my luck! I just purchased the book not an hour before reading this thread. Oh well, I definately second the addendum idea though. Thanks, John ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Fri Jun 24 01:13:32 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:30:06 2006 Subject: postfix multi recipient Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] smtpd_recipient_limit = 1 Makes every inbound connection stop and deliver a multi recipient message individually, making for heaps of extra work for postfix, which is kinda crappy. So since postfix can seperate the email inbound and seperate it outbound with default_recipient_limit, if we use a 2 postfix instance on the same machine, the 1st external facing to recieve all inbound email, from here it could split the messages before sending to the 2nd postfix instance and then confgiure MailScanner to use the 2nd postfix instance? Performance not really being a big issue with both POstfix running on the same machine? A little messy, not sure if it is worth it, might be time to learn another MTA? I have read heaps of stuff in the postfix forum, Wietse is never going to implement this, and a few people have copped a spray from him for asking (he seems pretty uptight). Dhawal Doshy wrote: > Drew Marshall wrote: > >> Pete Russell said: >> >>> Would something like >>> http://www.postfix.org/postconf.5.html#default_destination_recipient_limit >>> >>> default_destination_recipient_limit 1 work? >>> >>> Would this mean that i could take delivery of multi recipient messages >>> normally from external but would only delivery them one recipient at a >>> time? >> >> >> >> Yes but _after_ MailScanner has scanned them not before, so it won't do >> what you want :-( >> >> I'm still trying to find ideas for this one... >> >> Drew >> > > here is a thread on the neohapsis postfix archives, which if i > understand correctly requires the same functionality.. > > Follow this thread.. > http://archives.neohapsis.com/archives/postfix/2002-10/1141.html > > And read these 2 messages in particular > http://archives.neohapsis.com/archives/postfix/2002-10/1469.html > http://archives.neohapsis.com/archives/postfix/2002-10/1490.html > > - dhawal > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From trystenx at gmail.com Fri Jun 24 05:08:03 2005 From: trystenx at gmail.com (Senthu) Date: Thu Jan 12 21:30:06 2006 Subject: mailscanner declaring mails from local domains as spam Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] hi all. Even after i have listed my ip and domain in the rules/spam.whitelist.rules, i still get some of the domain still to be listed as spam, please advise. What i am concern about is this line : (score=29.72, required 6, autolearn=spam, BAYES_99 3.50, HTML_20_30 0.23, HTML_MES SAGE 0.00, MIME_HTML_ONLY 0.18, MIME_HTML_ONLY_MULTI 2.44, MPART_ALT_DIFF 0.07, MSGID_FROM_MTA_HEADER 0.05, MSGID_FROM_MTA_ID 1.72, RCVD_BY_IP 0.07, RCVD_IN_BL_SPAMCOP_NET 1.22, RCVD_IN_DSBL 3.81, RCVD_IN_XBL 3.08, URIBL_AB_SURBL 0.42, URIBL_JP_SURBL 4 .00, URIBL_OB_SURBL 3.21, URIBL_SC_SURBL 4.26, URIBL_WS_SURBL 1.46, URI_REDIRECTOR 0.01) which saying autolearn=spam. please help... would like to know why my domain procurehere.com sending mail to another loacl domain privasia.com is being listed spam shown in message (1) below. please help. (1) Message j5N4K5Kp004740 from 219.94.76.122 (vally@procurehere.com) to privasia.com is spam, SBL+XBL, SpamAssassin (score=6.584, requ ired 6, BAYES_00 -2.60, HTML_MESSAGE 0.00, HTML_TAG_EXIST_TBODY 0.11, RCVD_IN_DSBL 3.81, RCVD_IN_XBL 3.08, TO_MALFORMED 2.19) thank you all On 6/21/05, Remy de Ruysscher wrote: > Hi, > > Yes you can, but remember to specify your users IP adresses / ranges rather > than your mailserver IP address > this should fix your problems. All your sending users will be treated as NOT > SPAM. > > > Regards, > Remy > > Senthu wrote: > hi Remy, can i add my local domains by name as the external users are > on dynamic ip so i would be able to do like this example: abc.com yes > rather then 192.168.1.2 will this do On 6/21/05, Remy de Ruysscher > wrote: > Hi, What I always do is whitelist all sending (local) domains > in rules/spam.whitelist.rules Checkout the README and > EXAMPLES. Regards, Remy. Senthu wrote: > hi all i have problem with certain domains in my mail server when > Mailscanner checks for spam. i am running multiple domains in my mail server > for email clients and i have clients accessing email from multiple area's. I > have just upgraded my mail server to Mailscanner to 4.42.9 and spamassassin > 3.0.4, i am receiving the following messages when the users sends > email either to local users in the mail server or any external > email. MailScanner[21233]: Message j5L0ucoa021789 from > 203.114.14.161 (jasmin@arianworks.com) to priv asia.com is spam, > SpamAssassin (score=26.854, required 6, autolearn=spam, BAYES_99 3.50, > HELO_DYNAMIC_DHCP 1.25, HELO_DYNAMIC_I PADDR 4.40, HTML_50_60 0.09, > HTML_FONT_BIG 0.14, HTML_LINK_PUSH_HERE 0.87, HTML_MESSAGE 0.00, > MIME_HTML_ONLY 0.18, RCVD_IN_NJA BL_DUL 0.09, RCVD_IN_SORBS_DUL 1.99, > URIBL_AB_SURBL 0.42, URIBL_JP_SURBL 4.00, URIBL_OB_SURBL 3.21, URIBL_SBL > 1.00, URIBL_SC_S URBL 4.26, URIBL_WS_SURBL 1.46) MailScanner[21188]: Spam > Checks: Starting Jun 21 11:07:29 jupiter@mig.com MailScanner[21188]: RBL > checks: j5L36udC027409 found in SBL+XBL Jun 21 11:07:33 jupiter@mig.com > MailScanner[21188]: Message j5L36udC027409 from 203.114.14.161 > (jasmin@arianworks.com) to priv asia.com is spam, SBL+XBL how can i over > come this problem please help. regards trysten ------------------------ > MailScanner list ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of > the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support > MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From trystenx at gmail.com Fri Jun 24 05:35:03 2005 From: trystenx at gmail.com (Senthu) Date: Thu Jan 12 21:30:06 2006 Subject: mailscanner declaring mails from local domains as spam Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] hi This are my configurations for setting rules/spam.whitelist.rules # This is where you can build a Spam WhiteList # Addresses matching in here, with the value # "yes" will never be marked as spam. #From: 152.78. yes #From: 130.246. yes FromOrTo: default no From: 219.94.76.122 yes FromAndTo: @privasia.com yes FromAndTo: @procurehere.com yes And also how can i know about spamassassin, autolearn=spam details. is it doing a self understanding of the spam mail and ignoring it in future. i would prefer to know how can i disable the auto learning and provide my own set of rules. Thank you senthu > On 6/24/05, Mike Kercher wrote: > > Looks like your IP is on the SBL+XBL > > > > What do your rulesets look like? > > > > > > -----Original Message----- > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf > > Of Senthu > > Sent: Thursday, June 23, 2005 11:08 PM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: mailscanner declaring mails from local domains as spam > > > > hi all. > > > > Even after i have listed my ip and domain in the rules/spam.whitelist.rules, > > i still get some of the domain still to be listed as spam, please advise. > > What i am concern about is this line : > > (score=29.72, required 6, autolearn=spam, BAYES_99 3.50, HTML_20_30 0.23, > > HTML_MES SAGE 0.00, MIME_HTML_ONLY 0.18, MIME_HTML_ONLY_MULTI 2.44, > > MPART_ALT_DIFF 0.07, MSGID_FROM_MTA_HEADER 0.05, MSGID_FROM_MTA_ID 1.72, > > RCVD_BY_IP 0.07, RCVD_IN_BL_SPAMCOP_NET 1.22, RCVD_IN_DSBL 3.81, RCVD_IN_XBL > > 3.08, URIBL_AB_SURBL 0.42, URIBL_JP_SURBL 4 .00, URIBL_OB_SURBL 3.21, > > URIBL_SC_SURBL 4.26, URIBL_WS_SURBL 1.46, URI_REDIRECTOR 0.01) > > > > which saying autolearn=spam. please help... would like to know why my > > domain procurehere.com sending mail to another loacl domain privasia.com is > > being listed spam shown in message (1) below. please help. > > > > (1) > > Message j5N4K5Kp004740 from 219.94.76.122 (vally@procurehere.com) to > > privasia.com is spam, SBL+XBL, SpamAssassin (score=6.584, requ ired 6, > > BAYES_00 -2.60, HTML_MESSAGE 0.00, HTML_TAG_EXIST_TBODY 0.11, RCVD_IN_DSBL > > 3.81, RCVD_IN_XBL 3.08, TO_MALFORMED 2.19) > > > > > > thank you > > all > > > > > > On 6/21/05, Remy de Ruysscher wrote: > > > Hi, > > > > > > Yes you can, but remember to specify your users IP adresses / ranges > > rather > > > than your mailserver IP address > > > this should fix your problems. All your sending users will be treated as > > NOT > > > SPAM. > > > > > > > > > Regards, > > > Remy > > > > > > Senthu wrote: > > > hi Remy, > > > > can i add my local domains by name as the external users are > > > on > > dynamic ip so i would be able to do like this example: > > > > abc.com yes > > > rather then 192.168.1.2 will this do > > > > > > On 6/21/05, Remy de Ruysscher > > > wrote: > > > > > Hi, > > > > What I always do is whitelist all sending (local) domains > > > in > > rules/spam.whitelist.rules > > Checkout the README and > > > EXAMPLES. > > > > Regards, > > Remy. > > > > > > > > > > Senthu wrote: > > > > > > > hi all > > > > i have problem with certain domains in my mail server when > > > Mailscanner > > checks for spam. i am running multiple domains in my mail server > > > for > > email clients and i have clients accessing email from multiple area's. > > I > > > have just upgraded my mail server to Mailscanner to 4.42.9 and > > spamassassin > > > 3.0.4, > > i am receiving the following messages when the users sends > > > email > > either to local users in the mail server or any external > > > email. > > > > MailScanner[21233]: Message j5L0ucoa021789 from > > > 203.114.14.161 > > (jasmin@arianworks.com) to priv > > asia.com is spam, > > > SpamAssassin (score=26.854, required 6, > > autolearn=spam, BAYES_99 3.50, > > > HELO_DYNAMIC_DHCP 1.25, HELO_DYNAMIC_I > > PADDR 4.40, HTML_50_60 0.09, > > > HTML_FONT_BIG 0.14, HTML_LINK_PUSH_HERE > > 0.87, HTML_MESSAGE 0.00, > > > MIME_HTML_ONLY 0.18, RCVD_IN_NJA > > BL_DUL 0.09, RCVD_IN_SORBS_DUL 1.99, > > > URIBL_AB_SURBL 0.42, > > URIBL_JP_SURBL 4.00, URIBL_OB_SURBL 3.21, URIBL_SBL > > > 1.00, URIBL_SC_S > > URBL 4.26, URIBL_WS_SURBL 1.46) > > > > > > MailScanner[21188]: Spam > > > Checks: Starting > > Jun 21 11:07:29 jupiter@mig.com MailScanner[21188]: RBL > > > checks: > > j5L36udC027409 found in SBL+XBL > > Jun 21 11:07:33 jupiter@mig.com > > > MailScanner[21188]: Message > > j5L36udC027409 from 203.114.14.161 > > > (jasmin@arianworks.com) to priv > > asia.com is spam, SBL+XBL > > > > how can i over > > > come this problem please help. > > > > > > regards > > trysten > > > > ------------------------ > > > MailScanner list ------------------------ > > To unsubscribe, email > > > jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of > > > the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) > > > and > > the archives > > > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support > > > MailScanner development - buy the book off the website! > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Andreas.Doerfler at KEMPTEN.DE Fri Jun 24 07:17:38 2005 From: Andreas.Doerfler at KEMPTEN.DE ([iso-8859-1] Dörfler Andreas) Date: Thu Jan 12 21:30:06 2006 Subject: FW: [Clamav-announce] announcing ClamAV 0.86.1 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: clamav-announce-bounces@lists.clamav.net > [mailto:clamav-announce-bounces@lists.clamav.net] On Behalf > Of Luca Gibelli > Sent: Thursday, June 23, 2005 11:55 PM > To: ClamAV Announce > Subject: [Clamav-announce] announcing ClamAV 0.86.1 > > > Dear ClamAV users, > > version 0.86.1 is available for download. > A possible crash in the libmspack's Quantum decompressor has > been fixed. > > You are encouraged to upgrade to the latest stable release. > > > Regards, > > -- > The ClamAV team (http://www.clamav.net/team.html) > > -- > Luca Gibelli (luca at clamav.net) - ClamAV, a GPL virus scanner > PGP Key Fingerprint: C782 121E 8C3A 90E3 7A87 D802 6277 8FF4 > 5EFC 5582 > PGP Key Available on: Key Servers || > http://www.clamav.net/gpg/luca.gpg > _______________________________________________ > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-announce > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From trystenx at gmail.com Fri Jun 24 07:59:20 2005 From: trystenx at gmail.com (Senthu) Date: Thu Jan 12 21:30:06 2006 Subject: mailscanner declaring mails from local domains as spam Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, I have listed the FromOrTo: default to the end of the line, and reload mailscanner, am monitoring the mail logs. will inform if any changes has happens. any one got idea on how to manage the spam assassin autolearn=spam. score=29.72, required 6, autolearn=spam, BAYES_99 3.50, HTML_20_30 0.23, HTML_MES SAGE 0.00, MIME_HTML_ONLY 0.18, MIME_HTML_ONLY_MULTI 2.44, MPART_ALT_DIFF 0.07, MSGID_FROM_MTA_HEADER 0.05, MSGID_FROM_MTA_ID 1.72, RCVD_BY_IP 0.07, RCVD_IN_BL_SPAMCOP_NET 1.22, thank you senthu On 6/24/05, Mike Kercher wrote: > FromOrTo: default no should be the LAST line in your file. > MailScanner stops on the first match it hits in these rulesets. Make > default be the last option, reload MailScanner and it should work fine. > > Mike > > > -----Original Message----- > From: Senthu [mailto:trystenx@gmail.com] > Sent: Thursday, June 23, 2005 11:33 PM > To: Mike Kercher > Subject: Re: mailscanner declaring mails from local domains as spam > > hi > > This are my configurations for setting rules/spam.whitelist.rules > > # This is where you can build a Spam WhiteList # Addresses matching in here, > with the value # "yes" will never be marked as spam. > #From: 152.78. yes > #From: 130.246. yes > FromOrTo: default no > From: 219.94.76.122 yes > FromAndTo: @privasia.com yes > FromAndTo: @procurehere.com yes > > And also how can i know about spamassassin, autolearn=spam details. is it > doing a self understanding of the spam mail and ignoring it in future. i > would prefer to know how can i disable the auto learning and provide my own > set of rules. > > > Thank you > senthu > > On 6/24/05, Mike Kercher wrote: > > Looks like your IP is on the SBL+XBL > > > > What do your rulesets look like? > > > > > > -----Original Message----- > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > > Behalf Of Senthu > > Sent: Thursday, June 23, 2005 11:08 PM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: mailscanner declaring mails from local domains as spam > > > > hi all. > > > > Even after i have listed my ip and domain in the > > rules/spam.whitelist.rules, i still get some of the domain still to be > listed as spam, please advise. > > What i am concern about is this line : > > (score=29.72, required 6, autolearn=spam, BAYES_99 3.50, HTML_20_30 > > 0.23, HTML_MES SAGE 0.00, MIME_HTML_ONLY 0.18, MIME_HTML_ONLY_MULTI > > 2.44, MPART_ALT_DIFF 0.07, MSGID_FROM_MTA_HEADER 0.05, > > MSGID_FROM_MTA_ID 1.72, RCVD_BY_IP 0.07, RCVD_IN_BL_SPAMCOP_NET 1.22, > > RCVD_IN_DSBL 3.81, RCVD_IN_XBL 3.08, URIBL_AB_SURBL 0.42, > > URIBL_JP_SURBL 4 .00, URIBL_OB_SURBL 3.21, URIBL_SC_SURBL 4.26, > > URIBL_WS_SURBL 1.46, URI_REDIRECTOR 0.01) > > > > which saying autolearn=spam. please help... would like to know why my > > domain procurehere.com sending mail to another loacl domain > > privasia.com is being listed spam shown in message (1) below. please help. > > > > (1) > > Message j5N4K5Kp004740 from 219.94.76.122 (vally@procurehere.com) to > > privasia.com is spam, SBL+XBL, SpamAssassin (score=6.584, requ ired 6, > > BAYES_00 -2.60, HTML_MESSAGE 0.00, HTML_TAG_EXIST_TBODY 0.11, > > RCVD_IN_DSBL 3.81, RCVD_IN_XBL 3.08, TO_MALFORMED 2.19) > > > > > > thank you > > all > > > > > > On 6/21/05, Remy de Ruysscher wrote: > > > Hi, > > > > > > Yes you can, but remember to specify your users IP adresses / ranges > > rather > > > than your mailserver IP address > > > this should fix your problems. All your sending users will be > > > treated as > > NOT > > > SPAM. > > > > > > > > > Regards, > > > Remy > > > > > > Senthu wrote: > > > hi Remy, > > > > can i add my local domains by name as the external users are > > > on > > dynamic ip so i would be able to do like this example: > > > > abc.com yes > > > rather then 192.168.1.2 will this do > > > > > > On 6/21/05, Remy de Ruysscher > > > wrote: > > > > > Hi, > > > > What I always do is whitelist all sending (local) domains > > > in > > rules/spam.whitelist.rules > > Checkout the README and > > > EXAMPLES. > > > > Regards, > > Remy. > > > > > > > > > > Senthu wrote: > > > > > > > hi all > > > > i have problem with certain domains in my mail server when > > > Mailscanner > > checks for spam. i am running multiple domains in my mail server > > > for > > email clients and i have clients accessing email from multiple area's. > > I > > > have just upgraded my mail server to Mailscanner to 4.42.9 and > > spamassassin > > > 3.0.4, > > i am receiving the following messages when the users sends > > > email > > either to local users in the mail server or any external > > > email. > > > > MailScanner[21233]: Message j5L0ucoa021789 from > > > 203.114.14.161 > > (jasmin@arianworks.com) to priv > > asia.com is spam, > > > SpamAssassin (score=26.854, required 6, > > autolearn=spam, BAYES_99 3.50, > > > HELO_DYNAMIC_DHCP 1.25, HELO_DYNAMIC_I > > PADDR 4.40, HTML_50_60 0.09, > > > HTML_FONT_BIG 0.14, HTML_LINK_PUSH_HERE > > 0.87, HTML_MESSAGE 0.00, > > > MIME_HTML_ONLY 0.18, RCVD_IN_NJA > > BL_DUL 0.09, RCVD_IN_SORBS_DUL 1.99, > > > URIBL_AB_SURBL 0.42, > > URIBL_JP_SURBL 4.00, URIBL_OB_SURBL 3.21, URIBL_SBL > > > 1.00, URIBL_SC_S > > URBL 4.26, URIBL_WS_SURBL 1.46) > > > > > > MailScanner[21188]: Spam > > > Checks: Starting > > Jun 21 11:07:29 jupiter@mig.com MailScanner[21188]: RBL > > > checks: > > j5L36udC027409 found in SBL+XBL > > Jun 21 11:07:33 jupiter@mig.com > > > MailScanner[21188]: Message > > j5L36udC027409 from 203.114.14.161 > > > (jasmin@arianworks.com) to priv > > asia.com is spam, SBL+XBL > > > > how can i over > > > come this problem please help. > > > > > > regards > > trysten > > > > ------------------------ > > > MailScanner list ------------------------ > > To unsubscribe, email > > > jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of > > > the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) > > > and > > the archives > > > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support > > > MailScanner development - buy the book off the website! > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ------------------------ MailScanner list ------------------------ To > > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and the > > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From t.d.lee at DURHAM.AC.UK Fri Jun 24 09:39:05 2005 From: t.d.lee at DURHAM.AC.UK (David Lee) Date: Thu Jan 12 21:30:06 2006 Subject: bayes_expiry: [Was: Re: The Book -- new edition] Message-ID: On Thu, 23 Jun 2005, Kevin Miller wrote: > [...] > Well, that's where it all gets fuzzy. An overview of the various options, > i.e. wait/don't wait, lock type (flock/posix), rebuild every = X, etc. > perhaps including some cron scripts for stopping/starting MailScanner if > running the bayes rebuild manually, that sort of thing. When I look at the > FAQ/MAQ one can put all the pieces together but I've never felt entirely > sure what "best practice" was. Currently I have it set to wait during > rebuild, and to trigger every 86400 but I still get bayes.lock* files daily. > Once in a blue moon I'll get a bayes_expiry* file (or whatever it's called). > So is it MailScanner, spamassassin/bayes, the phase of the tide? I dunno, > but it's all tied together so even though it may not be strictly MailScanner > it is MS related and a frequent point of confusion. > [...] I thought this problem was fixed. We used to be plagued by it: several files per day all piling up. Various "Rebuild Bayes Every =" and "Wait During Bayes Rebuild =" choices seemed to make little difference. But after a flurry of discussion here on the list earlier this year, Julian found the bug (within MS's calling of SA/Bayes); his subsequent MS release (4.40.11?) seems to have fixed it. (Across our three machines, I see only one such file, and that dates back to April. My guess is that such (few) residual occurences are simply due to some sort of non-routine (e.g. manual) stop (or restart) of MS whilst it is rebuilding.) [ Our settings happen to be: Rebuild Bayes Every = 3600 Wait During Bayes Rebuild = yes and, most importantly, MS 4.40.11 .] -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : Durham University : : http://www.dur.ac.uk/t.d.lee/ South Road : : Durham DH1 3LE : : Phone: +44 191 334 2752 U.K. : ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Jun 24 09:42:26 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:06 2006 Subject: The Book -- new edition Message-ID: Sure. I will gladly add it, providing there is a decent amount of content in it. On 23 Jun 2005, at 22:07, Jason Balicki wrote: > Julian Field <> wrote: > >> All ideas welcome, as usual. >> > > Julian, > > Someone mentoned to me when I was ranting about the > virus warnings that maybe we should put together > a list of "best practices" for mail admins -- not > necessarily directly MailScanner related, but it > couldn't hurt. > > If we, as a community, came up with something like > that would you like to include it as an appendix? > > --J(K) > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Jun 24 09:47:53 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:06 2006 Subject: mailscanner declaring mails from local domains as spam Message-ID: Hi you've got the default line first in the ruleset. This should *always* go last. MS processess the rules sequentially until it hits a result then stops processing the file. So move the "FromOrTo: default no" to the bottom of the file and you should it work fine. As to why the RBL's (URI and normal) are firing I have no idea, what the heck have you got in those emails.... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > Senthu wrote: > >> hi >> >> This are my configurations for setting rules/spam.whitelist.rules >> >> # This is where you can build a Spam WhiteList >> # Addresses matching in here, with the value >> # "yes" will never be marked as spam. >> #From: 152.78. yes >> #From: 130.246. yes >> FromOrTo: default no >> From: 219.94.76.122 yes >> FromAndTo: @privasia.com yes >> FromAndTo: @procurehere.com yes >> >> And also how can i know about spamassassin, autolearn=spam details. is >> it doing a self understanding of the spam mail and ignoring it in >> future. i would prefer to know how can i disable the auto learning and >> provide my own set of rules. >> >> >> Thank you >> senthu >> >> >> >> >>> On 6/24/05, Mike Kercher wrote: >>> >>>> Looks like your IP is on the SBL+XBL >>>> >>>> What do your rulesets look like? >>>> >>>> >>>> -----Original Message----- >>>> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] >>>> On Behalf >>>> Of Senthu >>>> Sent: Thursday, June 23, 2005 11:08 PM >>>> To: MAILSCANNER@JISCMAIL.AC.UK >>>> Subject: Re: mailscanner declaring mails from local domains as spam >>>> >>>> hi all. >>>> >>>> Even after i have listed my ip and domain in the >>>> rules/spam.whitelist.rules, >>>> i still get some of the domain still to be listed as spam, please >>>> advise. >>>> What i am concern about is this line : >>>> (score=29.72, required 6, autolearn=spam, BAYES_99 3.50, HTML_20_30 >>>> 0.23, >>>> HTML_MES SAGE 0.00, MIME_HTML_ONLY 0.18, MIME_HTML_ONLY_MULTI 2.44, >>>> MPART_ALT_DIFF 0.07, MSGID_FROM_MTA_HEADER 0.05, MSGID_FROM_MTA_ID >>>> 1.72, >>>> RCVD_BY_IP 0.07, RCVD_IN_BL_SPAMCOP_NET 1.22, RCVD_IN_DSBL 3.81, >>>> RCVD_IN_XBL >>>> 3.08, URIBL_AB_SURBL 0.42, URIBL_JP_SURBL 4 .00, URIBL_OB_SURBL 3.21, >>>> URIBL_SC_SURBL 4.26, URIBL_WS_SURBL 1.46, URI_REDIRECTOR 0.01) >>>> >>>> which saying autolearn=spam. please help... would like to know why my >>>> domain procurehere.com sending mail to another loacl domain >>>> privasia.com is >>>> being listed spam shown in message (1) below. please help. >>>> >>>> (1) >>>> Message j5N4K5Kp004740 from 219.94.76.122 (vally@procurehere.com) to >>>> privasia.com is spam, SBL+XBL, SpamAssassin (score=6.584, requ ired 6, >>>> BAYES_00 -2.60, HTML_MESSAGE 0.00, HTML_TAG_EXIST_TBODY 0.11, >>>> RCVD_IN_DSBL >>>> 3.81, RCVD_IN_XBL 3.08, TO_MALFORMED 2.19) >>>> >>>> >>>> thank you > > ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Fri Jun 24 10:12:29 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:30:06 2006 Subject: postfix multi recipient Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 6/24/05, Peter Russell wrote: > smtpd_recipient_limit = 1 > > Makes every inbound connection stop and deliver a multi recipient > message individually, making for heaps of extra work for postfix, which > is kinda crappy. > > So since postfix can seperate the email inbound and seperate it outbound > with default_recipient_limit, if we use a 2 postfix instance on the same > machine, the 1st external facing to recieve all inbound email, from here > it could split the messages before sending to the 2nd postfix instance > and then confgiure MailScanner to use the 2nd postfix instance? > Performance not really being a big issue with both POstfix running on > the same machine? > > A little messy, not sure if it is worth it, might be time to learn > another MTA? > > I have read heaps of stuff in the postfix forum, Wietse is never going > to implement this, and a few people have copped a spray from him for > asking (he seems pretty uptight). (I had the same thought of using a dual PF setup, but (..... since I'm now officially on vacation (thus turning brain off even more:-) you should perhaps take anything i say with a grain of salt.... :) it'd be slightly icky to set up (nothing undoable though). And yes, Weitse is a bit.... opinionated:-). I guess he feels he has a right to be... From glenn.steen at gmail.com Fri Jun 24 10:22:27 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:30:06 2006 Subject: The Book -- new edition Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 6/23/05, Jason Balicki wrote: > Julian Field <> wrote: > > All ideas welcome, as usual. > > Julian, > > Someone mentoned to me when I was ranting about the > virus warnings that maybe we should put together > a list of "best practices" for mail admins -- not > necessarily directly MailScanner related, but it > couldn't hurt. > > If we, as a community, came up with something like > that would you like to include it as an appendix? > > --J(K) > Wouldn't that fit better in the Wiki? -- -- Glenn (just moments from leaving for the celebrations.....) email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Fri Jun 24 12:53:58 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:30:06 2006 Subject: postfix multi recipient Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Peter Russell said: > smtpd_recipient_limit = 1 > > Makes every inbound connection stop and deliver a multi recipient > message individually, making for heaps of extra work for postfix, which > is kinda crappy. And indeed the sending MTA having to wait for each message to be accepted. > > So since postfix can seperate the email inbound and seperate it outbound > with default_recipient_limit, if we use a 2 postfix instance on the same > machine, the 1st external facing to recieve all inbound email, from here > it could split the messages before sending to the 2nd postfix instance > and then confgiure MailScanner to use the 2nd postfix instance? > Performance not really being a big issue with both POstfix running on > the same machine? Postfix is pretty small and quite efficient so you won't notice the load running 2 instances. However you will notice the IO chopping up the messages (Whether that is any more with Postfix than any other MTA, I don't know). As for MailScanner, well that will be quite hapy picking up from the hold queue of the second instance with out issue. > > A little messy, not sure if it is worth it, might be time to learn > another MTA? I have been wondering that myself recently. I looked at Exim not that long ago and developed a nasty head ache with the configuration files. At least Postfix is simple yes, no style config (A little like MailScanner). > > I have read heaps of stuff in the postfix forum, Wietse is never going > to implement this, and a few people have copped a spray from him for > asking (he seems pretty uptight). > As ever. Wietse reminds me of the late Brian Clough (The ex-Nottingham Forest Football Club manager). He is famous for stating that he was always happy to discuss with any of his players where they thought he was getting it wrong. After a little chat, it was agreed they could either agree with his way or be wrong! Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Fri Jun 24 13:12:29 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:30:06 2006 Subject: postfix multi recipient Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Drew Marshall wrote: > Peter Russell said: > >>smtpd_recipient_limit = 1 >> >>Makes every inbound connection stop and deliver a multi recipient >>message individually, making for heaps of extra work for postfix, which >>is kinda crappy. > > > And indeed the sending MTA having to wait for each message to be accepted. Another issue - arggh. Seems that Postfix actually has this functionality built it, eg the recipient_limit but that it cannot be used immedietly after delivery? Wouldnt it possible for a smarter cookie to hack the postfix code to perform this function after delivery instead of at the smtp recpt ? Other folks have mentioned using a content filter. So recieve the message send it to PIPE, split the mesage and whack it back in the HOLD queue? I dont even know where to start for the content filter bit, but the postfix end of this should be fairly simple. Any further ideas on this? > >>So since postfix can seperate the email inbound and seperate it outbound >>with default_recipient_limit, if we use a 2 postfix instance on the same >>machine, the 1st external facing to recieve all inbound email, from here >>it could split the messages before sending to the 2nd postfix instance >>and then confgiure MailScanner to use the 2nd postfix instance? >>Performance not really being a big issue with both POstfix running on >>the same machine? > > > Postfix is pretty small and quite efficient so you won't notice the load > running 2 instances. However you will notice the IO chopping up the > messages (Whether that is any more with Postfix than any other MTA, I > don't know). As for MailScanner, well that will be quite hapy picking up > from the hold queue of the second instance with out issue. > >>A little messy, not sure if it is worth it, might be time to learn >>another MTA? > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From stef at L5NET.NET Fri Jun 24 13:17:50 2005 From: stef at L5NET.NET (Stef Morrell) Date: Thu Jan 12 21:30:06 2006 Subject: Probably OT: Stupid stupid outlook (as usual!) Message-ID: So, I've got a virus bounce. Clearly I've emailed someone, they've got a virus and norton therefore thinks I should get spammed. MailScanner has washed it through spamassassin which has correctly identified that it's a virus bounce, but outlook has ignored the "Subject:" header, which would have junked it into my spam bin, and instead seems to be using the "Thread-Topic:" header as it's subject. Any bright ideas to fix/workaround this? Please direct all "don't use outlook" to /dev/null, I don't make group IT policy! ;) Stef Microsoft Mail Internet Headers Version 2.0 Received: from mailrelay.level5.net ([172.17.2.27]) by pardessus.aoc-uk.com with Microsoft SMTPSVC(5.0.2195.6713); Fri, 24 Jun 2005 12:22:06 +0100 Received: from relay3-gui.server.ntli.net (relay3-gui.server.ntli.net [194.168.4.200]) by mailrelay.level5.net (Postfix) with ESMTP id E5F87366A18 for ; Fri, 24 Jun 2005 12:21:55 +0100 (BST) Received: from mail.mantaya.co.uk ([195.82.123.77] helo=mail.mantaya.com) by relay3-gui.server.ntli.net with smtp (Exim 3.03 #2) id 1DlmFu-0007Hl-00 for mc@l5net.net; Fri, 24 Jun 2005 12:21:55 +0100 Content-Class: urn:content-classes:message Subject: *****SPAM***** Virus Found in message "Your text" MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----_=_NextPart_001_01C578AE.EA0C6290" Date: Fri, 24 Jun 2005 12:21:49 +0100 X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0 X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Virus Found in message "Your text" thread-index: AcV4ruoMoMApcIMXRnO/ix1GnunjaQ== From: "John Cavey" To: X-Level5_Internet-MailCrusader-Information: Please contact Level 5 Internet for more information X-Level5_Internet-MailCrusader: Found to be clean X-Level5_Internet-MailCrusader-SpamCheck: spam, SpamAssassin (score=21.087, required 5, BAYES_05 -0.41, VIRUS_WARNING188 1.50, VIRUS_WARNING59 20.00) X-Level5_Internet-MailCrusader-SpamScore: sssssssssssssssssssss X-Level5_Internet-MailCrusader-From: johncavey@mantaya.com Return-Path: johncavey@mantaya.com Message-ID: X-OriginalArrivalTime: 24 Jun 2005 11:22:06.0857 (UTC) FILETIME=[F451C790:01C578AE] Stefan Morrell | Director Tel: 0870 365 2813 | Level 5 Internet Ltd Fax: 0192 450 7307 | Part of the Alpha Omega Group stef@l5net.net | stef@aoc-uk.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Fri Jun 24 13:34:44 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:30:06 2006 Subject: postfix multi recipient Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Pete Russell said: > Another issue - arggh. Seems that Postfix actually has this > functionality built it, eg the recipient_limit but that it cannot be > used immedietly after delivery? The joys of a modular MTA and using MailScanner that happens to interface at the 'wrong' stage (If there ever would be a right one). > > Wouldnt it possible for a smarter cookie to hack the postfix code to > perform this function after delivery instead of at the smtp recpt ? > And face the retribution of Wietse?? :-) > Other folks have mentioned using a content filter. So recieve the > message send it to PIPE, split the mesage and whack it back in the HOLD > queue? I dont even know where to start for the content filter bit, but > the postfix end of this should be fairly simple. > > Any further ideas on this? Well as far as I have read, you just set up a filter to pipe the mail through a script that does the splitting then pipes the result back to Postfix using sendmail. Not pretty. :-( Better may be to use this http://archives.neohapsis.com/archives/postfix/2002-10/1490.html as a better solution (Although still not pretty). None of the options just put mail in the hold queue they all involve passing it through smtpd twice. The other option is to tell me what it's like to manage an Exim box ;-) Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Fri Jun 24 15:40:11 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:30:06 2006 Subject: Unpacking on Linux archives which are RAR version 3 Message-ID: How do you unpack archives which are RAR version 3 on a RedHat AS 3 system? I understand that if you are running "clamavmodule" you need an external RAR file unpacker, at least for version 3 RAR archives. Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Jun 24 15:46:14 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:06 2006 Subject: Unpacking on Linux archives which are RAR version 3 Message-ID: Quentin clamav (either command line or module) needs the external unpacker. install the unrar command then edit MailScanner.conf around this section.. # Where the "unrar" command is installed. # If you haven't got this command, look at www.rarlab.com. # # This is used for unpacking rar archives so that the contents can be # checked for banned filenames and filetypes, and also that the # archive can be tested to see if it is password-protected. # Virus scanning the contents of rar archives is still left to the virus # scanner, with one exception: # If using the clavavmodule virus scanner, this adds external RAR checking # to that scanner which is needed for archives which are RAR version 3. Unrar Command = /usr/local/bin/unrar -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Quentin Campbell wrote: > How do you unpack archives which are RAR version 3 on a RedHat AS 3 > system? > > I understand that if you are running "clamavmodule" you need an external > RAR file unpacker, at least for version 3 RAR archives. > > Quentin > --- > PHONE: +44 191 222 8209 Information Systems and Services (ISS), > University of Newcastle, > Newcastle upon Tyne, > FAX: +44 191 222 8765 United Kingdom, NE1 7RU. > ------------------------------------------------------------------------ > "Any opinion expressed above is mine. The University can get its own." > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From stef at L5NET.NET Fri Jun 24 15:45:14 2005 From: stef at L5NET.NET (Stef Morrell) Date: Thu Jan 12 21:30:06 2006 Subject: Unpacking on Linux archives which are RAR version 3 Message-ID: Quentin Campbell wrote: > How do you unpack archives which are RAR version 3 on a > RedHat AS 3 system? > > I understand that if you are running "clamavmodule" you need > an external RAR file unpacker, at least for version 3 RAR archives. Start here: http://www.rarlab.com/rar_add.htm Links to unrar source code and binary RPM. Stef Stefan Morrell | Director Tel: 0870 365 2813 | Level 5 Internet Ltd Fax: 0192 450 7307 | Part of the Alpha Omega Group stef@l5net.net | stef@aoc-uk.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dward at NCCUMC.ORG Fri Jun 24 15:33:53 2005 From: dward at NCCUMC.ORG (Douglas Ward) Date: Thu Jan 12 21:30:06 2006 Subject: MailScanner setup questions Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have set up an e-mail gateway server using the following software: MailScanner, Postfix, Mandrake LE2005, ClamAV, SpamAssassin, and BitDefender. During the setup I have run into a few problems. After much research I have decided to send out these questions. I appreciate any advice you could offer. 1) BitDefender will not auto-update. When I enter the command "bdc --update" I get the following reply: [root@barnabus etc]# bdc --update BDC/Linux-Console v7.0 (build 2490) (i386) (Dec 10 2003 16:11:35) Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. Error: can't find update dll I noticed that in bdc.ini the UpdateHttpLocation field was pointing to a URL that no longer exists. I updated it to point to an ftp site where I have been manually downloading the updates. The default install was in /opt/bdc which is where the bitdefender-wrapper is pointing to. I can see clamav-wrapper and clamscan appearing in top but do not see bitdefender. 2) Does MailScanner auto update these definition files? I have set a cron job to run freshclam periodically and have been manually updating BitDefender until question number one is resolved. Do I need to worry about this? 3) MailScanner has been shutting down at random times overnight. We can't find errors in any log files on the server. Is MailScanner supposed to restart itself periodically? If so, is there a restart command I am missing somewhere? We have set up a cron job to try to start MailScanner every hour until we get this figured out. 4) I have downloaded the dcc, pyzor, and razor packages from urpmi and see pyzor working in top. Are there any further steps I have to take to configure/update these packages? The documentation has proven rather difficult to figure out. I apologize for dumping so many questions on the list at one time. I have put a lot of time into this gateway and am having difficulty figuring out these four problems. Despite all of this e-mail is being delivered properly (unless MailScanner stops) to several linux and one Exchange server behind the gateway. I also appreciate your patience with these newbie questions. Thanks for your help! Douglas Ward Director of Information Technology NC Methodist Conference 1307 Glenwood Ave. Raleigh, NC 27605 Work: (919) 832-9560 ext. 227 Fax: (919) 834-7989 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Jun 24 15:51:40 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:06 2006 Subject: MailScanner setup questions Message-ID: Douglas see inline -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Douglas Ward wrote: > I have set up an e-mail gateway server using the following software: MailScanner, Postfix, Mandrake LE2005, ClamAV, SpamAssassin, and BitDefender. During the setup I have run into a few problems. After much research I have decided to send out these questions. I appreciate any advice you could offer. > > 1) BitDefender will not auto-update. When I enter the command "bdc --update" I get the following reply: > > [root@barnabus etc]# bdc --update > BDC/Linux-Console v7.0 (build 2490) (i386) (Dec 10 2003 16:11:35) > Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. > > Error: can't find update dll > > I noticed that in bdc.ini the UpdateHttpLocation field was pointing to a URL that no longer exists. I updated it to point to an ftp site where I have been manually downloading the updates. The default install was in /opt/bdc which is where the bitdefender-wrapper is pointing to. I can see clamav-wrapper and clamscan appearing in top but do not see bitdefender. > > 2) Does MailScanner auto update these definition files? I have set a cron job to run freshclam periodically and have been manually updating BitDefender until question number one is resolved. Do I need to worry about this? > yes - run /opt/MailScanner/bin/update_virus_scanners (or whereever this is on your system) and it will do all the scanners you have defined in MailScanner.conf > 3) MailScanner has been shutting down at random times overnight. We can't find errors in any log files on the server. Is MailScanner supposed to restart itself periodically? If so, is there a restart command I am missing somewhere? We have set up a cron job to try to start MailScanner every hour until we get this figured out. > yes - stops memory leaks. should restart a new one in its place. If not as again. > 4) I have downloaded the dcc, pyzor, and razor packages from urpmi and see pyzor working in top. Are there any further steps I have to take to configure/update these packages? The documentation has proven rather difficult to figure out. > with pyzor/razor you have run a little update script about once per day. The pyzor one is "/usr/local/bin/pyzor discover". I guess the razor one is similar see the man entry. > I apologize for dumping so many questions on the list at one time. I have put a lot of time into this gateway and am having difficulty figuring out these four problems. Despite all of this e-mail is being delivered properly (unless MailScanner stops) to several linux and one Exchange server behind the gateway. I also appreciate your patience with these newbie questions. Thanks for your help! S'alright, we all have to start somewhere. > > Douglas Ward > Director of Information Technology > NC Methodist Conference > 1307 Glenwood Ave. ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From KLekas at FOXRIVER.COM Fri Jun 24 15:44:33 2005 From: KLekas at FOXRIVER.COM (Lekas, Kosta) Date: Thu Jan 12 21:30:06 2006 Subject: Unpacking on Linux archives which are RAR version 3 Message-ID: Install unrar Kosta Lekas -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Quentin Campbell Sent: Friday, June 24, 2005 9:40 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Unpacking on Linux archives which are RAR version 3 How do you unpack archives which are RAR version 3 on a RedHat AS 3 system? I understand that if you are running "clamavmodule" you need an external RAR file unpacker, at least for version 3 RAR archives. Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From webalizer at NWCWEB.COM Fri Jun 24 15:57:29 2005 From: webalizer at NWCWEB.COM (Dave Duffner - PSCGi) Date: Thu Jan 12 21:30:07 2006 Subject: Problem with MS SA Lint and RulesDuJour updating Message-ID: Greetings, Had this for a bit of time now, I swear my system hates anything to do with Julian and MailScanner by default for some unknown reason as everything else works but things related to either of them! I FINALLY got Mailwatch working on my Ensim setups, it appears we had a database corruption for the Users db that was changing passwords to visible vs. scrambled and therefore not functioning. Since Mailwatch is up, you can do the SA lint test inside and I see these exact same errors but it appears to be running in debug mode so I can't see what more doing that from the command line would produce? But the stumper is finding the entry listed at the bottom of this report I get daily, referencing the MailScanner list address! I've searched the whitelist, blacklist, pm's, conf's and anything else I could find for this entry as it's not getting parsed (probably a syntax error but can't find the line!) and causing the rest of this mess: ================================================================================== RulesDuJour Run Summary on myserver.com: TripWire has changed on myserver.com. Version line: # Version 1.18 More Typo's fixed. EvilNumber has changed on myserver.com. Version line: # Version: 02.00.01 # The evilnumber set has been renamed to match SARE's updated standards, the new name is 70_sare_evilnum0.cf. Please remove evilnumber local language files SARE Random Ruleset for SpamAssassin 2.5x and higher has changed on myserver.com. Version line: # Version: 1.30.16 The following rules had errors: TripWire had an unknown error: curl exit code: 7 curl: (7) socket error: 110 000 EvilNumber had an unknown error: curl exit code: 7 curl: (7) socket error: 110 000 SARE Random Ruleset for SpamAssassin 2.5x and higher had an unknown error: curl exit code: 7 curl: (7) socket error: 110 000 ***WARNING***: spamassassin --lint failed. Rolling configuration files back, not restarting SpamAssassin. Rollback command is: mv -f /etc/mail/spamassassin/tripwire.cf /etc/mail/spamassassin/RulesDuJour/99_FVGT_Tripwire.cf.2; mv -f /etc/mail/spamassassin/RulesDuJour/tripwire.cf.20050624-0325 /etc/mail/spamassassin/tripwire.cf; mv -f /etc/mail/spamassassin/evilnumbers.cf /etc/mail/spamassassin/RulesDuJour/evilnumbers.cf.2; mv -f /etc/mail/spamassassin/RulesDuJour/evilnumbers.cf.20050624-0326 /etc/mail/spamassassin/evilnumbers.cf; mv -f /etc/mail/spamassassin/70_sare_random.cf /etc/mail/spamassassin/RulesDuJour/70_sare_random.cf.2; mv -f /etc/mail/spamassassin/RulesDuJour/70_sare_random.cf.20050624-0327 /etc/mail/spamassassin/70_sare_random.cf; Lint output: config: SpamAssassin failed to parse line, skipping: def_whitelist_from_rvcd MAILSCANNER@JISCMAIL.AC.UK MailScanner User List lint: 1 issues detected. please rerun with debug enabled for more information. ============================================================================== Anyone have any clues where to look that maybe I haven't? I think this error is also why it still tags Julian's posts I receive as Spam because the exception's not being imported into MS to prevent it from even looking at his posts and leaving them alone. Thanks! David J. Duffner President PSCGi Paradise Shore Communications Group www.pscginternet.com I--I Message scanned by MailScanner, and is believed to be clean. CONFIDENTIALITY NOTICE: This transmission intended for the specified destination and person. If this is not you, this e-mail must be deleted immediately. www.pscginternet.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From KLekas at FOXRIVER.COM Fri Jun 24 16:02:13 2005 From: KLekas at FOXRIVER.COM (Lekas, Kosta) Date: Thu Jan 12 21:30:07 2006 Subject: MailScanner setup questions Message-ID: I am having the same problem, MailScanner stops responding with no indication in the logs as to why this is happening. I am also using postfix/clamav/spamassassin. Kosta Lekas Fox River Financial Resources 630.482.7142 - office 630.885.9355 - mobile -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth Sent: Friday, June 24, 2005 9:52 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: MailScanner setup questions Douglas see inline -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Douglas Ward wrote: > I have set up an e-mail gateway server using the following software: MailScanner, Postfix, Mandrake LE2005, ClamAV, SpamAssassin, and BitDefender. During the setup I have run into a few problems. After much research I have decided to send out these questions. I appreciate any advice you could offer. > > 1) BitDefender will not auto-update. When I enter the command "bdc --update" I get the following reply: > > [root@barnabus etc]# bdc --update > BDC/Linux-Console v7.0 (build 2490) (i386) (Dec 10 2003 16:11:35) > Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. > > Error: can't find update dll > > I noticed that in bdc.ini the UpdateHttpLocation field was pointing to a URL that no longer exists. I updated it to point to an ftp site where I have been manually downloading the updates. The default install was in /opt/bdc which is where the bitdefender-wrapper is pointing to. I can see clamav-wrapper and clamscan appearing in top but do not see bitdefender. > > 2) Does MailScanner auto update these definition files? I have set a cron job to run freshclam periodically and have been manually updating BitDefender until question number one is resolved. Do I need to worry about this? > yes - run /opt/MailScanner/bin/update_virus_scanners (or whereever this is on your system) and it will do all the scanners you have defined in MailScanner.conf > 3) MailScanner has been shutting down at random times overnight. We can't find errors in any log files on the server. Is MailScanner supposed to restart itself periodically? If so, is there a restart command I am missing somewhere? We have set up a cron job to try to start MailScanner every hour until we get this figured out. > yes - stops memory leaks. should restart a new one in its place. If not as again. > 4) I have downloaded the dcc, pyzor, and razor packages from urpmi and see pyzor working in top. Are there any further steps I have to take to configure/update these packages? The documentation has proven rather difficult to figure out. > with pyzor/razor you have run a little update script about once per day. The pyzor one is "/usr/local/bin/pyzor discover". I guess the razor one is similar see the man entry. > I apologize for dumping so many questions on the list at one time. I have put a lot of time into this gateway and am having difficulty figuring out these four problems. Despite all of this e-mail is being delivered properly (unless MailScanner stops) to several linux and one Exchange server behind the gateway. I also appreciate your patience with these newbie questions. Thanks for your help! S'alright, we all have to start somewhere. > > Douglas Ward > Director of Information Technology > NC Methodist Conference > 1307 Glenwood Ave. ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Jun 24 16:16:02 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:07 2006 Subject: MailScanner setup questions Message-ID: On 24 Jun 2005, at 15:51, Martin Hepworth wrote: > Douglas > > see inline > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Douglas Ward wrote: > >> I have set up an e-mail gateway server using the following >> software: MailScanner, Postfix, Mandrake LE2005, ClamAV, >> SpamAssassin, and BitDefender. During the setup I have run into a >> few problems. After much research I have decided to send out >> these questions. I appreciate any advice you could offer. >> 1) BitDefender will not auto-update. When I enter the command >> "bdc --update" I get the following reply: >> [root@barnabus etc]# bdc --update >> BDC/Linux-Console v7.0 (build 2490) (i386) (Dec 10 2003 16:11:35) >> Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. >> Error: can't find update dll >> I noticed that in bdc.ini the UpdateHttpLocation field was >> pointing to a URL that no longer exists. I updated it to point to >> an ftp site where I have been manually downloading the updates. >> The default install was in /opt/bdc which is where the bitdefender- >> wrapper is pointing to. I can see clamav-wrapper and clamscan >> appearing in top but do not see bitdefender. >> 2) Does MailScanner auto update these definition files? I have >> set a cron job to run freshclam periodically and have been >> manually updating BitDefender until question number one is >> resolved. Do I need to worry about this? >> > > yes - run /opt/MailScanner/bin/update_virus_scanners (or whereever > this is on your system) and it will do all the scanners you have > defined in MailScanner.conf No, it does all the scanners you have defined in virus.scanners.conf which will be in the same directory as your MailScanner.conf. > > >> 3) MailScanner has been shutting down at random times overnight. >> We can't find errors in any log files on the server. Is >> MailScanner supposed to restart itself periodically? If so, is >> there a restart command I am missing somewhere? We have set up a >> cron job to try to start MailScanner every hour until we get this >> figured out. >> > > yes - stops memory leaks. should restart a new one in its place. If > not as again. MailScanner should not stop, it should run forever. Every 4 hours (by default, see the "Restart Every" setting) it will kill its worker processes and respawn them. > > >> 4) I have downloaded the dcc, pyzor, and razor packages from urpmi >> and see pyzor working in top. Are there any further steps I have >> to take to configure/update these packages? The documentation has >> proven rather difficult to figure out. >> > > with pyzor/razor you have run a little update script about once per > day. The pyzor one is "/usr/local/bin/pyzor discover". I guess the > razor one is similar see the man entry. There is a similar one for razor as well ("razor -discover"). You should do that once a day. > > >> I apologize for dumping so many questions on the list at one >> time. I have put a lot of time into this gateway and am having >> difficulty figuring out these four problems. Despite all of this >> e-mail is being delivered properly (unless MailScanner stops) to >> several linux and one Exchange server behind the gateway. I also >> appreciate your patience with these newbie questions. Thanks for >> your help! >> > > S'alright, we all have to start somewhere. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Jun 24 16:28:38 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:07 2006 Subject: MailScanner setup questions Message-ID: Kostas If it stops after 4 hours and doesn't restart make sure there are only email spool files in the 'Incoming Directory' as defined in MailScanner.conf. If there are things like .razor etc etc make sure the program creating these files/dirs are told to use working dirs etc elsewhere. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Lekas, Kosta wrote: > I am having the same problem, MailScanner stops responding with no > indication in the logs as to why this is happening. I am also using > postfix/clamav/spamassassin. > > Kosta Lekas > Fox River Financial Resources > 630.482.7142 - office > 630.885.9355 - mobile > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Martin Hepworth > Sent: Friday, June 24, 2005 9:52 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: MailScanner setup questions > > Douglas > > see inline > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Douglas Ward wrote: > >>I have set up an e-mail gateway server using the following software: > > MailScanner, Postfix, Mandrake LE2005, ClamAV, SpamAssassin, and > BitDefender. During the setup I have run into a few problems. After > much research I have decided to send out these questions. I appreciate > any advice you could offer. > >>1) BitDefender will not auto-update. When I enter the command "bdc > > --update" I get the following reply: > >>[root@barnabus etc]# bdc --update >>BDC/Linux-Console v7.0 (build 2490) (i386) (Dec 10 2003 16:11:35) >>Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. >> >>Error: can't find update dll >> >>I noticed that in bdc.ini the UpdateHttpLocation field was pointing to > > a URL that no longer exists. I updated it to point to an ftp site where > I have been manually downloading the updates. The default install was > in /opt/bdc which is where the bitdefender-wrapper is pointing to. I > can see clamav-wrapper and clamscan appearing in top but do not see > bitdefender. > >>2) Does MailScanner auto update these definition files? I have set a > > cron job to run freshclam periodically and have been manually updating > BitDefender until question number one is resolved. Do I need to worry > about this? > > > yes - run /opt/MailScanner/bin/update_virus_scanners (or whereever this > is on your system) and it will do all the scanners you have defined in > MailScanner.conf > > >>3) MailScanner has been shutting down at random times overnight. We > > can't find errors in any log files on the server. Is MailScanner > supposed to restart itself periodically? If so, is there a restart > command I am missing somewhere? We have set up a cron job to try to > start MailScanner every hour until we get this figured out. > > > yes - stops memory leaks. should restart a new one in its place. If not > as again. > > >>4) I have downloaded the dcc, pyzor, and razor packages from urpmi and > > see pyzor working in top. Are there any further steps I have to take to > configure/update these packages? The documentation has proven rather > difficult to figure out. > > > with pyzor/razor you have run a little update script about once per day. > > The pyzor one is "/usr/local/bin/pyzor discover". I guess the razor one > is similar see the man entry. > > >>I apologize for dumping so many questions on the list at one time. I > > have put a lot of time into this gateway and am having difficulty > figuring out these four problems. Despite all of this e-mail is being > delivered properly (unless MailScanner stops) to several linux and one > Exchange server behind the gateway. I also appreciate your patience > with these newbie questions. Thanks for your help! > > S'alright, we all have to start somewhere. > > >>Douglas Ward >>Director of Information Technology >>NC Methodist Conference >>1307 Glenwood Ave. > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Jun 24 16:31:05 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:07 2006 Subject: MailScanner setup questions Message-ID: Julian Field wrote: >>> 2) Does MailScanner auto update these definition files? I have set >>> a cron job to run freshclam periodically and have been manually >>> updating BitDefender until question number one is resolved. Do I >>> need to worry about this? >>> >> >> yes - run /opt/MailScanner/bin/update_virus_scanners (or whereever >> this is on your system) and it will do all the scanners you have >> defined in MailScanner.conf > > > No, it does all the scanners you have defined in virus.scanners.conf > which will be in the same directory as your MailScanner.conf. > Julian Oh ok I guess it just fails silently if it can't the scanner. I thought it looked in MailScanner.conf to find the active ones and then consulted virus.scanners.conf on how to do the update...but then I didn't write the code so what do I know.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Fri Jun 24 16:39:33 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:30:07 2006 Subject: Probably OT: Stupid stupid outlook (as usual!) Message-ID: Stef Morrell wrote: > So, I've got a virus bounce. Clearly I've emailed someone, they've > got a virus and norton therefore thinks I should get spammed. > > MailScanner has washed it through spamassassin which has correctly > identified that it's a virus bounce, but outlook has ignored the > "Subject:" header, which would have junked it into my spam bin, and > instead seems to be using the "Thread-Topic:" header as it's subject. > > Any bright ideas to fix/workaround this? Please direct all "don't use > outlook" to /dev/null, I don't make group IT policy! ;) > > Stef Really hard to say w/o being able to see how you have Outlook configured. Are you using rules? What version of Outlook? I'd play w/the ruleset and tweak it, then run it until you get the desired results. By the time it gets to Outlook it's way beyond anything to do w/MailScanner and there's a jillion ways that your Outlook could be set up that we have no way of knowing about. Lotsa luck... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Fri Jun 24 16:33:55 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:30:07 2006 Subject: Problem with MS SA Lint and RulesDuJour updating Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dave Duffner - PSCGi wrote: > Greetings, > > But the stumper is finding the entry listed at the bottom > > of this report I get daily, referencing the MailScanner list > > address! I've searched the whitelist, blacklist, pm's, conf's > > and anything else I could find for this entry as it's not getting > > parsed (probably a syntax error but can't find the line!) and > > causing the rest of this mess: > .. snipped .. The rulesdujour script mentions the version within itself, the current one being Version 1.21 An upgrade to this script should fix most errors.. - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Jun 24 16:47:38 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:07 2006 Subject: MailScanner setup questions Message-ID: On 24 Jun 2005, at 16:31, Martin Hepworth wrote: > Julian Field wrote: > > >>>> 2) Does MailScanner auto update these definition files? I have >>>> set a cron job to run freshclam periodically and have been >>>> manually updating BitDefender until question number one is >>>> resolved. Do I need to worry about this? >>>> >>>> >>> >>> yes - run /opt/MailScanner/bin/update_virus_scanners (or >>> whereever this is on your system) and it will do all the >>> scanners you have defined in MailScanner.conf >>> >> No, it does all the scanners you have defined in >> virus.scanners.conf which will be in the same directory as your >> MailScanner.conf. >> > > Julian > > Oh ok I guess it just fails silently if it can't the scanner. I > thought it looked in MailScanner.conf to find the active ones and > then consulted virus.scanners.conf on how to do the update...but > then I didn't write the code so what do I know.. No it looks for all the scanners in virus.scanners.conf and updates them all, whether you use them or not. That way if you start using a virus scanner you already installed earlier, you will be safe in the knowledge that it will already be up to date when you start using it. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Fri Jun 24 16:58:46 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:30:07 2006 Subject: FW: [Clamav-announce] announcing ClamAV 0.86.1 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] For those who depend on Dag Wieers to create their clam rpms, here is a way to create your own rpms since dag hasn't yet updated them # Create a temp workdir and chdir to it mkdir /tmp/clam_upgrade cd /tmp/clam_upgrade # Now download the SPEC file and the latest source rpm from dag wget http://dag.wieers.com/packages/clamav/clamav.spec wget http://dag.wieers.com/packages/clamav/clamav-0.85.1-1.rf.src.rpm # Next we need to unpack this rpm, since we need some file from it. mkdir onemoretempdir mv clamav-0.85.1-1.rf.src.rpm onemoretempdir/ cd onemoretempdir rpm2cpio clamav-0.85.1-1.rf.src.rpm > clam.cpio cat clam.cpio | cpio -id mv clamav.init clamav-milter.init /usr/src/redhat/SOURCES/ cd .. # Now download the current clamav source and move it to the SOURCES dir. # Find a sf.net mirror close to you using the page below # http://www.clamav.net/stable.php#pagestart wget http://mirror.sf.net/sourceforge/clamav/clamav-0.86.1.tar.gz mv clamav-0.86.1.tar.gz /usr/src/redhat/SOURCES/ # Now to build the rpm, before that we need to change the version # number in the clamav.spec file # Also note that the rpmbuild build command might need you to install # some dependencies perl -e "s/Version: 0.85.1/Version: 0.86.1/g;" -pi clamav.spec rpmbuild -bb clamav.spec You new rpms should be ready and built in the /usr/src/redhat/RPMS/arch directory, arch here would mostly be i386 enjoy, - dhawal Dörfler Andreas wrote: >>Dear ClamAV users, >> >>version 0.86.1 is available for download. >>A possible crash in the libmspack's Quantum decompressor has >>been fixed. >> >>You are encouraged to upgrade to the latest stable release. >> >> >>Regards, >> >>-- >>The ClamAV team (http://www.clamav.net/team.html) >> ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Fri Jun 24 16:59:58 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:30:07 2006 Subject: MailScanner setup questions Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Douglas Ward wrote: > I have set up an e-mail gateway server using the following software: MailScanner, Postfix, Mandrake LE2005, ClamAV, SpamAssassin, and BitDefender. During the setup I have run into a few problems. After much research I have decided to send out these questions. I appreciate any advice you could offer. > > 1) BitDefender will not auto-update. When I enter the command "bdc --update" I get the following reply: > > [root@barnabus etc]# bdc --update > BDC/Linux-Console v7.0 (build 2490) (i386) (Dec 10 2003 16:11:35) > Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. > > Error: can't find update dll That's weird, I don't have that file, or any reference to it in any of my bitdefender files. However, I'm running a newer build. Perhaps you should get a newer version? BDC/Linux-Console v7.0 (build 2492) (i386) (Dec 11 2003 13:24:00) Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. (note build 2492 instead of 2490). > > I noticed that in bdc.ini the UpdateHttpLocation field was pointing to a URL that no longer exists. Mine points to: UpdateHttpLocation = http://upgrade.bitdefender.com/update7 > I updated it to point to an ftp site where I have been manually downloading the updates. That's inadvisable, as bdc isn't looking for a URL to a block of files. you SHOULD get an access forbidden error if you go to the URL directly without any parameters that bdc adds. I suspect your copy of BDC is just outdated and can't communicate with their current update server. Either that, or you broke the updates by trying to fix them. >The default install was in /opt/bdc which is where the bitdefender-wrapper is pointing to. >I can see clamav-wrapper and clamscan appearing in top but do not see bitdefender. Did you add bitdefender to your virus scanners statement in mailscanner.conf? Virus Scanners = clamav bitdefender or Virus Scanners = clamavmodule bitdefender > > 2) Does MailScanner auto update these definition files? I have set a cron job to run freshclam periodically and have been manually updating BitDefender until question number one is resolved. Do I need to worry about this? Yes, but it does so by calling bdc --update. It also auto-updates clamav, so you don't need to run freshclam in cron. > 3) MailScanner has been shutting down at random times overnight. We can't find errors in any log files on the server. Is MailScanner supposed to restart itself periodically? If so, is there a restart command I am missing somewhere? We have set up a cron job to try to start MailScanner every hour until we get this figured out. Erm, MailScanner should have a check_MailScanner hourly cronjob. It should have been installed when you installed MailScanner. > > 4) I have downloaded the dcc, pyzor, and razor packages from urpmi and see pyzor working in top. Are there any further steps I have to take to configure/update these packages? The documentation has proven rather difficult to figure out. No. Unless manually disabled, spamassassin will auto use them. Disclaimer: In future releases, (SA 3.1.0 RC1, etc) SA will have dcc and razor disabled by default due to license restrictions. These tools are now free for most places to use, but there are some situations where they become non-free. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From KGoods at AIAINSURANCE.COM Fri Jun 24 18:47:51 2005 From: KGoods at AIAINSURANCE.COM (Ken Goods) Date: Thu Jan 12 21:30:07 2006 Subject: Empty file error messages Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I've been getting quite a few of these in my log lately. Anything I should be concerned about? Took a look in the archives and Google but couldn't find this exact message. MailScanner v4.40.11 Jun 24 03:05:20 gw-mail MailScanner[6646]: ProcessClamAVOutput: unrecognised line "/var/spool/MailScanner/incoming/6646/./j5OA562s006904/msg-6646-5.txt: Empty file". Please contact the authors! Jun 24 03:13:53 gw-mail MailScanner[5002]: ProcessClamAVOutput: unrecognised line "/var/spool/MailScanner/incoming/5002/./j5OADb2s006987/msg-5002-51.txt: Empty file". Please contact the authors! Jun 24 04:09:42 gw-mail MailScanner[6796]: ProcessClamAVOutput: unrecognised line "/var/spool/MailScanner/incoming/6796/./j5OB9E2s008004/msg-6796-7.txt: Empty file". Please contact the authors! Jun 24 05:07:43 gw-mail MailScanner[6646]: ProcessClamAVOutput: unrecognised line "/var/spool/MailScanner/incoming/6646/./j5OC7W2s008447/msg-6646-19.txt: Empty file". Please contact the authors! Jun 24 08:59:50 gw-mail MailScanner[9503]: ProcessClamAVOutput: unrecognised line "/var/spool/MailScanner/incoming/9503/./j5OFxa2s011071/msg-9503-35.txt: Empty file". Please contact the authors! Jun 24 09:29:24 gw-mail MailScanner[9583]: ProcessClamAVOutput: unrecognised line "/var/spool/MailScanner/incoming/9583/./j5OGTC2s011440/msg-9583-45.txt: Empty file". Please contact the authors! Jun 24 09:43:43 gw-mail MailScanner[9417]: ProcessClamAVOutput: unrecognised line "/var/spool/MailScanner/incoming/9417/./j5OGhV2s011633/msg-9417-41.txt: Empty file". Please contact the authors! Thanks, Ken Ken Goods Network Administrator AIA Insurance, Inc. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Fri Jun 24 18:56:54 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:30:07 2006 Subject: Empty file error messages Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Ken Goods > Sent: Friday, June 24, 2005 1:48 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Empty file error messages > > I've been getting quite a few of these in my log lately. Anything I should > be concerned about? > Took a look in the archives and Google but couldn't find this exact > message. > > MailScanner v4.40.11 > > Jun 24 03:05:20 gw-mail MailScanner[6646]: ProcessClamAVOutput: > unrecognised > line "/var/spool/MailScanner/incoming/6646/./j5OA562s006904/msg-6646- > 5.txt: > Empty file". Please contact the authors! > Jun 24 03:13:53 gw-mail MailScanner[5002]: ProcessClamAVOutput: > unrecognised > line "/var/spool/MailScanner/incoming/5002/./j5OADb2s006987/msg-5002- > 51.txt: > Empty file". Please contact the authors! > Jun 24 04:09:42 gw-mail MailScanner[6796]: ProcessClamAVOutput: > unrecognised > line "/var/spool/MailScanner/incoming/6796/./j5OB9E2s008004/msg-6796- > 7.txt: > Empty file". Please contact the authors! > Jun 24 05:07:43 gw-mail MailScanner[6646]: ProcessClamAVOutput: > unrecognised > line "/var/spool/MailScanner/incoming/6646/./j5OC7W2s008447/msg-6646- > 19.txt: > Empty file". Please contact the authors! > Jun 24 08:59:50 gw-mail MailScanner[9503]: ProcessClamAVOutput: > unrecognised > line "/var/spool/MailScanner/incoming/9503/./j5OFxa2s011071/msg-9503- > 35.txt: > Empty file". Please contact the authors! > Jun 24 09:29:24 gw-mail MailScanner[9583]: ProcessClamAVOutput: > unrecognised > line "/var/spool/MailScanner/incoming/9583/./j5OGTC2s011440/msg-9583- > 45.txt: > Empty file". Please contact the authors! > Jun 24 09:43:43 gw-mail MailScanner[9417]: ProcessClamAVOutput: > unrecognised > line "/var/spool/MailScanner/incoming/9417/./j5OGhV2s011633/msg-9417- > 41.txt: > Empty file". Please contact the authors! > > Thanks, > Ken Check the mailing list archives. You need to update MailScanner and ClamAV and probably install unrar. Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From KGoods at AIAINSURANCE.COM Fri Jun 24 19:07:36 2005 From: KGoods at AIAINSURANCE.COM (Ken Goods) Date: Thu Jan 12 21:30:07 2006 Subject: Empty file error messages Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Stephen Swaney wrote: >> -----Original Message----- >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] >> On Behalf Of Ken Goods Sent: Friday, June 24, 2005 1:48 PM >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Empty file error messages >> >> I've been getting quite a few of these in my log lately. Anything I >> should be concerned about? Took a look in the archives and Google >> but couldn't find this exact message. >> >> MailScanner v4.40.11 >> >> Jun 24 03:05:20 gw-mail MailScanner[6646]: ProcessClamAVOutput: >> unrecognised line >> "/var/spool/MailScanner/incoming/6646/./j5OA562s006904/msg-6646- >> 5.txt: >> Empty file". Please contact the authors! > > Check the mailing list archives. You need to update MailScanner and > ClamAV and probably install unrar. > > Steve > > Stephen Swaney > Fort Systems Ltd. > stephen.swaney@fsl.com > www.fsl.com > Thanks Steve, I updated ClamAV a couple days ago and was going to update MS today. I'll see what I can find on unrar. Kind regards, Ken Ken Goods Network Administrator AIA Insurance, Inc. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Fri Jun 24 19:24:39 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:30:07 2006 Subject: Empty file error messages Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Ken Goods > Sent: Friday, June 24, 2005 2:08 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Empty file error messages > > Stephen Swaney wrote: > >> -----Original Message----- > >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] > >> On Behalf Of Ken Goods Sent: Friday, June 24, 2005 1:48 PM > >> To: MAILSCANNER@JISCMAIL.AC.UK > >> Subject: Empty file error messages > >> > >> I've been getting quite a few of these in my log lately. Anything I > >> should be concerned about? Took a look in the archives and Google > >> but couldn't find this exact message. > >> > >> MailScanner v4.40.11 > >> > >> Jun 24 03:05:20 gw-mail MailScanner[6646]: ProcessClamAVOutput: > >> unrecognised line > >> "/var/spool/MailScanner/incoming/6646/./j5OA562s006904/msg-6646- > >> 5.txt: > >> Empty file". Please contact the authors! > > > > Check the mailing list archives. You need to update MailScanner and > > ClamAV and probably install unrar. > > > > Steve > > > > Stephen Swaney > > Fort Systems Ltd. > > stephen.swaney@fsl.com > > www.fsl.com > > > > Thanks Steve, > I updated ClamAV a couple days ago and was going to update MS today. I'll > see what I can find on unrar. > > Kind regards, > Ken Look for the unrar rpms at: http://dag.wieers.com/home-made/apt/ specifically: http://dag.wieers.com/packages/unrar/ Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From KGoods at AIAINSURANCE.COM Fri Jun 24 19:27:33 2005 From: KGoods at AIAINSURANCE.COM (Ken Goods) Date: Thu Jan 12 21:30:07 2006 Subject: Empty file error messages Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Stephen Swaney wrote: >> -----Original Message----- >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] >> On Behalf Of Ken Goods Sent: Friday, June 24, 2005 2:08 PM >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: Empty file error messages >> >> Stephen Swaney wrote: >>>> -----Original Message----- >>>> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] >>>> On Behalf Of Ken Goods Sent: Friday, June 24, 2005 1:48 PM >>>> To: MAILSCANNER@JISCMAIL.AC.UK >>>> Subject: Empty file error messages >>>> >>>> I've been getting quite a few of these in my log lately. Anything I >>>> should be concerned about? Took a look in the archives and Google >>>> but couldn't find this exact message. >>>> >>>> MailScanner v4.40.11 >>>> >>>> Jun 24 03:05:20 gw-mail MailScanner[6646]: ProcessClamAVOutput: >>>> unrecognised line >>>> "/var/spool/MailScanner/incoming/6646/./j5OA562s006904/msg-6646- >>>> 5.txt: >>>> Empty file". Please contact the authors! >>> >>> Check the mailing list archives. You need to update MailScanner and >>> ClamAV and probably install unrar. >>> >>> Steve >>> >>> Stephen Swaney >>> Fort Systems Ltd. >>> stephen.swaney@fsl.com >>> www.fsl.com >>> >> >> Thanks Steve, >> I updated ClamAV a couple days ago and was going to update MS today. >> I'll see what I can find on unrar. >> >> Kind regards, >> Ken > > Look for the unrar rpms at: > > http://dag.wieers.com/home-made/apt/ > > specifically: > http://dag.wieers.com/packages/unrar/ > > Steve > Thanks, Truly appreciated Steve! k ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Fri Jun 24 19:39:48 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:30:07 2006 Subject: solaris, clam 0.86.1, Mail-ClamAV-0.17, cores Message-ID: Gang, I've been chasing this issue for a couple of days, and I just sent a bug report to the ClamAV folks about it. The problem: on Solaris 9 if I build ClamAV 0.86 or 0.86.1 with either gcc 4.0 or Sun's compiler, install, and then try to rebuild the perl module Mail-ClamAV-0.17, the "make test" fails. Analysis of the resulting core (from perl) shows that libclamav core dumps at: #0 0xfebaa688 in __zzip_find_disk_trailer ( fd=8, filesize=309, trailer=0xffbfe742, io=0xfec236e4) at zziplib/zzip-zip.c:289 289 __fixup_rootseek (offset + tail-mapped, trailer); Versions 0.85.1 and prior of ClamAV don't have this problem; I'm continuing to use 0.85.1 on my production system. Anybody else with Solaris 9, clamavmodule, Mail-ClamAV-0.17 out there? Anybody else seeing this failure? I've filed a bug report with ClamAV, I'm curious to see what they say. The bug looks like an interaction between libclamav and either zlib or libbz2 during a file zip/unzip. Beware if you use clamavmodule... Jeff Earickson Colby College ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vachanta at GMAIL.COM Fri Jun 24 20:24:21 2005 From: vachanta at GMAIL.COM (Venkata Achanta) Date: Thu Jan 12 21:30:07 2006 Subject: SpamAssassin installation could not be found Message-ID: For Gentoo MailScanner and SA users emerge mail-filter/spamassassin-3.0.4 fails with make error http://bugs.gentoo.org/show_bug.cgi?id=96807 so install it from CPAN directly.Just wanted to give a heads up. On Tue, 21 Jun 2005 20:19:26 +0100, Venkata Achanta wrote: >>There is something I don't understand. You replied to a thread >>containing all sorts of info about this topic... did you read the thread? > >I am not sure which one you are referring to. Anyways i got burnt on my >gentoo portage version of the latest spamassassin-3.0.4 upgrade. There is >something wrong with my portage i believe. I usually emerge it the gentoo >way and this is the first time it bombed in years. > >Thanks for the quick responses.ok i have go back and dig up what happened >to my gentoo portage...Thanks again > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at nkpanama.com Fri Jun 24 21:57:54 2005 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Jan 12 21:30:07 2006 Subject: OT: Testing EnigMail Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'm testing enigmail for Thunderbird so please ignore this. I just want to see how it reacts to being sent through an e-mail list. In any case, I was making a list of the clients I've installed MailScanner on in the past two years, and I'm surprised at how many companies/mailboxes are protected by Julian's (and all the other contributors') work. I first thought about buying the book next time it comes out... but why stop there? I'm going to tell all my clients to buy at least one copy to keep "at home"! Keep up the good work, Julian... and let us know if you're ever going to visit Panama... -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCvHPS9sK8OFkdcSoRAjJgAJoDRX+UM5QwoFkp6RVnS1WnYeF0KQCguRSg sbJR+dw6C0QYizs4p4SWqbU= =8S9C -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From hoff.milo at gmail.com Sat Jun 25 15:25:19 2005 From: hoff.milo at gmail.com (Milo Hoffman) Date: Thu Jan 12 21:30:07 2006 Subject: Announce: Beta 4.43.3 released Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 6/21/05, Julian Field wrote: > I have just released version 4.43.3. > I would particularly like Postfix users to try this out and tell me > if there are any problems with it. > If you ever had the problem where one or two messages were dumped > into Postfix's "corrupt" queue, that will hopefully not happen again. > Worked out fine for me, postfix 2.2.2-3, SpamAssassin 3.0.3, F-prot 4.4.1 no issues till now. Milo ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jun 25 15:47:49 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:07 2006 Subject: OT: Aeron chairs Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Very off-topic: Has anyone here tried out an Aeron chair? Am thinking of getting one at work. Opinion seems to be very strong and split 50:50 between the lovers and the haters. Any alternatives (other than Steelcase) that anyone prefers? Thanks folks, Jules. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQr1uuRH2WUcUFbZUEQLjSgCg2l0Hn9Sn3jNYEOZj/UYZBY/saGoAnA44 E0rQIpPCGf1eSuRYdMhQrOQk =9gpG -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From wietse at BOUDISQUE.NL Sat Jun 25 16:01:15 2005 From: wietse at BOUDISQUE.NL (Wietse Muizelaar) Date: Thu Jan 12 21:30:07 2006 Subject: ClamAV/Spamassassin-tar-gz file? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, There seems to be not yet a new ClamAV/Spamassassin.tar.gz-file with the new ClamAV included. Is there any indication on when we can expect it? Thanks in advance!! -- Regards, Wietse ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jun 25 16:07:44 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:07 2006 Subject: ClamAV/Spamassassin-tar-gz file? Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'll do it now, thanks for the reminder. Will post to the list when it's there. Wietse Muizelaar wrote: >Hi, > >There seems to be not yet a new ClamAV/Spamassassin.tar.gz-file with the new >ClamAV included. Is there any indication on when we can expect it? > >Thanks in advance!! > > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQr1zQhH2WUcUFbZUEQIRHACfTQmq81u73U7+YHfYXzfU9ZZPD8EAoK/x sXHPm1TM0bw9+cuKrahxBRbW =h6vl -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jun 25 16:13:02 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:07 2006 Subject: ClamAV/Spamassassin-tar-gz file? Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Done. It's on the web site now. Wietse Muizelaar wrote: >Hi, > >There seems to be not yet a new ClamAV/Spamassassin.tar.gz-file with the new >ClamAV included. Is there any indication on when we can expect it? > >Thanks in advance!! > > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQr10fxH2WUcUFbZUEQIFnwCfS3dWJQZx4qhtmc8j8oSk9486fHAAnRTw wZeOJmIZjTj03Uyb2GpRUPAY =WumG -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From wietse at BOUDISQUE.NL Sat Jun 25 16:16:14 2005 From: wietse at BOUDISQUE.NL (Wietse Muizelaar) Date: Thu Jan 12 21:30:07 2006 Subject: ClamAV/Spamassassin-tar-gz file? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thnx! On Saturday, June 25, 2005 5:13 PM [GMT+1=CET], Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Done. > It's on the web site now. > > Wietse Muizelaar wrote: > >> Hi, >> >> There seems to be not yet a new ClamAV/Spamassassin.tar.gz-file with >> the new ClamAV included. Is there any indication on when we can >> expect it? >> >> Thanks in advance!! >> >> >> > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.1 (Build 2185) > > iQA/AwUBQr10fxH2WUcUFbZUEQIFnwCfS3dWJQZx4qhtmc8j8oSk9486fHAAnRTw > wZeOJmIZjTj03Uyb2GpRUPAY > =WumG > -----END PGP SIGNATURE----- > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ade at INFORMATICS.BANGOR.AC.UK Sat Jun 25 16:34:04 2005 From: ade at INFORMATICS.BANGOR.AC.UK (Ade Fewings) Date: Thu Jan 12 21:30:07 2006 Subject: OT: Aeron chairs Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] >Has anyone here tried out an Aeron chair? Am thinking of getting one at >work. Opinion seems to be very strong and split 50:50 between the lovers >and the haters. Any alternatives (other than Steelcase) that anyone prefers? > > Yes, tried one about 4 years ago and now have bought my own a few weeks back. I'm definitely a lover of the Aeron, but i'm thinking it will be **even better** when I get a PostureFit extra for the lower-back section. More importantly, not only is it comfortable, but I had been having some tolerable back pain and that has gone since I got the Aeron. Of course, I couldn't afford a brand new one.........but if I could that shiny chrome effect thing on the new ones looks awesome. I guess it comes down to who is paying for it......... Cheers Ade -- ___________________________________________________ Ade Fewings MEng School of Informatics, University of Wales, Bangor, Dean Street, Bangor, Gwynedd. LL57 1UT. UK. ade@informatics.bangor.ac.uk www.informatics.bangor.ac.uk/~ade Tel: +44 (0)1248 382736 Fax: +44 (0)1248 361429 ___________________________________________________ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jun 25 16:39:03 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:07 2006 Subject: OT: Aeron chairs Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ade Fewings wrote: >> Has anyone here tried out an Aeron chair? Am thinking of getting one >> at work. Opinion seems to be very strong and split 50:50 between the >> lovers and the haters. Any alternatives (other than Steelcase) that >> anyone prefers? > > Yes, tried one about 4 years ago and now have bought my own a few > weeks back. I'm definitely a lover of the Aeron, but i'm thinking it > will be **even better** when I get a PostureFit extra for the > lower-back section. More importantly, not only is it comfortable, but > I had been having some tolerable back pain and that has gone since I > got the Aeron. Of course, I couldn't afford a brand new > one.........but if I could that shiny chrome effect thing on the new > ones looks awesome. I guess it comes down to who is paying for > it......... I was definitely going for the Posturefit back. What of it comes in chrome? I was going to be very unoriginal and do it all in black. Is the lumbar support bit worth getting or won't I ever use it? - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQr16mBH2WUcUFbZUEQKIagCeItgwLixiVFl1c6hOEu5cikFFtvQAni96 WUkudWY3+VH5ktGI1nndgFKF =gxAR -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ade at INFORMATICS.BANGOR.AC.UK Sat Jun 25 16:49:30 2005 From: ade at INFORMATICS.BANGOR.AC.UK (Ade Fewings) Date: Thu Jan 12 21:30:07 2006 Subject: OT: Aeron chairs Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] >>>Has anyone here tried out an Aeron chair? Am thinking of getting one >>>at work. Opinion seems to be very strong and split 50:50 between the >>>lovers and the haters. Any alternatives (other than Steelcase) that >>>anyone prefers? >>> >>> >>Yes, tried one about 4 years ago and now have bought my own a few >>weeks back. I'm definitely a lover of the Aeron, but i'm thinking it >>will be **even better** when I get a PostureFit extra for the >>lower-back section. More importantly, not only is it comfortable, but >>I had been having some tolerable back pain and that has gone since I >>got the Aeron. Of course, I couldn't afford a brand new >>one.........but if I could that shiny chrome effect thing on the new >>ones looks awesome. I guess it comes down to who is paying for >>it......... >> >> > >I was definitely going for the Posturefit back. What of it comes in >chrome? I was going to be very unoriginal and do it all in black. Is the >lumbar support bit worth getting or won't I ever use it? > You either have PostureFit or Lumbar Support but not both, and I believe the PostureFit is better - it's certainly newer, more expensive and more sophisticated-looking. The chrome effect stuff is just the shiny metalwork, instead of all black....as shown in the pics of the HM website ( http://www.hermanmiller.com/CDA/SSA/Product/0,,a10-c440-p8,00.html ) - I think it looks pretty cool, but I guess with that and the PostureFit, the price is heading north of a lot! My justification is that you wouldn't expect a tree-surgeon to go to work without the necessary equipment for safety and health purposes, so why shouldn't I have a good chair, seeing as i'm going to be sat in it **a lot**. I guess overall, I would say it's a lot to spend on getting something if you haven't tried it, so it's worth investigating a test-run if you can. However, nobody here that has sat in my chair has said anything other than "isn't it comfortable?" Cheers Ade -- ___________________________________________________ Ade Fewings MEng School of Informatics, University of Wales, Bangor, Dean Street, Bangor, Gwynedd. LL57 1UT. UK. ade@informatics.bangor.ac.uk www.informatics.bangor.ac.uk/~ade Tel: +44 (0)1248 382736 Fax: +44 (0)1248 361429 ___________________________________________________ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jun 25 16:51:07 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:07 2006 Subject: OT: Aeron chairs Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Julian Field wrote: > * PGP Signed: 06/25/05 at 16:39:04 > > Ade Fewings wrote: > >>> Has anyone here tried out an Aeron chair? Am thinking of getting one >>> at work. Opinion seems to be very strong and split 50:50 between the >>> lovers and the haters. Any alternatives (other than Steelcase) that >>> anyone prefers? >> >> >> Yes, tried one about 4 years ago and now have bought my own a few >> weeks back. I'm definitely a lover of the Aeron, but i'm thinking it >> will be **even better** when I get a PostureFit extra for the >> lower-back section. More importantly, not only is it comfortable, >> but I had been having some tolerable back pain and that has gone >> since I got the Aeron. Of course, I couldn't afford a brand new >> one.........but if I could that shiny chrome effect thing on the new >> ones looks awesome. I guess it comes down to who is paying for >> it......... > > > I was definitely going for the Posturefit back. What of it comes in > chrome? I was going to be very unoriginal and do it all in black. Is > the lumbar support bit worth getting or won't I ever use it? > Ah, just re-read it. PostureFit is an alternative to lumbar support. Will go with PostureFit. And the one with loads of chrome does look very nice indeed, I'm definitely swung on that, all black will look very boring. So going for black leather armrests (just height adjustable, no pivot), black pelicule or whatever it's called. The titanium one looks cool but I don't even want to *think* how much it costs! Now to pursuade someone to pay for it for me :-) All comments welcome, of course! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQr19bBH2WUcUFbZUEQLhqQCg6D9/6kJZj7jS0jjidaWm+erp0rAAoLf6 DedgS+qJXvpAMXEwUsBzHZg6 =K7/Y -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Sat Jun 25 17:47:23 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:30:07 2006 Subject: Probably OT: Stupid stupid outlook (as usual!) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 6/24/05, Kevin Miller wrote: > Stef Morrell wrote: > > So, I've got a virus bounce. Clearly I've emailed someone, they've > > got a virus and norton therefore thinks I should get spammed. > > > > MailScanner has washed it through spamassassin which has correctly > > identified that it's a virus bounce, but outlook has ignored the > > "Subject:" header, which would have junked it into my spam bin, and > > instead seems to be using the "Thread-Topic:" header as it's subject. > > > > Any bright ideas to fix/workaround this? Please direct all "don't use > > outlook" to /dev/null, I don't make group IT policy! ;) > > > > Stef > > Really hard to say w/o being able to see how you have Outlook configured. > Are you using rules? What version of Outlook? I'd play w/the ruleset and > tweak it, then run it until you get the desired results. By the time it > gets to Outlook it's way beyond anything to do w/MailScanner and there's a > jillion ways that your Outlook could be set up that we have no way of > knowing about. > > Lotsa luck... > > ...Kevin > -- > Kevin Miller Registered Linux User No: 307357 > CBJ MIS Dept. Network Systems Admin., Mail Admin. > 155 South Seward Street ph: (907) 586-0242 > Juneau, Alaska 99801 fax: (907 586-4500 If you can, strip off the Thread-Topic: header in the MTA (easy in postfix), so that the silly thing don't have it to play with ....:-). Or (as Kevin says) .... play with the "rules" things and see what gives. -- -- Glenn (finally sobering up after excessive Midsummers bingeing:-) email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Sat Jun 25 18:14:00 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:30:07 2006 Subject: MailScanner setup questions Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Issue no 1 is solely to do with bitdefender. I've seen it behave like this once... a while back (more than 6 months). Solution was to "rpm -e" it, then DL and install the current from their site (as explained in the wiki:-). The "mailscanner on strike" issue is probably a case of razor dropping its logfile into the hold queue. Make razor behave (either by explicitly stating where it should find/put things, or by making Postfixs homedir writeable, become postfix, run the discovery, revert ostfix to "not writeable by postfix user... You only need do that the first time, after that you just need run the discovery script as postfix). Same goes for pyzor, although pyzor wont put any logfile in the hold queue;). Others have covered the rest, so I'll shut up now ... except to say that you're not alone in running this type of thing on Mad'n'drunk ... er, Mandriva (they just had to be both a bit mad and slightly high on *something* to dream up that name:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dward at NCCUMC.ORG Sat Jun 25 18:13:31 2005 From: dward at NCCUMC.ORG (Douglas Ward) Date: Thu Jan 12 21:30:07 2006 Subject: MailScanner setup questions Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thank you for this information. Where would I find the newer build? I have downloaded this file from BitDefender's website directly and it is the lower build. Where did you find build 2492? Thanks! Douglas Ward Director of Information Technology NC Methodist Conference 1307 Glenwood Ave. Raleigh, NC 27605 Work: (919) 832-9560 ext. 227 Fax: (919) 834-7989 ________________________________ From: MailScanner mailing list on behalf of Matt Kettler Sent: Fri 6/24/2005 11:59 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: MailScanner setup questions Douglas Ward wrote: > I have set up an e-mail gateway server using the following software: MailScanner, Postfix, Mandrake LE2005, ClamAV, SpamAssassin, and BitDefender. During the setup I have run into a few problems. After much research I have decided to send out these questions. I appreciate any advice you could offer. > > 1) BitDefender will not auto-update. When I enter the command "bdc --update" I get the following reply: > > [root@barnabus etc]# bdc --update > BDC/Linux-Console v7.0 (build 2490) (i386) (Dec 10 2003 16:11:35) > Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. > > Error: can't find update dll That's weird, I don't have that file, or any reference to it in any of my bitdefender files. However, I'm running a newer build. Perhaps you should get a newer version? BDC/Linux-Console v7.0 (build 2492) (i386) (Dec 11 2003 13:24:00) Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. (note build 2492 instead of 2490). > > I noticed that in bdc.ini the UpdateHttpLocation field was pointing to a URL that no longer exists. Mine points to: UpdateHttpLocation = http://upgrade.bitdefender.com/update7 > I updated it to point to an ftp site where I have been manually downloading the updates. That's inadvisable, as bdc isn't looking for a URL to a block of files. you SHOULD get an access forbidden error if you go to the URL directly without any parameters that bdc adds. I suspect your copy of BDC is just outdated and can't communicate with their current update server. Either that, or you broke the updates by trying to fix them. >The default install was in /opt/bdc which is where the bitdefender-wrapper is pointing to. >I can see clamav-wrapper and clamscan appearing in top but do not see bitdefender. Did you add bitdefender to your virus scanners statement in mailscanner.conf? Virus Scanners = clamav bitdefender or Virus Scanners = clamavmodule bitdefender > > 2) Does MailScanner auto update these definition files? I have set a cron job to run freshclam periodically and have been manually updating BitDefender until question number one is resolved. Do I need to worry about this? Yes, but it does so by calling bdc --update. It also auto-updates clamav, so you don't need to run freshclam in cron. > 3) MailScanner has been shutting down at random times overnight. We can't find errors in any log files on the server. Is MailScanner supposed to restart itself periodically? If so, is there a restart command I am missing somewhere? We have set up a cron job to try to start MailScanner every hour until we get this figured out. Erm, MailScanner should have a check_MailScanner hourly cronjob. It should have been installed when you installed MailScanner. > > 4) I have downloaded the dcc, pyzor, and razor packages from urpmi and see pyzor working in top. Are there any further steps I have to take to configure/update these packages? The documentation has proven rather difficult to figure out. No. Unless manually disabled, spamassassin will auto use them. Disclaimer: In future releases, (SA 3.1.0 RC1, etc) SA will have dcc and razor disabled by default due to license restrictions. These tools are now free for most places to use, but there are some situations where they become non-free. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dward at NCCUMC.ORG Sat Jun 25 18:18:04 2005 From: dward at NCCUMC.ORG (Douglas Ward) Date: Thu Jan 12 21:30:07 2006 Subject: MailScanner setup questions Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thank you for this information. I see where razor-agent.log is being written to in the /var/spool/postfix/hold directory. I changed the log file patch in /root/.razor/razor-agent.conf to the /var/log directory and it still keeps writing to the postfix spool. Do I need to restart something for the change to take effect? Thanks! ________________________________ From: MailScanner mailing list on behalf of Martin Hepworth Sent: Fri 6/24/2005 11:28 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: MailScanner setup questions Kostas If it stops after 4 hours and doesn't restart make sure there are only email spool files in the 'Incoming Directory' as defined in MailScanner.conf. If there are things like .razor etc etc make sure the program creating these files/dirs are told to use working dirs etc elsewhere. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Lekas, Kosta wrote: > I am having the same problem, MailScanner stops responding with no > indication in the logs as to why this is happening. I am also using > postfix/clamav/spamassassin. > > Kosta Lekas > Fox River Financial Resources > 630.482.7142 - office > 630.885.9355 - mobile > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Martin Hepworth > Sent: Friday, June 24, 2005 9:52 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: MailScanner setup questions > > Douglas > > see inline > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Douglas Ward wrote: > >>I have set up an e-mail gateway server using the following software: > > MailScanner, Postfix, Mandrake LE2005, ClamAV, SpamAssassin, and > BitDefender. During the setup I have run into a few problems. After > much research I have decided to send out these questions. I appreciate > any advice you could offer. > >>1) BitDefender will not auto-update. When I enter the command "bdc > > --update" I get the following reply: > >>[root@barnabus etc]# bdc --update >>BDC/Linux-Console v7.0 (build 2490) (i386) (Dec 10 2003 16:11:35) >>Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. >> >>Error: can't find update dll >> >>I noticed that in bdc.ini the UpdateHttpLocation field was pointing to > > a URL that no longer exists. I updated it to point to an ftp site where > I have been manually downloading the updates. The default install was > in /opt/bdc which is where the bitdefender-wrapper is pointing to. I > can see clamav-wrapper and clamscan appearing in top but do not see > bitdefender. > >>2) Does MailScanner auto update these definition files? I have set a > > cron job to run freshclam periodically and have been manually updating > BitDefender until question number one is resolved. Do I need to worry > about this? > > > yes - run /opt/MailScanner/bin/update_virus_scanners (or whereever this > is on your system) and it will do all the scanners you have defined in > MailScanner.conf > > >>3) MailScanner has been shutting down at random times overnight. We > > can't find errors in any log files on the server. Is MailScanner > supposed to restart itself periodically? If so, is there a restart > command I am missing somewhere? We have set up a cron job to try to > start MailScanner every hour until we get this figured out. > > > yes - stops memory leaks. should restart a new one in its place. If not > as again. > > >>4) I have downloaded the dcc, pyzor, and razor packages from urpmi and > > see pyzor working in top. Are there any further steps I have to take to > configure/update these packages? The documentation has proven rather > difficult to figure out. > > > with pyzor/razor you have run a little update script about once per day. > > The pyzor one is "/usr/local/bin/pyzor discover". I guess the razor one > is similar see the man entry. > > >>I apologize for dumping so many questions on the list at one time. I > > have put a lot of time into this gateway and am having difficulty > figuring out these four problems. Despite all of this e-mail is being > delivered properly (unless MailScanner stops) to several linux and one > Exchange server behind the gateway. I also appreciate your patience > with these newbie questions. Thanks for your help! > > S'alright, we all have to start somewhere. > > >>Douglas Ward >>Director of Information Technology >>NC Methodist Conference >>1307 Glenwood Ave. > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Sat Jun 25 18:28:23 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:30:07 2006 Subject: MailScanner setup questions Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 6/25/05, Douglas Ward wrote: > Thank you for this information. Where would I find the newer build? I have downloaded this file from BitDefender's website directly and it is the lower build. Where did you find build 2492? Thanks! > > Douglas Ward > Director of Information Technology > NC Methodist Conference > 1307 Glenwood Ave. > Raleigh, NC 27605 > Work: (919) 832-9560 ext. 227 > Fax: (919) 834-7989 > (snip) I *think* (I'm on vacation and can't check any details:) this is "automagic" when the updates work.... Which they should once you've reinstalled it. If not, check out their knowledgebase, you might need some compat lib or other (although I doubt it). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Sat Jun 25 18:33:41 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:30:07 2006 Subject: MailScanner setup questions Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 6/25/05, Douglas Ward wrote: > Thank you for this information. I see where razor-agent.log is being written to in the /var/spool/postfix/hold directory. I changed the log file patch in /root/.razor/razor-agent.conf to the /var/log directory and it still keeps writing to the postfix spool. Do I need to restart something for the change to take effect? Thanks! > (snip) Ah, but does MailScanner run as root? Not likely with a postfix setup (and definitely not with an Mdv setup... they default to the non-writeable chrooted postfix $HOME;). So you need a .razor (and .pyzor) in ~postfix (/var spool/postfix IIRC). This is why you need do some silly hoops with it:-). You could probably just set things up as root, then copy over the directories to ~postfix and the chown them over to the postfix user. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jun 25 19:11:00 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:07 2006 Subject: Probably OT: Stupid stupid outlook (as usual!) Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Glenn Steen wrote: >On 6/24/05, Kevin Miller wrote: > > >>Stef Morrell wrote: >> >> >>>So, I've got a virus bounce. Clearly I've emailed someone, they've >>>got a virus and norton therefore thinks I should get spammed. >>> >>>MailScanner has washed it through spamassassin which has correctly >>>identified that it's a virus bounce, but outlook has ignored the >>>"Subject:" header, which would have junked it into my spam bin, and >>>instead seems to be using the "Thread-Topic:" header as it's subject. >>> >>>Any bright ideas to fix/workaround this? Please direct all "don't use >>>outlook" to /dev/null, I don't make group IT policy! ;) >>> >>>Stef >>> >>> >>Really hard to say w/o being able to see how you have Outlook configured. >>Are you using rules? What version of Outlook? I'd play w/the ruleset and >>tweak it, then run it until you get the desired results. By the time it >>gets to Outlook it's way beyond anything to do w/MailScanner and there's a >>jillion ways that your Outlook could be set up that we have no way of >>knowing about. >> >>Lotsa luck... >> >>...Kevin >>-- >>Kevin Miller Registered Linux User No: 307357 >>CBJ MIS Dept. Network Systems Admin., Mail Admin. >>155 South Seward Street ph: (907) 586-0242 >>Juneau, Alaska 99801 fax: (907 586-4500 >> >> > >If you can, strip off the Thread-Topic: header in the MTA (easy in >postfix), so that the silly thing don't have it to play with ....:-). >Or (as Kevin says) .... play with the "rules" things and see what gives. > > MailScanner can delete any arbitrary headers you tell it to. See the "Remove These Headers" setting. Perfect for killing those nasty "read receipts" and "received receipts" that Exchange sends out without even telling you it's doing it. The comment above the setting tells you exactly what you need to do to achieve this. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQr2eNxH2WUcUFbZUEQKHJACdF/1rnL7l52sFba85QjVLbDElAywAoPdi V/9NvvMJp4cIL84avkYaRXdq =1wFw -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Sat Jun 25 22:56:57 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:30:07 2006 Subject: MailScanner setup questions Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Douglas Ward wrote: >Thank you for this information. I see where razor-agent.log is being written to in the /var/spool/postfix/hold directory. I changed the log file patch in /root/.razor/razor-agent.conf to the /var/log directory and it still keeps writing to the postfix spool. Do I need to restart something for the change to take effect? Thanks! > > You need to put razor_config /var/spool/MailScanner/spamassassin/razor (or where ever you chose to put the .razor directory) and for pyzor pyzor_options --homedir /var/spool/MailScanner/spamassassin (Again to the directory of your choice) This will stop razor defaulting to Postfix's home directory or hold queue. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From james at grayonline.id.au Sat Jun 25 23:59:20 2005 From: james at grayonline.id.au (James Gray) Date: Thu Jan 12 21:30:07 2006 Subject: OT: Aeron chairs Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Sun, 26 Jun 2005 12:47 am, Julian Field wrote: > Very off-topic: > > Has anyone here tried out an Aeron chair? Am thinking of getting one at > work. Opinion seems to be very strong and split 50:50 between the lovers > and the haters. Any alternatives (other than Steelcase) that anyone > prefers? > > Thanks folks, > Jules. Where I work, IT Operations are lucky if we can expense a milk crate to sit on! If you can swing anything better - go for it!! ;) James -- There are two kinds of fool. One says, "This is old, and therefore good." And one says, "This is new, and therefore better" -- John Brunner, "The Shockwave Rider" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/PGP-SIGNATURE 196bytes. ] [ Unable to print this part. ] From pete at ENITECH.COM.AU Sun Jun 26 07:49:42 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:30:07 2006 Subject: MailScanner setup questions Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Douglas Ward wrote: > Thank you for this information. Where would I find the newer build? I have downloaded this file from BitDefender's website directly and it is the lower build. Where did you find build 2492? Thanks! > I have the same issue on one machine. BDC/Linux-Console v7.0 (build 2490) (i386) (Dec 10 2003 16:11:35) Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. Error: can't find update dll and on another identical (well its meant to be identical) i get BDC/Linux-Console v7.0 (build 2490) (i386) (Dec 10 2003 16:11:35) Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. No update available. If you do manage to resolve it please post the solution here ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Sun Jun 26 10:39:57 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:30:07 2006 Subject: MailScanner setup questions Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 6/26/05, Pete Russell wrote: > Douglas Ward wrote: > > Thank you for this information. Where would I find the newer build? I have downloaded this file from BitDefender's website directly and it is the lower build. Where did you find build 2492? Thanks! > > > > I have the same issue on one machine. > > BDC/Linux-Console v7.0 (build 2490) (i386) (Dec 10 2003 16:11:35) > Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. > > Error: can't find update dll > > and on another identical (well its meant to be identical) i get > > BDC/Linux-Console v7.0 (build 2490) (i386) (Dec 10 2003 16:11:35) > Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. > > No update available. > > If you do manage to resolve it please post the solution here > Hm, did you try the reinstall Pete? Sometimes bdc gets a bum update and really confuses the hell out of itself:-(. Unfortunately my memory too vacation way before I did, so I don't rightly know what I did, but I do have a vague recollection that a simple remove/install did the trick... About the build numbers... I'm not too sure, but might this not just reflect the diffs between the two builds they offer (gcc29x and gcc3x)? Seems most likely to my slightly less hung over head....:) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun Jun 26 12:49:12 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:07 2006 Subject: OT: Aeron chairs Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 James Gray wrote: >* PGP Signed by an unknown key: 06/25/05 at 23:59:24 >On Sun, 26 Jun 2005 12:47 am, Julian Field wrote: > > >>Very off-topic: >> >>Has anyone here tried out an Aeron chair? Am thinking of getting one at >>work. Opinion seems to be very strong and split 50:50 between the lovers >>and the haters. Any alternatives (other than Steelcase) that anyone >>prefers? >> >>Thanks folks, >>Jules. >> >> > >Where I work, IT Operations are lucky if we can expense a milk crate to sit >on! If you can swing anything better - go for it!! ;) > > I have been on a good hunt, and have read pages and pages of comment on the Aeron. As a result of that, I have found a much better replacement, and this has a head-rest as well which moves into place when you recline the chair. It stays out of the way when you have the chair back upright. It's the Humanscale Freedom and looks like the best solution. Now to find a supplier in the UK! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQr6WQhH2WUcUFbZUEQKNQQCfeH9RHzwlfo8TX5zaYCH3l3KwUekAn270 dGaKetwUnF19JVNEdNRaSGSi =/T+y -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at blacknight.ie Sun Jun 26 13:12:53 2005 From: michele at blacknight.ie (Michele Neylon:: Blacknight.ie) Date: Thu Jan 12 21:30:07 2006 Subject: OT: Aeron chairs Message-ID: > > Now to find a supplier in the UK! > Google is your friend: http://url.ie/a7 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at nkpanama.com Sun Jun 26 14:33:41 2005 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Jan 12 21:30:07 2006 Subject: MailScanner setup questions Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Pete Russell wrote: > Douglas Ward wrote: > >> Thank you for this information. Where would I find the newer build? >> I have downloaded this file from BitDefender's website directly and >> it is the lower build. Where did you find build 2492? Thanks! >> > > > I have the same issue on one machine. > > BDC/Linux-Console v7.0 (build 2490) (i386) (Dec 10 2003 16:11:35) > Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. > > Error: can't find update dll > > and on another identical (well its meant to be identical) i get > > BDC/Linux-Console v7.0 (build 2490) (i386) (Dec 10 2003 16:11:35) > Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. > > No update available. > > If you do manage to resolve it please post the solution here > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! I fixed it on mine by [up2date|apt-get|yum] getting some libstdc++-compat thingy. Seems the OS is too brand-spanking-new and bdc's been compiled against older libraries, so it doesn't run unless you install them (methinks, since IANAP). ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From sdouglas at netnettech.com Sun Jun 26 15:29:28 2005 From: sdouglas at netnettech.com (Steve Douglas) Date: Thu Jan 12 21:30:07 2006 Subject: Installation Questions Regarding RPM / tar.gz Message-ID: Server: RH9, 1GB Ram, 2.4 GHz, 80gb disk space, Perl 5.8.0, updated all modules related and/or unrelated to MS, SpamAssassin v3.0.4 Situation: I am lost regarding the .conf files. I have tried the RPMs and non-RPM installation of MS. After the first attempt and second attempt there were no modifications to the pre-existing .conf files (4.1x). I am trying to install the June stable upgrade and the .conf files remain the same. Problem: I am unable to locate the upgrade script that once would modify the .conf files. This situation does apply to the .rules files as well. Assumed Result: I have opted to install the tar.gz route. I am configuring the files and am using sendmail. If after configuring the .conf files and they are in place, what should I do if the prompt states mailscanner can not be found or no such command. Any help is really appreciated. S. Douglas St. Louis, Missouri, US ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ja at CONVIATOR.COM Sun Jun 26 16:33:51 2005 From: ja at CONVIATOR.COM (Jan Agermose) Date: Thu Jan 12 21:30:07 2006 Subject: OT: malscanner server bypassed Message-ID: Hi A bit off topic i think J I have a mailscanner server running in front of the pop3/smtp server. As the pop3 server receives mail for domains not handled by the mailscanner server I cannot close down the pop3 server for mail not coming from/through the mailscanner. Now the problem is that a lot of spam seams to hit the pop3 server for domains handled by the mailscanner but looking at the mailheader it looks like the spammails where delivered to the pop3 server directly bypassing the mailscanner. Could this be correct? And is this possible to prevent in any? The MX of the domain is pointing to the mailscanner server. Mvh Jan ________________________________________________________________________________ [IMAGE] Jan Agermose CEO Conviator Tel. +45 35 266 460 Human Resource profile ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "image001.gif" Image/GIF 732bytes. ] [ Unable to print this part. ] From michele at blacknight.ie Sun Jun 26 16:53:49 2005 From: michele at blacknight.ie (Michele Neylon:: Blacknight.ie) Date: Thu Jan 12 21:30:07 2006 Subject: malscanner server bypassed Message-ID: Jan Agermose wrote: > Hi > > A bit off topic i think J I have a mailscanner server running in > front of the pop3/smtp server. As the pop3 server receives mail for > domains not handled by the mailscanner server I cannot close down the > pop3 server for mail not coming from/through the mailscanner. > > Now the problem is that a lot of spam seams to hit the pop3 server > for domains handled by the mailscanner but looking at the mailheader > it looks like the spammails where delivered to the pop3 server > directly bypassing the mailscanner. Could this be correct? And is > this possible to prevent in any? > > The MX of the domain is pointing to the mailscanner server. > > Mvh > Sounds like they are targetting the A records. There is very little that you can do if the server holding the A record has to accept mail from the 'net. Michele Mr Michele Neylon Blacknight Internet Solutions Ltd Quality Hosting, co-location & domains http://www.blacknight.ie/ Tel. +353 59 9183072 Tired of your current host? Save 15% when you move to us! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Image/GIF 732bytes. ] [ Unable to print this part. ] From Chris.Russell at KNOWLEDGEIT.CO.UK Sun Jun 26 18:08:36 2005 From: Chris.Russell at KNOWLEDGEIT.CO.UK (Chris Russell) Date: Thu Jan 12 21:30:07 2006 Subject: malscanner server bypassed Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] ___________________________________________________________________ The contents of this e-mail may be privileged and are confidential. It may not be disclosed to or used by anyone other than the addressee(s), nor copied in any way. Any views or opinions presented are solely those of the author and do not necessarily represent those of Knowledge Limited. If received in error, please advise the sender, then delete it from your system. ___________________________________________________________________ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Chris.Russell at KNOWLEDGEIT.CO.UK Sun Jun 26 18:37:25 2005 From: Chris.Russell at KNOWLEDGEIT.CO.UK (Chris Russell) Date: Thu Jan 12 21:30:07 2006 Subject: malscanner server bypassed Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] ___________________________________________________________________ The contents of this e-mail may be privileged and are confidential. It may not be disclosed to or used by anyone other than the addressee(s), nor copied in any way. Any views or opinions presented are solely those of the author and do not necessarily represent those of Knowledge Limited. If received in error, please advise the sender, then delete it from your system. ___________________________________________________________________ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Chris.Russell at KNOWLEDGEIT.CO.UK Sun Jun 26 18:54:08 2005 From: Chris.Russell at KNOWLEDGEIT.CO.UK (Chris Russell) Date: Thu Jan 12 21:30:07 2006 Subject: malscanner server bypassed Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Sorry, code included below. Not sure why this wasn't included, I blame owa =) Chris hostlist trusted_hosts = \ your.mailscanner.ip In our rcpt to: ACL (where domains.protected is a list of the mailscanner domains): deny message = This domain is protected via a mail scanning service. \ Please send via the appropriate MX records log_message = found attempted skip of mx record for a \ protected domain, blocked at rcpt time domains = lsearch;/usr/exim/conf/domains.protected hosts = !+trusted_hosts ___________________________________________________________________ The contents of this e-mail may be privileged and are confidential. It may not be disclosed to or used by anyone other than the addressee(s), nor copied in any way. Any views or opinions presented are solely those of the author and do not necessarily represent those of Knowledge Limited. If received in error, please advise the sender, then delete it from your system. ___________________________________________________________________ From Chris.Russell at KNOWLEDGEIT.CO.UK Sun Jun 26 18:50:15 2005 From: Chris.Russell at KNOWLEDGEIT.CO.UK (Chris Russell) Date: Thu Jan 12 21:30:07 2006 Subject: malscanner server bypassed Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] .. Final go, again, apologies for any dupes =) Hi, I have to disagree with Michelle, this is something that is possible to solve dependant on your knowledge of your pop3 server MTA configuration. The solution (IE: some protected domains, some not) isn't too difficult. All you need to do is run a test for your protected domains to see if they're from your MailScanner server on your pop3 MTA. If they are, accept the message, if not, reject that message. Only thing you need to ensure is this goes after allowing internal relay hosts, authenticated hosts, etc, so internal mail isn't blocked. We use Exim, I've included the relevant config extracts below. Hope this helps, I have no idea on other MTA's these days. Cheers, Chris ___________________________________________________________________ The contents of this e-mail may be privileged and are confidential. It may not be disclosed to or used by anyone other than the addressee(s), nor copied in any way. Any views or opinions presented are solely those of the author and do not necessarily represent those of Knowledge Limited. If received in error, please advise the sender, then delete it from your system. ___________________________________________________________________ From MailScanner at ecs.soton.ac.uk Sun Jun 26 19:05:39 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:07 2006 Subject: Released: Plugin Spam Scanner Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have just released beta version 4.34.5. This includes the Plugin Custom Spam Scanner facility which some of you have been requesting for a while. See the comments in MailScanner.conf and /usr/lib/MailScanner/MailScanner/CustomFunctions/GenericSpamScanner.pm for more details. But basically you get a function called with the basic envelope details about the message, and the contents of the message headers and body. Your function returns a score for the message which is added to the SpamAssassin score for the message, and a text report which is added to the SpamCheck header. You can easily turn that into a call to an external program to process this information and produce a result. Sample code is provided to do this. Let me know how you get on. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQr7uehH2WUcUFbZUEQLeCgCfTwdwFSqOVq+ArB5f+CS77LC1ta4AoOah NzmL2EfxHvMdd7w1Dvz+rH/b =eUh+ -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun Jun 26 19:11:31 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:07 2006 Subject: Installation Questions Regarding RPM / tar.gz Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 If using RedHat, you should be using the RedHat RPM distribution of MailScanner. This will install all the startup scripts that you need, and will provide the upgrade_MailScanner_conf and upgrade_languages_conf scripts that you need. Then once installed, just follow the instructions it prints out for you, and you will all be up and running. Steve Douglas wrote: >Server: RH9, 1GB Ram, 2.4 GHz, 80gb disk space, Perl 5.8.0, updated all >modules related and/or unrelated to MS, SpamAssassin v3.0.4 > >Situation: I am lost regarding the .conf files. I have tried the RPMs and >non-RPM installation of MS. After the first attempt and second attempt >there were no modifications to the pre-existing .conf files (4.1x). I am >trying to install the June stable upgrade and the .conf files remain the >same. > >Problem: I am unable to locate the upgrade script that once would modify the >.conf files. This situation does apply to the .rules files as well. > >Assumed Result: I have opted to install the tar.gz route. I am configuring >the files and am using sendmail. If after configuring the .conf files and >they are in place, what should I do if the prompt states mailscanner can not >be found or no such command. Any help is really appreciated. > > >S. Douglas >St. Louis, Missouri, US > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQr7v3xH2WUcUFbZUEQKzsQCgwryFYZ83MeHoD4B+PO9lbHMlN1YAoKjB vWlJutL7d9ja9dm02Cia+U1w =Jo+L -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rakesh at NETCORE.CO.IN Sun Jun 26 19:57:28 2005 From: rakesh at NETCORE.CO.IN (Rakesh) Date: Thu Jan 12 21:30:07 2006 Subject: Released: Plugin Spam Scanner Message-ID: On Sun, 2005-06-26 at 19:05 +0100, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I have just released beta version 4.34.5. > This includes the Plugin Custom Spam Scanner facility which some of you > have been requesting for a while. > > See the comments in MailScanner.conf and > /usr/lib/MailScanner/MailScanner/CustomFunctions/GenericSpamScanner.pm > for more details. > > But basically you get a function called with the basic envelope details > about the message, and the contents of the message headers and body. > Your function returns a score for the message which is added to the > SpamAssassin score for the message, and a text report which is added to > the SpamCheck header. > > You can easily turn that into a call to an external program to process > this information and produce a result. Sample code is provided to do this. > > Let me know how you get on. I have just installed it and did a upgrade_mailscanner_conf. I was doing an upgrade from 4.43.3-1 to 4.43.5 The maillog there the following errors Jun 27 00:20:14 gw MailScanner[13581]: Syntax error(s) in configuration file: Jun 27 00:20:14 gw MailScanner[13581]: Unrecognised keyword "customspamscannertimeouthistory" at line 1489 Jun 27 00:20:14 gw MailScanner[13581]: Unrecognised keyword "customspamscannertimeout" at line 1476 Jun 27 00:20:14 gw MailScanner[13581]: Unrecognised keyword "maxcustomspamscannertimeouts" at line 1481 Jun 27 00:20:14 gw MailScanner[13581]: Aborting due to syntax errors in /etc/MailScanner/MailScanner.conf Did I miss something ? -- Rakesh Netcore Solutions Pvt. Ltd. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From sdouglas at netnettech.com Sun Jun 26 20:05:14 2005 From: sdouglas at netnettech.com (Steve Douglas) Date: Thu Jan 12 21:30:07 2006 Subject: Installation Questions Regarding RPM / tar.gz Message-ID: The only RedHat install I see for download is the .RPM based. I have tried this and it bombs out. It goes through the motions, but fails to install. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Sunday, June 26, 2005 1:12 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Installation Questions Regarding RPM / tar.gz -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 If using RedHat, you should be using the RedHat RPM distribution of MailScanner. This will install all the startup scripts that you need, and will provide the upgrade_MailScanner_conf and upgrade_languages_conf scripts that you need. Then once installed, just follow the instructions it prints out for you, and you will all be up and running. Steve Douglas wrote: >Server: RH9, 1GB Ram, 2.4 GHz, 80gb disk space, Perl 5.8.0, updated all >modules related and/or unrelated to MS, SpamAssassin v3.0.4 > >Situation: I am lost regarding the .conf files. I have tried the RPMs and >non-RPM installation of MS. After the first attempt and second attempt >there were no modifications to the pre-existing .conf files (4.1x). I am >trying to install the June stable upgrade and the .conf files remain the >same. > >Problem: I am unable to locate the upgrade script that once would modify the >.conf files. This situation does apply to the .rules files as well. > >Assumed Result: I have opted to install the tar.gz route. I am configuring >the files and am using sendmail. If after configuring the .conf files and >they are in place, what should I do if the prompt states mailscanner can not >be found or no such command. Any help is really appreciated. > > >S. Douglas >St. Louis, Missouri, US > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQr7v3xH2WUcUFbZUEQKzsQCgwryFYZ83MeHoD4B+PO9lbHMlN1YAoKjB vWlJutL7d9ja9dm02Cia+U1w =Jo+L -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun Jun 26 20:33:35 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:07 2006 Subject: Released: Plugin Spam Scanner Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Can you check you have got a /usr/lib/MailScanner/MailScanner/ConfigDefs.pl file that includes the word "CustomSpamScanner". Do cd /usr/lib/MailScanner/MailScanner grep CustomSpamScanner ConfigDefs.pl You might have got a ConfigDefs.pl.rpmnew or something odd. If something has gone wrong with the upgrade and you can't figure it out, please can you give me remote root access so I can test it? It worked fine on my systems, but then the usual "works for me" response isn't very helpful. Rakesh wrote: >On Sun, 2005-06-26 at 19:05 +0100, Julian Field wrote: > > >>-----BEGIN PGP SIGNED MESSAGE----- >>Hash: SHA1 >> >>I have just released beta version 4.34.5. >>This includes the Plugin Custom Spam Scanner facility which some of you >>have been requesting for a while. >> >>See the comments in MailScanner.conf and >>/usr/lib/MailScanner/MailScanner/CustomFunctions/GenericSpamScanner.pm >>for more details. >> >>But basically you get a function called with the basic envelope details >>about the message, and the contents of the message headers and body. >>Your function returns a score for the message which is added to the >>SpamAssassin score for the message, and a text report which is added to >>the SpamCheck header. >> >>You can easily turn that into a call to an external program to process >>this information and produce a result. Sample code is provided to do this. >> >>Let me know how you get on. >> >> > > >I have just installed it and did a upgrade_mailscanner_conf. I was doing >an upgrade from 4.43.3-1 to 4.43.5 > >The maillog there the following errors > >Jun 27 00:20:14 gw MailScanner[13581]: Syntax error(s) in configuration >file: >Jun 27 00:20:14 gw MailScanner[13581]: Unrecognised keyword >"customspamscannertimeouthistory" at line 1489 >Jun 27 00:20:14 gw MailScanner[13581]: Unrecognised keyword >"customspamscannertimeout" at line 1476 >Jun 27 00:20:14 gw MailScanner[13581]: Unrecognised keyword >"maxcustomspamscannertimeouts" at line 1481 >Jun 27 00:20:14 gw MailScanner[13581]: Aborting due to syntax errors >in /etc/MailScanner/MailScanner.conf > >Did I miss something ? > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun Jun 26 20:34:33 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:07 2006 Subject: Installation Questions Regarding RPM / tar.gz Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] What happens when you unpack it, cd into the new directory and ./install.sh ? If you don't run the ./install.sh script, I pretty much guarantee it will fail. Steve Douglas wrote: >The only RedHat install I see for download is the .RPM based. I have tried >this and it bombs out. It goes through the motions, but fails to install. > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf >Of Julian Field >Sent: Sunday, June 26, 2005 1:12 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Installation Questions Regarding RPM / tar.gz > >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >If using RedHat, you should be using the RedHat RPM distribution of >MailScanner. >This will install all the startup scripts that you need, and will >provide the upgrade_MailScanner_conf and upgrade_languages_conf scripts >that you need. > >Then once installed, just follow the instructions it prints out for you, >and you will all be up and running. > >Steve Douglas wrote: > > > >>Server: RH9, 1GB Ram, 2.4 GHz, 80gb disk space, Perl 5.8.0, updated all >>modules related and/or unrelated to MS, SpamAssassin v3.0.4 >> >>Situation: I am lost regarding the .conf files. I have tried the RPMs and >>non-RPM installation of MS. After the first attempt and second attempt >>there were no modifications to the pre-existing .conf files (4.1x). I am >>trying to install the June stable upgrade and the .conf files remain the >>same. >> >>Problem: I am unable to locate the upgrade script that once would modify >> >> >the > > >>.conf files. This situation does apply to the .rules files as well. >> >>Assumed Result: I have opted to install the tar.gz route. I am configuring >>the files and am using sendmail. If after configuring the .conf files and >>they are in place, what should I do if the prompt states mailscanner can >> >> >not > > >>be found or no such command. Any help is really appreciated. >> >> >>S. Douglas >>St. Louis, Missouri, US >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> >> >> > >- -- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > >-----BEGIN PGP SIGNATURE----- >Version: PGP Desktop 9.0.1 (Build 2185) > >iQA/AwUBQr7v3xH2WUcUFbZUEQKzsQCgwryFYZ83MeHoD4B+PO9lbHMlN1YAoKjB >vWlJutL7d9ja9dm02Cia+U1w >=Jo+L >-----END PGP SIGNATURE----- > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at NKPANAMA.COM Sun Jun 26 20:36:21 2005 From: alex at NKPANAMA.COM (Alex Neuman) Date: Thu Jan 12 21:30:07 2006 Subject: malscanner server bypassed Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] This could be done on sendmail if /etc/mail/access supported "AND" type configs. Otherwise I think we could achieve something similar using if-then-else, like this: ## all our ip, domain or baduser rules go here first ## From:xxx.xxx.xxx.xxx OK # our ms server's IP To:domainprotectedbyms.com 557 Sorry, you have to go through the proper MX first That way, after all other access rules have been processed, if it's mail coming from our mailscanner server, it gets accepted. Otherwise, if it's mail for one of the protected domains, it gets rejected. I think that would work, but I refuse to run ANY mail system without mailscanner installed... :) Kudos to Julian... > > Sorry, code included below. Not sure why this wasn't included, I blame > owa =) > > Chris > > > > hostlist trusted_hosts = \ > your.mailscanner.ip > > In our rcpt to: ACL (where domains.protected is a list of the mailscanner > domains): > > deny message = This domain is protected via a mail > scanning service. \ > Please send via the appropriate > MX records > log_message = found attempted skip of mx record for a \ > protected domain, blocked at rcpt > time > domains = > lsearch;/usr/exim/conf/domains.protected > hosts = !+trusted_hosts > > > > > > ___________________________________________________________________ > > The contents of this e-mail may be privileged and are confidential. > It may not be disclosed to or used by anyone other than the > addressee(s), nor copied in any way. Any views or opinions > presented are solely those of the author and do not necessarily > represent those of Knowledge Limited. > > If received in error, please advise the sender, then delete it from > your system. > ___________________________________________________________________ > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From sdouglas at netnettech.com Sun Jun 26 21:12:54 2005 From: sdouglas at netnettech.com (Steve Douglas) Date: Thu Jan 12 21:30:07 2006 Subject: Installation Questions Regarding RPM / tar.gz Message-ID: The script runs as expected (it states "oh" you have this already -- I updated all the Perl modules from earlier MS installations). It reports the Convert::BinHex and MIME-tools couldn't be installed or dependency error. I have cpan'd in perl for each and they up-to-date. How can I completely remove MS safely knowing all the PERL modules are updated safely? After wiping the slate the theory is it should work. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Sunday, June 26, 2005 2:35 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Installation Questions Regarding RPM / tar.gz What happens when you unpack it, cd into the new directory and ./install.sh ? If you don't run the ./install.sh script, I pretty much guarantee it will fail. Steve Douglas wrote: >The only RedHat install I see for download is the .RPM based. I have tried >this and it bombs out. It goes through the motions, but fails to install. > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf >Of Julian Field >Sent: Sunday, June 26, 2005 1:12 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Installation Questions Regarding RPM / tar.gz > >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >If using RedHat, you should be using the RedHat RPM distribution of >MailScanner. >This will install all the startup scripts that you need, and will >provide the upgrade_MailScanner_conf and upgrade_languages_conf scripts >that you need. > >Then once installed, just follow the instructions it prints out for you, >and you will all be up and running. > >Steve Douglas wrote: > > > >>Server: RH9, 1GB Ram, 2.4 GHz, 80gb disk space, Perl 5.8.0, updated all >>modules related and/or unrelated to MS, SpamAssassin v3.0.4 >> >>Situation: I am lost regarding the .conf files. I have tried the RPMs and >>non-RPM installation of MS. After the first attempt and second attempt >>there were no modifications to the pre-existing .conf files (4.1x). I am >>trying to install the June stable upgrade and the .conf files remain the >>same. >> >>Problem: I am unable to locate the upgrade script that once would modify >> >> >the > > >>.conf files. This situation does apply to the .rules files as well. >> >>Assumed Result: I have opted to install the tar.gz route. I am configuring >>the files and am using sendmail. If after configuring the .conf files and >>they are in place, what should I do if the prompt states mailscanner can >> >> >not > > >>be found or no such command. Any help is really appreciated. >> >> >>S. Douglas >>St. Louis, Missouri, US >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> >> >> > >- -- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > >-----BEGIN PGP SIGNATURE----- >Version: PGP Desktop 9.0.1 (Build 2185) > >iQA/AwUBQr7v3xH2WUcUFbZUEQKzsQCgwryFYZ83MeHoD4B+PO9lbHMlN1YAoKjB >vWlJutL7d9ja9dm02Cia+U1w >=Jo+L >-----END PGP SIGNATURE----- > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From sdouglas at netnettech.com Sun Jun 26 21:18:23 2005 From: sdouglas at netnettech.com (Steve Douglas) Date: Thu Jan 12 21:30:07 2006 Subject: Installation Questions Regarding RPM / tar.gz Message-ID: I checked my mail log and apparently something is working. I will diagnose the following: Jun 26 15:15:56 xxxx MailScanner[26533]: Error in line 413 of /opt/MailScanner/etc/MailScanner.conf, line does not make sense. Error in line 987 of /opt/MailScanner/etc/MailScanner.conf, setting value of Hostname twice! Error in line 989 of /opt/MailScanner/etc/MailScanner.conf, setting value of Hostname twice! Can't continue processing configuration file until these errors have been corrected. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Sunday, June 26, 2005 2:35 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Installation Questions Regarding RPM / tar.gz What happens when you unpack it, cd into the new directory and ./install.sh ? If you don't run the ./install.sh script, I pretty much guarantee it will fail. Steve Douglas wrote: >The only RedHat install I see for download is the .RPM based. I have tried >this and it bombs out. It goes through the motions, but fails to install. > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf >Of Julian Field >Sent: Sunday, June 26, 2005 1:12 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Installation Questions Regarding RPM / tar.gz > >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >If using RedHat, you should be using the RedHat RPM distribution of >MailScanner. >This will install all the startup scripts that you need, and will >provide the upgrade_MailScanner_conf and upgrade_languages_conf scripts >that you need. > >Then once installed, just follow the instructions it prints out for you, >and you will all be up and running. > >Steve Douglas wrote: > > > >>Server: RH9, 1GB Ram, 2.4 GHz, 80gb disk space, Perl 5.8.0, updated all >>modules related and/or unrelated to MS, SpamAssassin v3.0.4 >> >>Situation: I am lost regarding the .conf files. I have tried the RPMs and >>non-RPM installation of MS. After the first attempt and second attempt >>there were no modifications to the pre-existing .conf files (4.1x). I am >>trying to install the June stable upgrade and the .conf files remain the >>same. >> >>Problem: I am unable to locate the upgrade script that once would modify >> >> >the > > >>.conf files. This situation does apply to the .rules files as well. >> >>Assumed Result: I have opted to install the tar.gz route. I am configuring >>the files and am using sendmail. If after configuring the .conf files and >>they are in place, what should I do if the prompt states mailscanner can >> >> >not > > >>be found or no such command. Any help is really appreciated. >> >> >>S. Douglas >>St. Louis, Missouri, US >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> >> >> > >- -- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > >-----BEGIN PGP SIGNATURE----- >Version: PGP Desktop 9.0.1 (Build 2185) > >iQA/AwUBQr7v3xH2WUcUFbZUEQKzsQCgwryFYZ83MeHoD4B+PO9lbHMlN1YAoKjB >vWlJutL7d9ja9dm02Cia+U1w >=Jo+L >-----END PGP SIGNATURE----- > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun Jun 26 21:31:10 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:07 2006 Subject: Released: Plugin Spam Scanner Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Various typos fixed. 4.43.6 now available. Julian Field wrote: > Can you check you have got a > /usr/lib/MailScanner/MailScanner/ConfigDefs.pl file that includes the > word "CustomSpamScanner". > > Do > cd /usr/lib/MailScanner/MailScanner > grep CustomSpamScanner ConfigDefs.pl > > You might have got a ConfigDefs.pl.rpmnew or something odd. > > If something has gone wrong with the upgrade and you can't figure it > out, please can you give me remote root access so I can test it? It > worked fine on my systems, but then the usual "works for me" response > isn't very helpful. > > Rakesh wrote: > >> On Sun, 2005-06-26 at 19:05 +0100, Julian Field wrote: >> >> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> I have just released beta version 4.34.5. >>> This includes the Plugin Custom Spam Scanner facility which some of >>> you have been requesting for a while. >>> >>> See the comments in MailScanner.conf and >>> /usr/lib/MailScanner/MailScanner/CustomFunctions/GenericSpamScanner.pm >>> for more details. >>> >>> But basically you get a function called with the basic envelope >>> details about the message, and the contents of the message headers >>> and body. Your function returns a score for the message which is >>> added to the SpamAssassin score for the message, and a text report >>> which is added to the SpamCheck header. >>> >>> You can easily turn that into a call to an external program to >>> process this information and produce a result. Sample code is >>> provided to do this. >>> >>> Let me know how you get on. >>> >> >> >> >> I have just installed it and did a upgrade_mailscanner_conf. I was doing >> an upgrade from 4.43.3-1 to 4.43.5 >> >> The maillog there the following errors >> >> Jun 27 00:20:14 gw MailScanner[13581]: Syntax error(s) in configuration >> file: >> Jun 27 00:20:14 gw MailScanner[13581]: Unrecognised keyword >> "customspamscannertimeouthistory" at line 1489 >> Jun 27 00:20:14 gw MailScanner[13581]: Unrecognised keyword >> "customspamscannertimeout" at line 1476 >> Jun 27 00:20:14 gw MailScanner[13581]: Unrecognised keyword >> "maxcustomspamscannertimeouts" at line 1481 >> Jun 27 00:20:14 gw MailScanner[13581]: Aborting due to syntax errors >> in /etc/MailScanner/MailScanner.conf >> >> Did I miss something ? >> >> > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at OMNICOMP.ORG Sun Jun 26 21:34:50 2005 From: MailScanner at OMNICOMP.ORG (Alan Dobkin) Date: Thu Jan 12 21:30:07 2006 Subject: Released: Plugin Spam Scanner Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jamie, FYI, it looks like the PGP signature files haven't been uploaded yet for this release. Also, there are several typos on the version numbers. The news on the home page only refers to beta version 4.42.3, which I think should have been 4.43.3, and now should be 4.43.5. And your e-mail mentioned 4.34.5 instead of 4.43.5. Too many long nights coding probably makes all the 3s and 4s blur together! :-) Thanks, Alan On 6/26/2005 2:05 PM, Julian Field wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >I have just released beta version 4.34.5. >This includes the Plugin Custom Spam Scanner facility which some of you >have been requesting for a while. > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun Jun 26 21:33:40 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:07 2006 Subject: Installation Questions Regarding RPM / tar.gz Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Also, if you are using RedHat 9, make sure you remove all mention of utf8 from /etc/sysconfig/i18n. That will cause loads of problems if you haven't yet fixed that file. Steve Douglas wrote: >I checked my mail log and apparently something is working. I will diagnose >the following: > >Jun 26 15:15:56 xxxx MailScanner[26533]: Error in line 413 of >/opt/MailScanner/etc/MailScanner.conf, line does not make sense. Error in >line 987 of /opt/MailScanner/etc/MailScanner.conf, setting value of Hostname >twice! Error in line 989 of /opt/MailScanner/etc/MailScanner.conf, setting >value of Hostname twice! Can't continue processing configuration file until >these errors have been corrected. > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf >Of Julian Field >Sent: Sunday, June 26, 2005 2:35 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Installation Questions Regarding RPM / tar.gz > >What happens when you unpack it, cd into the new directory and >./install.sh ? >If you don't run the ./install.sh script, I pretty much guarantee it >will fail. > >Steve Douglas wrote: > > > >>The only RedHat install I see for download is the .RPM based. I have tried >>this and it bombs out. It goes through the motions, but fails to install. >> >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >> >> >Behalf > > >>Of Julian Field >>Sent: Sunday, June 26, 2005 1:12 PM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: Installation Questions Regarding RPM / tar.gz >> >>-----BEGIN PGP SIGNED MESSAGE----- >>Hash: SHA1 >> >>If using RedHat, you should be using the RedHat RPM distribution of >>MailScanner. >>This will install all the startup scripts that you need, and will >>provide the upgrade_MailScanner_conf and upgrade_languages_conf scripts >>that you need. >> >>Then once installed, just follow the instructions it prints out for you, >>and you will all be up and running. >> >>Steve Douglas wrote: >> >> >> >> >> >>>Server: RH9, 1GB Ram, 2.4 GHz, 80gb disk space, Perl 5.8.0, updated all >>>modules related and/or unrelated to MS, SpamAssassin v3.0.4 >>> >>>Situation: I am lost regarding the .conf files. I have tried the RPMs and >>>non-RPM installation of MS. After the first attempt and second attempt >>>there were no modifications to the pre-existing .conf files (4.1x). I am >>>trying to install the June stable upgrade and the .conf files remain the >>>same. >>> >>>Problem: I am unable to locate the upgrade script that once would modify >>> >>> >>> >>> >>the >> >> >> >> >>>.conf files. This situation does apply to the .rules files as well. >>> >>>Assumed Result: I have opted to install the tar.gz route. I am >>> >>> >configuring > > >>>the files and am using sendmail. If after configuring the .conf files and >>>they are in place, what should I do if the prompt states mailscanner can >>> >>> >>> >>> >>not >> >> >> >> >>>be found or no such command. Any help is really appreciated. >>> >>> >>>S. Douglas >>>St. Louis, Missouri, US >>> >>>------------------------ MailScanner list ------------------------ >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>'leave mailscanner' in the body of the email. >>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>Support MailScanner development - buy the book off the website! >>> >>> >>> >>> >>> >>> >>> >>- -- >>Julian Field >>www.MailScanner.info >>Buy the MailScanner book at www.MailScanner.info/store >>Professional Support Services at www.MailScanner.biz >>MailScanner thanks transtec Computers for their support >> >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >>-----BEGIN PGP SIGNATURE----- >>Version: PGP Desktop 9.0.1 (Build 2185) >> >>iQA/AwUBQr7v3xH2WUcUFbZUEQKzsQCgwryFYZ83MeHoD4B+PO9lbHMlN1YAoKjB >>vWlJutL7d9ja9dm02Cia+U1w >>=Jo+L >>-----END PGP SIGNATURE----- >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> >> >> > >-- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun Jun 26 21:46:30 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:07 2006 Subject: Released: Plugin Spam Scanner Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Alan Dobkin wrote: >Jamie, > Jamie? > FYI, it looks like the PGP signature files haven't been uploaded >yet for this release. > > No, I haven't done that yet. My ADSL link is really occupied at the moment doing backups, so file transfer speeds are non-existent at the moment. >Also, there are several typos on the version numbers. The news on the >home page only refers to beta version 4.42.3, which I think should have >been 4.43.3, and now should be 4.43.5. > I haven't posted a news item about this beta release at all. > And your e-mail mentioned 4.34.5 >instead of 4.43.5. > > Agreed, I keep getting the digits transposed. >Too many long nights coding probably makes all the 3s and 4s blur >together! :-) > > You're right there! The Sancerre probably doesn't help either :-) >On 6/26/2005 2:05 PM, Julian Field wrote: > > >>-----BEGIN PGP SIGNED MESSAGE----- >>Hash: SHA1 >> >>I have just released beta version 4.34.5. >>This includes the Plugin Custom Spam Scanner facility which some of you >>have been requesting for a while. >> >> >> > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at OMNICOMP.ORG Sun Jun 26 22:11:49 2005 From: MailScanner at OMNICOMP.ORG (Alan Dobkin) Date: Thu Jan 12 21:30:07 2006 Subject: Released: Plugin Spam Scanner Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 6/26/2005 4:46 PM, Julian Field wrote: > Alan Dobkin wrote: > >> Jamie, >> > Jamie? Sorry, I was just reading messages on the Webmin mailing list and got you mixed up with its developer Jamie Cameron for a minute. Both excellent open-source perl-based applications and both names start with J.... Obviously the late-night thing has been affecting me too! > >> Also, there are several typos on the version numbers. The news on the >> home page only refers to beta version 4.42.3, which I think should have >> been 4.43.3, and now should be 4.43.5. >> > I haven't posted a news item about this beta release at all. Okay, but 4.42.3 is still a typo that must have been referring to 4.43.3. No problem, I just wanted to point it out in case anyone else was confused. Thanks, Alan ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Sun Jun 26 23:31:20 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:30:07 2006 Subject: Released: Plugin Spam Scanner Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Upgraded one of my 4.39s, installed new on another system. Seems to run just fine. Didn't enable that Spam Scanner function, though. Do I understand this correctly that you put some custom "fast" spam scanning stuff in there? And if I don't want to use that I can write a plugin for another tool? I try to avoid Perl rpms, so I checked against CPAN on the new system. (I usually install/upgrade everything from CPAN and then install only the MailScanner*.rpm.) I noticed the following: perl-File-Spec-0.82-1.src.rpm seems to have a number system which is completely different from CPAN which has 3.09. some of the rpms do not reflect the Perl module names, f.i. MailTools and TimeDate don't exist as a bundle. Would be nice to have a short perl-readme.txt which lists all the needed module versions, so one can check against CPAN. If the rpm name doesn't reflect the exact module name that's almost impossible. MailScanner.rpm checks dependency against MIME-Tools.rpm, but not the other rpms. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From naolson at gmail.com Sun Jun 26 23:32:19 2005 From: naolson at gmail.com (Nathan Olson) Date: Thu Jan 12 21:30:07 2006 Subject: Version Information Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I spent some time compiling the following before I upgraded MailScanner on a few machines. I hope this is useful to anyone running RHEL AS 4. Nate ExtUtils-MakeMaker * 6.30 MailScanner 4.42.9-1 * 6.30 CPAN * 6.17 RHEL AS 4 (provided by perl) TimeDate * 1.1301 MailScanner 4.42.9-1 * 1.16 CPAN * Not Present RHEL AS 4 Archive-Zip * 1.14 MailScanner 4.42.9-1 * 1.14 CPAN * Not Present RHEL AS 4 Compress-Zlib * 1.34 MailScanner 4.42.9-1 * 1.34 CPAN * Not Present RHEL AS 4 Convert-BinHex * 1.119 MailScanner 4.42.9-1 * 1.119 CPAN * Not Present RHEL AS 4 Convert-TNEF * 0.17 MailScanner 4.42.9-1 * 0.17 CPAN * Not Present RHEL AS 4 File-Spec * 0.82 MailScanner 4.42.9-1 * 0.90 CPAN * 0.87 RHEL AS 4 (provided by perl) File-Temp * 0.16 MailScanner 4.42.9-1 * 0.16 CPAN * 0.14 RHEL AS 4 (provided by perl) HTML-Parser * 3.45 MailScanner 4.42.9-1 * 3.45 CPAN * 3.35-6 RHEL AS 4 (separate package) * 3.35-6 up2date HTML-Tagset * 3.03 MailScanner 4.42.9-1 * 3.04 CPAN * 3.03-30 RHEL AS 4 (separate package) * 3.03-30 up2date IO-stringy * 2.108 MailScanner 4.42.9-1 * 2.110 CPAN * Not Present RHEL AS 4 MailTools * 1.50 MailScanner 4.42.9-1 * 1.67 CPAN * Not Present RHEL AS 4 MIME-Base64 * 3.05 MailScanner 4.42.9-1 * 3.05 CPAN * 3.01 RHEL AS 4 (provided by perl) MIME-tools * 5.417 MailScanner 4.42.9-1 * 5.417 CPAN * Not Present RHEL AS 4 Net-CIDR * 0.10 MailScanner 4.42.9-1 * 0.10 CPAN * Not Present RHEL AS 4 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From devonharding at gmail.com Sun Jun 26 23:35:57 2005 From: devonharding at gmail.com (Devon Harding) Date: Thu Jan 12 21:30:07 2006 Subject: Archive::Zip 1.15 error Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] For some reason, I cannot install Archive::Zip 1.15 from CPAN. It fails with the following error & MailScanner wont start without it. Running make test PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t t/00.load...........ok 2/2# Testing Archive::Zip 1.15, Perl 5.008005, /usr/bin/perl t/00.load...........ok t/pod...............ok t/test..............ok t/testex............ok t/testMemberRead....ok t/testTree..........ok t/testUpdate........ok t/za_archive_zip....NOK 15# Failed test (t/za_archive_zip.t at line 42) t/za_archive_zip....NOK 16# Failed test (t/za_archive_zip.t at line 43) # got: 'IO::File=GLOB(0x835d4ac)' # expected: undef t/za_archive_zip....NOK 17# Failed test (t/za_archive_zip.t at line 44) # got: 'ziptest/Zzfdvn9bQT.zip' # expected: undef t/za_archive_zip....NOK 19# Failed test (t/za_archive_zip.t at line 46) # got: '0' # expected: '1' # Directory not empty t/za_archive_zip....NOK 20# Failed test (t/za_archive_zip.t at line 47) t/za_archive_zip....ok 22/0# Looks like you failed 5 tests of 22. t/za_archive_zip....dubious Test returned status 5 (wstat 1280, 0x500) DIED. FAILED tests 15-17, 19-20 Failed 5/22 tests, 77.27% okay Failed Test Stat Wstat Total Fail Failed List of Failed ------------------------------------------------------------------------------- t/za_archive_zip.t 5 1280 22 5 22.73% 15-17 19-20 Failed 1/8 test scripts, 87.50% okay. 5/195 subtests failed, 97.44% okay. make: *** [test_dynamic] Error 2 /usr/bin/make test -- NOT OK Running make install make test had returned bad status, won't install without force cpan> ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Sun Jun 26 23:39:32 2005 From: michele at BLACKNIGHT.IE (Michele Neylon:: Blacknight) Date: Thu Jan 12 21:30:07 2006 Subject: Archive::Zip 1.15 error Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Have you tried running: export LANG=C before using CPAN? (or running the manual install) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From devonharding at gmail.com Mon Jun 27 00:06:45 2005 From: devonharding at gmail.com (Devon Harding) Date: Thu Jan 12 21:30:07 2006 Subject: Archive::Zip 1.15 error Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Yep...same error.. On 6/26/05, Michele Neylon:: Blacknight wrote: Have you tried running: export LANG=C before using CPAN? (or running the manual install) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Mon Jun 27 00:13:02 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:30:07 2006 Subject: Archive::Zip 1.15 error Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Michele Neylon:: Blacknight wrote on Sun, 26 Jun 2005 23:39:32 +0100: > Have you tried running: > export LANG=C I get the same error on Suse. So it's the only module I installed from Julians rpms. I assume there's simply something wrong in the tests, but didn't try a force. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From devonharding at gmail.com Mon Jun 27 00:37:19 2005 From: devonharding at gmail.com (Devon Harding) Date: Thu Jan 12 21:30:07 2006 Subject: Archive::Zip 1.15 error Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Well, what I did was download the source from 'http://www.cpan.org/authors/id/S/SM/SMPETERS/ Archive-Zip-1.15_02.tar.gz' then skipped the 'make test' and did a 'make installed' Mailscanner now starts fine. Seems to be something wrong with the new 1.15 tests. -Devon On 6/26/05, Kai Schaetzl wrote: Michele Neylon:: Blacknight wrote on Sun, 26 Jun 2005 23:39:32 +0100: > Have you tried running: > export LANG=C I get the same error on Suse. So it's the only module I installed from Julians rpms. I assume there's simply something wrong in the tests, but didn't try a force. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives ( http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From goudron_et_plumes at YAHOO.FR Mon Jun 27 08:22:26 2005 From: goudron_et_plumes at YAHOO.FR (Nestor Burma) Date: Thu Jan 12 21:30:07 2006 Subject: Disarming webbugs ? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, Mailscanner can properly (once configured) detect and disarm phishing attempts. Is there any way to make it detect and disarm webbug stuff ? Tia, Nb. ___________________________________________________________________________ Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo! Messenger Téléchargez cette version sur http://fr.messenger.yahoo.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jun 27 08:35:04 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:08 2006 Subject: Disarming webbugs ? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Yes. A simple search of the MailScanner.conf file would have showed you how. Just set Allow WebBugs = disarm and reload MailScanner (service MailScanner reload). On 27 Jun 2005, at 08:22, Nestor Burma wrote: > Hello, > > Mailscanner can properly (once configured) detect and > disarm phishing attempts. Is there any way to make it > detect and disarm webbug stuff ? > Tia, > > Nb. > > > > > > > ______________________________________________________________________ > _____ > Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo! > Messenger > Téléchargez cette version sur http://fr.messenger.yahoo.com > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Mon Jun 27 10:00:57 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:30:08 2006 Subject: Released: Plugin Spam Scanner Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote on Sun, 26 Jun 2005 19:05:39 +0100: > I have just released beta version 4.34.5. JUlian, there is one problem. Actually in 4.43.6. It seems to have lost High Scoring Spam. I merged the new settings (see below) in the current MailScanner.conf and made sure my setting is still there: High SpamAssassin Score = 6 All the spam that would usually get high scored is just normal spam now. From Jan-Peter.Koopmann at SECEIDOS.DE Mon Jun 27 10:30:01 2005 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:30:08 2006 Subject: The Book -- new edition Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Julian, > What else would people like to see in the book? Minor changes > and additions would be preferred to ideas that involve me writing > another 100 pages! > > All ideas welcome, as usual. I would love to see some FreeBSD instructions in the book as well. How to install, upgrade, configure MailScanner under FreeBSD would be nice and not too much trouble to write. If you need any help, please contact me. Kind regards, JP ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From t.d.lee at DURHAM.AC.UK Mon Jun 27 11:11:08 2005 From: t.d.lee at DURHAM.AC.UK (David Lee) Date: Thu Jan 12 21:30:08 2006 Subject: Archive::Zip 1.15 error Message-ID: On Sun, 26 Jun 2005, Devon Harding wrote: > For some reason, I cannot install Archive::Zip 1.15 from CPAN. It fails with > the following error & MailScanner wont start without it. > > Running make test > PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" > "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t > t/00.load...........ok 2/2# Testing Archive::Zip 1.15, Perl 5.008005, > /usr/bin/perl > t/00.load...........ok > t/pod...............ok > t/test..............ok > t/testex............ok > t/testMemberRead....ok > t/testTree..........ok > t/testUpdate........ok > t/za_archive_zip....NOK 15# Failed test (t/za_archive_zip.t at line 42) > t/za_archive_zip....NOK 16# Failed test (t/za_archive_zip.t at line 43) > # got: 'IO::File=GLOB(0x835d4ac)' > # expected: undef > t/za_archive_zip....NOK 17# Failed test (t/za_archive_zip.t at line 44) > # got: 'ziptest/Zzfdvn9bQT.zip' > # expected: undef > t/za_archive_zip....NOK 19# Failed test (t/za_archive_zip.t at line 46) > # got: '0' > # expected: '1' > # Directory not empty > t/za_archive_zip....NOK 20# Failed test (t/za_archive_zip.t at line 47) > t/za_archive_zip....ok 22/0# Looks like you failed 5 tests of 22. > [...] Very similar at our site (both Linux/FC3 and Sun/Solaris9). So it seems that there is a systematic problem with version "1/15". It might be prudent for Julian's distributions to stay on 1.14 for the moment. Meanwhile... Almost a year ago (July 2004), I spent a long time chasing and debugging Archive::Zip and the maintainer (Ned Konz) consequently fixed that particular set of problems at that time, which resulted in version 1.14. (The curious can find a "tip of the iceberg" of this process in the MS archives.) It seems that maintenance of this A::Z module has passed to another person. And reading the "Changes" file of his 1.15 version, there is a curious absence of detail between 1.10 and (his) 1.15. (I suspect, but don't know, that this 1.15 set of problems is different from last year's.) This is, of course, a little depressing; I don't particularly want to have to go through all that sort of process again (chasing, debugging and negotiating a fix with its author). But also, for family reasons, even if I wanted to, I am unable at present (unlike last year) to be able to do this reliably on behalf of the MS community. I'm sure it would be really helpful to us all if someone could take this up, on our (MS community's and Julian's) behalf, with the new author of A::Z. -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : Durham University : : http://www.dur.ac.uk/t.d.lee/ South Road : : Durham DH1 3LE : : Phone: +44 191 334 2752 U.K. : ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ebruce at HPMICH.COM Mon Jun 27 13:45:49 2005 From: ebruce at HPMICH.COM (Ed Bruce) Date: Thu Jan 12 21:30:08 2006 Subject: OT: Aeron chairs Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > > I have been on a good hunt, and have read pages and pages of comment on > the Aeron. As a result of that, I have found a much better replacement, > and this has a head-rest as well which moves into place when you recline > the chair. It stays out of the way when you have the chair back upright. > It's the Humanscale Freedom and looks like the best solution. > > Now to find a supplier in the UK! > I like the looks of Aeron better, but I've found a site that sells both chairs for about the same price. What was it in everything you read that convinced you that the Freedom will be a better chair? I've been looking for a new chair and liked the looks of the open weave of the Aeron. Any good links? -- This message has been scanned for viruses and dangerous content by Secure Resource, and is believed to be clean. MailScanner thanks transtec Computers for their support. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From anders.andersson at LTKALMAR.SE Mon Jun 27 14:18:43 2005 From: anders.andersson at LTKALMAR.SE (Anders Andersson, IT) Date: Thu Jan 12 21:30:08 2006 Subject: OT: Aeron chairs Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Ed Bruce > Sent: Monday, June 27, 2005 2:46 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: OT: Aeron chairs > > Julian Field wrote: > > > > > I have been on a good hunt, and have read pages and pages > of comment > > on the Aeron. As a result of that, I have found a much better > > replacement, and this has a head-rest as well which moves > into place > > when you recline the chair. It stays out of the way when > you have the chair back upright. > > It's the Humanscale Freedom and looks like the best solution. > > > > Now to find a supplier in the UK! I wouldnt buy a chair that I wasn't allowed to try out for at least a week. If they cant do that, go for another dealer that belive in there product :) > > > > I like the looks of Aeron better, but I've found a site that > sells both chairs for about the same price. What was it in > everything you read that convinced you that the Freedom will > be a better chair? I've been looking for a new chair and > liked the looks of the open weave of the Aeron. Any good links? > > -- > This message has been scanned for viruses and > dangerous content by Secure Resource, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Mon Jun 27 14:42:53 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:08 2006 Subject: The Book -- new edition Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Glenn Steen wrote: > On 6/23/05, Jason Balicki wrote: > >>Julian Field <> wrote: >> >>>All ideas welcome, as usual. >> >>Julian, >> >>Someone mentoned to me when I was ranting about the >>virus warnings that maybe we should put together >>a list of "best practices" for mail admins -- not >>necessarily directly MailScanner related, but it >>couldn't hurt. >> >>If we, as a community, came up with something like >>that would you like to include it as an appendix? >> >>--J(K) >> > > Wouldn't that fit better in the Wiki? > Nothing bad about writing it in the wiki, then have Julian add it to the book... ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Mon Jun 27 14:59:42 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:30:08 2006 Subject: The Book -- new edition Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Ugo Bellavance > Sent: Monday, June 27, 2005 9:43 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: The Book -- new edition > > Glenn Steen wrote: > > On 6/23/05, Jason Balicki wrote: > > > >>Julian Field <> wrote: > >> > >>>All ideas welcome, as usual. > >> > >>Julian, > >> > >>Someone mentoned to me when I was ranting about the > >>virus warnings that maybe we should put together > >>a list of "best practices" for mail admins -- not > >>necessarily directly MailScanner related, but it > >>couldn't hurt. > >> > >>If we, as a community, came up with something like > >>that would you like to include it as an appendix? > >> > >>--J(K) > >> > > > > Wouldn't that fit better in the Wiki? > > > > Nothing bad about writing it in the wiki, then have Julian add it to the > book... > > I think that OS specific installation information fits better in the Wiki than the book. Wikis are better for information that needs to be very up2date. Also I find it easier to follow the installation instructions online when I'm doing an install. Just my 2p Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Mon Jun 27 14:51:28 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:08 2006 Subject: MailScanner setup questions Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Douglas Ward wrote: > I apologize for dumping so many questions on the list at one time. I have put a lot of time into this gateway and am having difficulty figuring out these four problems. Despite all of this e-mail is being delivered properly (unless MailScanner stops) to several linux and one Exchange server behind the gateway. I also appreciate your patience with these newbie questions. Thanks for your help! That is ok. Would be a good thing to read the MAQ page at http://wiki.mailscanner.info/doku.php?id=maq:index Ugo ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Mon Jun 27 14:58:09 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:08 2006 Subject: OT: malscanner server bypassed Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jan Agermose wrote: > Hi > > > > A bit off topic i think J I have a mailscanner server running in front > of the pop3/smtp server. As the pop3 server receives mail for domains > not handled by the mailscanner server I cannot close down the pop3 > server for mail not coming from/through the mailscanner. > > Now the problem is that a lot of spam seams to hit the pop3 server for > domains handled by the mailscanner but looking at the mailheader it > looks like the spammails where delivered to the pop3 server directly > bypassing the mailscanner. Could this be correct? And is this possible > to prevent in any? > > > > The MX of the domain is pointing to the mailscanner server. > > Firewall rules? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Jun 27 15:15:50 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:08 2006 Subject: OT: malscanner server bypassed Message-ID: Or secondary MX's pointing @ the pop server? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Ugo Bellavance wrote: > Jan Agermose wrote: > >>Hi >> >> >> >>A bit off topic i think J I have a mailscanner server running in front >>of the pop3/smtp server. As the pop3 server receives mail for domains >>not handled by the mailscanner server I cannot close down the pop3 >>server for mail not coming from/through the mailscanner. >> >>Now the problem is that a lot of spam seams to hit the pop3 server for >>domains handled by the mailscanner but looking at the mailheader it >>looks like the spammails where delivered to the pop3 server directly >>bypassing the mailscanner. Could this be correct? And is this possible >>to prevent in any? >> >> >> >>The MX of the domain is pointing to the mailscanner server. >> >> > > > Firewall rules? > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jun 27 15:23:21 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:08 2006 Subject: Released: Plugin Spam Scanner Message-ID: Found and fixed. Find new SA.pm file attached. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/X-GZIP 10KB. ] [ Unable to print this part. ] [ Part 3: "Attached Text" ] [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 27 Jun 2005, at 10:00, Kai Schaetzl wrote: > Julian Field wrote on Sun, 26 Jun 2005 19:05:39 +0100: > > >> I have just released beta version 4.34.5. >> > > JUlian, there is one problem. Actually in 4.43.6. It seems to have > lost > High Scoring Spam. I merged the new settings (see below) in the > current > MailScanner.conf and made sure my setting is still there: > > High SpamAssassin Score = 6 > > All the spam that would usually get high scored is just normal spam > now. > > From the description of the scanner plugin ("which is added to the > SpamAssassin score for the message") you might indeed have done > something > in that area. > > > Added new: Unrar Command = /usr/bin/unrar > Added new: Unrar Timeout = 50 > Added new: Disarmed Modify Subject = yes > Added new: Disarmed Subject Text = {Disarmed} > Added new: Spam Lists To Be Spam = 1 > Added new: Use Custom Spam Scanner = no > Added new: Max Custom Spam Scanner Size = 20000 > Added new: Custom Spam Scanner Timeout = 20 > Added new: Max Custom Spam Scanner Timeouts = 10 > Added new: Custom Spam Scanner Timeout History = 20 > > > Kai > > -- > Kai Schätzl, Berlin, Germany > Get your web at Conactive Internet Services: http://www.conactive.com > IE-Center: http://ie5.de & http://msie.winware.org > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jun 27 15:30:03 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:08 2006 Subject: OT: malscanner server bypassed Message-ID: If it has port 25 open to the outside world, the spammers will hit it. If there aren't any MX records pointing at it, then the spammers will hit it even harder as they guess that it's not going to be carefully configured and so will probably let their spam in. If you don't want mail coming to the machine, firewall of its port 25 from the outside world. Remember the spammers don't follow the rules! On 27 Jun 2005, at 15:15, Martin Hepworth wrote: > Or secondary MX's pointing @ the pop server? > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Ugo Bellavance wrote: > >> Jan Agermose wrote: >> >>> Hi >>> >>> >>> A bit off topic i think J I have a mailscanner server running in >>> front >>> of the pop3/smtp server. As the pop3 server receives mail for >>> domains >>> not handled by the mailscanner server I cannot close down the pop3 >>> server for mail not coming from/through the mailscanner. >>> >>> Now the problem is that a lot of spam seams to hit the pop3 >>> server for >>> domains handled by the mailscanner but looking at the mailheader it >>> looks like the spammails where delivered to the pop3 server directly >>> bypassing the mailscanner. Could this be correct? And is this >>> possible >>> to prevent in any? >>> >>> >>> The MX of the domain is pointing to the mailscanner server. >>> >>> >> Firewall rules? >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> Support MailScanner development - buy the book off the website! >> > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jun 27 15:27:52 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:08 2006 Subject: OT: Aeron chairs Message-ID: On 27 Jun 2005, at 14:18, Anders Andersson, IT wrote: >> -----Original Message----- >> From: MailScanner mailing list >> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Ed Bruce >> Sent: Monday, June 27, 2005 2:46 PM >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: OT: Aeron chairs >> >> Julian Field wrote: >> >> >>> >>> I have been on a good hunt, and have read pages and pages >>> >> of comment >> >>> on the Aeron. As a result of that, I have found a much better >>> replacement, and this has a head-rest as well which moves >>> >> into place >> >>> when you recline the chair. It stays out of the way when >>> >> you have the chair back upright. >> >>> It's the Humanscale Freedom and looks like the best solution. >>> >>> Now to find a supplier in the UK! >>> > > I wouldnt buy a chair that I wasn't allowed to try out for at least a > week. If they cant do that, go for another dealer that belive in there > product :) > > >>> >>> >> >> I like the looks of Aeron better, but I've found a site that >> sells both chairs for about the same price. What was it in >> everything you read that convinced you that the Freedom will >> be a better chair? I've been looking for a new chair and >> liked the looks of the open weave of the Aeron. Any good links? >> I have bought a Humanscale Freedom. I read their specs and dimensions to work out where everything (arms, headrest etc) would end up, relative to the chair I'm sitting on now. Everything looks fine. Now I have to wait a month for it to be made and delivered. Wish it didn't take that long. But I'm sure it will be wonderful, I have yet to find anyone saying nasty things about it, contrary to the Aeron, about which people are very vocal. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Mon Jun 27 15:26:45 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:08 2006 Subject: The Book -- new edition Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Stephen Swaney wrote: >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>Behalf Of Ugo Bellavance >>Sent: Monday, June 27, 2005 9:43 AM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: The Book -- new edition >> >>Glenn Steen wrote: >> >>>On 6/23/05, Jason Balicki wrote: >>> >>> >>>>Julian Field <> wrote: >>>> >>>> >>>>>All ideas welcome, as usual. >>>> >>>>Julian, >>>> >>>>Someone mentoned to me when I was ranting about the >>>>virus warnings that maybe we should put together >>>>a list of "best practices" for mail admins -- not >>>>necessarily directly MailScanner related, but it >>>>couldn't hurt. >>>> >>>>If we, as a community, came up with something like >>>>that would you like to include it as an appendix? >>>> >>>>--J(K) >>>> >>> >>>Wouldn't that fit better in the Wiki? >>> >> >>Nothing bad about writing it in the wiki, then have Julian add it to the >>book... >> >> > > > I think that OS specific installation information fits better in the Wiki > than the book. Wikis are better for information that needs to be very > up2date. Also I find it easier to follow the installation instructions > online when I'm doing an install. We were talking about adding something about "Best practices for mail admins", which should be more static than install docs. Ugo > > Just my 2p > > Steve > > Stephen Swaney > Fort Systems Ltd. > stephen.swaney@fsl.com > www.fsl.com > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Chris.Russell at KNOWLEDGEIT.CO.UK Mon Jun 27 15:43:48 2005 From: Chris.Russell at KNOWLEDGEIT.CO.UK (Chris Russell) Date: Thu Jan 12 21:30:08 2006 Subject: OT: malscanner server bypassed Message-ID: > If you don't want mail coming to the machine, firewall of its port 25 from the outside world. I think the original poster had the problem of some domains on the server were "mailscanner protected", others weren't. To address this problem the poster just needs to configure his MTA to only accept from his mailscanner hosts for the protected domains. Saying that, if everyone firewalled port 25, it would bring an end to spam ;) Cheers, Chris ___________________________________________________________________ The contents of this e-mail may be privileged and are confidential. It may not be disclosed to or used by anyone other than the addressee(s), nor copied in any way. Any views or opinions presented are solely those of the author and do not necessarily represent those of Knowledge Limited. If received in error, please advise the sender, then delete it from your system. ___________________________________________________________________ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Mon Jun 27 15:28:30 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:08 2006 Subject: OT: malscanner server bypassed Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ugo Bellavance wrote: > Jan Agermose wrote: > >>Hi >> >> >> >>A bit off topic i think J I have a mailscanner server running in front >>of the pop3/smtp server. As the pop3 server receives mail for domains >>not handled by the mailscanner server I cannot close down the pop3 >>server for mail not coming from/through the mailscanner. >> >>Now the problem is that a lot of spam seams to hit the pop3 server for >>domains handled by the mailscanner but looking at the mailheader it >>looks like the spammails where delivered to the pop3 server directly >>bypassing the mailscanner. Could this be correct? And is this possible >>to prevent in any? >> >> >> >>The MX of the domain is pointing to the mailscanner server. >> >> > > > Firewall rules? > Sorry, I misread. Maybe having everything relay trough your MailScanner machine, and disable all checks for 'domains not handled by MailScanner'. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ja at CONVIATOR.COM Mon Jun 27 16:11:47 2005 From: ja at CONVIATOR.COM (Jan Agermose) Date: Thu Jan 12 21:30:08 2006 Subject: SV: OT: malscanner server bypassed Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Ok, as a follow up to all your replys (first: thanks :-)) All our mailservers have virus and spamfilters - but the spamfilters are not very efficient and we are also looking at providing scannerservices for our customers who are running there own mailservers. That's why we are intalling MSGateway - and it is looking very, very good - missing a few features, but looking forward to version 1.8 and 2.0 :-D But this is also our "problem". We are not able to simply put all domains on the scanner(s) all at once. And therefore we cannot lock down the firewall to accept only port 25 from the mailscanner(s). Not yet :-) And sadly our windows mailserver has no option on a domain basis to say it should only come from the mailscanner(s) or from the "world". So the mailservers remain "open" for access. The problem is limited, as the current spamfilter does find some spammails, but it is not nearly as good as mailscanner :-) But thanks for the input :-) Best regards Jan Agermose -----Oprindelig meddelelse----- Fra: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] På vegne af Ugo Bellavance Sendt: 27. juni 2005 16:29 Til: MAILSCANNER@JISCMAIL.AC.UK Emne: Re: OT: malscanner server bypassed Ugo Bellavance wrote: > Jan Agermose wrote: > >>Hi >> >> >> >>A bit off topic i think J I have a mailscanner server running in front >>of the pop3/smtp server. As the pop3 server receives mail for domains >>not handled by the mailscanner server I cannot close down the pop3 >>server for mail not coming from/through the mailscanner. >> >>Now the problem is that a lot of spam seams to hit the pop3 server for >>domains handled by the mailscanner but looking at the mailheader it >>looks like the spammails where delivered to the pop3 server directly >>bypassing the mailscanner. Could this be correct? And is this possible >>to prevent in any? >> >> >> >>The MX of the domain is pointing to the mailscanner server. >> >> > > > Firewall rules? > Sorry, I misread. Maybe having everything relay trough your MailScanner machine, and disable all checks for 'domains not handled by MailScanner'. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Mon Jun 27 16:33:57 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:08 2006 Subject: MailScanner setup questions Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Glenn Steen blurted out the following on 6/25/2005 10:28 AM: > On 6/25/05, Douglas Ward wrote: > >>Thank you for this information. Where would I find the newer build? I have downloaded this file from BitDefender's website directly and it is the lower build. Where did you find build 2492? Thanks! >> >>Douglas Ward >>Director of Information Technology >>NC Methodist Conference >>1307 Glenwood Ave. >>Raleigh, NC 27605 >>Work: (919) 832-9560 ext. 227 >>Fax: (919) 834-7989 >> > > (snip) > I *think* (I'm on vacation and can't check any details:) this is > "automagic" when the updates work.... Which they should once you've > reinstalled it. If not, check out their knowledgebase, you might need > some compat lib or other (although I doubt it). > I have the lower build also, and have had no troubles updating since the problems late last year. Maybe the different builds are from the gcc 29x and gcc 3x versions. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Mon Jun 27 17:18:59 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:30:08 2006 Subject: OT: Aeron chairs Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ade Fewings wrote: >> Has anyone here tried out an Aeron chair? Am thinking of getting one >> at work. Opinion seems to be very strong and split 50:50 between the >> lovers and the haters. Any alternatives (other than Steelcase) that >> anyone prefers? >> >> > Yes, tried one about 4 years ago and now have bought my own a few weeks > back. I'm definitely a lover of the Aeron, but i'm thinking it will be > **even better** when I get a PostureFit extra for the lower-back > section. More importantly, not only is it comfortable, but I had been > having some tolerable back pain and that has gone since I got the > Aeron. Of course, I couldn't afford a brand new one.........but if I > could that shiny chrome effect thing on the new ones looks awesome. I > guess it comes down to who is paying for it......... > > Cheers > Ade > Ade, what do you think of some of the criticisms at: http://www.dack.com/misc/aeron.html Their basic complaints are: 1) the lumbar support. Presumably this is a matter of back angle and is addressed by using the PostureFit instead. 2) The armrest height adjustment. I don't adjust my armrests often so I don't see that as a big deal. Some posters claim they can't get them to lock tight, which might be a problem for people who bear down on their armrest (I don't. In fact, I sometimes just remove the armrests entirely.) 3) The seat material shredding your pants. This could be bad. However, I've also sat in a lot of cloth chairs that shred pants nicely (coarse polyester comes to mind). What's your take on the clothing wear factor of the Aeron? 4) The hard front edge. I'm pretty sure this should not be a problem unless your chair is too high (a result of your desk being to high). In a perfect world your feet should be flat on the floor with your hips/knees at near right angles. I'm 5'9" and my desk is set as low as it can go. I have to keep my chair slightly high in order to get my elbow angle correct. I use a footrest to keep my thighs from digging into the front of my chair. Presumably this would fix this "problem" with the aeron chair. What's your take on the front edge? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Mon Jun 27 17:31:33 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:30:08 2006 Subject: Released: Plugin Spam Scanner Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote on Mon, 27 Jun 2005 15:23:21 +0100: > Found and fixed. > Find new SA.pm file attached. Thanks, it's back! Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ja at CONVIATOR.COM Mon Jun 27 17:43:09 2005 From: ja at CONVIATOR.COM (Jan Agermose) Date: Thu Jan 12 21:30:08 2006 Subject: mailing Quarantine "dump" Message-ID: Hi I would like to dump quarantine data to domain admins once a day to make it possible and easy to check if some false positives should be in the quarantine. I was looking in the MySQL database “mailscanner” and looking at the table “maillog” – but… I’m missing a “status” bit or something to tell me the mail was put in quarantine or am I missing something? Mvh Jan ________________________________________________________________________________ [IMAGE] Jan Agermose CEO Conviator Tel. +45 35 266 460 Human Resource profile ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "image001.gif" Image/GIF 732bytes. ] [ Unable to print this part. ] From ja at CONVIATOR.COM Mon Jun 27 17:57:19 2005 From: ja at CONVIATOR.COM (Jan Agermose) Date: Thu Jan 12 21:30:08 2006 Subject: SV: mailing Quarantine "dump" Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Im looking at this: select timestamp, from_address, to_address, subject from maillog where to_address like '%@thedomain.com and (isspam = 1 or ishighspam = 1) order by timestamp desc limit 10; (the limit 10 replaced by “today limiting” J ) But Im afraid I need to check all the bit’ ? isspam | ishighspam | issaspam | isrblspam | isfp | isfn | spamwhitelisted | spamblacklisted Mvh Jan ________________________________________________________________________________ [IMAGE] Jan Agermose CEO Conviator Tel. +45 35 266 460 Human Resource profile ________________________________________________________________________________ Fra: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] På vegne af Jan Agermose Sendt: 27. juni 2005 18:43 Til: MAILSCANNER@JISCMAIL.AC.UK Emne: mailing Quarantine "dump" Hi I would like to dump quarantine data to domain admins once a day to make it possible and easy to check if some false positives should be in the quarantine. I was looking in the MySQL database “mailscanner” and looking at the table “maillog” – but… I’m missing a “status” bit or something to tell me the mail was put in quarantine or am I missing something? Mvh Jan ________________________________________________________________________________ [IMAGE] Jan Agermose CEO Conviator Tel. +45 35 266 460 Human Resource profile ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "image001.gif" Image/GIF 732bytes. ] [ Unable to print this part. ] From martinh at SOLID-STATE-LOGIC.COM Mon Jun 27 18:00:29 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:08 2006 Subject: mailing Quarantine "dump" Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jan there's a nice util at www.fsl.com/support that can do this sort fo thing, but only if you use sendmail or exim as the MTA....called quatantinereport. Its designed to report to individual users but you could hack it to do domain wide.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Jan Agermose wrote: > Hi > > > > I would like to dump quarantine data to domain admins once a day to make > it possible and easy to check if some false positives should be in the > quarantine. I was looking in the MySQL database ^Ómailscanner^Ô and > looking at the table ^Ómaillog^Ô ^Ö but^Å I^Òm missing a ^Óstatus^Ô bit or > something to tell me the mail was put in quarantine or am I missing > something? > > > > > > Mvh > > Jan > > > > ------------------------------------------------------------------------ > > > > > > *Jan Agermose* > CEO Conviator > > > > Tel. +45 35 266 460 > Human Resource profile > > > > > > > > > > > > > > > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From hermit921 at yahoo.com Mon Jun 27 18:05:35 2005 From: hermit921 at yahoo.com (hermit921) Date: Thu Jan 12 21:30:08 2006 Subject: OT: Aeron chairs Message-ID: Better for naps, eh? hermit921 >>>-----Original Message----- >>>Subject: Re: OT: Aeron chairs >>> >>>Julian Field wrote: >>> >>>> >>>>I have been on a good hunt, and have read pages and pages of comment >>>>on the Aeron. As a result of that, I have found a much better >>>>replacement, and this has a head-rest as well which moves into place >>>>when you recline the chair. It stays out of the way when you have the >>>>chair back upright. >>>>It's the Humanscale Freedom and looks like the best solution. > >I have bought a Humanscale Freedom. I read their specs and dimensions >to work out where everything (arms, headrest etc) would end up, >relative to the chair I'm sitting on now. Everything looks fine. > >Now I have to wait a month for it to be made and delivered. Wish it >didn't take that long. >But I'm sure it will be wonderful, I have yet to find anyone saying >nasty things about it, contrary to the Aeron, about which people are >very vocal. >-- >Julian Field ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jun 27 18:14:07 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:08 2006 Subject: OT: Aeron chairs Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Matt Kettler wrote: >4) The hard front edge. > >I'm pretty sure this should not be a problem unless your chair is too high (a >result of your desk being to high). In a perfect world your feet should be flat >on the floor with your hips/knees at near right angles. > >I'm 5'9" and my desk is set as low as it can go. I have to keep my chair >slightly high in order to get my elbow angle correct. I use a footrest to keep >my thighs from digging into the front of my chair. Presumably this would fix >this "problem" with the aeron chair. > >What's your take on the front edge? > > That was one of my main concerns with the Aeron. My desk is not adjustable and I only 5'7", so in order for my chair to be high enough for my arms, my feet don't sit flat on the floor. I have a footrest, but I have quite a few machines on my desk so I am often not sitting in front of it. So I really need a cushioned front edge, a hard front edge will cut into my legs. Which is not good. The Humanscale Freedom chair has a much softer front edge. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQsAz4RH2WUcUFbZUEQKaagCg72Carl97ULDvoW9Grs8MT+/DtCkAnigT WmmtO9zGu+CreVGU0GDWxJNw =L1PZ -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jun 27 18:16:14 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:08 2006 Subject: OT: Aeron chairs Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Absolutely! Even I stop occasionally :-) hermit921 wrote: > Better for naps, eh? > > hermit921 > >>>> -----Original Message----- >>>> Subject: Re: OT: Aeron chairs >>>> >>>> Julian Field wrote: >>>> >>>>> >>>>> I have been on a good hunt, and have read pages and pages of comment >>>>> on the Aeron. As a result of that, I have found a much better >>>>> replacement, and this has a head-rest as well which moves into place >>>>> when you recline the chair. It stays out of the way when you have >>>>> the chair back upright. >>>>> It's the Humanscale Freedom and looks like the best solution. >>>> >> >> I have bought a Humanscale Freedom. I read their specs and dimensions >> to work out where everything (arms, headrest etc) would end up, >> relative to the chair I'm sitting on now. Everything looks fine. >> >> Now I have to wait a month for it to be made and delivered. Wish it >> didn't take that long. >> But I'm sure it will be wonderful, I have yet to find anyone saying >> nasty things about it, contrary to the Aeron, about which people are >> very vocal. >> -- >> Julian Field > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQsA0XxH2WUcUFbZUEQI+zwCgkz3e48hPGJBLtArrGNKBX1rR3K0AoIlc TNI7fzxyhNhtmBi3Bs8KwxRZ =T77V -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Mon Jun 27 19:54:16 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:30:08 2006 Subject: mailing Quarantine "dump" Message-ID: Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Jan Agermose > Sent: Monday, June 27, 2005 12:57 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: SV: mailing Quarantine "dump" > > Im looking at this: > > > > select timestamp, from_address, to_address, subject from maillog where > to_address like '%@thedomain.com and (isspam = 1 or ishighspam = 1) order > by timestamp desc limit 10; > > > > (the limit 10 replaced by "today limiting" J ) > > > > But Im afraid I need to check all the bit' ? > > > > isspam | ishighspam | issaspam | isrblspam | isfp | isfn | spamwhitelisted > | spamblacklisted > > > > > > Mvh > > Jan Jan, Look at the latest beta I think there is some new code to allow you to get location / timestamps / etc. for quarantined messages using a custom function. Should be production soon :) Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Mon Jun 27 19:59:32 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:30:08 2006 Subject: mailing Quarantine "dump" Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Martin Hepworth > Sent: Monday, June 27, 2005 1:00 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: mailing Quarantine "dump" > > Jan > > there's a nice util at www.fsl.com/support that can do this sort fo > thing, but only if you use sendmail or exim as the MTA....called > quatantinereport. Its designed to report to individual users but you > could hack it to do domain wide.. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Jan Agermose wrote: > > Hi > > > > > > > > I would like to dump quarantine data to domain admins once a day to make > > it possible and easy to check if some false positives should be in the > > quarantine. I was looking in the MySQL database "mailscanner" and > > looking at the table "maillog" - but. I'm missing a "status" bit or > > something to tell me the mail was put in quarantine or am I missing > > something? > > > > > > > > > > > > Mvh > > > > Jan Actually you can use sendmail and our quarantine report. My reference to the new quarantine data available in the beta version of MailScanner will make creating the report a bit easier and a lot faster. All of the data can be stored in a database as it is quarantined rather that reconstructed by limping though the quarantine files :) Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From hermit921 at YAHOO.COM Mon Jun 27 20:30:45 2005 From: hermit921 at YAHOO.COM (hermit921) Date: Thu Jan 12 21:30:08 2006 Subject: OT: Aeron chairs Message-ID: I bought an aeron chair a couple of years ago. The best part (after being quite comfortable) is that my cat no longer usurps the chair. The worst part is that in winter, that comfortable webbing lets through all the cold breezes. The second year I decided to cover the chair with a blanket. I haven't had any of the problems some people complain about, but I carefully purchased the right sized chair and adjusted everything. I was quite surprised to find the best deal from an officially authorized retail dealer of office furniture rather than various chair wholesalers. hermit921 At 07:47 AM 6/25/2005, Julian Field wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >Very off-topic: > >Has anyone here tried out an Aeron chair? Am thinking of getting one at >work. Opinion seems to be very strong and split 50:50 between the lovers >and the haters. Any alternatives (other than Steelcase) that anyone prefers? > >Thanks folks, >Jules. > >- -- >Julian Field ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bpumphrey at WOODMACLAW.COM Mon Jun 27 20:29:29 2005 From: bpumphrey at WOODMACLAW.COM (Billy A. Pumphrey) Date: Thu Jan 12 21:30:08 2006 Subject: The Book -- new edition Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Ugo Bellavance > Sent: Monday, June 27, 2005 9:27 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: The Book -- new edition > > Stephen Swaney wrote: > >>-----Original Message----- > >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > >>Behalf Of Ugo Bellavance > >>Sent: Monday, June 27, 2005 9:43 AM > >>To: MAILSCANNER@JISCMAIL.AC.UK > >>Subject: Re: The Book -- new edition > >> > >>Glenn Steen wrote: > >> > >>>On 6/23/05, Jason Balicki wrote: > >>> > >>> > >>>>Julian Field <> wrote: > >>>> > >>>> > >>>>>All ideas welcome, as usual. > >>>> > >>>>Julian, > >>>> > >>>>Someone mentoned to me when I was ranting about the > >>>>virus warnings that maybe we should put together > >>>>a list of "best practices" for mail admins -- not > >>>>necessarily directly MailScanner related, but it > >>>>couldn't hurt. > >>>> > >>>>If we, as a community, came up with something like > >>>>that would you like to include it as an appendix? > >>>> > >>>>--J(K) > >>>> > >>> > >>>Wouldn't that fit better in the Wiki? > >>> > >> > >>Nothing bad about writing it in the wiki, then have Julian add it to the > >>book... > >> > >> > > > > > > I think that OS specific installation information fits better in the > Wiki > > than the book. Wikis are better for information that needs to be very > > up2date. Also I find it easier to follow the installation instructions > > online when I'm doing an install. > > We were talking about adding something about "Best practices for mail > admins", which should be more static than install docs. Best practices = Good Billy Pumphrey IT Manager Wooden & McLaughlin > > Ugo > > > > > Just my 2p > > > > Steve > > > > Stephen Swaney > > Fort Systems Ltd. > > stephen.swaney@fsl.com > > www.fsl.com > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jwilliams at COURTESYMORTGAGE.COM Mon Jun 27 20:47:46 2005 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:30:08 2006 Subject: I've neglected Mailscanner and my setup for to long... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] And I really need to address it now. I won't lie in the fact that I have not stayed up on my MS setup as much as I should have. Now it is time to quit messing around and address a few things with my setup and I thought i'd ask here for some suggestions. My setup: FreeBSD 4.10 MS - 4.42 ClamAv - 0.86.1 SA - 3.0.3 Since i've had this setup (over a year now) it has done a marvelous job and taking care of business. However, because I am the only IT person at my company and I have way to many tasks, recently, I have let things slipped on my server and that is my own fault. Now it's time to fix it. My main questions really focus around two areas: 1.) Making SpamAssassin better at picking up spam (a lot has been getting through lately) 2.) making better use of MCP (hell, I don't even have it turned on!) I'll be honest in that I feel overwhelmed with my task, but that is mostly due to the fact of the other tasks I have in the wings and not directly because of my setup. Ok, so I will just fire away. How do I make SA better? I currently have 'surbl' setup and it seems to be going a decent job, but I need better results. I've been pouring over www.rulesemporium.com as well as the wiki site for SA. Here are my questions: Looking at the 'rules' section of rulesemporium, which *.cf files come recommended? Or is it better to just go with RulesduJour? On that same page, i am a bit confused on this section: RDJ usage: add either "SARE_REDIRECT" (pre3.0.0) or "SARE_REDIRECT_POST300" (post3.0.0) to "TRUSTED_RULESETS" I guess my main question is, where does this go? Local.cf rules? Also, if I download some of these rules for instance, do they go in /etc/mail/spamassassin? or elsewhere? I'll stop right there for now. I guess for now, it's a matter of getting SA and MS setup properly and with max effectiveness as possible. I appreciate the feedback. I apologize for any frustrations that came out in this email. It has been coming for a long time now. Best, Jason ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mark at TIPPINGMAR.COM Mon Jun 27 20:57:15 2005 From: mark at TIPPINGMAR.COM (Mark Nienberg) Date: Thu Jan 12 21:30:08 2006 Subject: I've neglected Mailscanner and my setup for to long... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jason Williams wrote: > And I really need to address it now. > I won't lie in the fact that I have not stayed up on my MS setup as > much as I should have. Now it is time to quit messing around and > address a few things with my setup and I thought i'd ask here for some > suggestions. > > My setup: > > FreeBSD 4.10 > MS - 4.42 > ClamAv - 0.86.1 > SA - 3.0.3 > > Since i've had this setup (over a year now) it has done a marvelous > job and taking care of business. However, because I am the only IT > person at my company and I have way to many tasks, recently, I have > let things slipped on my server and that is my own fault. Now it's > time to fix it. > > My main questions really focus around two areas: > > 1.) Making SpamAssassin better at picking up spam (a lot has been > getting through lately) > 2.) making better use of MCP (hell, I don't even have it turned on!) > > I'll be honest in that I feel overwhelmed with my task, but that is > mostly due to the fact of the other tasks I have in the wings and not > directly because of my setup. > > Ok, so I will just fire away. > > How do I make SA better? > I find that the most effective parts of SA are its own Bayes and the add-ons for razor, pyzor and DCC. So I would recommend getting all of those working well first. SURBL is built-in and automatic for recent SA so you don't have to do anything special to turn it on. -- Mark Nienberg, SE Tipping Mar + associates 1906 Shattuck Ave Berkeley, CA 94704 http://www.tippingmar.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kodak at FRONTIERHOMEMORTGAGE.COM Mon Jun 27 22:02:33 2005 From: kodak at FRONTIERHOMEMORTGAGE.COM (Jason Balicki) Date: Thu Jan 12 21:30:08 2006 Subject: The Book -- new edition Message-ID: [snip] Ok, I've stared a Best Practices Wiki page -- but all I've got is my rant against AV warning email. Could some other kind folks provide me with other topics? You don't even have to write them up, just give me topics and maybe one or two sentences as to why a practice is good or bad. I'll flesh them out. --J(K) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From craig at WESTPRESS.COM Mon Jun 27 22:45:00 2005 From: craig at WESTPRESS.COM (Craig Daters) Date: Thu Jan 12 21:30:08 2006 Subject: OT: Regex question Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 My grasp of regex is very rudimentary at best, and I am trying to construct an expression that will hit every instance of these kinds of lines: pool-141-154-180-187.wma.east.verizon.net So in this instance, I would like to know how to construct the instance to find anything that starts with "pool" and ends with "verizon.net". I don't care what everything else in between might be. Our users have been getting inundated with email purporting to be from my companies "support" team (which is me, btw) informing them that their email accounts are about to be suspended, or that their account details have been updated, to "please verify the details contained in the attached file." I am attempting to kludge together a means to capture these messages before MailScanner processes them and issues warnings and just send them to /dev/null or something similar. They are all coming from Verizon's "pool". - --- Craig Daters (craig@westpress.com) Systems Administrator West Press 1663 West Grant Road Tucson, Arizona 85745 (520) 624-4939 x208 (520) 624-2715 fax www.westpress.com -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBQsBzZBBVT8XLuTbnEQIxGwCbB410oB02z0lDCRiGDTvxLHjeD5AAoMMP RNMKYEFviqppzRnZ6xDv3Xtu =z6b3 -----END PGP SIGNATURE----- -- Please note: It is the policy of West Press that all e-mail sent to and from any @westpress.com address may be recorded and monitored. Unless it is West Press related business, please do not send any material of a private, personal, or confidential nature to this or any @westpress.com e-mail address. This message has been scanned for UCE (spam), viruses, and dangerous content, and is believed to be clean ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cstone at AXINT.NET Mon Jun 27 22:01:33 2005 From: cstone at AXINT.NET (Chris Stone) Date: Thu Jan 12 21:30:08 2006 Subject: OT: Regex question Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Monday 27 June 2005 09:45 pm, Craig Daters wrote: > My grasp of regex is very rudimentary at best, and I am trying to > construct an expression that will hit every instance of these kinds of > lines: > > pool-141-154-180-187.wma.east.verizon.net > > So in this instance, I would like to know how to construct the instance > to find anything that starts with "pool" and ends with "verizon.net". I > don't care what everything else in between might be. > pool.+verizon\.net or probably better: pool-[0-9]{1,3}-[0-9]{1,3}-[0-9]{1,3}-[0-9]{1,3}\.[a-z]+\.[a-z]\.verizon\.net ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Mon Jun 27 23:02:22 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:30:08 2006 Subject: Regex question Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Craig Daters > Sent: Monday, June 27, 2005 4:45 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: OT: Regex question > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > My grasp of regex is very rudimentary at best, and I am trying to > construct an expression that will hit every instance of these kinds of > lines: > > pool-141-154-180-187.wma.east.verizon.net /^pool.*?\.verizon\.net/i Would catch "poolanythingatall.verizon.net" So would using a dynamic IP block list, IIRC pool-ipnumber is a verizon dialup Where are you trying to catch this? MTA level or something between MS and the MTA? Rick > > So in this instance, I would like to know how to construct the instance > to find anything that starts with "pool" and ends with "verizon.net". I > don't care what everything else in between might be. > > Our users have been getting inundated with email purporting to be from > my companies "support" team (which is me, btw) informing them that > their email accounts are about to be suspended, or that their account > details have been updated, to "please verify the details contained in > the attached file." > > I am attempting to kludge together a means to capture these messages > before MailScanner processes them and issues warnings and just send > them to /dev/null or something similar. They are all coming from > Verizon's "pool". > > > - --- > Craig Daters (craig@westpress.com) > Systems Administrator > > West Press > 1663 West Grant Road > Tucson, Arizona 85745 > > (520) 624-4939 x208 > (520) 624-2715 fax > www.westpress.com > > -----BEGIN PGP SIGNATURE----- > Version: PGP 8.1 > > iQA/AwUBQsBzZBBVT8XLuTbnEQIxGwCbB410oB02z0lDCRiGDTvxLHjeD5AAoMMP > RNMKYEFviqppzRnZ6xDv3Xtu > =z6b3 > -----END PGP SIGNATURE----- > > > -- > Please note: It is the policy of West Press that all e-mail > sent to and from any @westpress.com address may be recorded > and monitored. Unless it is West Press related business, > please do not send any material of a private, personal, > or confidential nature to this or any @westpress.com > e-mail address. > > This message has been scanned for UCE (spam), viruses, > and dangerous content, and is believed to be clean > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From craig at WESTPRESS.COM Mon Jun 27 23:16:28 2005 From: craig at WESTPRESS.COM (Craig Daters) Date: Thu Jan 12 21:30:08 2006 Subject: Regex question Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I am using a dynamic IP block list with SpamAssassin, but the baysian probability on these messages are so low that a negative score is being attached. When the score for the dynamic list is applied, it is below my threshold still, so I am trying to intercept these messages before they make it MailScanner. Or maybe I can Isolate these specifically and up the score for these specifically for anything that matches these expressions? On Jun 27, 2005, at 3:02 PM, Rick Cooper wrote: >> -----Original Message----- >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >> Behalf Of Craig Daters >> Sent: Monday, June 27, 2005 4:45 PM >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: OT: Regex question >> >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> My grasp of regex is very rudimentary at best, and I am trying to >> construct an expression that will hit every instance of these kinds of >> lines: >> >> pool-141-154-180-187.wma.east.verizon.net > > /^pool.*?\.verizon\.net/i > > Would catch "poolanythingatall.verizon.net" > So would using a dynamic IP block list, IIRC pool-ipnumber is a verizon > dialup > > Where are you trying to catch this? MTA level or something between MS > and > the MTA? > > Rick > >> >> So in this instance, I would like to know how to construct the >> instance >> to find anything that starts with "pool" and ends with "verizon.net". >> I >> don't care what everything else in between might be. >> >> Our users have been getting inundated with email purporting to be from >> my companies "support" team (which is me, btw) informing them that >> their email accounts are about to be suspended, or that their account >> details have been updated, to "please verify the details contained in >> the attached file." >> >> I am attempting to kludge together a means to capture these messages >> before MailScanner processes them and issues warnings and just send >> them to /dev/null or something similar. They are all coming from >> Verizon's "pool". >> >> >> - --- >> Craig Daters (craig@westpress.com) >> Systems Administrator >> >> West Press >> 1663 West Grant Road >> Tucson, Arizona 85745 >> >> (520) 624-4939 x208 >> (520) 624-2715 fax >> www.westpress.com >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP 8.1 >> >> iQA/AwUBQsBzZBBVT8XLuTbnEQIxGwCbB410oB02z0lDCRiGDTvxLHjeD5AAoMMP >> RNMKYEFviqppzRnZ6xDv3Xtu >> =z6b3 >> -----END PGP SIGNATURE----- >> >> >> -- >> Please note: It is the policy of West Press that all e-mail >> sent to and from any @westpress.com address may be recorded >> and monitored. Unless it is West Press related business, >> please do not send any material of a private, personal, >> or confidential nature to this or any @westpress.com >> e-mail address. >> >> This message has been scanned for UCE (spam), viruses, >> and dangerous content, and is believed to be clean >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > - --- Craig Daters (craig@westpress.com) Systems Administrator West Press 1663 West Grant Road Tucson, Arizona 85745 (520) 624-4939 x208 (520) 624-2715 fax www.westpress.com -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBQsB6wRBVT8XLuTbnEQLMZwCgity+ABC3XctpAgcy/zUuqPreuM4AoJzi g22pEWrZU8nWfrtEMluuqbrD =Ht78 -----END PGP SIGNATURE----- -- Please note: It is the policy of West Press that all e-mail sent to and from any @westpress.com address may be recorded and monitored. Unless it is West Press related business, please do not send any material of a private, personal, or confidential nature to this or any @westpress.com e-mail address. This message has been scanned for UCE (spam), viruses, and dangerous content, and is believed to be clean ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Mon Jun 27 23:52:17 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:08 2006 Subject: I've neglected Mailscanner and my setup for to long... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Mark Nienberg spake the following on 6/27/2005 12:57 PM: > Jason Williams wrote: > >> And I really need to address it now. >> I won't lie in the fact that I have not stayed up on my MS setup as >> much as I should have. Now it is time to quit messing around and >> address a few things with my setup and I thought i'd ask here for some >> suggestions. >> >> My setup: >> >> FreeBSD 4.10 >> MS - 4.42 >> ClamAv - 0.86.1 >> SA - 3.0.3 >> >> Since i've had this setup (over a year now) it has done a marvelous >> job and taking care of business. However, because I am the only IT >> person at my company and I have way to many tasks, recently, I have >> let things slipped on my server and that is my own fault. Now it's >> time to fix it. >> >> My main questions really focus around two areas: >> >> 1.) Making SpamAssassin better at picking up spam (a lot has been >> getting through lately) >> 2.) making better use of MCP (hell, I don't even have it turned on!) >> >> I'll be honest in that I feel overwhelmed with my task, but that is >> mostly due to the fact of the other tasks I have in the wings and not >> directly because of my setup. >> >> Ok, so I will just fire away. >> >> How do I make SA better? >> > I find that the most effective parts of SA are its own Bayes and the > add-ons for razor, pyzor and DCC. So I would recommend getting all of > those working well first. SURBL is built-in and automatic for recent SA > so you don't have to do anything special to turn it on. I second that! I thought my setup was wonderful, but when I added razor and DCC, WOW! Very little spam getting through, and what does is marked as such, with scores just barely under the threshold. You might consider the Rules_Du_joir script if you want to add more rules to your setup. Steve Swaney at www.fsl.com has a ready to go setup for it. I might add pyzor, but that will be down the road. Don't want to stir the pot too much, everything is simmering along just peachy right now. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Tue Jun 28 00:31:22 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:30:08 2006 Subject: OT: Regex question Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Craig Daters wrote on Mon, 27 Jun 2005 14:45:00 -0700: > Our users have been getting inundated with email purporting to be from > my companies "support" team (which is me, btw) informing them that > their email accounts are about to be suspended, or that their account > details have been updated, to "please verify the details contained in > the attached file." Why don't you simply block east. and west.verizon.net on MTA level? Why waste sa or MS time on them? It's all dynamic IP blocks, as far as I can see from our logs there's no legitimate mail coming from those. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue Jun 28 00:45:43 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:08 2006 Subject: OT: Regex question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Kai Schaetzl spake the following on 6/27/2005 4:31 PM: > Craig Daters wrote on Mon, 27 Jun 2005 14:45:00 -0700: > > >>Our users have been getting inundated with email purporting to be from >>my companies "support" team (which is me, btw) informing them that >>their email accounts are about to be suspended, or that their account >>details have been updated, to "please verify the details contained in >>the attached file." > > > Why don't you simply block east. and west.verizon.net on MTA level? Why > waste sa or MS time on them? It's all dynamic IP blocks, as far as I can > see from our logs there's no legitimate mail coming from those. > > Kai > Sounds like the Mytob virus. I hope you are running a FEW virus scanners on your MailScanner machines. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jwilliams at COURTESYMORTGAGE.COM Tue Jun 28 02:02:42 2005 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:30:08 2006 Subject: Lots of SA TimeOuts today Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Anyone been having any problems with SA timing out lately? Seem to be having more than normal today. Usually, it would happen maybe once a day. It's happened quite a bit today. Struck me as odd. Hmm, maybe its time to implement that DNS caching server i've been meaning to do forever. Cheers, Jason ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Tue Jun 28 02:22:18 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:08 2006 Subject: Best practices Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Jason, A few ideas: - Have a reverse lookup - If MaiScanner a gateway, make sure you use firewall rules on the destination server to make sure only MailScanner can access it. - Have SPF records - Use SMTP-AUTH for roaming clients - Don't bounce - Make sure you're not an open relay - Do some testiing: http://www.dnsreport.com/ http://www.dnsstuff.com/ http://www.samspade.com/ http://www.testvirus.org/ (with disclamer...) Ugo ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Tue Jun 28 04:35:54 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:08 2006 Subject: Best practices Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ugo Bellavance wrote: > Hi Jason, > > A few ideas: > > - Have a reverse lookup -> that matches your hello ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Tue Jun 28 05:01:00 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:08 2006 Subject: Best practices Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ugo Bellavance wrote: > Ugo Bellavance wrote: > >>Hi Jason, >> >> A few ideas: >> >>- Have a reverse lookup > > > -> that matches your hello > Grr, went too fast. -> that matches your HELO/EHLO ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From karthik.kiruba at INMAIL.TRANQUILMONEY.COM Tue Jun 28 05:29:38 2005 From: karthik.kiruba at INMAIL.TRANQUILMONEY.COM (Karthik kiruba) Date: Thu Jan 12 21:30:08 2006 Subject: passwd protected attachements Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, In default Mailscanner removes any password protected archives/attachements in mails. How do I enable to allow password protected archives/attachements for specific domains. -karthik.k CONFIDENTIALITY NOTICE: This e-mail and its attachments may contain PRIVILEGED and CONFIDENTIAL INFORMATION and/or PROTECTED PATIENT HEALTH INFORMATION intended solely for the use of Tranquilmoney Inc. it's clients and the recipient(s) named above. If you are not the intended recipient, or the employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any review, dissemination, distribution, printing, or copying of this e-mail message and/or any attachments is strictly prohibited. If you have received this transmission in error, please notify the sender immediately and permanently delete this e-mail [shred the document] and any attachments. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Jun 28 09:09:46 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:08 2006 Subject: I've neglected Mailscanner and my setup for to long... Message-ID: Hi Jason first of all upgrade sa to 3.0.4 theres a DOS problem with 3.0.3 and it fixes some URL parsing problems as well.. As to makeing SA better, make sure you have all the Surbl.org URI-RBL's installed - SA 3.0.4 has the jp URI-RBL as well by default. Adding in the URI-BLACK can also help -- see http://www.uribl.com/ As for the extra rules, you need post300 as you are running a version after 3.0.0. Yes they go in the same dir as local.cf and you can auto updates them with a rulesdujour script. See the wiki on this and also for some specific things you may need to turn off if you use the bogus_virus_warnings.cf as well. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Jason Williams wrote: > And I really need to address it now. > I won't lie in the fact that I have not stayed up on my MS setup as much > as I should have. Now it is time to quit messing around and address a > few things with my setup and I thought i'd ask here for some suggestions. > > My setup: > > FreeBSD 4.10 > MS - 4.42 > ClamAv - 0.86.1 > SA - 3.0.3 > > Since i've had this setup (over a year now) it has done a marvelous job > and taking care of business. However, because I am the only IT person at > my company and I have way to many tasks, recently, I have let things > slipped on my server and that is my own fault. Now it's time to fix it. > > My main questions really focus around two areas: > > 1.) Making SpamAssassin better at picking up spam (a lot has been > getting through lately) > 2.) making better use of MCP (hell, I don't even have it turned on!) > > I'll be honest in that I feel overwhelmed with my task, but that is > mostly due to the fact of the other tasks I have in the wings and not > directly because of my setup. > > Ok, so I will just fire away. > > How do I make SA better? > > I currently have 'surbl' setup and it seems to be going a decent job, > but I need better results. I've been pouring over www.rulesemporium.com > as well as the wiki site for SA. Here are my questions: > > Looking at the 'rules' section of rulesemporium, which *.cf files come > recommended? Or is it better to just go with RulesduJour? On that same > page, i am a bit confused on this section: > > RDJ usage: add either "SARE_REDIRECT" (pre3.0.0) or > "SARE_REDIRECT_POST300" (post3.0.0) to "TRUSTED_RULESETS" > > I guess my main question is, where does this go? Local.cf rules? > Also, if I download some of these rules for instance, do they go in > /etc/mail/spamassassin? or elsewhere? > > I'll stop right there for now. I guess for now, it's a matter of getting > SA and MS setup properly and with max effectiveness as possible. > > I appreciate the feedback. I apologize for any frustrations that came > out in this email. It has been coming for a long time now. > > Best, > > Jason > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Jun 28 09:11:25 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:08 2006 Subject: passwd protected attachements Message-ID: Hi depends on what bit of MS of is stopping them. But once you found the check that's stopping these, make that check a ruleset and make sure the domain in question has that set to 'no'. have a look in the rules/EXAMPLES file for more info.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Karthik kiruba wrote: > Hi, > > In default Mailscanner removes any password protected > archives/attachements in mails. How do I enable to allow password > protected archives/attachements for specific domains. > > -karthik.k > > > > > > > CONFIDENTIALITY NOTICE: This e-mail and its attachments may contain PRIVILEGED and CONFIDENTIAL INFORMATION and/or PROTECTED PATIENT HEALTH INFORMATION intended solely for the use of Tranquilmoney Inc. it's clients and the recipient(s) named above. If you are not the intended recipient, or the employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any review, dissemination, distribution, printing, or copying of this e-mail message and/or any attachments is strictly prohibited. If you have received this transmission in error, please notify the sender immediately and permanently delete this e-mail [shred the document] and any attachments. > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Tue Jun 28 10:31:26 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:30:08 2006 Subject: mailing Quarantine "dump" Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Stephen Swaney wrote on Mon, 27 Jun 2005 14:59:32 -0400: > Actually you can use sendmail and our quarantine report. My reference to the > new quarantine data available in the beta version of MailScanner will make > creating the report a bit easier and a lot faster. All of the data can be > stored in a database as it is quarantined rather that reconstructed by > limping though the quarantine files :) If one uses Mailwatch all necessary information should be in its database, anyway, I think. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From sdouglas at netnettech.com Tue Jun 28 10:33:43 2005 From: sdouglas at netnettech.com (Steve Douglas) Date: Thu Jan 12 21:30:08 2006 Subject: No subject Message-ID: Attempting to upgrade to the latest June 1 version of MailScanner, it has not been successful. I am updating a server after the customer neglected to update if for over a year. The short of is after updating SpamAssassin, Razor, DCC, & MailScanner I am receiving a status (PS -A) of MailScanner stating (defunct). The number of occurrences grows the longer MailScanner runs. However no mail is being processed. I am turning on debug in the MailScanner.conf file to watch. Would anyone have an approximated idea what the defunct might relate to? It appears SpamAssassin, SendMail are activated by MailScanner. Thank you. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Tue Jun 28 10:47:15 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:30:08 2006 Subject: OT: Aeron chairs Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Did you buy the Freedom Exec with the auto adjusting headrest? What negative stuff have you heard about Aeron? Pete >>> I like the looks of Aeron better, but I've found a site that >>> sells both chairs for about the same price. What was it in >>> everything you read that convinced you that the Freedom will >>> be a better chair? I've been looking for a new chair and >>> liked the looks of the open weave of the Aeron. Any good links? >>> > > I have bought a Humanscale Freedom. I read their specs and dimensions > to work out where everything (arms, headrest etc) would end up, > relative to the chair I'm sitting on now. Everything looks fine. > > Now I have to wait a month for it to be made and delivered. Wish it > didn't take that long. > But I'm sure it will be wonderful, I have yet to find anyone saying > nasty things about it, contrary to the Aeron, about which people are > very vocal. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Andreas.Doerfler at KEMPTEN.DE Tue Jun 28 10:49:29 2005 From: Andreas.Doerfler at KEMPTEN.DE ([iso-8859-1] Dörfler Andreas) Date: Thu Jan 12 21:30:08 2006 Subject: No subject Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] so what the logfile says ? view mail and systemlogs. isnt there any entry ? > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Steve Douglas > Sent: Tuesday, June 28, 2005 11:34 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: > > > Attempting to upgrade to the latest June 1 version of > MailScanner, it has > not been successful. I am updating a server after the > customer neglected to > update if for over a year. > > The short of is after updating SpamAssassin, Razor, DCC, & > MailScanner I am > receiving a status (PS -A) of MailScanner stating (defunct). > The number of > occurrences grows the longer MailScanner runs. However no > mail is being > processed. > > I am turning on debug in the MailScanner.conf file to watch. > Would anyone > have an approximated idea what the defunct might relate to? > It appears > SpamAssassin, SendMail are activated by MailScanner. Thank you. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jun 28 11:13:34 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:08 2006 Subject: OT: Aeron chairs Message-ID: On 28 Jun 2005, at 10:47, Pete Russell wrote: > Did you buy the Freedom Exec with the auto adjusting headrest? Yes. > What negative stuff have you heard about Aeron? Take a look at http://www.dack.com/misc/aeron.html I read all of it. > > Pete > > >>>> I like the looks of Aeron better, but I've found a site that >>>> sells both chairs for about the same price. What was it in >>>> everything you read that convinced you that the Freedom will >>>> be a better chair? I've been looking for a new chair and >>>> liked the looks of the open weave of the Aeron. Any good links? >>>> >>>> >> I have bought a Humanscale Freedom. I read their specs and >> dimensions to work out where everything (arms, headrest etc) >> would end up, relative to the chair I'm sitting on now. >> Everything looks fine. >> Now I have to wait a month for it to be made and delivered. Wish >> it didn't take that long. >> But I'm sure it will be wonderful, I have yet to find anyone >> saying nasty things about it, contrary to the Aeron, about which >> people are very vocal. >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From goudron_et_plumes at YAHOO.FR Tue Jun 28 11:20:00 2005 From: goudron_et_plumes at YAHOO.FR (Nestor Burma) Date: Thu Jan 12 21:30:08 2006 Subject: Disarming webbugs ? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Julian, --- Julian Field a écrit : > Yes. A simple search of the MailScanner.conf file > would have showed > you how. > > Just set > Allow WebBugs = disarm > and reload MailScanner (service MailScanner reload). Sorry for the inconvenience. Next time I'll drink my coffee before making a fool of myself. Thanks. Nb. ___________________________________________________________________________ Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo! Messenger Téléchargez cette version sur http://fr.messenger.yahoo.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at GARDRAIL.COM Tue Jun 28 11:53:10 2005 From: mailscanner at GARDRAIL.COM (Bill) Date: Thu Jan 12 21:30:08 2006 Subject: spam filtering for multiple domains Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Greetings, I'm hosting some e-mail for a few friends, and they all want to have spam filtering. The problem is they all want to look through their own domain's spam in mbox, or mailqueue format. Has anyone done this for a server that hosts multiple domains? Does anyone have any suggested documents or howto's in addition to the manual? Thanks in advance, -=-Bill-=- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From naolson at gmail.com Tue Jun 28 12:13:21 2005 From: naolson at gmail.com (Nathan Olson) Date: Thu Jan 12 21:30:08 2006 Subject: spam filtering for multiple domains Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] You could add a header to SPAM and use procmail to filter email with that header to a separate mailbox. The practicality of this setup depends highly on your environment. Nate On 6/28/05, Bill wrote: > Greetings, > > I'm hosting some e-mail for a few friends, and they all want to have spam filtering. > The problem is they all want to look through their own domain's spam in mbox, or > mailqueue format. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Chris.Russell at KNOWLEDGEIT.CO.UK Tue Jun 28 12:15:38 2005 From: Chris.Russell at KNOWLEDGEIT.CO.UK (Chris Russell) Date: Thu Jan 12 21:30:08 2006 Subject: spam filtering for multiple domains Message-ID: Does it have to be in this format ? If you install MailWatch, this is all available (including releasing, learning etc) via a web interface, which you canlock down per domain. Mailwatch: http://mailwatch.sourceforge.net/ Cheers, Chris -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Bill Sent: 28 June 2005 11:53 To: MAILSCANNER@JISCMAIL.AC.UK Subject: spam filtering for multiple domains Greetings, I'm hosting some e-mail for a few friends, and they all want to have spam filtering. The problem is they all want to look through their own domain's spam in mbox, or mailqueue format. Has anyone done this for a server that hosts multiple domains? Does anyone have any suggested documents or howto's in addition to the manual? Thanks in advance, -=-Bill-=- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner is part of the Mail Filtering service from Nexent Internet. ___________________________________________________________________ The contents of this e-mail may be privileged and are confidential. It may not be disclosed to or used by anyone other than the addressee(s), nor copied in any way. Any views or opinions presented are solely those of the author and do not necessarily represent those of Knowledge Limited. If received in error, please advise the sender, then delete it from your system. ___________________________________________________________________ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From E.van.der.Leun at OFFICE.CAIW.NL Tue Jun 28 12:18:15 2005 From: E.van.der.Leun at OFFICE.CAIW.NL (Erik van der Leun) Date: Thu Jan 12 21:30:08 2006 Subject: spam filtering for multiple domains Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] One mbox per domain? Make a rulefile that forwards *@ to spam@... :) -----Oorspronkelijk bericht----- Van: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] Namens Bill Verzonden: dinsdag 28 juni 2005 12:53 Aan: MAILSCANNER@JISCMAIL.AC.UK Onderwerp: spam filtering for multiple domains Greetings, I'm hosting some e-mail for a few friends, and they all want to have spam filtering. The problem is they all want to look through their own domain's spam in mbox, or mailqueue format. Has anyone done this for a server that hosts multiple domains? Does anyone have any suggested documents or howto's in addition to the manual? Thanks in advance, -=-Bill-=- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- Deze email is gecontroleerd door CAIWAY Internet Virusvrij. Voor meer informatie, zie http://www.caiway.nl/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at GARDRAIL.COM Tue Jun 28 12:34:29 2005 From: mailscanner at GARDRAIL.COM (Bill) Date: Thu Jan 12 21:30:08 2006 Subject: spam filtering for multiple domains Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] That sounds like a possability. instead of sending it to spam@domain, could i send it to /home/spam.mbox ? Do you have any decent links for generating custom rulesets? On Tue, 28 Jun 2005 13:18:15 +0200, Erik van der Leun wrote > One mbox per domain? > Make a rulefile that forwards *@ to spam@... > > :) > > -----Oorspronkelijk bericht----- > Van: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] Namens Bill > Verzonden: dinsdag 28 juni 2005 12:53 > Aan: MAILSCANNER@JISCMAIL.AC.UK > Onderwerp: spam filtering for multiple domains > > Greetings, > > I'm hosting some e-mail for a few friends, and they all want to have spam > filtering. The problem is they all want to look through their own domain's > spam in mbox, or mailqueue format. Has anyone done this for a server that > hosts multiple domains? Does anyone have any suggested documents or howto's > in addition to the manual? > > Thanks in advance, > > -=-Bill-=- > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- > Deze email is gecontroleerd door CAIWAY Internet Virusvrij. > Voor meer informatie, zie http://www.caiway.nl/ > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- Open WebMail Project (http://openwebmail.org) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From E.van.der.Leun at OFFICE.CAIW.NL Tue Jun 28 12:40:59 2005 From: E.van.der.Leun at OFFICE.CAIW.NL (Erik van der Leun) Date: Thu Jan 12 21:30:08 2006 Subject: spam filtering for multiple domains Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I don't have HOWTO's or anything... Writing it to a mailbox on the same host, is something I would solve using procmail... Good luck :> -----Oorspronkelijk bericht----- Van: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] Namens Bill Verzonden: dinsdag 28 juni 2005 13:34 Aan: MAILSCANNER@JISCMAIL.AC.UK Onderwerp: Re: spam filtering for multiple domains That sounds like a possability. instead of sending it to spam@domain, could i send it to /home/spam.mbox ? Do you have any decent links for generating custom rulesets? On Tue, 28 Jun 2005 13:18:15 +0200, Erik van der Leun wrote > One mbox per domain? > Make a rulefile that forwards *@ to spam@... > > :) > > -----Oorspronkelijk bericht----- > Van: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] > Namens Bill > Verzonden: dinsdag 28 juni 2005 12:53 > Aan: MAILSCANNER@JISCMAIL.AC.UK > Onderwerp: spam filtering for multiple domains > > Greetings, > > I'm hosting some e-mail for a few friends, and they all want to have > spam filtering. The problem is they all want to look through their own > domain's spam in mbox, or mailqueue format. Has anyone done this for > a server that hosts multiple domains? Does anyone have any suggested > documents or howto's in addition to the manual? > > Thanks in advance, > > -=-Bill-=- > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and the > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- > Deze email is gecontroleerd door CAIWAY Internet Virusvrij. > Voor meer informatie, zie http://www.caiway.nl/ > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and the > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- Open WebMail Project (http://openwebmail.org) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- Deze email is gecontroleerd door CAIWAY Internet Virusvrij. Voor meer informatie, zie http://www.caiway.nl/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Tue Jun 28 12:59:20 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:30:08 2006 Subject: Regex question Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Craig Daters > Sent: Monday, June 27, 2005 5:16 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Regex question > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I am using a dynamic IP block list with SpamAssassin, but the baysian > probability on these messages are so low that a negative score is being > attached. When the score for the dynamic list is applied, it is below > my threshold still, so I am trying to intercept these messages before > they make it MailScanner. Or maybe I can Isolate these specifically and > up the score for these specifically for anything that matches these > expressions? Look at the rules that are already getting hits and increase the score, for instance if they are hitting RCVD_IN_NJABL_DUL and/or RCVD_IN_SORBS_DUL add something like this to your spamassasin.prefs.conf (or local.cf) file score RCVD_IN_NJABL_DUL 20.0 score RCVD_IN_SORBS_DUL 20.0 or place the following in your local.cf (Custom rule) header VERIZON_DU Received =~ /pool.*?\.verizon\.net/i describe VERIZON_DU HEADER: Verizon Dialup Pool score VERIZON_DU 20.0 Of course I make the assumption that a score of 20.0 hits high enough to prevent delivery, adjust as required. You should also look at how you are feeding your baysian database. You should have some facility to unlearn and re-learn these messages if they are scoring so low. Rick [...] -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Tue Jun 28 13:31:24 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:30:08 2006 Subject: No subject Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Steve Douglas wrote on Tue, 28 Jun 2005 04:33:43 -0500: > Would anyone > have an approximated idea what the defunct might relate to? Did you update Perl modules as well? Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Tue Jun 28 13:31:24 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:30:08 2006 Subject: No subject Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] One of your devices in that Exchange, MIMEDefang and MailScanner chain seems to be causing your messages to lose the Subject and References. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Jun 28 13:36:56 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:09 2006 Subject: spam filtering for multiple domains Message-ID: Read the wiki etc on rulesets and the rules/EXAMPLES file.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Erik van der Leun wrote: > I don't have HOWTO's or anything... > Writing it to a mailbox on the same host, is something I would solve using procmail... > > Good luck :> > > > -----Oorspronkelijk bericht----- > Van: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] Namens Bill > Verzonden: dinsdag 28 juni 2005 13:34 > Aan: MAILSCANNER@JISCMAIL.AC.UK > Onderwerp: Re: spam filtering for multiple domains > > That sounds like a possability. instead of sending it to spam@domain, could i send it to /home/spam.mbox ? > > Do you have any decent links for generating custom rulesets? > > > On Tue, 28 Jun 2005 13:18:15 +0200, Erik van der Leun wrote > >>One mbox per domain? >>Make a rulefile that forwards *@ to spam@... >> >>:) >> >>-----Oorspronkelijk bericht----- >>Van: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] >>Namens Bill >>Verzonden: dinsdag 28 juni 2005 12:53 >>Aan: MAILSCANNER@JISCMAIL.AC.UK >>Onderwerp: spam filtering for multiple domains >> >>Greetings, >> >>I'm hosting some e-mail for a few friends, and they all want to have >>spam filtering. The problem is they all want to look through their own >>domain's spam in mbox, or mailqueue format. Has anyone done this for >>a server that hosts multiple domains? Does anyone have any suggested >>documents or howto's in addition to the manual? >> >>Thanks in advance, >> >>-=-Bill-=- >> >>------------------------ MailScanner list ------------------------ To >>unsubscribe, > > email jiscmail@jiscmail.ac.uk with the words: > >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and the >>archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >>-- >>Deze email is gecontroleerd door CAIWAY Internet Virusvrij. >>Voor meer informatie, zie http://www.caiway.nl/ >> >>------------------------ MailScanner list ------------------------ To >>unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and the >>archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! > > > > -- > Open WebMail Project (http://openwebmail.org) > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- > Deze email is gecontroleerd door CAIWAY Internet Virusvrij. > Voor meer informatie, zie http://www.caiway.nl/ > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ryanw at FALSEHOPE.COM Tue Jun 28 13:51:10 2005 From: ryanw at FALSEHOPE.COM (Ryan Weaver) Date: Thu Jan 12 21:30:09 2006 Subject: MailScanner, Mailwatch and additional MXs Message-ID: Hi, I would like to install Mailwatch or the like on our main corporate mail gateway. We have 2 additional MX records pointing to machines outside our network to prevent loss of email if our mail server becomes unavailable. All servers run some flavor of RedHat (or derivative), sendmail and MailScanner. The secondary servers are also hosts for domains other than our own and must use MailScanner for that other mail. My question involves the secondary mail servers and the way MailScanner handles the mail destined for the primary mail gateway. If MailScanner on the secondary mail servers process the email for the mail gateway, then Mailwatch on the mail gateway will not contain all the messages intended for it. Is there a way to set the secondary servers to not process and simply store and forward messages headed for the mail gateway?. Thanks, Ryan ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Tue Jun 28 14:03:17 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:09 2006 Subject: MailScanner, Mailwatch and additional MXs Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ryan Weaver wrote: > Hi, > > I would like to install Mailwatch or the like on our main corporate mail > gateway. We have 2 additional MX records pointing to machines outside our > network to prevent loss of email if our mail server becomes unavailable. All > servers run some flavor of RedHat (or derivative), sendmail and MailScanner. > The secondary servers are also hosts for domains other than our own and must > use MailScanner for that other mail. > > My question involves the secondary mail servers and the way MailScanner > handles the mail destined for the primary mail gateway. If MailScanner on > the secondary mail servers process the email for the mail gateway, then > Mailwatch on the mail gateway will not contain all the messages intended for > it. > > Is there a way to set the secondary servers to not process and simply store > and forward messages headed for the mail gateway?. > > Thanks, > Ryan > Hmmm, why do you run MailScanner on the secondary MX if all messages end up on the primary, which runs MailScanner? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jun 28 14:26:19 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:09 2006 Subject: MailScanner, Mailwatch and additional MXs Message-ID: On 28 Jun 2005, at 14:03, Ugo Bellavance wrote: > Ryan Weaver wrote: > >> Hi, >> >> I would like to install Mailwatch or the like on our main >> corporate mail >> gateway. We have 2 additional MX records pointing to machines >> outside our >> network to prevent loss of email if our mail server becomes >> unavailable. All >> servers run some flavor of RedHat (or derivative), sendmail and >> MailScanner. >> The secondary servers are also hosts for domains other than our >> own and must >> use MailScanner for that other mail. >> >> My question involves the secondary mail servers and the way >> MailScanner >> handles the mail destined for the primary mail gateway. If >> MailScanner on >> the secondary mail servers process the email for the mail gateway, >> then >> Mailwatch on the mail gateway will not contain all the messages >> intended for >> it. >> >> Is there a way to set the secondary servers to not process and >> simply store >> and forward messages headed for the mail gateway?. >> >> Thanks, >> Ryan >> >> > > Hmmm, why do you run MailScanner on the secondary MX if all > messages end > up on the primary, which runs MailScanner? The only reason I know of for this is "Spam List" RBL checking. Only the first mail server in a chain can do Spam List rbl checks. Another vote in favour of doing rbl lookups in SpamAssassin. The only reasons that "Spam List" code exists are to (a) make it easier for people to configure if that's the behaviour they want, and (b) I wrote it before integrating SpamAssassin. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From craig at WESTPRESS.COM Tue Jun 28 14:26:52 2005 From: craig at WESTPRESS.COM (Craig Daters) Date: Thu Jan 12 21:30:09 2006 Subject: OT: Regex question Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Jun 27, 2005, at 4:45 PM, Scott Silva wrote: > Kai Schaetzl spake the following on 6/27/2005 4:31 PM: >> Craig Daters wrote on Mon, 27 Jun 2005 14:45:00 -0700: >> >> >>> Our users have been getting inundated with email purporting to be >>> from >>> my companies "support" team (which is me, btw) informing them that >>> their email accounts are about to be suspended, or that their account >>> details have been updated, to "please verify the details contained in >>> the attached file." >> >> >> Why don't you simply block east. and west.verizon.net on MTA level? >> Why >> waste sa or MS time on them? It's all dynamic IP blocks, as far as I >> can >> see from our logs there's no legitimate mail coming from those. >> >> Kai >> > Sounds like the Mytob virus. > I hope you are running a FEW virus scanners on your MailScanner > machines. > Oh yeah! Wouldn't have it any other way :). I've got ClamAV and F-Prot on the mail server, then each workstation has a copy of Norton AntiVirus Corp Ed., but so far, nothing has made it past MailScanner. I'm just getting tired of all the calls from our employees who do not bother to read the warning that MailScanner sends in place of the infected message. I have even sent a global message to everyone to explain what is happening and what to expect. I continue to get calls, "What should I do about this message?" > - --- Craig Daters (craig@westpress.com) Systems Administrator West Press 1663 West Grant Road Tucson, Arizona 85745 (520) 624-4939 x208 (520) 624-2715 fax www.westpress.com -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBQsFQJxBVT8XLuTbnEQJkBwCg9zxKimY1UOiQZTFyxwox6cTAD44AoNwT sex4DI13bEMCbQDuXN7AS1NU =iMBX -----END PGP SIGNATURE----- -- Please note: It is the policy of West Press that all e-mail sent to and from any @westpress.com address may be recorded and monitored. Unless it is West Press related business, please do not send any material of a private, personal, or confidential nature to this or any @westpress.com e-mail address. This message has been scanned for UCE (spam), viruses, and dangerous content, and is believed to be clean ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ryanw at FALSEHOPE.COM Tue Jun 28 14:27:00 2005 From: ryanw at FALSEHOPE.COM (Ryan Weaver) Date: Thu Jan 12 21:30:09 2006 Subject: MailScanner, Mailwatch and additional MXs Message-ID: [snip] > > The secondary servers are also hosts for domains other than > > our own and must use MailScanner for that other mail. [snip] > Hmmm, why do you run MailScanner on the secondary MX if all > messages end up on the primary, which runs MailScanner? Thanks, Ryan ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From craig at WESTPRESS.COM Tue Jun 28 14:30:03 2005 From: craig at WESTPRESS.COM (Craig Daters) Date: Thu Jan 12 21:30:09 2006 Subject: OT: Regex question Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Jun 27, 2005, at 4:31 PM, Kai Schaetzl wrote: > Craig Daters wrote on Mon, 27 Jun 2005 14:45:00 -0700: > >> Our users have been getting inundated with email purporting to be from >> my companies "support" team (which is me, btw) informing them that >> their email accounts are about to be suspended, or that their account >> details have been updated, to "please verify the details contained in >> the attached file." > > Why don't you simply block east. and west.verizon.net on MTA level? Why > waste sa or MS time on them? It's all dynamic IP blocks, as far as I > can > see from our logs there's no legitimate mail coming from those. > How do I go about obtaining a list of these dynamic IP's to do just that? This sounds like the simpler solution.... - --- Craig Daters (craig@westpress.com) Systems Administrator West Press 1663 West Grant Road Tucson, Arizona 85745 (520) 624-4939 x208 (520) 624-2715 fax www.westpress.com -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBQsFQ3xBVT8XLuTbnEQInAgCg+YyHBO3Pw/DUnSxs+tlVaviYRZkAni4T SIkVBxJnKDFQHPLdhQD5XwmS =l/pB -----END PGP SIGNATURE----- -- Please note: It is the policy of West Press that all e-mail sent to and from any @westpress.com address may be recorded and monitored. Unless it is West Press related business, please do not send any material of a private, personal, or confidential nature to this or any @westpress.com e-mail address. This message has been scanned for UCE (spam), viruses, and dangerous content, and is believed to be clean ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jun 28 14:35:32 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:09 2006 Subject: Custom Spam Scanner? Message-ID: Has anyone tried using the Custom Spam Scanner plugin facility I wrote for you the other day? I would be interested to hear if people think it is sufficient, or whether it really needs additional functionality. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From craig at WESTPRESS.COM Tue Jun 28 14:40:43 2005 From: craig at WESTPRESS.COM (Craig Daters) Date: Thu Jan 12 21:30:09 2006 Subject: Regex question Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Jun 28, 2005, at 4:59 AM, Rick Cooper wrote: >> -----Original Message----- >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >> Behalf Of Craig Daters >> Sent: Monday, June 27, 2005 5:16 PM >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: Regex question >> >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> I am using a dynamic IP block list with SpamAssassin, but the baysian >> probability on these messages are so low that a negative score is >> being >> attached. When the score for the dynamic list is applied, it is below >> my threshold still, so I am trying to intercept these messages before >> they make it MailScanner. Or maybe I can Isolate these specifically >> and >> up the score for these specifically for anything that matches these >> expressions? > > Look at the rules that are already getting hits and increase the > score, for > instance if they are hitting RCVD_IN_NJABL_DUL and/or > RCVD_IN_SORBS_DUL > > add something like this to your spamassasin.prefs.conf (or local.cf) > file > > score RCVD_IN_NJABL_DUL 20.0 > score RCVD_IN_SORBS_DUL 20.0 > > or place the following in your local.cf (Custom rule) > > header VERIZON_DU Received =~ /pool.*?\.verizon\.net/i > describe VERIZON_DU HEADER: Verizon Dialup Pool > score VERIZON_DU 20.0 > > Of course I make the assumption that a score of 20.0 hits high enough > to > prevent delivery, adjust as required. > > You should also look at how you are feeding your baysian database. You > should have some facility to unlearn and re-learn these messages if > they are > scoring so low. I am using MailWatch for MailScanner so learning and unlearning of messages is not a problem. I have been feeding all of these to the Baysian database to bring their scores up to an acceptable level, and I will certainly add a rule as well for SpamAssassin. I would prefer to stop these at the MTA level entirely and save to CPU power this would otherwise generate, but this is a start. Thank you everyone for your help and input. - --- Craig Daters (craig@westpress.com) Systems Administrator West Press 1663 West Grant Road Tucson, Arizona 85745 (520) 624-4939 x208 (520) 624-2715 fax www.westpress.com -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBQsFTYBBVT8XLuTbnEQI38ACg11CN9G6DZWuys5Sr7gyNKa1X/ygAni12 UIq4M/iUJvEvm9+iuJPo7TAk =na4R -----END PGP SIGNATURE----- -- Please note: It is the policy of West Press that all e-mail sent to and from any @westpress.com address may be recorded and monitored. Unless it is West Press related business, please do not send any material of a private, personal, or confidential nature to this or any @westpress.com e-mail address. This message has been scanned for UCE (spam), viruses, and dangerous content, and is believed to be clean ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Tue Jun 28 14:45:42 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:09 2006 Subject: MailScanner, Mailwatch and additional MXs Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ryan Weaver wrote: > > [snip] > >>>The secondary servers are also hosts for domains other than >>>our own and must use MailScanner for that other mail. > > [snip] > > >>Hmmm, why do you run MailScanner on the secondary MX if all >>messages end up on the primary, which runs MailScanner? > > > > Thanks, > Ryan > Oops, sorry, misread, Then I'd probably create a ruleset for your domain on the secondary MX and disable all MailScanner checks. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Tue Jun 28 15:38:38 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:30:09 2006 Subject: Regex question Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Craig Daters > Sent: Tuesday, June 28, 2005 8:41 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Regex question > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Jun 28, 2005, at 4:59 AM, Rick Cooper wrote: > > >> -----Original Message----- > >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > >> Behalf Of Craig Daters > >> Sent: Monday, June 27, 2005 5:16 PM > >> To: MAILSCANNER@JISCMAIL.AC.UK > >> Subject: Re: Regex question > >> > >> > >> -----BEGIN PGP SIGNED MESSAGE----- > >> Hash: SHA1 > >> > >> I am using a dynamic IP block list with SpamAssassin, but the baysian > >> probability on these messages are so low that a negative score is > >> being > >> attached. When the score for the dynamic list is applied, it is below > >> my threshold still, so I am trying to intercept these messages before > >> they make it MailScanner. Or maybe I can Isolate these specifically > >> and > >> up the score for these specifically for anything that matches these > >> expressions? > > > > Look at the rules that are already getting hits and increase the > > score, for > > instance if they are hitting RCVD_IN_NJABL_DUL and/or > > RCVD_IN_SORBS_DUL > > > > add something like this to your spamassasin.prefs.conf (or local.cf) > > file > > > > score RCVD_IN_NJABL_DUL 20.0 > > score RCVD_IN_SORBS_DUL 20.0 > > > > or place the following in your local.cf (Custom rule) > > > > header VERIZON_DU Received =~ /pool.*?\.verizon\.net/i > > describe VERIZON_DU HEADER: Verizon Dialup Pool > > score VERIZON_DU 20.0 > > > > Of course I make the assumption that a score of 20.0 hits high enough > > to > > prevent delivery, adjust as required. > > > > You should also look at how you are feeding your baysian database. You > > should have some facility to unlearn and re-learn these messages if > > they are > > scoring so low. > > I am using MailWatch for MailScanner so learning and unlearning of > messages is not a problem. I have been feeding all of these to the > Baysian database to bring their scores up to an acceptable level, and I > will certainly add a rule as well for SpamAssassin. I would prefer to > stop these at the MTA level entirely and save to CPU power this would > otherwise generate, but this is a start. > > Thank you everyone for your help and input. > MTA is where all of my RBL checking takes place. You don't say what the MTA is but I would think about any can accommodate RBL checks these days. I personally believe in doing as many checks at SMTP time is best. Basic checks I do are: Helo checks : helo with my hostname, ip literal or a host name from my domain - drop and firewall helo with bare IP - drop helo without a FQDN - drop Rcpt to checks: Invalid user drop (of course) non-authenticated local user outside the network - drop fails sender callout verification - drop in one of several RBLs (although I don't check DUL) - drop Data checks: basic bad mime type (.com|.exe|.pif|.bat) - drop Virus - drop and firewall (exim/exiscan BD, ClamAV, f-prot) Spam score above 15 - drop SPF fails - drop There are, of course, more dealing with relaying and so forth but for the most part I have relatively few things that we definatly do not want, pass through to MS to deal with, and I haven't generated a bounce in so long I couldn't tell you the last time. Drop the stuff you *know* shouldn't arrive and let MS handle filename, type, archives, bad content, the marginal spam, etc. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From brian at UNIVEXSYSTEMS.COM Tue Jun 28 15:40:59 2005 From: brian at UNIVEXSYSTEMS.COM (Brian Parish) Date: Thu Jan 12 21:30:09 2006 Subject: MS fails after yum update Message-ID: I did a yum update and it updated some perl stuff. Now I get: Starting MailScanner daemons: incoming postfix: [ OK ] outgoing postfix: [ OK ] MailScanner: Can't locate Net/CIDR.pm in @INC (@INC contains: /usr/lib/MailScanner /usr/lib/perl5/5.8.6/i686-linux /usr/lib/perl5/5.8.6 /usr/lib/perl5/site_perl/5.8.6/i686-linux /usr/lib/perl5/site_perl/5.8.6 /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl. /usr/lib/MailScanner) at /usr/lib/MailScanner/MailScanner/Config.pm line 34. BEGIN failed--compilation aborted at /usr/lib/MailScanner/MailScanner/Config.pm line 34. Compilation failed in require at /usr/sbin/MailScanner line 64. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 64. Tried installing the latest version of MailScanner with the same result. Help! ;-) TIA Brian ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Tue Jun 28 16:00:55 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:30:09 2006 Subject: MS fails after yum update Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Brian Parish wrote: >I did a yum update and it updated some perl stuff. Now I get: > >Starting MailScanner daemons: > incoming postfix: [ OK ] > outgoing postfix: [ OK ] > MailScanner: Can't locate Net/CIDR.pm in @INC (@INC >contains: /usr/lib/MailScanner /usr/lib/perl5/5.8.6/i686-linux /usr/lib/perl5/5.8.6 /usr/lib/perl5/site_perl/5.8.6/i686-linux /usr/lib/perl5/site_perl/5.8.6 /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl. /usr/lib/MailScanner) >at /usr/lib/MailScanner/MailScanner/Config.pm line 34. >BEGIN failed--compilation aborted >at /usr/lib/MailScanner/MailScanner/Config.pm line 34. >Compilation failed in require at /usr/sbin/MailScanner line 64. >BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 64. > >Tried installing the latest version of MailScanner with the same result. > > > Brian, Try to reinstall from CPAN: LANG=C perl -MCPAN -e 'install Net::CIDR' Denis PS: you should omit LANG=C if your server is already configured not to use UTF-8 or if your shell is not sh/bash/ksh. -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From ryanw at FALSEHOPE.COM Tue Jun 28 16:00:11 2005 From: ryanw at FALSEHOPE.COM (Ryan Weaver) Date: Thu Jan 12 21:30:09 2006 Subject: MS fails after yum update Message-ID: Try yum install perl-Net-CIDR > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Brian Parish > Sent: Tuesday, June 28, 2005 9:41 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: MS fails after yum update > > I did a yum update and it updated some perl stuff. Now I get: > > Starting MailScanner daemons: > incoming postfix: [ OK ] > outgoing postfix: [ OK ] > MailScanner: Can't locate Net/CIDR.pm in @INC (@INC > contains: /usr/lib/MailScanner > /usr/lib/perl5/5.8.6/i686-linux /usr/lib/perl5/5.8.6 > /usr/lib/perl5/site_perl/5.8.6/i686-linux > /usr/lib/perl5/site_perl/5.8.6 /usr/lib/perl5/site_perl/5.8.0 > /usr/lib/perl5/site_perl. /usr/lib/MailScanner) > at /usr/lib/MailScanner/MailScanner/Config.pm line 34. > BEGIN failed--compilation aborted > at /usr/lib/MailScanner/MailScanner/Config.pm line 34. > Compilation failed in require at /usr/sbin/MailScanner line 64. > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 64. > > Tried installing the latest version of MailScanner with the > same result. > > Help! ;-) > > TIA > Brian > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From craig at WESTPRESS.COM Tue Jun 28 16:14:37 2005 From: craig at WESTPRESS.COM (Craig Daters) Date: Thu Jan 12 21:30:09 2006 Subject: Regex question Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Jun 28, 2005, at 7:38 AM, Rick Cooper wrote: <--snipped for cleanliness sake--> >> messages is not a problem. I have been feeding all of these to the >> Baysian database to bring their scores up to an acceptable level, and >> I >> will certainly add a rule as well for SpamAssassin. I would prefer to >> stop these at the MTA level entirely and save to CPU power this would >> otherwise generate, but this is a start. >> >> Thank you everyone for your help and input. >> > > MTA is where all of my RBL checking takes place. You don't say what > the MTA > is but I would think about any can accommodate RBL checks these days. I > personally believe in doing as many checks at SMTP time is best. Basic > checks I do are: > > > Helo checks : helo with my hostname, ip literal or a host name from my > domain - drop and firewall > helo with bare IP - drop > helo without a FQDN - drop > > Rcpt to checks: Invalid user drop (of course) > non-authenticated local user outside the network - drop > fails sender callout verification - drop > in one of several RBLs (although I don't check DUL) - drop > > Data checks: basic bad mime type (.com|.exe|.pif|.bat) - drop > Virus - drop and firewall (exim/exiscan BD, ClamAV, > f-prot) > Spam score above 15 - drop > SPF fails - drop > > There are, of course, more dealing with relaying and so forth but for > the > most part I have relatively few things that we definatly do not want, > pass > through to MS to deal with, and I haven't generated a bounce in so > long I > couldn't tell you the last time. Drop the stuff you *know* shouldn't > arrive > and let MS handle filename, type, archives, bad content, the marginal > spam, > etc. I am using Sendmail 8.13.1-2 (RHEL RPM) for my MTA. I like what you are saying here. I don't know how difficult these will be to implement. I have enabled Sendmail's option to not accept mail from non-FQDN sources, And I have blacklisted a couple of countries that have sent us spam in the past that I know we would never receive legitimate email from, but that is all. - --- Craig Daters (craig@westpress.com) Systems Administrator West Press 1663 West Grant Road Tucson, Arizona 85745 (520) 624-4939 x208 (520) 624-2715 fax www.westpress.com -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBQsFpYRBVT8XLuTbnEQIGtwCcCySgjKI+w4DsgN4IiqRyfv+iQxgAnR0c 8YWCppGYryT9wNMgIkCeINbI =6jyy -----END PGP SIGNATURE----- -- Please note: It is the policy of West Press that all e-mail sent to and from any @westpress.com address may be recorded and monitored. Unless it is West Press related business, please do not send any material of a private, personal, or confidential nature to this or any @westpress.com e-mail address. This message has been scanned for UCE (spam), viruses, and dangerous content, and is believed to be clean ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ryanw at FALSEHOPE.COM Tue Jun 28 16:19:49 2005 From: ryanw at FALSEHOPE.COM (Ryan Weaver) Date: Thu Jan 12 21:30:09 2006 Subject: MailScanner, Mailwatch and additional MXs Message-ID: > -----Original Message----- > Subject: Re: MailScanner, Mailwatch and additional MXs > Sent: Tuesday, June 28, 2005 8:46 AM > > Ryan Weaver wrote: > > > > [snip] > > > >>>The secondary servers are also hosts for domains other than > >>>our own and must use MailScanner for that other mail. > > > > [snip] > > > > > >>Hmmm, why do you run MailScanner on the secondary MX if all > >>messages end up on the primary, which runs MailScanner? > > > > > > > > Thanks, > > Ryan > > > > Oops, sorry, misread, > > Then I'd probably create a ruleset for your domain on the secondary MX > and disable all MailScanner checks. To create a set of rules to turn off all scanning for a specific domain so that those emails are merely stored and forwarded, I would need to turn the following settings into rules sets. Virus Scanning = yes Dangerous Content Scanning = yes Spam Checks = yes This one is turned on/off by "Spam Checks", correct? Use SpamAssassin = yes Are there any others or would that do it? Thanks, Ryan ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue Jun 28 16:12:32 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:09 2006 Subject: OT: Regex question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Craig Daters spake the following on 6/28/2005 6:26 AM: > On Jun 27, 2005, at 4:45 PM, Scott Silva wrote: > > >>>Kai Schaetzl spake the following on 6/27/2005 4:31 PM: >>> >>>>Craig Daters wrote on Mon, 27 Jun 2005 14:45:00 -0700: >>>> >>>> >>>> >>>>>Our users have been getting inundated with email purporting to be >>>>>from >>>>>my companies "support" team (which is me, btw) informing them that >>>>>their email accounts are about to be suspended, or that their account >>>>>details have been updated, to "please verify the details contained in >>>>>the attached file." >>>> >>>> >>>>Why don't you simply block east. and west.verizon.net on MTA level? >>>>Why >>>>waste sa or MS time on them? It's all dynamic IP blocks, as far as I >>>>can >>>>see from our logs there's no legitimate mail coming from those. >>>> >>>>Kai >>>> >>> >>>Sounds like the Mytob virus. >>>I hope you are running a FEW virus scanners on your MailScanner >>>machines. >>> > > > Oh yeah! Wouldn't have it any other way :). I've got ClamAV and F-Prot > on the mail server, then each workstation has a copy of Norton > AntiVirus Corp Ed., but so far, nothing has made it past MailScanner. > > I'm just getting tired of all the calls from our employees who do not > bother to read the warning that MailScanner sends in place of the > infected message. I have even sent a global message to everyone to > explain what is happening and what to expect. I continue to get calls, > "What should I do about this message?" > The setting in MailScanner.conf "still deliver silent viruses = no" Will go a long way to make your day easier. I quit telling my users about every piece of you know what that they don't see anyway, and the term "Ignorance is bliss" fits well. Their ignorance is my bliss! -- Please note: It is the policy of West Press that all e-mail sent to and from any @westpress.com address may be recorded and monitored. Unless it is West Press related business, please do not send any material of a private, personal, or confidential nature to this or any @westpress.com e-mail address. This message has been scanned for UCE (spam), viruses, and dangerous content, and is believed to be clean -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bpumphrey at WOODMACLAW.COM Tue Jun 28 16:37:36 2005 From: bpumphrey at WOODMACLAW.COM (Billy A. Pumphrey) Date: Thu Jan 12 21:30:09 2006 Subject: The Book -- new edition Message-ID: Have your linux server do regular system updates with recommendations to yum or up2date or something. Also with links to the technologies. It would be beneficial to newbies to include basic definitions of the best practices terms and/or links to different FAQ's or something. Example: You should keep your OS updated using technologies such as up2date or yum. Here is the basic config files for these and briefly how they work. For in-depth info click here. I prefer this one over the other but it is your choice. I know that Ugo put some examples and are far from completion: - Have a reverse lookup - If MaiScanner a gateway, make sure you use firewall rules on the destination server to make sure only MailScanner can access it. - Have SPF records - Use SMTP-AUTH for roaming clients - Don't bounce - Make sure you're not an open relay I now know what most of these are, but before I would have been like W@$#%$^%$%@#$@#$^%#$%#$@!@#%$^% What is this stuff???????? To me even the simplest thing could use a sentence or two then a link for more info about it. Another example: Make sure you're not an open relay. An open relay means that.............. and ........... This is what can happen is you are a open relay.......... For more info click here. Billy Pumphrey IT Manager Wooden & McLaughlin > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Jason Balicki > Sent: Monday, June 27, 2005 4:03 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: The Book -- new edition > > [snip] > > Ok, I've stared a Best Practices Wiki page -- but all > I've got is my rant against AV warning email. > > Could some other kind folks provide me with other > topics? You don't even have to write them up, just > give me topics and maybe one or two sentences as > to why a practice is good or bad. I'll flesh them > out. > > --J(K) > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Tue Jun 28 16:27:24 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:09 2006 Subject: MailScanner, Mailwatch and additional MXs Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ryan Weaver wrote: > > > >>-----Original Message----- >>Subject: Re: MailScanner, Mailwatch and additional MXs >>Sent: Tuesday, June 28, 2005 8:46 AM >> >>Ryan Weaver wrote: >> >>> >>>[snip] >>> >>> >>>>>The secondary servers are also hosts for domains other than >>>>>our own and must use MailScanner for that other mail. >>> >>>[snip] >>> >>> >>> >>>>Hmmm, why do you run MailScanner on the secondary MX if all >>>>messages end up on the primary, which runs MailScanner? >>> >>> >>> >>>Thanks, >>>Ryan >>> >> >>Oops, sorry, misread, >> >>Then I'd probably create a ruleset for your domain on the secondary MX >>and disable all MailScanner checks. > > > To create a set of rules to turn off all scanning for a specific domain so > that those emails are merely stored and forwarded, I would need to turn the > following settings into rules sets. > > Virus Scanning = yes > Dangerous Content Scanning = yes > Spam Checks = yes > > This one is turned on/off by "Spam Checks", correct? > Use SpamAssassin = yes > > Are there any others or would that do it? > That looks fine to me. > Thanks, > Ryan > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jwilliams at COURTESYMORTGAGE.COM Tue Jun 28 16:53:49 2005 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:30:09 2006 Subject: I've neglected Mailscanner and my setup for to long... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Martin, Thanks for your help. I appreciate it. I have gone ahead and done a few things. Here is what I have done so far: Upgraded SA to 3.0.4. Pretty painless. I did add both DCC and razor2 to my init.pre file as follows: #Add DCC loadplugin Mail::SpamAssassin::Plugin::DCC #Add Razor Agents loadplugin Mail::SpamAssassin::Plugin::Razor2 I am not terribly familiar with either, but one thing I have noticed in my maillog is a few of these: Jun 28 08:39:31 mail dccproc[39538]: continue not asking DCC 8 seconds after failure Jun 28 08:39:31 mail dccproc[39537]: no working DCC servers dcc1.dcc-servers.net dcc2.dcc-servers.net dcc3.dcc-servers.net ... at 208.201.249.233 142.27.70. I have also been reading over the mailscanner wiki site as well, trying to add more items as well as catch up. I thought adding DCC, razor and pyzor might make a considerable difference in my blocking of spam. The spam is getting progressively worse and getting through. It is my fault. I just haven't been able to stay up to date with the server and now I need to go over everything and set things up properly. I'll take a look at the link you offered. I appreciate it. As far as the surbl.org are concerned, anyone here running FreeBSD? If so, did you install through the ports tree? I've run into a few snags here recently with this and im working out the bugs. Thanks, Jason Martin Hepworth wrote: > Hi Jason > > first of all upgrade sa to 3.0.4 theres a DOS problem with 3.0.3 and > it fixes some URL parsing problems as well.. > > As to makeing SA better, make sure you have all the Surbl.org > URI-RBL's installed - SA 3.0.4 has the jp URI-RBL as well by default. > > Adding in the URI-BLACK can also help -- see http://www.uribl.com/ > > As for the extra rules, you need post300 as you are running a version > after 3.0.0. > > Yes they go in the same dir as local.cf and you can auto updates them > with a rulesdujour script. See the wiki on this and also for some > specific things you may need to turn off if you use the > bogus_virus_warnings.cf as well. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Tue Jun 28 16:46:49 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:30:09 2006 Subject: Stupid me? Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I just installed Mailscanner on Debian Sarge like I have done 5 times before.... However in the logs it does nor show mailscanner being used and nothing in the headers either..... What did I miss?? Here is configs.... used apt-get install clamav used apt-get install mailscanner using postfix as MTA this is just a relay no local mail delivery /etc/Mailscanner/Mailscanner.conf MTA=postfix Run As User = postfix Run As Group = postfix Incoming Queue Dir = /var/spool/postfix/hold Outgoing Queue Dir = /var/spool/postfix/incoming Use SpamAssassin = yes Virus Scanners = clamav Virus Scanning = yes /etc/postfix/main.cf relay_domains = hash:/etc/postfix/relay_domains relayhost = [xxx.xxx.xxx.xxx] mydestination = (so it does not deliver locally local_recipient_maps = /etc/postfix/relay_domains domain.com OK /etc/postfix/transport domain.com smtp:[realsmtp.server.com] it relays email just fine for the domain(s) but does not go through mailscanner... I must be forgetting something?? :) Rob... ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vladan at NIKOLIC.HOMEIP.NET Tue Jun 28 16:55:28 2005 From: vladan at NIKOLIC.HOMEIP.NET (Vladan Nikolic) Date: Thu Jan 12 21:30:09 2006 Subject: Stupid me? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] in /etc/postfix/main.cf: header_checks = hash:/etc/postfix/header_checks then, create file /etc/postfix/header_checks that contain /^Received/ HOLD and then reload postfix... ________________________________________________________________________________ I just installed Mailscanner on Debian Sarge like I have done 5 times before.... However in the logs it does nor show mailscanner being used and nothing in the headers either..... What did I miss?? Here is configs.... used apt-get install clamav used apt-get install mailscanner using postfix as MTA this is just a relay no local mail delivery /etc/Mailscanner/Mailscanner.conf MTA=postfix Run As User = postfix Run As Group = postfix Incoming Queue Dir = /var/spool/postfix/hold Outgoing Queue Dir = /var/spool/postfix/incoming Use SpamAssassin = yes Virus Scanners = clamav Virus Scanning = yes /etc/postfix/main.cf relay_domains = hash:/etc/postfix/relay_domains relayhost = [xxx.xxx.xxx.xxx] mydestination = (so it does not deliver locally local_recipient_maps = /etc/postfix/relay_domains domain.com OK /etc/postfix/transport domain.com smtp:[realsmtp.server.com] it relays email just fine for the domain(s) but does not go through mailscanner... I must be forgetting something?? :) Rob... ________________________________________________________________________________ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue Jun 28 16:43:58 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:09 2006 Subject: Wiki entries for init.pre with DCC and Razor Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I see the entries for the mods to init.pre needed for SpamAssassin 3.1 in the wiki. But will they cause a problem to put them in now with 3.0.4? I would sure hate to forget to add them later! -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jwilliams at COURTESYMORTGAGE.COM Tue Jun 28 16:59:19 2005 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:30:09 2006 Subject: Best practices Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Ugo, I'll double check my list here, but im pretty sure I have all the following covered, except for the reverse lookup and the SPF records. I do plan to take a look at these. I appreciate it. Cheers, Jason Ugo Bellavance wrote: >Hi Jason, > > A few ideas: > >- Have a reverse lookup >- If MaiScanner a gateway, make sure you use firewall rules on the >destination server to make sure only MailScanner can access it. >- Have SPF records >- Use SMTP-AUTH for roaming clients >- Don't bounce >- Make sure you're not an open relay >- Do some testiing: > > http://www.dnsreport.com/ > http://www.dnsstuff.com/ > http://www.samspade.com/ > http://www.testvirus.org/ (with disclamer...) > >Ugo > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Jun 28 17:01:36 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:09 2006 Subject: I've neglected Mailscanner and my setup for to long... Message-ID: Jason the URI-RBLs (surbl.org and uribl.org based ones) need the appropriate plugin loading in init.pre, this is normally enable by default. I use FreeBSD and install SA via CPAN.... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Jason Williams wrote: > Hi Martin, > > Thanks for your help. I appreciate it. I have gone ahead and done a few > things. Here is what I have done so far: > > Upgraded SA to 3.0.4. Pretty painless. > I did add both DCC and razor2 to my init.pre file as follows: > > #Add DCC > loadplugin Mail::SpamAssassin::Plugin::DCC > > #Add Razor Agents > loadplugin Mail::SpamAssassin::Plugin::Razor2 > > > I am not terribly familiar with either, but one thing I have noticed in > my maillog is a few of these: > > Jun 28 08:39:31 mail dccproc[39538]: continue not asking DCC 8 seconds > after failure > Jun 28 08:39:31 mail dccproc[39537]: no working DCC servers > dcc1.dcc-servers.net dcc2.dcc-servers.net dcc3.dcc-servers.net ... at > 208.201.249.233 142.27.70. > > I have also been reading over the mailscanner wiki site as well, trying > to add more items as well as catch up. I thought adding DCC, razor and > pyzor might make a considerable difference in my blocking of spam. The > spam is getting progressively worse and getting through. It is my fault. > I just haven't been able to stay up to date with the server and now I > need to go over everything and set things up properly. > > I'll take a look at the link you offered. I appreciate it. > > As far as the surbl.org are concerned, anyone here running FreeBSD? If > so, did you install through the ports tree? I've run into a few snags > here recently with this and im working out the bugs. > > Thanks, > > Jason > Martin Hepworth wrote: > >> Hi Jason >> >> first of all upgrade sa to 3.0.4 theres a DOS problem with 3.0.3 and >> it fixes some URL parsing problems as well.. >> >> As to makeing SA better, make sure you have all the Surbl.org >> URI-RBL's installed - SA 3.0.4 has the jp URI-RBL as well by default. >> >> Adding in the URI-BLACK can also help -- see http://www.uribl.com/ >> >> As for the extra rules, you need post300 as you are running a version >> after 3.0.0. >> >> Yes they go in the same dir as local.cf and you can auto updates them >> with a rulesdujour script. See the wiki on this and also for some >> specific things you may need to turn off if you use the >> bogus_virus_warnings.cf as well. >> >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >> >> >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jwilliams at COURTESYMORTGAGE.COM Tue Jun 28 17:06:37 2005 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:30:09 2006 Subject: I've neglected Mailscanner and my setup for to long... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Martin, Ok. Simple enough. The plugin was already specified in my init.pre file. loadplugin Mail::SpamAssassin::Plugin::URIDNSBL Does that prety much include it? Is there anything else I need to configure? That seems to, simple. Cheers, Jason Martin Hepworth wrote: > Jason > > the URI-RBLs (surbl.org and uribl.org based ones) need the > appropriate plugin loading in init.pre, this is normally enable by > default. > > I use FreeBSD and install SA via CPAN.... > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Jason Williams wrote: > >> Hi Martin, >> >> Thanks for your help. I appreciate it. I have gone ahead and done a >> few things. Here is what I have done so far: >> >> Upgraded SA to 3.0.4. Pretty painless. >> I did add both DCC and razor2 to my init.pre file as follows: >> >> #Add DCC >> loadplugin Mail::SpamAssassin::Plugin::DCC >> >> #Add Razor Agents >> loadplugin Mail::SpamAssassin::Plugin::Razor2 >> >> >> I am not terribly familiar with either, but one thing I have noticed >> in my maillog is a few of these: >> >> Jun 28 08:39:31 mail dccproc[39538]: continue not asking DCC 8 >> seconds after failure >> Jun 28 08:39:31 mail dccproc[39537]: no working DCC servers >> dcc1.dcc-servers.net dcc2.dcc-servers.net dcc3.dcc-servers.net ... at >> 208.201.249.233 142.27.70. >> >> I have also been reading over the mailscanner wiki site as well, >> trying to add more items as well as catch up. I thought adding DCC, >> razor and pyzor might make a considerable difference in my blocking >> of spam. The spam is getting progressively worse and getting through. >> It is my fault. I just haven't been able to stay up to date with the >> server and now I need to go over everything and set things up properly. >> >> I'll take a look at the link you offered. I appreciate it. >> >> As far as the surbl.org are concerned, anyone here running FreeBSD? >> If so, did you install through the ports tree? I've run into a few >> snags here recently with this and im working out the bugs. >> >> Thanks, >> >> Jason >> Martin Hepworth wrote: >> >>> Hi Jason >>> >>> first of all upgrade sa to 3.0.4 theres a DOS problem with 3.0.3 and >>> it fixes some URL parsing problems as well.. >>> >>> As to makeing SA better, make sure you have all the Surbl.org >>> URI-RBL's installed - SA 3.0.4 has the jp URI-RBL as well by default. >>> >>> Adding in the URI-BLACK can also help -- see http://www.uribl.com/ >>> >>> As for the extra rules, you need post300 as you are running a >>> version after 3.0.0. >>> >>> Yes they go in the same dir as local.cf and you can auto updates >>> them with a rulesdujour script. See the wiki on this and also for >>> some specific things you may need to turn off if you use the >>> bogus_virus_warnings.cf as well. >>> >>> -- >>> Martin Hepworth >>> Snr Systems Administrator >>> Solid State Logic >>> Tel: +44 (0)1865 842300 >>> >>> >>> >>> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Tue Jun 28 17:04:49 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:30:09 2006 Subject: Stupid me? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hmm I do not remember doing that... but I added it, now I get this in the log.... postfix/smtp[4071]: connect to localhost[127.0.0.1]: Connection refused (port 10024) I believe that's for antispam? thanks for the very quick reply! Rob... ----- Original Message ----- From: Vladan Nikolic To: MAILSCANNER@JISCMAIL.AC.UK Sent: Tuesday, June 28, 2005 11:55 AM Subject: Re: Stupid me? in /etc/postfix/main.cf: header_checks = hash:/etc/postfix/header_checks then, create file /etc/postfix/header_checks that contain /^Received/ HOLD and then reload postfix... ________________________________________________________________________________ I just installed Mailscanner on Debian Sarge like I have done 5 times before.... However in the logs it does nor show mailscanner being used and nothing in the headers either..... What did I miss?? Here is configs.... used apt-get install clamav used apt-get install mailscanner using postfix as MTA this is just a relay no local mail delivery /etc/Mailscanner/Mailscanner.conf MTA=postfix Run As User = postfix Run As Group = postfix Incoming Queue Dir = /var/spool/postfix/hold Outgoing Queue Dir = /var/spool/postfix/incoming Use SpamAssassin = yes Virus Scanners = clamav Virus Scanning = yes /etc/postfix/main.cf relay_domains = hash:/etc/postfix/relay_domains relayhost = [xxx.xxx.xxx.xxx] mydestination = (so it does not deliver locally local_recipient_maps = /etc/postfix/relay_domains domain.com OK /etc/postfix/transport domain.com smtp:[realsmtp.server.com] it relays email just fine for the domain(s) but does not go through mailscanner... I must be forgetting something?? :) Rob... ________________________________________________________________________________ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kodak at FRONTIERHOMEMORTGAGE.COM Tue Jun 28 16:44:22 2005 From: kodak at FRONTIERHOMEMORTGAGE.COM (Jason Balicki) Date: Thu Jan 12 21:30:09 2006 Subject: The Book -- new edition Message-ID: Billy A. Pumphrey <> wrote: > To me even the simplest thing could use a sentence or two then a link > for more info about it. Here's what I've got up on the wiki so far, feel free to log in and expand any entry you like: http://wiki.mailscanner.info/doku.php?id=best_practices That goes for everyone. --J(K) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Tue Jun 28 17:03:47 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:09 2006 Subject: Stupid me? Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rob wrote: > I just installed Mailscanner on Debian Sarge like I have done 5 times > before.... However in the logs it does nor show mailscanner being used > and nothing in the headers either..... > > What did I miss?? > > Here is configs.... > > used apt-get install clamav > used apt-get install mailscanner > > using postfix as MTA > > this is just a relay no local mail delivery > > /etc/Mailscanner/Mailscanner.conf > MTA=postfix > Run As User = postfix > Run As Group = postfix > Incoming Queue Dir = /var/spool/postfix/hold > Outgoing Queue Dir = /var/spool/postfix/incoming > Use SpamAssassin = yes > Virus Scanners = clamav > Virus Scanning = yes > > /etc/postfix/main.cf > relay_domains = hash:/etc/postfix/relay_domains > relayhost = [xxx.xxx.xxx.xxx] > mydestination = (so it does not deliver locally > local_recipient_maps = > > /etc/postfix/relay_domains > domain.com OK > > /etc/postfix/transport > domain.com smtp:[realsmtp.server.com] > > it relays email just fine for the domain(s) but does not go through > mailscanner... > > I must be forgetting something?? This is a good guide I used in my latest install. It is in italian, but understandable. http://www.debianitalia.org/modules/wfsection/article.php?articleid=77 > > :) > > Rob... > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Tue Jun 28 17:05:34 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:09 2006 Subject: I've neglected Mailscanner and my setup for to long... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jason Williams wrote: > Hi Martin, > > Thanks for your help. I appreciate it. I have gone ahead and done a few > things. Here is what I have done so far: > > Upgraded SA to 3.0.4. Pretty painless. > I did add both DCC and razor2 to my init.pre file as follows: > > #Add DCC > loadplugin Mail::SpamAssassin::Plugin::DCC > > #Add Razor Agents > loadplugin Mail::SpamAssassin::Plugin::Razor2 > > > I am not terribly familiar with either, but one thing I have noticed in > my maillog is a few of these: > > Jun 28 08:39:31 mail dccproc[39538]: continue not asking DCC 8 seconds > after failure > Jun 28 08:39:31 mail dccproc[39537]: no working DCC servers > dcc1.dcc-servers.net dcc2.dcc-servers.net dcc3.dcc-servers.net ... at > 208.201.249.233 142.27.70. Firewall issue? http://www.sng.ecs.soton.ac.uk/cgi-bin/faq?file=125 > > I have also been reading over the mailscanner wiki site as well, trying > to add more items as well as catch up. I thought adding DCC, razor and > pyzor might make a considerable difference in my blocking of spam. The > spam is getting progressively worse and getting through. It is my fault. > I just haven't been able to stay up to date with the server and now I > need to go over everything and set things up properly. > > I'll take a look at the link you offered. I appreciate it. > > As far as the surbl.org are concerned, anyone here running FreeBSD? If > so, did you install through the ports tree? I've run into a few snags > here recently with this and im working out the bugs. Isn't it built-in since SA 3.0? > > Thanks, > > Jason > Martin Hepworth wrote: > >> Hi Jason >> >> first of all upgrade sa to 3.0.4 theres a DOS problem with 3.0.3 and >> it fixes some URL parsing problems as well.. >> >> As to makeing SA better, make sure you have all the Surbl.org >> URI-RBL's installed - SA 3.0.4 has the jp URI-RBL as well by default. >> >> Adding in the URI-BLACK can also help -- see http://www.uribl.com/ >> >> As for the extra rules, you need post300 as you are running a version >> after 3.0.0. >> >> Yes they go in the same dir as local.cf and you can auto updates them >> with a rulesdujour script. See the wiki on this and also for some >> specific things you may need to turn off if you use the >> bogus_virus_warnings.cf as well. >> >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >> >> >> > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jwilliams at COURTESYMORTGAGE.COM Tue Jun 28 17:21:29 2005 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:30:09 2006 Subject: I've neglected Mailscanner and my setup for to long... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > I use FreeBSD and install SA via CPAN.... And im guessing, any other moduels are needed? Much difference between cpan and the ports tree? Or purely preference? I just ran sa with the --lint test and came across an error, that im not real pleased with and not sure how to correct it. Here it is: debug: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x8c8cd90) debug: plugin: loading Mail::SpamAssassin::Plugin::DCC from @INC failed to parse plugin (from @INC): Can't locate Mail/SpamAssassin/Plugin/DCC.pm in @INC (@INC contains: lib /usr/local/lib/perl5/site_perl/5.8.2 /usr/local/lib/perl5/site_perl/5.8.2/mach /usr/local/lib/perl5/site_perl /usr/local/lib/perl5/5.8.2/BSDPAN /usr/local/lib/perl5/5.8.2/mach /usr/local/lib/perl5/5.8.2) at (eval 40) line 1. failed to create instance of plugin Mail::SpamAssassin::Plugin::DCC: Can't locate object method "new" via package "Mail::SpamAssassin::Plugin::DCC" at (eval 41) line 1. debug: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC failed to parse plugin (from @INC): Can't locate Mail/SpamAssassin/Plugin/Razor2.pm in @INC (@INC contains: lib /usr/local/lib/perl5/site_perl/5.8.2 /usr/local/lib/perl5/site_perl/5.8.2/mach /usr/local/lib/perl5/site_perl /usr/local/lib/perl5/5.8.2/BSDPAN /usr/local/lib/perl5/5.8.2/mach /usr/local/lib/perl5/5.8.2) at (eval 42) line 1. failed to create instance of plugin Mail::SpamAssassin::Plugin::Razor2: Can't locate object method "new" via package "Mail::SpamAssassin::Plugin::Razor2" at (eval 43) line 1. I'm pretty positive that my ports tree is all synced up. I'll double check here and see if there is anything I missed in the UPDATING file. Anything ring a bell? Anything you recommend? I appreciate it. Jason ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Tue Jun 28 17:21:55 2005 From: michele at BLACKNIGHT.IE (Michele Neylon) Date: Thu Jan 12 21:30:09 2006 Subject: Language error Message-ID: MailScanner[20549]: Looked up unknown string archivetoodeep in language translation file /etc/MailScanner/reports/en/languages.conf This is in the latest beta Michele Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Fax. +353 (0) 59 9164239 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vladan at NIKOLIC.HOMEIP.NET Tue Jun 28 17:23:03 2005 From: vladan at NIKOLIC.HOMEIP.NET (Vladan Nikolic) Date: Thu Jan 12 21:30:09 2006 Subject: Stupid me? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] sorry, i type that from my head... instead of hash, try regexp or pcre, so: header_checks = regexp:/etc/postfix/header_checks ________________________________________________________________________________ Hmm I do not remember doing that... but I added it, now I get this in the log.... postfix/smtp[4071]: connect to localhost[127.0.0.1]: Connection refused (port 10024) I believe that's for antispam? thanks for the very quick reply! Rob... ----- Original Message ----- From: Vladan Nikolic To: MAILSCANNER@JISCMAIL.AC.UK Sent: Tuesday, June 28, 2005 11:55 AM Subject: Re: Stupid me? in /etc/postfix/main.cf: header_checks = hash:/etc/postfix/header_checks then, create file /etc/postfix/header_checks that contain /^Received/ HOLD and then reload postfix... ________________________________________________________________________________ I just installed Mailscanner on Debian Sarge like I have done 5 times before.... However in the logs it does nor show mailscanner being used and nothing in the headers either..... What did I miss?? Here is configs.... used apt-get install clamav used apt-get install mailscanner using postfix as MTA this is just a relay no local mail delivery /etc/Mailscanner/Mailscanner.conf MTA=postfix Run As User = postfix Run As Group = postfix Incoming Queue Dir = /var/spool/postfix/hold Outgoing Queue Dir = /var/spool/postfix/incoming Use SpamAssassin = yes Virus Scanners = clamav Virus Scanning = yes /etc/postfix/main.cf relay_domains = hash:/etc/postfix/relay_domains relayhost = [xxx.xxx.xxx.xxx] mydestination = (so it does not deliver locally local_recipient_maps = /etc/postfix/relay_domains domain.com OK /etc/postfix/transport domain.com smtp:[realsmtp.server.com] it relays email just fine for the domain(s) but does not go through mailscanner... I must be forgetting something?? :) Rob... ________________________________________________________________________________ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ________________________________________________________________________________ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From sdouglas at netnettech.com Tue Jun 28 17:23:58 2005 From: sdouglas at netnettech.com (Steve Douglas) Date: Thu Jan 12 21:30:09 2006 Subject: No subject accidental My fault Message-ID: Thanks. I have updated the Perl. My customer has not updated this server in over a year. This is not my favorite project. Thanks for your input. I am still hacking. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Kai Schaetzl Sent: Tuesday, June 28, 2005 7:31 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Steve Douglas wrote on Tue, 28 Jun 2005 04:33:43 -0500: > Would anyone > have an approximated idea what the defunct might relate to? Did you update Perl modules as well? Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Jun 28 17:28:23 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:09 2006 Subject: I've neglected Mailscanner and my setup for to long... Message-ID: Jason yup - and Net::DNS needs to be at least 0.48 as well.. do a "spamassassin -p /spam.assassassin.prefs.conf -D --lint" and it will tell you what tests its doing and if the URI-RBL stuff is OK. is the dir where MailScanner.conf is... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Jason Williams wrote: > Martin, > > Ok. Simple enough. The plugin was already specified in my init.pre file. > > loadplugin Mail::SpamAssassin::Plugin::URIDNSBL > > Does that prety much include it? Is there anything else I need to > configure? That seems to, simple. > > Cheers, > > Jason > > Martin Hepworth wrote: > >> Jason >> >> the URI-RBLs (surbl.org and uribl.org based ones) need the >> appropriate plugin loading in init.pre, this is normally enable by >> default. >> >> I use FreeBSD and install SA via CPAN.... >> >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >> >> Jason Williams wrote: >> >>> Hi Martin, >>> >>> Thanks for your help. I appreciate it. I have gone ahead and done a >>> few things. Here is what I have done so far: >>> >>> Upgraded SA to 3.0.4. Pretty painless. >>> I did add both DCC and razor2 to my init.pre file as follows: >>> >>> #Add DCC >>> loadplugin Mail::SpamAssassin::Plugin::DCC >>> >>> #Add Razor Agents >>> loadplugin Mail::SpamAssassin::Plugin::Razor2 >>> >>> >>> I am not terribly familiar with either, but one thing I have noticed >>> in my maillog is a few of these: >>> >>> Jun 28 08:39:31 mail dccproc[39538]: continue not asking DCC 8 >>> seconds after failure >>> Jun 28 08:39:31 mail dccproc[39537]: no working DCC servers >>> dcc1.dcc-servers.net dcc2.dcc-servers.net dcc3.dcc-servers.net ... at >>> 208.201.249.233 142.27.70. >>> >>> I have also been reading over the mailscanner wiki site as well, >>> trying to add more items as well as catch up. I thought adding DCC, >>> razor and pyzor might make a considerable difference in my blocking >>> of spam. The spam is getting progressively worse and getting through. >>> It is my fault. I just haven't been able to stay up to date with the >>> server and now I need to go over everything and set things up properly. >>> >>> I'll take a look at the link you offered. I appreciate it. >>> >>> As far as the surbl.org are concerned, anyone here running FreeBSD? >>> If so, did you install through the ports tree? I've run into a few >>> snags here recently with this and im working out the bugs. >>> >>> Thanks, >>> >>> Jason >>> Martin Hepworth wrote: >>> >>>> Hi Jason >>>> >>>> first of all upgrade sa to 3.0.4 theres a DOS problem with 3.0.3 and >>>> it fixes some URL parsing problems as well.. >>>> >>>> As to makeing SA better, make sure you have all the Surbl.org >>>> URI-RBL's installed - SA 3.0.4 has the jp URI-RBL as well by default. >>>> >>>> Adding in the URI-BLACK can also help -- see http://www.uribl.com/ >>>> >>>> As for the extra rules, you need post300 as you are running a >>>> version after 3.0.0. >>>> >>>> Yes they go in the same dir as local.cf and you can auto updates >>>> them with a rulesdujour script. See the wiki on this and also for >>>> some specific things you may need to turn off if you use the >>>> bogus_virus_warnings.cf as well. >>>> >>>> -- >>>> Martin Hepworth >>>> Snr Systems Administrator >>>> Solid State Logic >>>> Tel: +44 (0)1865 842300 >>>> >>>> >>>> >>>> >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >> >> >> >> ********************************************************************** >> >> This email and any files transmitted with it are confidential and >> intended solely for the use of the individual or entity to whom they >> are addressed. If you have received this email in error please notify >> the system manager. >> >> This footnote confirms that this email message has been swept >> for the presence of computer viruses and is believed to be clean. >> ********************************************************************** >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From sdouglas at netnettech.com Tue Jun 28 17:30:11 2005 From: sdouglas at netnettech.com (Steve Douglas) Date: Thu Jan 12 21:30:09 2006 Subject: MailScanner Syntax Error In Degub Mode. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] 1. “Unrecognised keyword "logiframetags" at line 498” This error is reported within the MailScanner.conf file.  It makes no sense.  I did a search on it and found nothing in the file.  The line is actually syntaxed as: Log “IFrame Tags = no”Unrecognised keyword "logiframetags" at line 498 2. What does this mean ----- “Could not read Custom Functions directory” Steve Douglas Net-Net Tech, LLC 1841 Highgrove Dr. O'Fallon, MO 63366-4368 Phone: 636-533-0150 Mobile: 636-541-1044 Toll-Free: 866-330-7834 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue Jun 28 17:28:29 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:09 2006 Subject: The Book -- new edition Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jason Balicki spake the following on 6/28/2005 8:44 AM: > Billy A. Pumphrey <> wrote: > >>To me even the simplest thing could use a sentence or two then a link >>for more info about it. > > > Here's what I've got up on the wiki so far, feel free > to log in and expand any entry you like: > > http://wiki.mailscanner.info/doku.php?id=best_practices > > That goes for everyone. > > --J(K) > Very good! A little humor to make it lighter, but very good reading. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Tue Jun 28 17:34:20 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:30:09 2006 Subject: Stupid me? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] That Did it! Thanks dude! But the weird thing is I do not have that on another system... but I will check it out.... Thanks once again to all Rob... ----- Original Message ----- From: Vladan Nikolic To: MAILSCANNER@JISCMAIL.AC.UK Sent: Tuesday, June 28, 2005 12:23 PM Subject: Re: Stupid me? sorry, i type that from my head... instead of hash, try regexp or pcre, so: header_checks = regexp:/etc/postfix/header_checks ________________________________________________________________________________ Hmm I do not remember doing that... but I added it, now I get this in the log.... postfix/smtp[4071]: connect to localhost[127.0.0.1]: Connection refused (port 10024) I believe that's for antispam? thanks for the very quick reply! Rob... ----- Original Message ----- From: Vladan Nikolic To: MAILSCANNER@JISCMAIL.AC.UK Sent: Tuesday, June 28, 2005 11:55 AM Subject: Re: Stupid me? in /etc/postfix/main.cf: header_checks = hash:/etc/postfix/header_checks then, create file /etc/postfix/header_checks that contain /^Received/ HOLD and then reload postfix... ________________________________________________________________________________ I just installed Mailscanner on Debian Sarge like I have done 5 times before.... However in the logs it does nor show mailscanner being used and nothing in the headers either..... What did I miss?? Here is configs.... used apt-get install clamav used apt-get install mailscanner using postfix as MTA this is just a relay no local mail delivery /etc/Mailscanner/Mailscanner.conf MTA=postfix Run As User = postfix Run As Group = postfix Incoming Queue Dir = /var/spool/postfix/hold Outgoing Queue Dir = /var/spool/postfix/incoming Use SpamAssassin = yes Virus Scanners = clamav Virus Scanning = yes /etc/postfix/main.cf relay_domains = hash:/etc/postfix/relay_domains relayhost = [xxx.xxx.xxx.xxx] mydestination = (so it does not deliver locally local_recipient_maps = /etc/postfix/relay_domains domain.com OK /etc/postfix/transport domain.com smtp:[realsmtp.server.com] it relays email just fine for the domain(s) but does not go through mailscanner... I must be forgetting something?? :) Rob... ________________________________________________________________________________ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ________________________________________________________________________________ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jun 28 17:53:57 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:09 2006 Subject: Wiki entries for init.pre with DCC and Razor Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Scott Silva wrote: >I see the entries for the mods to init.pre needed for SpamAssassin 3.1 >in the wiki. >But will they cause a problem to put them in now with 3.0.4? >I would sure hate to forget to add them later! > > They cause SpamAssassin to spit out a bunch of error messages, but they don't actually break anything. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQsGAphH2WUcUFbZUEQKehQCgw16L6s9Ej+/4lZRjrspoafCP4CoAoICh hsTPUDYGZdqQDTQyhjOVzSTc =5wwz -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue Jun 28 17:50:43 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:09 2006 Subject: I've neglected Mailscanner and my setup for to long... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jason Williams spake the following on 6/28/2005 9:21 AM: >> I use FreeBSD and install SA via CPAN.... > > > And im guessing, any other moduels are needed? Much difference between > cpan and the ports tree? Or purely preference? > > I just ran sa with the --lint test and came across an error, that im not > real pleased with and not sure how to correct it. Here it is: > > debug: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x8c8cd90) > debug: plugin: loading Mail::SpamAssassin::Plugin::DCC from @INC > failed to parse plugin (from @INC): Can't locate > Mail/SpamAssassin/Plugin/DCC.pm in @INC (@INC contains: lib > /usr/local/lib/perl5/site_perl/5.8.2 > /usr/local/lib/perl5/site_perl/5.8.2/mach /usr/local/lib/perl5/site_perl > /usr/local/lib/perl5/5.8.2/BSDPAN /usr/local/lib/perl5/5.8.2/mach > /usr/local/lib/perl5/5.8.2) at (eval 40) line 1. > > failed to create instance of plugin Mail::SpamAssassin::Plugin::DCC: > Can't locate object method "new" via package > "Mail::SpamAssassin::Plugin::DCC" at (eval 41) line 1. > > debug: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC > failed to parse plugin (from @INC): Can't locate > Mail/SpamAssassin/Plugin/Razor2.pm in @INC (@INC contains: lib > /usr/local/lib/perl5/site_perl/5.8.2 > /usr/local/lib/perl5/site_perl/5.8.2/mach /usr/local/lib/perl5/site_perl > /usr/local/lib/perl5/5.8.2/BSDPAN /usr/local/lib/perl5/5.8.2/mach > /usr/local/lib/perl5/5.8.2) at (eval 42) line 1. > > failed to create instance of plugin Mail::SpamAssassin::Plugin::Razor2: > Can't locate object method "new" via package > "Mail::SpamAssassin::Plugin::Razor2" at (eval 43) line 1. > > I'm pretty positive that my ports tree is all synced up. I'll double > check here and see if there is anything I missed in the UPDATING file. > > Anything ring a bell? Anything you recommend? > > I appreciate it. > > Jason > This probably answers a question I posted earlier. Try and remove (or comment out) the DCC and Razor lines from init.pre you added and run the lint test again. These lines will be required for SpamAssassin 3.1, and maybe it is undefined in 3.0.4 and earlier, and gumming up the works. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jun 28 18:01:36 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:09 2006 Subject: No subject accidental My fault Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Re-run the install.sh from the version of MailScanner you have on there. That should re-install the Perl modules you need, that have probably been hosed by the Perl upgrade. Steve Douglas wrote: >Thanks. I have updated the Perl. My customer has not updated this server >in over a year. This is not my favorite project. Thanks for your input. I >am still hacking. > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf >Of Kai Schaetzl >Sent: Tuesday, June 28, 2005 7:31 AM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: > >Steve Douglas wrote on Tue, 28 Jun 2005 04:33:43 -0500: > > > >>Would anyone >>have an approximated idea what the defunct might relate to? >> >> > >Did you update Perl modules as well? > >Kai > >-- >Kai Schätzl, Berlin, Germany >Get your web at Conactive Internet Services: http://www.conactive.com >IE-Center: http://ie5.de & http://msie.winware.org > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQsGCcRH2WUcUFbZUEQK4lgCgp9ZmmshGMKW1Dy8+cUJupEWem9MAnj4y DdKwUXmuTESUJZkG+ctPCaNg =bioN -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jun 28 18:03:25 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:09 2006 Subject: MailScanner Syntax Error In Degub Mode. Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 You need to run upgrade_MailScanner_conf on your MailScanner.conf file. In /etc/MailScanner you will find you have a MailScanner.conf.rpmnew file. Steve Douglas wrote: >1. â^À^ÜUnrecognised keyword "logiframetags" at line 498â^À^Ý > > > >This error is reported within the MailScanner.conf file. It makes no sense. I did a search on it and found nothing in the file. > > > >The line is actually syntaxed as: Log â^À^ÜIFrame Tags = noâ^À^ÝUnrecognised keyword "logiframetags" at line 498 > >2. What does this mean ----- â^À^ÜCould not read Custom Functions directoryâ^À^Ý > > Steve Douglas > > Net-Net Tech, LLC > > 1841 Highgrove Dr. > > O'Fallon, MO 63366-4368 > > Phone: 636-533-0150 > > Mobile: 636-541-1044 > > Toll-Free: 866-330-7834 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQsGC3xH2WUcUFbZUEQLqCACaAmJfbZjPU09Knl47mqMVO4YA/vkAn3I5 21krPkIVcx8wiotsldCcg/BI =qRfY -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Tue Jun 28 17:22:32 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:30:09 2006 Subject: Stupid me? Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Right, seemed simple, I have done all that.... with the addition of spamassissan.... Geese, what am I doing wrong... Rob... ----- Original Message ----- From: "Ugo Bellavance" To: Sent: Tuesday, June 28, 2005 12:03 PM Subject: Re: Stupid me? > Rob wrote: >> I just installed Mailscanner on Debian Sarge like I have done 5 times >> before.... However in the logs it does nor show mailscanner being used >> and nothing in the headers either..... >> >> What did I miss?? >> >> Here is configs.... >> >> used apt-get install clamav >> used apt-get install mailscanner >> >> using postfix as MTA >> >> this is just a relay no local mail delivery >> >> /etc/Mailscanner/Mailscanner.conf >> MTA=postfix >> Run As User = postfix >> Run As Group = postfix >> Incoming Queue Dir = /var/spool/postfix/hold >> Outgoing Queue Dir = /var/spool/postfix/incoming >> Use SpamAssassin = yes >> Virus Scanners = clamav >> Virus Scanning = yes >> >> /etc/postfix/main.cf >> relay_domains = hash:/etc/postfix/relay_domains >> relayhost = [xxx.xxx.xxx.xxx] >> mydestination = (so it does not deliver locally >> local_recipient_maps = >> >> /etc/postfix/relay_domains >> domain.com OK >> >> /etc/postfix/transport >> domain.com smtp:[realsmtp.server.com] >> >> it relays email just fine for the domain(s) but does not go through >> mailscanner... >> >> I must be forgetting something?? > > This is a good guide I used in my latest install. It is in italian, but > understandable. > > http://www.debianitalia.org/modules/wfsection/article.php?articleid=77 > >> >> :) >> >> Rob... >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) >> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> *Support MailScanner development - buy the book off the website!* > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jwilliams at COURTESYMORTGAGE.COM Tue Jun 28 18:16:04 2005 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:30:09 2006 Subject: I've neglected Mailscanner and my setup for to long... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Scott Silva wrote: >Jason Williams spake the following on 6/28/2005 9:21 AM: > > >>>I use FreeBSD and install SA via CPAN.... >>> >>> >>And im guessing, any other moduels are needed? Much difference between >>cpan and the ports tree? Or purely preference? >> >>I just ran sa with the --lint test and came across an error, that im not >>real pleased with and not sure how to correct it. Here it is: >> >>debug: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x8c8cd90) >>debug: plugin: loading Mail::SpamAssassin::Plugin::DCC from @INC >>failed to parse plugin (from @INC): Can't locate >>Mail/SpamAssassin/Plugin/DCC.pm in @INC (@INC contains: lib >>/usr/local/lib/perl5/site_perl/5.8.2 >>/usr/local/lib/perl5/site_perl/5.8.2/mach /usr/local/lib/perl5/site_perl >>/usr/local/lib/perl5/5.8.2/BSDPAN /usr/local/lib/perl5/5.8.2/mach >>/usr/local/lib/perl5/5.8.2) at (eval 40) line 1. >> >>failed to create instance of plugin Mail::SpamAssassin::Plugin::DCC: >>Can't locate object method "new" via package >>"Mail::SpamAssassin::Plugin::DCC" at (eval 41) line 1. >> >>debug: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC >>failed to parse plugin (from @INC): Can't locate >>Mail/SpamAssassin/Plugin/Razor2.pm in @INC (@INC contains: lib >>/usr/local/lib/perl5/site_perl/5.8.2 >>/usr/local/lib/perl5/site_perl/5.8.2/mach /usr/local/lib/perl5/site_perl >>/usr/local/lib/perl5/5.8.2/BSDPAN /usr/local/lib/perl5/5.8.2/mach >>/usr/local/lib/perl5/5.8.2) at (eval 42) line 1. >> >>failed to create instance of plugin Mail::SpamAssassin::Plugin::Razor2: >>Can't locate object method "new" via package >>"Mail::SpamAssassin::Plugin::Razor2" at (eval 43) line 1. >> >>I'm pretty positive that my ports tree is all synced up. I'll double >>check here and see if there is anything I missed in the UPDATING file. >> >>Anything ring a bell? Anything you recommend? >> >>I appreciate it. >> >>Jason >> >> >> >This probably answers a question I posted earlier. >Try and remove (or comment out) the DCC and Razor lines from init.pre >you added and run the lint test again. These lines will be required for >SpamAssassin 3.1, and maybe it is undefined in 3.0.4 and earlier, and >gumming up the works. > > > Yep. Just tested it. commented out the two lines, ran it again and it came back with no errors. Just thought i'd test, confirm and post here. Jason ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kodak at FRONTIERHOMEMORTGAGE.COM Tue Jun 28 17:54:47 2005 From: kodak at FRONTIERHOMEMORTGAGE.COM (Jason Balicki) Date: Thu Jan 12 21:30:09 2006 Subject: The Book -- new edition Message-ID: Scott Silva <> wrote: > Very good! A little humor to make it lighter, but very good reading. If there's one thing I'm good at it's dumb jokes and puns. Thanks for the encouragement, and the edits. --J(K) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From sdouglas at netnettech.com Tue Jun 28 18:24:35 2005 From: sdouglas at netnettech.com (Steve Douglas) Date: Thu Jan 12 21:30:09 2006 Subject: MailScanner Syntax Error In Degub Mode. Message-ID: I ran ./install.sh again. It has consistently reported failed dependencies for Convert:BINHEX & Perl-MIME-Tools >= 5.412. The custom field was never created and I don't recall ever seeing the MailScanner.new in the /etc/MailScanner path. -----Original Message----- From: Julian Field [mailto:MailScanner@ecs.soton.ac.uk] Sent: Tuesday, June 28, 2005 12:03 PM To: sdouglas@netnettech.com; MailScanner mailing list Subject: Re: MailScanner Syntax Error In Degub Mode. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 You need to run upgrade_MailScanner_conf on your MailScanner.conf file. In /etc/MailScanner you will find you have a MailScanner.conf.rpmnew file. Steve Douglas wrote: >1. "Unrecognised keyword "logiframetags" at line 498" > > > >This error is reported within the MailScanner.conf file. It makes no >sense. I did a search on it and found nothing in the file. > > > >The line is actually syntaxed as: Log "IFrame Tags = no"Unrecognised >keyword "logiframetags" at line 498 > >2. What does this mean ----- "Could not read Custom Functions directory" > > Steve Douglas > > Net-Net Tech, LLC > > 1841 Highgrove Dr. > > O'Fallon, MO 63366-4368 > > Phone: 636-533-0150 > > Mobile: 636-541-1044 > > Toll-Free: 866-330-7834 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQsGC3xH2WUcUFbZUEQLqCACaAmJfbZjPU09Knl47mqMVO4YA/vkAn3I5 21krPkIVcx8wiotsldCcg/BI =qRfY -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Tue Jun 28 18:14:29 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:09 2006 Subject: The Book -- new edition Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Billy A. Pumphrey wrote: > Have your linux server do regular system updates with recommendations to > yum or up2date or something. Also with links to the technologies. > > It would be beneficial to newbies to include basic definitions of the > best practices terms and/or links to different FAQ's or something. > > Example: > You should keep your OS updated using technologies such as up2date or > yum. Here is the basic config files for these and briefly how they work. > For in-depth info click here. I prefer this one over the other but it > is your choice. > > I know that Ugo put some examples and are far from completion: > - Have a reverse lookup > - If MaiScanner a gateway, make sure you use firewall rules on the > destination server to make sure only MailScanner can access it. > - Have SPF records > - Use SMTP-AUTH for roaming clients > - Don't bounce > - Make sure you're not an open relay > > I now know what most of these are, but before I would have been like > W@$#%$^%$%@#$@#$^%#$%#$@!@#%$^% What is this stuff???????? > > To me even the simplest thing could use a sentence or two then a link > for more info about it. > > Another example: > Make sure you're not an open relay. > An open relay means that.............. and ........... This is what can > happen is you are a open relay.......... For more info click here. > > I understand what you mean Bill, but I don't want to save the world either. People must be able to do some research by themselves. We can't really have a repository of docs for all the documentation related to mail server administration. Also, these topics are often changing a lot and since we're all volunteers, it is hard to maintain changing docs. We must find a balance between the amount of work and the benefits. The ideas I posted are, of course, raw. I expected Jason to work them out a little bit. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jun 28 18:00:25 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:09 2006 Subject: Language error Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 You will probably find a languages.conf.rpmnew in that directory. Run upgrade_languages_conf on it. Michele Neylon wrote: >MailScanner[20549]: Looked up unknown string archivetoodeep in language >translation file /etc/MailScanner/reports/en/languages.conf > >This is in the latest beta > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQsGCLBH2WUcUFbZUEQKQggCg+arzV/9pHMbSffHI3mbTh4qYEFAAoN3c qhKc+RD2SsA+Yma7du3NDvWj =aziQ -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue Jun 28 18:33:24 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:09 2006 Subject: Wiki entries for init.pre with DCC and Razor Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field spake the following on 6/28/2005 9:53 AM: > Scott Silva wrote: > > >>>I see the entries for the mods to init.pre needed for SpamAssassin 3.1 >>>in the wiki. >>>But will they cause a problem to put them in now with 3.0.4? >>>I would sure hate to forget to add them later! >>> >>> > > They cause SpamAssassin to spit out a bunch of error messages, but they > don't actually break anything. > Thanks! Maybe I'll wait anyway. Just don't need to wank up the logs right now -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Tue Jun 28 18:30:31 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:09 2006 Subject: Stupid me? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rob wrote: > Hmm I do not remember doing that... but I added it, now I get this in > the log.... > > postfix/smtp[4071]: connect to localhost[127.0.0.1]: Connection refused > (port 10024) > I believe that's for antispam? > That is probably for Amavis, be careful not to mix things ;) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ccampbell at BRUEGGERS.COM Tue Jun 28 18:37:04 2005 From: ccampbell at BRUEGGERS.COM (Christian Campbell) Date: Thu Jan 12 21:30:09 2006 Subject: Upgrade SA Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I looked through the Wiki, MAQs and FAQs and didn't come up with much. Looking for info on Upgrading SA from 2.63. It was built from source. However, I seem to have a spamassassin-tools-2.55-rh8.1 installed also. 1st - Do I still need spamassassin-tools? Can I remove that package? 2nd - Can I do: perl -MCPAN -eshell install Mail::SpamAssassin to upgrade SA? Running on: Linux atlas.brueggers.com 2.4.18-14 #1 Wed Sep 4 13:35:50 EDT 2002 i686 i686 i386 GNU/Linux This is Red Hat Linux release 8.0 (Psyche) This is Perl version 5.008000 (5.8.0) This is MailScanner version 4.42.9 Module versions are: 1.14 Archive::Zip 1.01 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.04 Fcntl 2.71 File::Basename 2.05 File::Copy 2.01 FileHandle 1.05 File::Path 0.13 File::Temp 1.29 HTML::Entities 3.45 HTML::Parser 2.30 HTML::TokeParser 1.20 IO 1.09 IO::File 1.122 IO::Pipe 1.50 Mail::Header 3.05 MIME::Base64 5.417 MIME::Decoder 5.417 MIME::Decoder::UU 5.417 MIME::Head 5.417 MIME::Parser 3.03 MIME::QuotedPrint 5.417 MIME::Tools 0.10 Net::CIDR 1.05 POSIX 1.75 Socket 0.03 Sys::Syslog 1.02 Time::localtime Optional module versions are: 1.806 DB_File 1.00 Digest 1.01 Digest::HMAC 2.20 Digest::MD5 2.01 Digest::SHA1 missing Inline missing Mail::ClamAV 2.63 Mail::SpamAssassin missing Mail::SPF::Query missing Net::CIDR::Lite 0.23 Net::DNS missing Net::LDAP missing Parse::RecDescent missing SAVI missing Sys::Hostname::Long 2.26 Test::Harness 0.47 Test::Simple 1.89 Text::Balanced 1.30 URI Any help and/or walk-throughs appreciated! Thanks, Christian Christian Campbell Systems Engineer, Sair LCP, A+, N+, i-Net+ Bruegger's Enterprises Desk: 802-652-9270 Cell: 802-734-5023 Fax: 802-660-4034 Email: ccampbell at brueggers dot com PGP Public Key available via PGP keyservers or http://www2.brueggers.com/pgp/ccampbell.html "We all know Linux is great... It does infinite loops in 5 seconds." -Linus Torvalds ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue Jun 28 18:41:07 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:09 2006 Subject: The Book -- new edition Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jason Balicki spake the following on 6/28/2005 9:54 AM: > Scott Silva <> wrote: > >>Very good! A little humor to make it lighter, but very good reading. > > > If there's one thing I'm good at it's dumb jokes and puns. > > Thanks for the encouragement, and the edits. > > --J(K) > I thought BitDefender, although not perfect, saved my butt a couple of times when Clam updates were munged, and McAfee hadn't caught up with their own backside yet! -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Tue Jun 28 18:33:02 2005 From: michele at BLACKNIGHT.IE (Michele Neylon) Date: Thu Jan 12 21:30:09 2006 Subject: Language error Message-ID: Julian Field <> scribbled on 28 June 2005 18:00: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > You will probably find a languages.conf.rpmnew in that directory. > Run upgrade_languages_conf on it. I had done already ... Still get that error :( M Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Fax. +353 (0) 59 9164239 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue Jun 28 18:42:43 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:09 2006 Subject: I've neglected Mailscanner and my setup for to long... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jason Williams spake the following on 6/28/2005 10:16 AM: > Scott Silva wrote: > >> Jason Williams spake the following on 6/28/2005 9:21 AM: >> >> >>>> I use FreeBSD and install SA via CPAN.... >>>> >>> >>> And im guessing, any other moduels are needed? Much difference between >>> cpan and the ports tree? Or purely preference? >>> >>> I just ran sa with the --lint test and came across an error, that im not >>> real pleased with and not sure how to correct it. Here it is: >>> >>> debug: plugin: registered >>> Mail::SpamAssassin::Plugin::SPF=HASH(0x8c8cd90) >>> debug: plugin: loading Mail::SpamAssassin::Plugin::DCC from @INC >>> failed to parse plugin (from @INC): Can't locate >>> Mail/SpamAssassin/Plugin/DCC.pm in @INC (@INC contains: lib >>> /usr/local/lib/perl5/site_perl/5.8.2 >>> /usr/local/lib/perl5/site_perl/5.8.2/mach /usr/local/lib/perl5/site_perl >>> /usr/local/lib/perl5/5.8.2/BSDPAN /usr/local/lib/perl5/5.8.2/mach >>> /usr/local/lib/perl5/5.8.2) at (eval 40) line 1. >>> >>> failed to create instance of plugin Mail::SpamAssassin::Plugin::DCC: >>> Can't locate object method "new" via package >>> "Mail::SpamAssassin::Plugin::DCC" at (eval 41) line 1. >>> >>> debug: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC >>> failed to parse plugin (from @INC): Can't locate >>> Mail/SpamAssassin/Plugin/Razor2.pm in @INC (@INC contains: lib >>> /usr/local/lib/perl5/site_perl/5.8.2 >>> /usr/local/lib/perl5/site_perl/5.8.2/mach /usr/local/lib/perl5/site_perl >>> /usr/local/lib/perl5/5.8.2/BSDPAN /usr/local/lib/perl5/5.8.2/mach >>> /usr/local/lib/perl5/5.8.2) at (eval 42) line 1. >>> >>> failed to create instance of plugin Mail::SpamAssassin::Plugin::Razor2: >>> Can't locate object method "new" via package >>> "Mail::SpamAssassin::Plugin::Razor2" at (eval 43) line 1. >>> >>> I'm pretty positive that my ports tree is all synced up. I'll double >>> check here and see if there is anything I missed in the UPDATING file. >>> >>> Anything ring a bell? Anything you recommend? >>> >>> I appreciate it. >>> >>> Jason >>> >>> >> >> This probably answers a question I posted earlier. >> Try and remove (or comment out) the DCC and Razor lines from init.pre >> you added and run the lint test again. These lines will be required for >> SpamAssassin 3.1, and maybe it is undefined in 3.0.4 and earlier, and >> gumming up the works. >> >> >> > Yep. Just tested it. commented out the two lines, ran it again and it > came back with no errors. > Just thought i'd test, confirm and post here. > > Jason > I just heard from Julian that the errors are only cosmetic, they don't keep things from working. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue Jun 28 19:02:56 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:09 2006 Subject: Upgrade SA Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Christian Campbell spake the following on 6/28/2005 10:37 AM: > I looked through the Wiki, MAQs and FAQs and didn't come up with much. > Looking for info on Upgrading SA from 2.63. It was built from source. > However, I seem to have a spamassassin-tools-2.55-rh8.1 installed also. > > 1st - Do I still need spamassassin-tools? Can I remove that package? > 2nd - Can I do: > > perl -MCPAN -eshell > install Mail::SpamAssassin > > to upgrade SA? > > Running on: > Linux atlas.brueggers.com 2.4.18-14 #1 Wed Sep 4 13:35:50 EDT 2002 i686 i686 > i386 GNU/Linux > This is Red Hat Linux release 8.0 (Psyche) > This is Perl version 5.008000 (5.8.0) > > This is MailScanner version 4.42.9 > Module versions are: > 1.14 Archive::Zip > 1.01 Carp > 1.119 Convert::BinHex > 1.00 DirHandle > 1.04 Fcntl > 2.71 File::Basename > 2.05 File::Copy > 2.01 FileHandle > 1.05 File::Path > 0.13 File::Temp > 1.29 HTML::Entities > 3.45 HTML::Parser > 2.30 HTML::TokeParser > 1.20 IO > 1.09 IO::File > 1.122 IO::Pipe > 1.50 Mail::Header > 3.05 MIME::Base64 > 5.417 MIME::Decoder > 5.417 MIME::Decoder::UU > 5.417 MIME::Head > 5.417 MIME::Parser > 3.03 MIME::QuotedPrint > 5.417 MIME::Tools > 0.10 Net::CIDR > 1.05 POSIX > 1.75 Socket > 0.03 Sys::Syslog > 1.02 Time::localtime > > Optional module versions are: > 1.806 DB_File > 1.00 Digest > 1.01 Digest::HMAC > 2.20 Digest::MD5 > 2.01 Digest::SHA1 > missing Inline > missing Mail::ClamAV > 2.63 Mail::SpamAssassin > missing Mail::SPF::Query > missing Net::CIDR::Lite > 0.23 Net::DNS > missing Net::LDAP > missing Parse::RecDescent > missing SAVI > missing Sys::Hostname::Long > 2.26 Test::Harness > 0.47 Test::Simple > 1.89 Text::Balanced > 1.30 URI > > Any help and/or walk-throughs appreciated! > > Thanks, > Christian > Kill all the old spamassassin rpms first. If you want an easy fix for spamassassin and want to add ClamAV, Julian has a package to add both, and their dependencies. http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Tue Jun 28 19:03:04 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:09 2006 Subject: Upgrade SA Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Christian Campbell wrote: > I looked through the Wiki, MAQs and FAQs and didn't come up with much. > Looking for info on Upgrading SA from 2.63. It was built from source. > However, I seem to have a spamassassin-tools-2.55-rh8.1 installed also. > > 1st - Do I still need spamassassin-tools? Can I remove that package? Yes, remove that. > 2nd - Can I do: > > perl -MCPAN -eshell > install Mail::SpamAssassin > > to upgrade SA? Not in this case since you're going from 2.x to 3.x http://www.samag.com/documents/s=9767/sam0513b/0513b.htm ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ccampbell at BRUEGGERS.COM Tue Jun 28 19:20:54 2005 From: ccampbell at BRUEGGERS.COM (Christian Campbell) Date: Thu Jan 12 21:30:09 2006 Subject: Upgrade SA Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > > 2nd - Can I do: > > > > perl -MCPAN -eshell > > install Mail::SpamAssassin > > > > to upgrade SA? > Kill all the old spamassassin rpms first. > If you want an easy fix for spamassassin and want to add > ClamAV, Julian > has a package to add both, and their dependencies. > http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Cla m-SA.tar.gz Do you need to uninstall the old SA or can I just run Julian's ./install.sh? Thanks, Christian Christian Campbell Systems Engineer, Sair LCP, A+, N+, i-Net+ Bruegger's Enterprises Desk: 802-652-9270 Cell: 802-734-5023 Fax: 802-660-4034 Email: ccampbell at brueggers dot com PGP Public Key available via PGP keyservers or http://www2.brueggers.com/pgp/ccampbell.html "We all know Linux is great... It does infinite loops in 5 seconds." -Linus Torvalds ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue Jun 28 21:05:39 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:09 2006 Subject: After a few hours of reading, i'm catching up...just few questions Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jason Williams spake the following on 6/28/2005 12:20 PM: > Michele Neylon:: Blacknight wrote: > >> Jason Williams wrote: >> >> >>> DCC. I went ahead and installed this. I plugged it into the init.pre >>> file. When I do a --lint test, it kicks some errors, but doesn't break >>> anything from what I found out (Thanks Julian). First question here is, >>> how can I tell if it is contributing to blocking spam? >>> >> >> >> Check your logs. If you are logging the spam scores to your mail log you >> should see references to DCC. >> You don't need to enable it in init.pre *yet*. It looks like it will be >> required in the next release of SA >> >> > Got it. Quick snip from my logs: > > Jun 28 12:13:13 mail MailScanner[912]: Message j5SJD7ZR001964 from > 66.135.33.173 (newsflash@newsdeliveryserver.com) to courtesymortgage.com > is spam, SpamAssassin (score=17.659, required 4, autolearn=spam, > BAYES_99 3.50, *DCC_CHECK 2.17*, DIGEST_MULTIPLE 0.10, HTML_80_90 0.15, > HTML_MESSAGE 0.00, MSGID_FROM_MTA_ID 1.72, RAZOR2_CF_RANGE_51_100 0.06, > RAZOR2_CHECK 1.51, RCVD_IN_BL_SPAMCOP_NET 1.22, TO_ADDRESS_EQ_REAL 0.03, > URIBL_JP_SURBL 4.00, URIBL_OB_SURBL 3.21) > > I see im getting URIBL_JP_SURBL as well as URIBL_OB_SURBL. Those both > came in with the builtin plugin for SA. > Looks like I have razor working (haven't started on pyzor yet.) > > Are there additional _SURBL_ items I can add? Or is that it for now? > I think the black and grey lists are the only new items I have seen lately. All the other SURBL lists are included as of SpamAssassin 3.0.4. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue Jun 28 21:05:39 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:09 2006 Subject: After a few hours of reading, i'm catching up...just few questions Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jason Williams spake the following on 6/28/2005 12:20 PM: > Michele Neylon:: Blacknight wrote: > >> Jason Williams wrote: >> >> >>> DCC. I went ahead and installed this. I plugged it into the init.pre >>> file. When I do a --lint test, it kicks some errors, but doesn't break >>> anything from what I found out (Thanks Julian). First question here is, >>> how can I tell if it is contributing to blocking spam? >>> >> >> >> Check your logs. If you are logging the spam scores to your mail log you >> should see references to DCC. >> You don't need to enable it in init.pre *yet*. It looks like it will be >> required in the next release of SA >> >> > Got it. Quick snip from my logs: > > Jun 28 12:13:13 mail MailScanner[912]: Message j5SJD7ZR001964 from > 66.135.33.173 (newsflash@newsdeliveryserver.com) to courtesymortgage.com > is spam, SpamAssassin (score=17.659, required 4, autolearn=spam, > BAYES_99 3.50, *DCC_CHECK 2.17*, DIGEST_MULTIPLE 0.10, HTML_80_90 0.15, > HTML_MESSAGE 0.00, MSGID_FROM_MTA_ID 1.72, RAZOR2_CF_RANGE_51_100 0.06, > RAZOR2_CHECK 1.51, RCVD_IN_BL_SPAMCOP_NET 1.22, TO_ADDRESS_EQ_REAL 0.03, > URIBL_JP_SURBL 4.00, URIBL_OB_SURBL 3.21) > > I see im getting URIBL_JP_SURBL as well as URIBL_OB_SURBL. Those both > came in with the builtin plugin for SA. > Looks like I have razor working (haven't started on pyzor yet.) > > Are there additional _SURBL_ items I can add? Or is that it for now? > I think the black and grey lists are the only new items I have seen lately. All the other SURBL lists are included as of SpamAssassin 3.0.4. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Tue Jun 28 16:59:29 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:30:09 2006 Subject: Stupid me? Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rob wrote: > I just installed Mailscanner on Debian Sarge like I have done 5 times > before.... However in the logs it does nor show mailscanner being used > and nothing in the headers either..... > > What did I miss?? > > Here is configs.... > > used apt-get install clamav > used apt-get install mailscanner > > using postfix as MTA > > this is just a relay no local mail delivery > > /etc/Mailscanner/Mailscanner.conf > MTA=postfix > Run As User = postfix > Run As Group = postfix > Incoming Queue Dir = /var/spool/postfix/hold > Outgoing Queue Dir = /var/spool/postfix/incoming > Use SpamAssassin = yes > Virus Scanners = clamav > Virus Scanning = yes > > /etc/postfix/main.cf > relay_domains = hash:/etc/postfix/relay_domains > relayhost = [xxx.xxx.xxx.xxx] > mydestination = (so it does not deliver locally > local_recipient_maps = > > /etc/postfix/relay_domains > domain.com OK > > /etc/postfix/transport > domain.com smtp:[realsmtp.server.com] > > it relays email just fine for the domain(s) but does not go through > mailscanner... > > I must be forgetting something?? > > :) > > Rob... Yup, the header_checks where you dump incoming mail into the hold directory and ask mailscanner to pick up mail to be processed from there.. - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue Jun 28 19:28:29 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:09 2006 Subject: Upgrade SA Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Scott Silva spake the following on 6/28/2005 11:02 AM: > Christian Campbell spake the following on 6/28/2005 10:37 AM: > >>I looked through the Wiki, MAQs and FAQs and didn't come up with much. >>Looking for info on Upgrading SA from 2.63. It was built from source. >>However, I seem to have a spamassassin-tools-2.55-rh8.1 installed also. >> >>1st - Do I still need spamassassin-tools? Can I remove that package? >>2nd - Can I do: >> >>perl -MCPAN -eshell >>install Mail::SpamAssassin >> >>to upgrade SA? >> >>Running on: >>Linux atlas.brueggers.com 2.4.18-14 #1 Wed Sep 4 13:35:50 EDT 2002 i686 i686 >>i386 GNU/Linux >>This is Red Hat Linux release 8.0 (Psyche) >>This is Perl version 5.008000 (5.8.0) >> >>This is MailScanner version 4.42.9 >>Module versions are: >>1.14 Archive::Zip >>1.01 Carp >>1.119 Convert::BinHex >>1.00 DirHandle >>1.04 Fcntl >>2.71 File::Basename >>2.05 File::Copy >>2.01 FileHandle >>1.05 File::Path >>0.13 File::Temp >>1.29 HTML::Entities >>3.45 HTML::Parser >>2.30 HTML::TokeParser >>1.20 IO >>1.09 IO::File >>1.122 IO::Pipe >>1.50 Mail::Header >>3.05 MIME::Base64 >>5.417 MIME::Decoder >>5.417 MIME::Decoder::UU >>5.417 MIME::Head >>5.417 MIME::Parser >>3.03 MIME::QuotedPrint >>5.417 MIME::Tools >>0.10 Net::CIDR >>1.05 POSIX >>1.75 Socket >>0.03 Sys::Syslog >>1.02 Time::localtime >> >>Optional module versions are: >>1.806 DB_File >>1.00 Digest >>1.01 Digest::HMAC >>2.20 Digest::MD5 >>2.01 Digest::SHA1 >>missing Inline >>missing Mail::ClamAV >>2.63 Mail::SpamAssassin >>missing Mail::SPF::Query >>missing Net::CIDR::Lite >>0.23 Net::DNS >>missing Net::LDAP >>missing Parse::RecDescent >>missing SAVI >>missing Sys::Hostname::Long >>2.26 Test::Harness >>0.47 Test::Simple >>1.89 Text::Balanced >>1.30 URI >> >> Any help and/or walk-throughs appreciated! >> >>Thanks, >>Christian >> > > Kill all the old spamassassin rpms first. > If you want an easy fix for spamassassin and want to add ClamAV, Julian > has a package to add both, and their dependencies. > http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz > > You also need to do some upgrade work to your bayes database. http://spamassassin.apache.org/full/3.0.x/dist/UPGRADE And if you are using any custom rules, you will need to check for 3.0 versions of them. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jwilliams at COURTESYMORTGAGE.COM Tue Jun 28 19:36:50 2005 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:30:09 2006 Subject: After a few hours of reading, i'm catching up...just few questions Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I've spent the better part of my morning (since 0730 Pacific time) reading over all sorts of documentation about MailScanner and spamassassin. My lapse in keeping up to date with configuring MS and SA correctly has allowed quite a bit of spam to get through my network. Because of that, i went on a crash course this morning.(a lot to soak up) I read quite a bit here and have a further, better understanding of everything. But I wanted to just ask a few quick questions to make sure I am correct in a few things I want to implement. The biggest part that im working on is the spam.assassin.prefs.conf file. DCC. I went ahead and installed this. I plugged it into the init.pre file. When I do a --lint test, it kicks some errors, but doesn't break anything from what I found out (Thanks Julian). First question here is, how can I tell if it is contributing to blocking spam? My main question is in regards to the spam.assassin.prefs.conf file as well as "ALL TRUSTED" portion. I haven't been able to really 'lockdown' what exactly the "ALL TRUSTED" should include for my network. I'm sketchy on that part. This was recommended to me and I think it would be great for mysetup. http://www.uribl.com/ To implement this into my setup, just so im clear, these go into my spam.assassin.prefs.conf file at the very en? In the current file, I have this at the very end: urirhssub URIBL_JP_SURBL multi.surbl.org. A 64 body URIBL_JP_SURBL eval:check_uridnsbl('URIBL_JP_SURBL') describe URIBL_JP_SURBL Has URI in JP at http://www.surbl.org/lists.html tflags URIBL_JP_SURBL net score URIBL_JP_SURBL 4.0 I would like to add the following, from www.uribl.com as well as additional surbl.org, if there are additional ones. urirhssub URIBL_BLACK multi.uribl.com. A 2 body URIBL_BLACK eval:check_uridnsbl('URIBL_BLACK') describe URIBL_BLACK Contains an URL listed in the URIBL blacklist tflags URIBL_BLACK net score URIBL_BLACK 3.0 urirhssub URIBL_GREY multi.uribl.com. A 4 body URIBL_GREY eval:check_uridnsbl('URIBL_GREY') describe URIBL_GREY Contains an URL listed in the URIBL greylist tflags URIBL_GREY net score URIBL_GREY 1.0 My question is that I should just add those to the bottom/end of my file, beneath the URIBL_JP section? I should adjust the scores as needed. I figure that should get me started and headed in the right direction. I will continue to work on this today as well as the rest of the week. I am planning on using bayes, pyzor and razor as well. Just trying to make sure I fully understand these things and make sure I do it correctly. Much appreciated to this list here. Everyone has always been extremely helpful. Cheers, Jason ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue Jun 28 21:05:39 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:09 2006 Subject: After a few hours of reading, i'm catching up...just few questions Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jason Williams spake the following on 6/28/2005 12:20 PM: > Michele Neylon:: Blacknight wrote: > >> Jason Williams wrote: >> >> >>> DCC. I went ahead and installed this. I plugged it into the init.pre >>> file. When I do a --lint test, it kicks some errors, but doesn't break >>> anything from what I found out (Thanks Julian). First question here is, >>> how can I tell if it is contributing to blocking spam? >>> >> >> >> Check your logs. If you are logging the spam scores to your mail log you >> should see references to DCC. >> You don't need to enable it in init.pre *yet*. It looks like it will be >> required in the next release of SA >> >> > Got it. Quick snip from my logs: > > Jun 28 12:13:13 mail MailScanner[912]: Message j5SJD7ZR001964 from > 66.135.33.173 (newsflash@newsdeliveryserver.com) to courtesymortgage.com > is spam, SpamAssassin (score=17.659, required 4, autolearn=spam, > BAYES_99 3.50, *DCC_CHECK 2.17*, DIGEST_MULTIPLE 0.10, HTML_80_90 0.15, > HTML_MESSAGE 0.00, MSGID_FROM_MTA_ID 1.72, RAZOR2_CF_RANGE_51_100 0.06, > RAZOR2_CHECK 1.51, RCVD_IN_BL_SPAMCOP_NET 1.22, TO_ADDRESS_EQ_REAL 0.03, > URIBL_JP_SURBL 4.00, URIBL_OB_SURBL 3.21) > > I see im getting URIBL_JP_SURBL as well as URIBL_OB_SURBL. Those both > came in with the builtin plugin for SA. > Looks like I have razor working (haven't started on pyzor yet.) > > Are there additional _SURBL_ items I can add? Or is that it for now? > I think the black and grey lists are the only new items I have seen lately. All the other SURBL lists are included as of SpamAssassin 3.0.4. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bpumphrey at WOODMACLAW.COM Tue Jun 28 20:30:51 2005 From: bpumphrey at WOODMACLAW.COM (Billy A. Pumphrey) Date: Thu Jan 12 21:30:09 2006 Subject: The Book -- new edition Message-ID: Good job! I am a novice, however I will add something if I think that it is worthy. Thank you Billy Pumphrey IT Manager Wooden & McLaughlin > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Scott Silva > Sent: Tuesday, June 28, 2005 12:41 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: The Book -- new edition > > Jason Balicki spake the following on 6/28/2005 9:54 AM: > > Scott Silva <> wrote: > > > >>Very good! A little humor to make it lighter, but very good reading. > > > > > > If there's one thing I'm good at it's dumb jokes and puns. > > > > Thanks for the encouragement, and the edits. > > > > --J(K) > > > I thought BitDefender, although not perfect, saved my butt a couple of > times when Clam updates were munged, and McAfee hadn't caught up with > their own backside yet! > > > -- > > /-----------------------\ |~~\_____/~~\__ | > | MailScanner; The best |___________ \N1____====== )-+ > | protection on the net!| ~~~|/~~ | > \-----------------------/ () > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bpumphrey at WOODMACLAW.COM Tue Jun 28 20:32:17 2005 From: bpumphrey at WOODMACLAW.COM (Billy A. Pumphrey) Date: Thu Jan 12 21:30:09 2006 Subject: The Book -- new edition Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Ugo Bellavance > Sent: Tuesday, June 28, 2005 12:14 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: The Book -- new edition > > Billy A. Pumphrey wrote: > > Have your linux server do regular system updates with recommendations to > > yum or up2date or something. Also with links to the technologies. > > > > It would be beneficial to newbies to include basic definitions of the > > best practices terms and/or links to different FAQ's or something. > > > > Example: > > You should keep your OS updated using technologies such as up2date or > > yum. Here is the basic config files for these and briefly how they work. > > For in-depth info click here. I prefer this one over the other but it > > is your choice. > > > > I know that Ugo put some examples and are far from completion: > > - Have a reverse lookup > > - If MaiScanner a gateway, make sure you use firewall rules on the > > destination server to make sure only MailScanner can access it. > > - Have SPF records > > - Use SMTP-AUTH for roaming clients > > - Don't bounce > > - Make sure you're not an open relay > > > > I now know what most of these are, but before I would have been like > > W@$#%$^%$%@#$@#$^%#$%#$@!@#%$^% What is this stuff???????? > > > > To me even the simplest thing could use a sentence or two then a link > > for more info about it. > > > > Another example: > > Make sure you're not an open relay. > > An open relay means that.............. and ........... This is what can > > happen is you are a open relay.......... For more info click here. > > > > > > I understand what you mean Bill, but I don't want to save the world > either. People must be able to do some research by themselves. We > can't really have a repository of docs for all the documentation related > to mail server administration. Also, these topics are often changing a > lot and since we're all volunteers, it is hard to maintain changing > docs. We must find a balance between the amount of work and the benefits. > > The ideas I posted are, of course, raw. I expected Jason to work them > out a little bit. I agree. It would also make for a large document. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ccampbell at BRUEGGERS.COM Tue Jun 28 19:20:54 2005 From: ccampbell at BRUEGGERS.COM (Christian Campbell) Date: Thu Jan 12 21:30:09 2006 Subject: Upgrade SA Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > > 2nd - Can I do: > > > > perl -MCPAN -eshell > > install Mail::SpamAssassin > > > > to upgrade SA? > Kill all the old spamassassin rpms first. > If you want an easy fix for spamassassin and want to add > ClamAV, Julian > has a package to add both, and their dependencies. > http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Cla m-SA.tar.gz Do you need to uninstall the old SA or can I just run Julian's ./install.sh? Thanks, Christian Christian Campbell Systems Engineer, Sair LCP, A+, N+, i-Net+ Bruegger's Enterprises Desk: 802-652-9270 Cell: 802-734-5023 Fax: 802-660-4034 Email: ccampbell at brueggers dot com PGP Public Key available via PGP keyservers or http://www2.brueggers.com/pgp/ccampbell.html "We all know Linux is great... It does infinite loops in 5 seconds." -Linus Torvalds ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From sdouglas at netnettech.com Tue Jun 28 20:11:31 2005 From: sdouglas at netnettech.com (Steve Douglas) Date: Thu Jan 12 21:30:09 2006 Subject: Convert::BinHex Message-ID: I just can^Òt seem to win. Now when I attempt to install the above it tells me line 75 can^Òt install. I went to the FAQ and there is a nice thread fixing it. However, I cannot perform the solution as the file that is supposed to be edited is not in the (~/.cpan/build/Convert-BinHex-1.119/t directory and edited the Checker.pm file) isn't present as exactly prescribe in the FAQ. http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/307.html Any suggestion is appreciated. In addition, after running the ./install.sh again, there is no MailScanner.conf.new in the /etc/MailScanner path. Thank you. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jwilliams at COURTESYMORTGAGE.COM Tue Jun 28 20:20:52 2005 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:30:09 2006 Subject: After a few hours of reading, i'm catching up...just few questions Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Michele Neylon:: Blacknight wrote: >Jason Williams wrote: > > >>DCC. I went ahead and installed this. I plugged it into the init.pre >>file. When I do a --lint test, it kicks some errors, but doesn't break >>anything from what I found out (Thanks Julian). First question here is, >>how can I tell if it is contributing to blocking spam? >> >> > >Check your logs. If you are logging the spam scores to your mail log you >should see references to DCC. >You don't need to enable it in init.pre *yet*. It looks like it will be >required in the next release of SA > > Got it. Quick snip from my logs: Jun 28 12:13:13 mail MailScanner[912]: Message j5SJD7ZR001964 from 66.135.33.173 (newsflash@newsdeliveryserver.com) to courtesymortgage.com is spam, SpamAssassin (score=17.659, required 4, autolearn=spam, BAYES_99 3.50, *DCC_CHECK 2.17*, DIGEST_MULTIPLE 0.10, HTML_80_90 0.15, HTML_MESSAGE 0.00, MSGID_FROM_MTA_ID 1.72, RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK 1.51, RCVD_IN_BL_SPAMCOP_NET 1.22, TO_ADDRESS_EQ_REAL 0.03, URIBL_JP_SURBL 4.00, URIBL_OB_SURBL 3.21) I see im getting URIBL_JP_SURBL as well as URIBL_OB_SURBL. Those both came in with the builtin plugin for SA. Looks like I have razor working (haven't started on pyzor yet.) Are there additional _SURBL_ items I can add? Or is that it for now? > > > >>To implement this into my setup, just so im clear, these go into my >>spam.assassin.prefs.conf file at the very en? >>In the current file, I have this at the very end: >> >>urirhssub URIBL_JP_SURBL multi.surbl.org. A 64 >>body URIBL_JP_SURBL eval:check_uridnsbl('URIBL_JP_SURBL') >>describe URIBL_JP_SURBL Has URI in JP at http://www.surbl.org/lists.html >>tflags URIBL_JP_SURBL net >> >>score URIBL_JP_SURBL 4.0 >> >> >>I would like to add the following, from www.uribl.com as well as >>additional surbl.org, if there are additional ones. >> >>urirhssub URIBL_BLACK multi.uribl.com. A 2 >>body URIBL_BLACK eval:check_uridnsbl('URIBL_BLACK') >>describe URIBL_BLACK Contains an URL listed in the URIBL blacklist >>tflags URIBL_BLACK net >>score URIBL_BLACK 3.0 >> >>urirhssub URIBL_GREY multi.uribl.com. A 4 >>body URIBL_GREY eval:check_uridnsbl('URIBL_GREY') >>describe URIBL_GREY Contains an URL listed in the URIBL greylist >>tflags URIBL_GREY net >>score URIBL_GREY 1.0 >> >> >> >> >You could put them in a separate .cf file in your /etc/mail/spamassassin >directory > > > Seperate for each? All in one? Make a difference? Or just put them at the bottom of the spam.assassin.prefs.conf. After I get these implemented, I'm going to continue to look at SA, razor, pyzor and bayes (which has always seemed to *elude* me for whatever reasons.) I appreciate it. Jason ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kodak at FRONTIERHOMEMORTGAGE.COM Tue Jun 28 21:59:53 2005 From: kodak at FRONTIERHOMEMORTGAGE.COM (Jason Balicki) Date: Thu Jan 12 21:30:09 2006 Subject: Calling all newbies Message-ID: Hey all you lurking newbies, I've got some work for you! Please read the following document: http://wiki.mailscanner.info/doku.php?id=best_practices and tell me if there are terms or concepts that you don't understand. I'd like to make it as easy to understand as possible, but I don't want to overload it with explainatory text. I'm thinking the next best thing would be to put links to concepts that are outside the scope of this document, but must be understood to make sense of this document. If anyone wants to lend a hand, just start putting in links to explanations, or tell me what concept you don't understand or think needs more explanation and I'll put in the link. You can email me directly if you don't want to post to the list. Thanks, --J(K) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jwilliams at COURTESYMORTGAGE.COM Tue Jun 28 23:57:02 2005 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:30:09 2006 Subject: Quick 'bayes' question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Well im back. This time, a question on bayes. I've been working to get bayes setup and running properly (and I don't think bayes has evern been setup to work properly to be honest). First, in my spam.assassin.prefs.conf file, I have use_bayes 1 bayes_patch /usr/local/etc/MailScanner/bayes/ bayes_file_mode 0660 # Bump up SpamAssassin scores on the high and low end # score BAYES_00 -15.0 # score BAYES_05 -5.0 # score BAYES_95 5.0 # score BAYES_99 15.0 # To disable bayes autolearn # bayes_auto_learn 0 Just trying to make sure I have the basics setup. I ran --lint, it found the bayes DB no problem. However, when I look in the bayes directory, I see a bunch of files that look like this: _toks.expire98xxx different numbers at the end. As I was reading over the site, it recommened to do a dump and look at the magic. Well here it is: 0.000 0 3 0 non-token data: bayes db version 0.000 0 0 0 non-token data: nspam 0.000 0 2 0 non-token data: nham 0.000 0 43 0 non-token data: ntokens 0.000 0 1083442244 0 non-token data: oldest atime 0.000 0 1083446498 0 non-token data: newest atime 0.000 0 0 0 non-token data: last journal sync atime 0.000 0 0 0 non-token data: last expiry atime 0.000 0 0 0 non-token data: last expire atime delta 0.000 0 0 0 non-token data: last expire reduction count Reading over the wiki site, there are a lot of things going on with the bayes system. First question I have is that if I want to train the bayesian learning system (or even to rebuild it) would I just point it to the quarantine directory? Seems logical. I'm sure im missing something. Been rather long, mind numbing day. I appreciate any feedback. Jason ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Wed Jun 29 00:09:12 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:30:10 2006 Subject: Quick 'bayes' question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jason Williams wrote: > Well im back. This time, a question on bayes. > > I've been working to get bayes setup and running properly (and I don't > think bayes has evern been setup to work properly to be honest). > > First, in my spam.assassin.prefs.conf file, I have > > use_bayes 1 > bayes_patch /usr/local/etc/MailScanner/bayes/ > bayes_file_mode 0660 > > # Bump up SpamAssassin scores on the high and low end > # score BAYES_00 -15.0 > # score BAYES_05 -5.0 > # score BAYES_95 5.0 > # score BAYES_99 15.0 > > # To disable bayes autolearn > # bayes_auto_learn 0 > > Just trying to make sure I have the basics setup. > > I ran --lint, it found the bayes DB no problem. However, when I look in > the bayes directory, I see a bunch of files that look like this: > > _toks.expire98xxx different numbers at the end. That's mailscanner killing SA. MailScanner has a bit of pre-bayes assumptions about SA. One of which is any long run of SA must be due to a hangup in the SA code. So it kills it. Unfortunately, modern SA does it's bayes database management while scanning messages. disable bayes_auto_expire in your /etc/mail/spamassassin/local.cf. DO NOT try to use spam.assassin.prefs.conf for this setting. It's technically invalid because it's a privileged setting, and doesn't seem to work reliably as a result. Once you disable bayes_auto_expire do one or more of the following (or your bayes DB will grow endlessly) 1) tell MailScanner to give SA a chance to rebuild the bayes DB: In MailScanner.conf: Rebuild Bayes Every = 43200 2) have a cronjob run sa-learn --force-expire (and use command line options to set the right bayes path, since it won't point to the right place) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From brian at UNIVEXSYSTEMS.COM Wed Jun 29 00:13:48 2005 From: brian at UNIVEXSYSTEMS.COM (Brian Parish) Date: Thu Jan 12 21:30:10 2006 Subject: MS fails after yum update Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Wednesday 29 June 2005 01:00, Ryan Weaver wrote: > Try yum install perl-Net-CIDR > > > -----Original Message----- > > From: MailScanner mailing list > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Brian Parish > > Sent: Tuesday, June 28, 2005 9:41 AM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: MS fails after yum update > > > > I did a yum update and it updated some perl stuff. Now I get: > > > > Starting MailScanner daemons: > > incoming postfix: [ OK ] > > outgoing postfix: [ OK ] > > MailScanner: Can't locate Net/CIDR.pm in @INC (@INC > > contains: /usr/lib/MailScanner > > /usr/lib/perl5/5.8.6/i686-linux /usr/lib/perl5/5.8.6 > > /usr/lib/perl5/site_perl/5.8.6/i686-linux > > /usr/lib/perl5/site_perl/5.8.6 /usr/lib/perl5/site_perl/5.8.0 > > /usr/lib/perl5/site_perl. /usr/lib/MailScanner) > > at /usr/lib/MailScanner/MailScanner/Config.pm line 34. > > BEGIN failed--compilation aborted > > at /usr/lib/MailScanner/MailScanner/Config.pm line 34. > > Compilation failed in require at /usr/sbin/MailScanner line 64. > > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 64. > > > > Tried installing the latest version of MailScanner with the > > same result. > > > > Help! ;-) > > > > TIA > > Brian > > No, it's already there - just can't be found: yum install perl-Net-CIDR Gathering header information file(s) from server(s) Server: Dag RPM Repository for Red Hat Enterprise Linux Finding updated packages Downloading needed headers perl-Net-CIDR is installed and is the latest version. No actions to take ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jwilliams at COURTESYMORTGAGE.COM Wed Jun 29 00:20:56 2005 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:30:10 2006 Subject: Quick 'bayes' question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Matt Kettler wrote: >Jason Williams wrote: > > >>Well im back. This time, a question on bayes. >> >>I've been working to get bayes setup and running properly (and I don't >>think bayes has evern been setup to work properly to be honest). >> >>First, in my spam.assassin.prefs.conf file, I have >> >>use_bayes 1 >>bayes_patch /usr/local/etc/MailScanner/bayes/ >>bayes_file_mode 0660 >> >># Bump up SpamAssassin scores on the high and low end >># score BAYES_00 -15.0 >># score BAYES_05 -5.0 >># score BAYES_95 5.0 >># score BAYES_99 15.0 >> >># To disable bayes autolearn >># bayes_auto_learn 0 >> >>Just trying to make sure I have the basics setup. >> >>I ran --lint, it found the bayes DB no problem. However, when I look in >>the bayes directory, I see a bunch of files that look like this: >> >>_toks.expire98xxx different numbers at the end. >> >> > >That's mailscanner killing SA. > >MailScanner has a bit of pre-bayes assumptions about SA. One of which is any >long run of SA must be due to a hangup in the SA code. So it kills it. > >Unfortunately, modern SA does it's bayes database management while scanning >messages. > >disable bayes_auto_expire in your /etc/mail/spamassassin/local.cf. > >DO NOT try to use spam.assassin.prefs.conf for this setting. It's technically >invalid because it's a privileged setting, and doesn't seem to work reliably as >a result. > > >Once you disable bayes_auto_expire do one or more of the following (or your >bayes DB will grow endlessly) > >1) tell MailScanner to give SA a chance to rebuild the bayes DB: >In MailScanner.conf: > Rebuild Bayes Every = 43200 > >2) have a cronjob run sa-learn --force-expire (and use command line options to >set the right bayes path, since it won't point to the right place) > > > Got it. Before I follow up with a few questions, I was reading MS wiki and specifically in regards to using the bayes filter with SQL. Has anyone tried that? Pretty good? It looks fairly simple to setup. If its worth it, I may look at that and implement it. Alright. Disabled 'bayes_auto_expire' in local.cf. Setup Mailscanner.conf as suggested. Rebuild Bayes Every = 43200 On the second part, just so im clear, something like this would suffice? sa-larn --force expire /path/to/bayes or sa-learn --force expire /path/to/spam.assassin.prefs.conf Could I run the force expire right now? Network traffic is fairly light right now. I'd like to give it a go. Thanks, Jason ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Wed Jun 29 00:42:12 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:30:10 2006 Subject: Quick 'bayes' question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jason Williams wrote: > On the second part, just so im clear, something like this would suffice? > > sa-larn --force expire /path/to/bayes > or > sa-learn --force expire /path/to/spam.assassin.prefs.conf > Actually, this should work best: sa-learn --force-expire -p /path/to/spam.assassin.prefs.conf I was thinking of having you use --dbpath /path/to/bayes, but that apparently only works for dump/import, not for expire. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jwilliams at COURTESYMORTGAGE.COM Wed Jun 29 00:48:38 2005 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:30:10 2006 Subject: Quick 'bayes' question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Matt Kettler wrote: >Jason Williams wrote: > > >>On the second part, just so im clear, something like this would suffice? >> >>sa-larn --force expire /path/to/bayes >>or >>sa-learn --force expire /path/to/spam.assassin.prefs.conf >> >> >> > >Actually, this should work best: > >sa-learn --force-expire -p /path/to/spam.assassin.prefs.conf > > > Got it. Got the results. Went rather quickly. synced Bayes databases from journal in 0 seconds: 1423 unique entries (2521 total entries) expired old Bayes database entries in 66 seconds 152165 entries kept, 30945 deleted token frequency: 1-occurence tokens: 59.17% token frequency: less than 8 occurrences: 27.47% After that, is it safe to remove all those _toks files in the bayes directory? Or not yet? Thanks for everyones help. Jason ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Wed Jun 29 00:40:18 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:10 2006 Subject: Quick 'bayes' question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jason Williams spake the following on 6/28/2005 3:57 PM: > Well im back. This time, a question on bayes. > > I've been working to get bayes setup and running properly (and I don't > think bayes has evern been setup to work properly to be honest). > > First, in my spam.assassin.prefs.conf file, I have > > use_bayes 1 > bayes_patch /usr/local/etc/MailScanner/bayes/ > bayes_file_mode 0660 > > # Bump up SpamAssassin scores on the high and low end > # score BAYES_00 -15.0 > # score BAYES_05 -5.0 > # score BAYES_95 5.0 > # score BAYES_99 15.0 > > # To disable bayes autolearn > # bayes_auto_learn 0 > > Just trying to make sure I have the basics setup. > > I ran --lint, it found the bayes DB no problem. However, when I look in > the bayes directory, I see a bunch of files that look like this: > > _toks.expire98xxx different numbers at the end. > > As I was reading over the site, it recommened to do a dump and look at > the magic. Well here it is: > > 0.000 0 3 0 non-token data: bayes db version > 0.000 0 0 0 non-token data: nspam > 0.000 0 2 0 non-token data: nham > 0.000 0 43 0 non-token data: ntokens > 0.000 0 1083442244 0 non-token data: oldest atime > 0.000 0 1083446498 0 non-token data: newest atime > 0.000 0 0 0 non-token data: last journal > sync atime > 0.000 0 0 0 non-token data: last expiry atime > 0.000 0 0 0 non-token data: last expire > atime delta > 0.000 0 0 0 non-token data: last expire > reduction count > > Reading over the wiki site, there are a lot of things going on with the > bayes system. > First question I have is that if I want to train the bayesian learning > system (or even to rebuild it) would I just point it to the quarantine > directory? Seems logical. > > I'm sure im missing something. Been rather long, mind numbing day. > > I appreciate any feedback. > > Jason > Either you dumped the wrong database, or this one has very little in it. Try sa-learn --dump magic --dbpath /path/to/bayes/bayes Should be the bayes db path in spamassassin.prefs.conf. Mine has much more data; 0.000 0 3 0 non-token data: bayes db version 0.000 0 29146 0 non-token data: nspam 0.000 0 81693 0 non-token data: nham 0.000 0 124702 0 non-token data: ntokens 0.000 0 1119230907 0 non-token data: oldest atime 0.000 0 1120001312 0 non-token data: newest atime 0.000 0 1119999608 0 non-token data: last journal sync atime 0.000 0 1119929516 0 non-token data: last expiry atime 0.000 0 691200 0 non-token data: last expire atime delta 0.000 0 28272 0 non-token data: last expire reduction count -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From brian at UNIVEXSYSTEMS.COM Wed Jun 29 01:01:32 2005 From: brian at UNIVEXSYSTEMS.COM (Brian Parish) Date: Thu Jan 12 21:30:10 2006 Subject: MS fails after yum update Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Wednesday 29 June 2005 01:00, Denis Beauchemin wrote: > Brian Parish wrote: > >I did a yum update and it updated some perl stuff. Now I get: > > > >Starting MailScanner daemons: > > incoming postfix: [ OK ] > > outgoing postfix: [ OK ] > > MailScanner: Can't locate Net/CIDR.pm in @INC (@INC > >contains: /usr/lib/MailScanner /usr/lib/perl5/5.8.6/i686-linux > > /usr/lib/perl5/5.8.6 /usr/lib/perl5/site_perl/5.8.6/i686-linux > > /usr/lib/perl5/site_perl/5.8.6 /usr/lib/perl5/site_perl/5.8.0 > > /usr/lib/perl5/site_perl. /usr/lib/MailScanner) at > > /usr/lib/MailScanner/MailScanner/Config.pm line 34. > >BEGIN failed--compilation aborted > >at /usr/lib/MailScanner/MailScanner/Config.pm line 34. > >Compilation failed in require at /usr/sbin/MailScanner line 64. > >BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 64. > > > >Tried installing the latest version of MailScanner with the same result. > > Brian, > > Try to reinstall from CPAN: > LANG=C perl -MCPAN -e 'install Net::CIDR' > > Denis > PS: you should omit LANG=C if your server is already configured not to > use UTF-8 or if your shell is not sh/bash/ksh. Thanks Denis, I ended up having to install about 6 modules in this way. Obviously yum must have used different folders. This is a real trap! thanks again Brian -- Brian Parish Managing Director Univex Systems Pty Ltd Phone: 1300 73 64 54 Mobile: 0414 325 521 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From brian at UNIVEXSYSTEMS.COM Wed Jun 29 01:04:56 2005 From: brian at UNIVEXSYSTEMS.COM (Brian Parish) Date: Thu Jan 12 21:30:10 2006 Subject: Warning yum update breaks MailScanner Message-ID: See thread: MS fails after yum update This is now resolved, but only after re-installing about 6 perl modules from CPAN. Haven't had time to trace further, but is seems that yum installed updated versions somewhere that MailScanner couldn't find them. Be afraid! ;-) cheers Brian ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at blacknight.ie Wed Jun 29 01:23:22 2005 From: michele at blacknight.ie (Michele Neylon:: Blacknight.ie) Date: Thu Jan 12 21:30:10 2006 Subject: File type rulesets Message-ID: Following on my own issues with rulesets I posted the following: http://www.mneylon.com/blog/archives/2005/06/29/content-filtering-with-mails canner-part-1-file-types/ Any input, corrections etc., are welcome Michele Mr Michele Neylon Blacknight Internet Solutions Ltd Quality Hosting, co-location & domains http://www.blacknight.ie/ Tel. +353 59 9183072 Tired of your current host? Save 15% when you move to us! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ryanw at FALSEHOPE.COM Wed Jun 29 01:34:37 2005 From: ryanw at FALSEHOPE.COM (Ryan Weaver) Date: Thu Jan 12 21:30:10 2006 Subject: Warning yum update breaks MailScanner Message-ID: I've never had Yum break MailScanner... Maybe you had a repository listed that had issues... I use redhat/fedora/centos and dag only... -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Brian Parish Sent: Tuesday, June 28, 2005 7:05 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Warning yum update breaks MailScanner See thread: MS fails after yum update This is now resolved, but only after re-installing about 6 perl modules from CPAN. Haven't had time to trace further, but is seems that yum installed updated versions somewhere that MailScanner couldn't find them. Be afraid! ;-) cheers Brian ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From brian at UNIVEXSYSTEMS.COM Wed Jun 29 08:19:58 2005 From: brian at UNIVEXSYSTEMS.COM (Brian Parish) Date: Thu Jan 12 21:30:10 2006 Subject: Warning yum update breaks MailScanner Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Wednesday 29 June 2005 10:34, Ryan Weaver wrote: > I've never had Yum break MailScanner... > > Maybe you had a repository listed that had issues... I use > redhat/fedora/centos and dag only... Well I only have dag defined for this one - surprised me too! I'm updating another server as I write this. Let's see what happens! cheers Brian ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at nkpanama.com Wed Jun 29 00:28:18 2005 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Jan 12 21:30:10 2006 Subject: MS fails after yum update Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Brian Parish wrote: >On Wednesday 29 June 2005 01:00, Ryan Weaver wrote: > > >>Try yum install perl-Net-CIDR >> >> >> >>>-----Original Message----- >>>From: MailScanner mailing list >>>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Brian Parish >>>Sent: Tuesday, June 28, 2005 9:41 AM >>>To: MAILSCANNER@JISCMAIL.AC.UK >>>Subject: MS fails after yum update >>> >>>I did a yum update and it updated some perl stuff. Now I get: >>> >>>Starting MailScanner daemons: >>> incoming postfix: [ OK ] >>> outgoing postfix: [ OK ] >>> MailScanner: Can't locate Net/CIDR.pm in @INC (@INC >>>contains: /usr/lib/MailScanner >>>/usr/lib/perl5/5.8.6/i686-linux /usr/lib/perl5/5.8.6 >>>/usr/lib/perl5/site_perl/5.8.6/i686-linux >>>/usr/lib/perl5/site_perl/5.8.6 /usr/lib/perl5/site_perl/5.8.0 >>>/usr/lib/perl5/site_perl. /usr/lib/MailScanner) >>>at /usr/lib/MailScanner/MailScanner/Config.pm line 34. >>>BEGIN failed--compilation aborted >>>at /usr/lib/MailScanner/MailScanner/Config.pm line 34. >>>Compilation failed in require at /usr/sbin/MailScanner line 64. >>>BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 64. >>> >>>Tried installing the latest version of MailScanner with the >>>same result. >>> >>>Help! ;-) >>> >>>TIA >>>Brian >>> >>> >>> > >No, it's already there - just can't be found: > >yum install perl-Net-CIDR >Gathering header information file(s) from server(s) >Server: Dag RPM Repository for Red Hat Enterprise Linux >Finding updated packages >Downloading needed headers >perl-Net-CIDR is installed and is the latest version. >No actions to take > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > then try to install it using CPAN and see what happens... if regular "install Net::CIDR" doesn't work, try "force install Net::CIDR". If that doesn't work you might want to "yum remove perl-Net-CIDR" followed by yum install, or find Net::CIDR on rpmpan... ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at nkpanama.com Tue Jun 28 22:48:22 2005 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Jan 12 21:30:10 2006 Subject: Best practices Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jason Williams wrote: > Hi Ugo, > > I'll double check my list here, but im pretty sure I have all the > following covered, except for the reverse lookup and the SPF records. > I do plan to take a look at these. > > I appreciate it. > > Cheers, > > Jason > > Ugo Bellavance wrote: > >> Hi Jason, >> >> A few ideas: >> >> - Have a reverse lookup >> - If MaiScanner a gateway, make sure you use firewall rules on the >> destination server to make sure only MailScanner can access it. >> - Have SPF records >> - Use SMTP-AUTH for roaming clients >> - Don't bounce >> - Make sure you're not an open relay >> - Do some testiing: >> >> http://www.dnsreport.com/ >> http://www.dnsstuff.com/ >> http://www.samspade.com/ >> http://www.testvirus.org/ (with disclamer...) >> >> Ugo >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> >> >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! * Install portsentry or firewall everything but SMTP to your mailscanner box from the outside world... * Implement SMTPS/TLS (port 465), and MSA (port 587, for people who can't use port 25) * Buy Julian's book :) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at nkpanama.com Tue Jun 28 22:45:05 2005 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Jan 12 21:30:10 2006 Subject: Regex question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Craig Daters wrote: > > On Jun 28, 2005, at 7:38 AM, Rick Cooper wrote: > <--snipped for cleanliness sake--> > > >>messages is not a problem. I have been feeding all of these to the > >>Baysian database to bring their scores up to an acceptable level, and > >>I > >>will certainly add a rule as well for SpamAssassin. I would prefer to > >>stop these at the MTA level entirely and save to CPU power this would > >>otherwise generate, but this is a start. > >> > >>Thank you everyone for your help and input. > >> > >MTA is where all of my RBL checking takes place. You don't say what > >the MTA > >is but I would think about any can accommodate RBL checks these days. I > >personally believe in doing as many checks at SMTP time is best. Basic > >checks I do are: > > > >Helo checks : helo with my hostname, ip literal or a host name from my > >domain - drop and firewall > > helo with bare IP - drop > > helo without a FQDN - drop > > >Rcpt to checks: Invalid user drop (of course) > > non-authenticated local user outside the network - drop > > fails sender callout verification - drop > > in one of several RBLs (although I don't check DUL) - drop > > >Data checks: basic bad mime type (.com|.exe|.pif|.bat) - drop > > Virus - drop and firewall (exim/exiscan BD, ClamAV, > >f-prot) > > Spam score above 15 - drop > > SPF fails - drop > > >There are, of course, more dealing with relaying and so forth but for > >the > >most part I have relatively few things that we definatly do not want, > >pass > >through to MS to deal with, and I haven't generated a bounce in so > >long I > >couldn't tell you the last time. Drop the stuff you *know* shouldn't > >arrive > >and let MS handle filename, type, archives, bad content, the marginal > >spam, > >etc. > > > I am using Sendmail 8.13.1-2 (RHEL RPM) for my MTA. I like what you are > saying here. I don't know how difficult these will be to implement. I > have enabled Sendmail's option to not accept mail from non-FQDN > sources, And I have blacklisted a couple of countries that have sent us > spam in the past that I know we would never receive legitimate email > from, but that is all. > > --- > Craig Daters (craig@westpress.com) > Systems Administrator > > West Press > 1663 West Grant Road > Tucson, Arizona 85745 > > (520) 624-4939 x208 > (520) 624-2715 fax > www.westpress.com > How do you block mail from non-fqdn sources, exactly? Any url's to a page showing examples? Thanks... -- Please note: It is the policy of West Press that all e-mail sent to and from any @westpress.com address may be recorded and monitored. Unless it is West Press related business, please do not send any material of a private, personal, or confidential nature to this or any @westpress.com e-mail address. This message has been scanned for UCE (spam), viruses, and dangerous content, and is believed to be clean ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at nkpanama.com Tue Jun 28 22:42:16 2005 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Jan 12 21:30:10 2006 Subject: MS fails after yum update Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Denis Beauchemin wrote: > Brian Parish wrote: > >> I did a yum update and it updated some perl stuff. Now I get: >> >> Starting MailScanner daemons: >> incoming postfix: [ OK ] >> outgoing postfix: [ OK ] >> MailScanner: Can't locate Net/CIDR.pm in @INC (@INC >> contains: /usr/lib/MailScanner /usr/lib/perl5/5.8.6/i686-linux >> /usr/lib/perl5/5.8.6 /usr/lib/perl5/site_perl/5.8.6/i686-linux >> /usr/lib/perl5/site_perl/5.8.6 /usr/lib/perl5/site_perl/5.8.0 >> /usr/lib/perl5/site_perl. /usr/lib/MailScanner) at >> /usr/lib/MailScanner/MailScanner/Config.pm line 34. >> BEGIN failed--compilation aborted at >> /usr/lib/MailScanner/MailScanner/Config.pm line 34. >> Compilation failed in require at /usr/sbin/MailScanner line 64. >> BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 64. >> >> Tried installing the latest version of MailScanner with the same result. >> >> >> > > Brian, > > Try to reinstall from CPAN: > LANG=C perl -MCPAN -e 'install Net::CIDR' > > Denis > PS: you should omit LANG=C if your server is already configured not to > use UTF-8 or if your shell is not sh/bash/ksh. > what happens exactly, if your shell isn't the usual sh/bash/ksh? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jun 29 10:41:11 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:10 2006 Subject: File type rulesets Message-ID: Where you say Filename Rules = %etc-dir%/filename.rules I think you mean Filename Rules = %rules-dir%/filename.rules and immediately below it I would say "/etc/MailScanner/rules" START READING HERE There is actually a way you can make this whole setup neater and easier to maintain. Whenever (in the MailScanner.conf or a *.rules file) you specify the name of a "filename.rules.conf" file, you can supply a space- separated list of filename.rules.conf files. The filename allow/deny rules that are applied are the concatenation of all the filename.rules.conf files that you have listed. The allow/deny rule that is used for a particular attachment is the first one that matches. It stops processing there and does the allow or deny (or deny+delete) that is appropriate. So you DON'T need to have a filename.rules.conf file that is a copy of the supplied one with an extra rule at the top (deny \.zip$ - -). If you have a lot of these files this can get very awkward and hard to maintain. All you actually need is one copy of the supplied filename.rules.conf file, and 1 file for each modification. In this example we are going to block zip files for mail to/from 'domain1.ie'. MailScanner.conf: Filename Rules = %rules-dir%/filename.rules %rules-dir%/filename.rules: FromOrTo: *@domain1.ie /etc/MailScanner/filename.domain1.ie.conf /etc/ MailScanner/filename.rules.conf *** Here is the difference *** /etc/MailScanner/filename.domain1.ie.conf: deny \.zip$ - - /etc/MailScanner/filename.rules.conf: Exactly as I supply it The thing to notice is the the filename.domain1.ie.conf only needs to contain 1 line, it does not need to repeat the whole of filename.rules.conf. Cool huh? On 29 Jun 2005, at 01:23, Michele Neylon:: Blacknight.ie wrote: > Following on my own issues with rulesets I posted the following: > > http://www.mneylon.com/blog/archives/2005/06/29/content-filtering- > with-mails > canner-part-1-file-types/ > > Any input, corrections etc., are welcome > > Michele > > Mr Michele Neylon > Blacknight Internet Solutions Ltd > Quality Hosting, co-location & domains > http://www.blacknight.ie/ > Tel. +353 59 9183072 > Tired of your current host? Save 15% when you move to us! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From sdouglas at netnettech.com Tue Jun 28 21:00:45 2005 From: sdouglas at netnettech.com (Steve Douglas) Date: Thu Jan 12 21:30:10 2006 Subject: MailScanner Syntax Error In Degub Mode. Message-ID: Thanks, Kai! The syntax is "Allow Iframe Tages = no" -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Kai Schaetzl Sent: Tuesday, June 28, 2005 2:31 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: MailScanner Syntax Error In Degub Mode. Steve Douglas wrote on Tue, 28 Jun 2005 12:24:35 -0500: > It has consistently reported failed dependencies > for Convert:BINHEX & Perl-MIME-Tools >= 5.412. Did you check that these modules *are* there and uptodate? If so, then just run the MailScanner*.rpm > The line is actually syntaxed as: Log ^ÓIFrame Tags = no^ÔUnrecognised > keyword "logiframetags" at line 498 Can you find "IFrame" in your conf? I'm wondering if you just have a typo there. Log ^ÓIFrame Tags = no^Ô is surely not correct,it should be: Allow IFrame Tags = no Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Tue Jun 28 20:31:21 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:30:10 2006 Subject: Upgrade SA Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Christian Campbell wrote on Tue, 28 Jun 2005 13:37:04 -0400: > perl -MCPAN -eshell The best way always is to install from the source. It's so easy. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Tue Jun 28 20:31:21 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:30:10 2006 Subject: Language error Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote on Tue, 28 Jun 2005 18:00:25 +0100: > You will probably find a languages.conf.rpmnew in that directory. > Run upgrade_languages_conf on it. Hm, I checked my reports/xx/ dirs and it seems that all files got just overwritten, no languages.conf.rpmnew nowhere. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Tue Jun 28 20:31:21 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:30:10 2006 Subject: MailScanner Syntax Error In Degub Mode. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Steve Douglas wrote on Tue, 28 Jun 2005 12:24:35 -0500: > It has consistently reported failed dependencies > for Convert:BINHEX & Perl-MIME-Tools >= 5.412. Did you check that these modules *are* there and uptodate? If so, then just run the MailScanner*.rpm > The line is actually syntaxed as: Log ^ÓIFrame Tags = no^ÔUnrecognised > keyword > "logiframetags" at line 498 Can you find "IFrame" in your conf? I'm wondering if you just have a typo there. Log ^ÓIFrame Tags = no^Ô is surely not correct,it should be: Allow IFrame Tags = no Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue Jun 28 20:12:39 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:10 2006 Subject: After a few hours of reading, i'm catching up...just few questions Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jason Williams spake the following on 6/28/2005 11:36 AM: > I've spent the better part of my morning (since 0730 Pacific time) > reading over all sorts of documentation about MailScanner and > spamassassin. My lapse in keeping up to date with configuring MS and SA > correctly has allowed quite a bit of spam to get through my network. > Because of that, i went on a crash course this morning.(a lot to soak up) > > I read quite a bit here and have a further, better understanding of > everything. But I wanted to just ask a few quick questions to make sure > I am correct in a few things I want to implement. > The biggest part that im working on is the spam.assassin.prefs.conf file. > > DCC. I went ahead and installed this. I plugged it into the init.pre > file. When I do a --lint test, it kicks some errors, but doesn't break > anything from what I found out (Thanks Julian). First question here is, > how can I tell if it is contributing to blocking spam? You will see messages in the log refering to DCC. You can run grep DCC_CHECK /var/log/maillog from a shell to see if it is hitting. If you have some volume of e-mail, you might want to run the DCC daemon DCCifd. http://wiki.mailscanner.info/doku.php?id=documentation:anti_spam:spamassassin:plugins:dcc:dccifd_install > > My main question is in regards to the spam.assassin.prefs.conf file as > well as "ALL TRUSTED" portion. I haven't been able to really 'lockdown' > what exactly the "ALL TRUSTED" should include for my network. I'm > sketchy on that part. > As am I. I set the scores to zero until I can sort that out. > This was recommended to me and I think it would be great for mysetup. > http://www.uribl.com/ > > To implement this into my setup, just so im clear, these go into my > spam.assassin.prefs.conf file at the very en? > In the current file, I have this at the very end: > > urirhssub URIBL_JP_SURBL multi.surbl.org. A 64 > body URIBL_JP_SURBL eval:check_uridnsbl('URIBL_JP_SURBL') > describe URIBL_JP_SURBL Has URI in JP at http://www.surbl.org/lists.html > tflags URIBL_JP_SURBL net > > score URIBL_JP_SURBL 4.0 If you are using SpamAssassin 3.0.4 The above rule is now integrated. Probably won't hurt to leave it, but might cause future confusion. > > > I would like to add the following, from www.uribl.com as well as > additional surbl.org, if there are additional ones. > > urirhssub URIBL_BLACK multi.uribl.com. A 2 > body URIBL_BLACK eval:check_uridnsbl('URIBL_BLACK') > describe URIBL_BLACK Contains an URL listed in the URIBL blacklist > tflags URIBL_BLACK net > score URIBL_BLACK 3.0 > > urirhssub URIBL_GREY multi.uribl.com. A 4 > body URIBL_GREY eval:check_uridnsbl('URIBL_GREY') > describe URIBL_GREY Contains an URL listed in the URIBL greylist > tflags URIBL_GREY net > score URIBL_GREY 1.0 > > > My question is that I should just add those to the bottom/end of my > file, beneath the URIBL_JP section? I should adjust the scores as needed. > > I figure that should get me started and headed in the right direction. I > will continue to work on this today as well as the rest of the week. I > am planning on using bayes, pyzor and razor as well. > Just trying to make sure I fully understand these things and make sure I > do it correctly. > > Much appreciated to this list here. Everyone has always been extremely > helpful. > > Cheers, > > Jason > -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Tue Jun 28 19:52:26 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:10 2006 Subject: Upgrade SA Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Christian Campbell wrote: >>>2nd - Can I do: >>> >>>perl -MCPAN -eshell >>>install Mail::SpamAssassin >>> >>>to upgrade SA? > > >>Kill all the old spamassassin rpms first. >>If you want an easy fix for spamassassin and want to add >>ClamAV, Julian >>has a package to add both, and their dependencies. >>http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Cla > > m-SA.tar.gz > > > Do you need to uninstall the old SA or can I just run Julian's ./install.sh? If you installed your distro's SA, better remove it. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Tue Jun 28 19:42:48 2005 From: michele at BLACKNIGHT.IE (Michele Neylon:: Blacknight) Date: Thu Jan 12 21:30:10 2006 Subject: After a few hours of reading, i'm catching up...just few questions Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jason Williams wrote: > > DCC. I went ahead and installed this. I plugged it into the init.pre > file. When I do a --lint test, it kicks some errors, but doesn't break > anything from what I found out (Thanks Julian). First question here is, > how can I tell if it is contributing to blocking spam? Check your logs. If you are logging the spam scores to your mail log you should see references to DCC. You don't need to enable it in init.pre *yet*. It looks like it will be required in the next release of SA > To implement this into my setup, just so im clear, these go into my > spam.assassin.prefs.conf file at the very en? > In the current file, I have this at the very end: > > urirhssub URIBL_JP_SURBL multi.surbl.org. A 64 > body URIBL_JP_SURBL eval:check_uridnsbl('URIBL_JP_SURBL') > describe URIBL_JP_SURBL Has URI in JP at http://www.surbl.org/lists.html > tflags URIBL_JP_SURBL net > > score URIBL_JP_SURBL 4.0 > > > I would like to add the following, from www.uribl.com as well as > additional surbl.org, if there are additional ones. > > urirhssub URIBL_BLACK multi.uribl.com. A 2 > body URIBL_BLACK eval:check_uridnsbl('URIBL_BLACK') > describe URIBL_BLACK Contains an URL listed in the URIBL blacklist > tflags URIBL_BLACK net > score URIBL_BLACK 3.0 > > urirhssub URIBL_GREY multi.uribl.com. A 4 > body URIBL_GREY eval:check_uridnsbl('URIBL_GREY') > describe URIBL_GREY Contains an URL listed in the URIBL greylist > tflags URIBL_GREY net > score URIBL_GREY 1.0 > > You could put them in a separate .cf file in your /etc/mail/spamassassin directory ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Wed Jun 29 10:52:01 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:30:10 2006 Subject: Quick 'bayes' question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jason Williams wrote: > Well im back. This time, a question on bayes. > > I've been working to get bayes setup and running properly (and I don't > think bayes has evern been setup to work properly to be honest). > > First, in my spam.assassin.prefs.conf file, I have > > use_bayes 1 > bayes_patch /usr/local/etc/MailScanner/bayes/ ========^^^^^ Is this a typo or an error in your conf file? it's meant to be bayes_path - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Wed Jun 29 01:48:29 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:30:10 2006 Subject: mailing Quarantine "dump" Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 6/28/05, Kai Schaetzl wrote: > Stephen Swaney wrote on Mon, 27 Jun 2005 14:59:32 -0400: > > > Actually you can use sendmail and our quarantine report. My reference to the > > new quarantine data available in the beta version of MailScanner will make > > creating the report a bit easier and a lot faster. All of the data can be > > stored in a database as it is quarantined rather that reconstructed by > > limping though the quarantine files :) > > If one uses Mailwatch all necessary information should be in its database, > anyway, I think. > > Kai > > -- > Kai Schätzl, Berlin, Germany > Get your web at Conactive Internet Services: http://www.conactive.com > IE-Center: http://ie5.de & http://msie.winware.org > Only sort of..... To construct the nice view of the quarantine it too resorts to "limping through ...":). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Wed Jun 29 10:55:27 2005 From: michele at BLACKNIGHT.IE (Michele Neylon) Date: Thu Jan 12 21:30:10 2006 Subject: File type rulesets Message-ID: Julian Field <> scribbled on 29 June 2005 10:41: > Where you say > Filename Rules = %etc-dir%/filename.rules I think you mean Filename > Rules = %rules-dir%/filename.rules and immediately below it I would > say "/etc/MailScanner/rules" Does it matter which directory the .rules > > START READING HERE > > Cool huh? > Damn. Now he tells me :( Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Fax. +353 (0) 59 9164239 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Wed Jun 29 11:34:20 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:30:10 2006 Subject: Question regarding clamd.conf parameters.. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Julian, How do I ensure that clamav (or clamavmodule) when called from MailScanner doesn't mark encrypted mails as viruses? There is a 'ArchiveBlockEncrypted' parameter in clamd.conf, but i am unsure whether MailScanner indirectly uses clamd.conf If clamd.conf is used by MS then is it possible to incorporate clamd.conf related parameters in the next version of MailScanner? something like the current limits set for clamavmodule.. OR would you rather have people modify the clamd.conf files? current clam parameters in MailScanner.conf ClamAVmodule Maximum Recursion Level = 5 ClamAVmodule Maximum Files = 1000 ClamAVmodule Maximum File Size = 10000000 # (10 Mbytes) ClamAVmodule Maximum Compression Ratio = 250 - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Wed Jun 29 02:32:33 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:30:10 2006 Subject: The Book -- new edition Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 6/28/05, Jason Balicki wrote: > Billy A. Pumphrey <> wrote: > > To me even the simplest thing could use a sentence or two then a link > > for more info about it. > > Here's what I've got up on the wiki so far, feel free > to log in and expand any entry you like: > > http://wiki.mailscanner.info/doku.php?id=best_practices > > That goes for everyone. > > --J(K) Nice, very nice. Once I get back from vacation, and regress to the relative sobriety of everyday, I'll have a deper look, but a cursory one shows some really good ... formulations. Something to show the PHB when he's in a particularily contrary mood...:) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jun 29 12:10:52 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:10 2006 Subject: File type rulesets Message-ID: No replies to this yet, did I scare everyone off? :-) On 29 Jun 2005, at 10:41, Julian Field wrote: > Where you say > Filename Rules = %etc-dir%/filename.rules > I think you mean > Filename Rules = %rules-dir%/filename.rules > and immediately below it I would say "/etc/MailScanner/rules" > > START READING HERE > > There is actually a way you can make this whole setup neater and > easier to maintain. > > Whenever (in the MailScanner.conf or a *.rules file) you specify > the name of a "filename.rules.conf" file, you can supply a space- > separated list of filename.rules.conf files. > > The filename allow/deny rules that are applied are the > concatenation of all the filename.rules.conf files that you have > listed. > > The allow/deny rule that is used for a particular attachment is the > first one that matches. It stops processing there and does the > allow or deny (or deny+delete) that is appropriate. > > So you DON'T need to have a filename.rules.conf file that is a copy > of the supplied one with an extra rule at the top (deny \.zip$ - > -). If you have a lot of these files this can get very awkward and > hard to maintain. > > All you actually need is one copy of the supplied > filename.rules.conf file, and 1 file for each modification. In this > example we are going to block zip files for mail to/from 'domain1.ie'. > > MailScanner.conf: > Filename Rules = %rules-dir%/filename.rules > > %rules-dir%/filename.rules: > FromOrTo: *@domain1.ie /etc/MailScanner/filename.domain1.ie.conf / > etc/MailScanner/filename.rules.conf > > *** Here is the difference *** > /etc/MailScanner/filename.domain1.ie.conf: > deny \.zip$ - - > > /etc/MailScanner/filename.rules.conf: > Exactly as I supply it > > The thing to notice is the the filename.domain1.ie.conf only needs > to contain 1 line, it does not need to repeat the whole of > filename.rules.conf. > > Cool huh? > > On 29 Jun 2005, at 01:23, Michele Neylon:: Blacknight.ie wrote: > > >> Following on my own issues with rulesets I posted the following: >> >> http://www.mneylon.com/blog/archives/2005/06/29/content-filtering- >> with-mails >> canner-part-1-file-types/ >> >> Any input, corrections etc., are welcome >> >> Michele -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jun 29 12:13:19 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:10 2006 Subject: File type rulesets Message-ID: On 29 Jun 2005, at 10:55, Michele Neylon wrote: > Julian Field <> scribbled on 29 June 2005 10:41: > > >> Where you say >> Filename Rules = %etc-dir%/filename.rules I think you mean Filename >> Rules = %rules-dir%/filename.rules and immediately below it I would >> say "/etc/MailScanner/rules" >> > > Does it matter which directory the .rules No, I just think it helps people to keep everything consistent. > >> >> START READING HERE >> >> > > > >> Cool huh? >> >> > Damn. Now he tells me :( MailScanner's configuration system is a bit cleverer than most people realise. :) -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Jun 29 12:30:17 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:10 2006 Subject: File type rulesets Message-ID: Julian just spend a few mins getting my head around this... OK this is quite nicely put, can this go in the wiki maybe with a full example rather than the partial you provided. I presume the followind would be correct... %rules-dir%/filename.rules: FromOrTo: *@domain1.ie /etc/MailScanner/filename.domain1.ie.conf /etc/MailScanner/filename.rules.conf FromOrTo: default /etc/MailScanner/filename.rules.conf -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Julian Field wrote: > No replies to this yet, did I scare everyone off? :-) > > On 29 Jun 2005, at 10:41, Julian Field wrote: > >> Where you say >> Filename Rules = %etc-dir%/filename.rules >> I think you mean >> Filename Rules = %rules-dir%/filename.rules >> and immediately below it I would say "/etc/MailScanner/rules" >> >> START READING HERE >> >> There is actually a way you can make this whole setup neater and >> easier to maintain. >> >> Whenever (in the MailScanner.conf or a *.rules file) you specify the >> name of a "filename.rules.conf" file, you can supply a space- >> separated list of filename.rules.conf files. >> >> The filename allow/deny rules that are applied are the concatenation >> of all the filename.rules.conf files that you have listed. >> >> The allow/deny rule that is used for a particular attachment is the >> first one that matches. It stops processing there and does the allow >> or deny (or deny+delete) that is appropriate. >> >> So you DON'T need to have a filename.rules.conf file that is a copy >> of the supplied one with an extra rule at the top (deny \.zip$ - -). >> If you have a lot of these files this can get very awkward and hard >> to maintain. >> >> All you actually need is one copy of the supplied filename.rules.conf >> file, and 1 file for each modification. In this example we are going >> to block zip files for mail to/from 'domain1.ie'. >> >> MailScanner.conf: >> Filename Rules = %rules-dir%/filename.rules >> >> %rules-dir%/filename.rules: >> FromOrTo: *@domain1.ie /etc/MailScanner/filename.domain1.ie.conf / >> etc/MailScanner/filename.rules.conf >> >> *** Here is the difference *** >> /etc/MailScanner/filename.domain1.ie.conf: >> deny \.zip$ - - >> >> /etc/MailScanner/filename.rules.conf: >> Exactly as I supply it >> >> The thing to notice is the the filename.domain1.ie.conf only needs to >> contain 1 line, it does not need to repeat the whole of >> filename.rules.conf. >> >> Cool huh? >> >> On 29 Jun 2005, at 01:23, Michele Neylon:: Blacknight.ie wrote: >> >> >>> Following on my own issues with rulesets I posted the following: >>> >>> http://www.mneylon.com/blog/archives/2005/06/29/content-filtering- >>> with-mails >>> canner-part-1-file-types/ >>> >>> Any input, corrections etc., are welcome >>> >>> Michele > > ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Wed Jun 29 12:25:07 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:30:10 2006 Subject: postfix multi recipient Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > > > Well as far as I have read, you just set up a filter to pipe the mail > through a script that does the splitting then pipes the result back to > Postfix using sendmail. Not pretty. :-( > > Better may be to use this > http://archives.neohapsis.com/archives/postfix/2002-10/1490.html as a > better solution (Although still not pretty). None of the options just put > mail in the hold queue they all involve passing it through smtpd twice. > The other option is to tell me what it's like to manage an Exim box ;-) > > Drew > I guess that other than using the recipient limit, which i am sure must be driving some who send us emails mad and the method you suggest above, is to use 2 x postfix instances, the first recieving mail as normal and configure with a transport_recipient_limit that passes mail to next instance on another port for regular processing? Off to install Exim on a test machine ... :( ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jun 29 12:14:35 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:10 2006 Subject: Question regarding clamd.conf parameters.. Message-ID: On 29 Jun 2005, at 11:34, Dhawal Doshy wrote: > Hi Julian, > > How do I ensure that clamav (or clamavmodule) when called from > MailScanner doesn't mark encrypted mails as viruses? > > There is a 'ArchiveBlockEncrypted' parameter in clamd.conf, but i > am unsure whether MailScanner indirectly uses clamd.conf > > If clamd.conf is used by MS It's not. > then is it possible to incorporate clamd.conf related parameters in > the next version of MailScanner? something like the current limits > set for clamavmodule.. OR would you rather have people modify the > clamd.conf files? > > current clam parameters in MailScanner.conf > ClamAVmodule Maximum Recursion Level = 5 > ClamAVmodule Maximum Files = 1000 > ClamAVmodule Maximum File Size = 10000000 # (10 Mbytes) > ClamAVmodule Maximum Compression Ratio = 250 You'll need to refer to a clam expert here, I just use it and it appears to work well enough for me, but there again I use 3 virus scanners anyway. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Wed Jun 29 13:01:08 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:30:10 2006 Subject: Question regarding clamd.conf parameters.. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: >> >> If clamd.conf is used by MS > > > It's not. > >> then is it possible to incorporate clamd.conf related parameters in >> the next version of MailScanner? something like the current limits >> set for clamavmodule.. OR would you rather have people modify the >> clamd.conf files? > > You'll need to refer to a clam expert here, I just use it and it > appears to work well enough for me, but there again I use 3 virus > scanners anyway. > Thanks for the clarification.. i'll dig in a bit more and post the results if anyone is interested.. thanks again, - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Jun 29 13:14:49 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:10 2006 Subject: Question regarding clamd.conf parameters.. Message-ID: Julian IF you use clamav rather than clamavmodule then setting these params in clamav.conf should produce the same results. From my hazy memory I seem to remember clamd.conf is depreciated in favour of clamav.conf..or it could be the other way around - ask the clamav people.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Julian Field wrote: > On 29 Jun 2005, at 11:34, Dhawal Doshy wrote: > >> Hi Julian, >> >> How do I ensure that clamav (or clamavmodule) when called from >> MailScanner doesn't mark encrypted mails as viruses? >> >> There is a 'ArchiveBlockEncrypted' parameter in clamd.conf, but i am >> unsure whether MailScanner indirectly uses clamd.conf >> >> If clamd.conf is used by MS > > > It's not. > >> then is it possible to incorporate clamd.conf related parameters in >> the next version of MailScanner? something like the current limits >> set for clamavmodule.. OR would you rather have people modify the >> clamd.conf files? >> >> current clam parameters in MailScanner.conf >> ClamAVmodule Maximum Recursion Level = 5 >> ClamAVmodule Maximum Files = 1000 >> ClamAVmodule Maximum File Size = 10000000 # (10 Mbytes) >> ClamAVmodule Maximum Compression Ratio = 250 > > > You'll need to refer to a clam expert here, I just use it and it > appears to work well enough for me, but there again I use 3 virus > scanners anyway. > ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Wed Jun 29 13:26:50 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:30:10 2006 Subject: Question regarding clamd.conf parameters.. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dhawal Doshy wrote: > Julian Field wrote: > >>> >>> If clamd.conf is used by MS >> >> >> >> It's not. >> >>> then is it possible to incorporate clamd.conf related parameters in >>> the next version of MailScanner? something like the current limits >>> set for clamavmodule.. OR would you rather have people modify the >>> clamd.conf files? >> >> >> You'll need to refer to a clam expert here, I just use it and it >> appears to work well enough for me, but there again I use 3 virus >> scanners anyway. >> > > Thanks for the clarification.. i'll dig in a bit more and post the > results if anyone is interested.. > Here's some gyan (meaning: 'unsolicited advice' in corrupt hindi) on clamavmodule and libclamav The following exportable constants are allowed: http://cpan.gossamer-threads.com/modules/by-authors/id/S/SA/SABECK/Mail-ClamAV-0.17.readme Further reference is provided here: http://www.clamav.net/doc/0.86.1/html/node41.html Also important to mention is the fact the "if no flags are provided; the defaults from clamd.conf apply", which implies that if clamd.conf is found / readable by the Mail::ClamAV module (libclamav) then it'll inherit properties specified in the clamd.conf file. Some important parameters that you'd want to set / unset in clamd.conf (if it exists) are: MaxDirectoryRecursion: default 15 DetectBrokenExecutables: default disabled (but enabled in dag's rpms) ArchiveMaxFileSize: Default 10M ArchiveMaxRecursion: Default 8 ArchiveMaxFiles: Default 250 (set to 1500 in dag's rpms) ArchiveBlockEncrypted: Default disabled (but enabled in dag's rpms) ArchiveBlockMax: Default disabled (but enabled in dag's rpms) ArchiveMaxCompressionRatio: Default 250 (set to 300 in dag's rpms) So i'd prefer removing clamd.conf completely, but for testing purposes i am commenting out the following ArchiveBlockEncrypted (this will mark encrypted archives as viruses) ArchiveBlockMax (this will mark archives as viruses if ArchiveMaxFiles, ArchiveMaxFileSize, or ArchiveMaxRecursion limits are reached) - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Jan-Peter.Koopmann at SECEIDOS.DE Wed Jun 29 13:35:38 2005 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:30:10 2006 Subject: Question regarding clamd.conf parameters.. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, > IF you use clamav rather than clamavmodule then setting these > params in clamav.conf should produce the same results. From That trick never worked for me. I had to make changes to clamav-wrapper and specify those options on the command line since clamscan when called from Mailscanner never reacted to any settings in clamd.conf/clamav.conf. Regards, JP ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jun 29 13:41:11 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:10 2006 Subject: File type rulesets Message-ID: On 29 Jun 2005, at 12:30, Martin Hepworth wrote: > Julian > > just spend a few mins getting my head around this... > > OK this is quite nicely put, can this go in the wiki maybe with a > full example rather than the partial you provided. How about you add it and mail me the URL and I will check it for you. That you you can see if you really understand it, by you adding the extra bits yourself. I will then just correct anthing that's wrong. > I presume the followind would be correct... > > %rules-dir%/filename.rules: > FromOrTo: *@domain1.ie /etc/MailScanner/filename.domain1.ie.conf / > etc/MailScanner/filename.rules.conf > FromOrTo: default /etc/MailScanner/filename.rules.conf Correct. > Julian Field wrote: > >> No replies to this yet, did I scare everyone off? :-) >> On 29 Jun 2005, at 10:41, Julian Field wrote: >> >>> Where you say >>> Filename Rules = %etc-dir%/filename.rules >>> I think you mean >>> Filename Rules = %rules-dir%/filename.rules >>> and immediately below it I would say "/etc/MailScanner/rules" >>> >>> START READING HERE >>> >>> There is actually a way you can make this whole setup neater and >>> easier to maintain. >>> >>> Whenever (in the MailScanner.conf or a *.rules file) you specify >>> the name of a "filename.rules.conf" file, you can supply a space- >>> separated list of filename.rules.conf files. >>> >>> The filename allow/deny rules that are applied are the >>> concatenation of all the filename.rules.conf files that you have >>> listed. >>> >>> The allow/deny rule that is used for a particular attachment is >>> the first one that matches. It stops processing there and does >>> the allow or deny (or deny+delete) that is appropriate. >>> >>> So you DON'T need to have a filename.rules.conf file that is a >>> copy of the supplied one with an extra rule at the top (deny >>> \.zip$ - -). If you have a lot of these files this can get very >>> awkward and hard to maintain. >>> >>> All you actually need is one copy of the supplied >>> filename.rules.conf file, and 1 file for each modification. In >>> this example we are going to block zip files for mail to/from >>> 'domain1.ie'. >>> >>> MailScanner.conf: >>> Filename Rules = %rules-dir%/filename.rules >>> >>> %rules-dir%/filename.rules: >>> FromOrTo: *@domain1.ie /etc/MailScanner/ >>> filename.domain1.ie.conf / etc/MailScanner/filename.rules.conf >>> >>> *** Here is the difference *** >>> /etc/MailScanner/filename.domain1.ie.conf: >>> deny \.zip$ - - >>> >>> /etc/MailScanner/filename.rules.conf: >>> Exactly as I supply it >>> >>> The thing to notice is the the filename.domain1.ie.conf only >>> needs to contain 1 line, it does not need to repeat the whole >>> of filename.rules.conf. >>> >>> Cool huh? >>> >>> On 29 Jun 2005, at 01:23, Michele Neylon:: Blacknight.ie wrote: >>> >>> >>> >>>> Following on my own issues with rulesets I posted the following: >>>> >>>> http://www.mneylon.com/blog/archives/2005/06/29/content- >>>> filtering- with-mails >>>> canner-part-1-file-types/ >>>> >>>> Any input, corrections etc., are welcome >>>> >>>> Michele >>>> -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Wed Jun 29 14:11:56 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:30:10 2006 Subject: postfix multi recipient Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Pete Russell said: >> Well as far as I have read, you just set up a filter to pipe the mail >> through a script that does the splitting then pipes the result back to >> Postfix using sendmail. Not pretty. :-( >> >> Better may be to use this >> http://archives.neohapsis.com/archives/postfix/2002-10/1490.html as a >> better solution (Although still not pretty). None of the options just >> put >> mail in the hold queue they all involve passing it through smtpd twice. >> The other option is to tell me what it's like to manage an Exim box ;-) >> >> Drew >> > > I guess that other than using the recipient limit, which i am sure must > be driving some who send us emails mad and the method you suggest above, > is to use 2 x postfix instances, the first recieving mail as normal and > configure with a transport_recipient_limit that passes mail to next > instance on another port for regular processing? That was about the conclusion i had reached too. > > Off to install Exim on a test machine ... :( Let me know how you get on. It looks like you can do some very smart stuff with Exim, if you can get your head around the config... I am tempted but it's not broken (And I have confidence that Postfix is secure)... Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From craig at WESTPRESS.COM Wed Jun 29 14:16:54 2005 From: craig at WESTPRESS.COM (Craig Daters) Date: Thu Jan 12 21:30:10 2006 Subject: Regex question Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Jun 28, 2005, at 2:45 PM, Alex Neuman van der Hans wrote: > Craig Daters wrote: > >> >> On Jun 28, 2005, at 7:38 AM, Rick Cooper wrote: >> <--snipped for cleanliness sake--> >> >>>> messages is not a problem. I have been feeding all of these to the >>>> Baysian database to bring their scores up to an acceptable level, >>>> and >>>> I >>>> will certainly add a rule as well for SpamAssassin. I would prefer >>>> to >>>> stop these at the MTA level entirely and save to CPU power this >>>> would >>>> otherwise generate, but this is a start. >>>> >>>> <--snipped for cleanliness sake--> >> >>> There are, of course, more dealing with relaying and so forth but for >>> the >>> most part I have relatively few things that we definatly do not want, >>> pass >>> through to MS to deal with, and I haven't generated a bounce in so >>> long I >>> couldn't tell you the last time. Drop the stuff you *know* shouldn't >>> arrive >>> and let MS handle filename, type, archives, bad content, the marginal >>> spam, >>> etc. >> >> >> I am using Sendmail 8.13.1-2 (RHEL RPM) for my MTA. I like what you >> are >> saying here. I don't know how difficult these will be to implement. I >> have enabled Sendmail's option to not accept mail from non-FQDN >> sources, And I have blacklisted a couple of countries that have sent >> us >> spam in the past that I know we would never receive legitimate email >> from, but that is all. >> > How do you block mail from non-fqdn sources, exactly? Any url's to a > page showing examples? Thanks... > -- > Using Sendmail, simply commenting out the option in your sendmail.mc file: FEATURE(`accept_unresolvable_domains')dnl is supposed to do the trick. - --- Craig Daters (craig@westpress.com) Systems Administrator West Press 1663 West Grant Road Tucson, Arizona 85745 (520) 624-4939 x208 (520) 624-2715 fax www.westpress.com -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBQsKfUxBVT8XLuTbnEQJDTACgtJbvowBT8WZ5dWSrmZGNb9OsB9wAoMMl Q8gI4BAAU07Oa9Fb8MbWsfkb =WaU5 -----END PGP SIGNATURE----- -- Please note: It is the policy of West Press that all e-mail sent to and from any @westpress.com address may be recorded and monitored. Unless it is West Press related business, please do not send any material of a private, personal, or confidential nature to this or any @westpress.com e-mail address. This message has been scanned for UCE (spam), viruses, and dangerous content, and is believed to be clean ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From brad at BECKENHAUER.COM Wed Jun 29 14:33:02 2005 From: brad at BECKENHAUER.COM (Brad Beckenhauer) Date: Thu Jan 12 21:30:10 2006 Subject: File type rulesets Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Very cool! as Martin said: "just spent a few mins getting my head around this..." Can we use "variable substitution" as shown below? My thought was that this would shorten "the line". Example: filename.rules # set the variable to point to the default filename.rules.conf file %def-file-rules% = %etc-dir%/filename.rules.conf # Direction Pattern Ruleset to use # ------------------------------------------------- FromOrTo: *@domainA.com %rules-dir%/filename.domainA.rules.conf %def-file-rules% # FromOrTo: john@doe.com %rules-dir%/filename.doe.com.rules.conf %def-file-rules% # FromOrTo: default %etc-dir%/filename.rules.conf Brad >>> Julian Field 6/29/2005 7:41:11 AM >>> On 29 Jun 2005, at 12:30, Martin Hepworth wrote: > Julian > > just spend a few mins getting my head around this... > > OK this is quite nicely put, can this go in the wiki maybe with a > full example rather than the partial you provided. How about you add it and mail me the URL and I will check it for you. That you you can see if you really understand it, by you adding the extra bits yourself. I will then just correct anthing that's wrong. > I presume the followind would be correct... > > %rules-dir%/filename.rules: > FromOrTo: *@domain1.ie /etc/MailScanner/filename.domain1.ie.conf / > etc/MailScanner/filename.rules.conf > FromOrTo: default /etc/MailScanner/filename.rules.conf Correct. > Julian Field wrote: > >> No replies to this yet, did I scare everyone off? :-) >> On 29 Jun 2005, at 10:41, Julian Field wrote: >> >>> Where you say >>> Filename Rules = %etc-dir%/filename.rules >>> I think you mean >>> Filename Rules = %rules-dir%/filename.rules >>> and immediately below it I would say "/etc/MailScanner/rules" >>> >>> START READING HERE >>> >>> There is actually a way you can make this whole setup neater and >>> easier to maintain. >>> >>> Whenever (in the MailScanner.conf or a *.rules file) you specify >>> the name of a "filename.rules.conf" file, you can supply a space- >>> separated list of filename.rules.conf files. >>> >>> The filename allow/deny rules that are applied are the >>> concatenation of all the filename.rules.conf files that you have >>> listed. >>> >>> The allow/deny rule that is used for a particular attachment is >>> the first one that matches. It stops processing there and does >>> the allow or deny (or deny+delete) that is appropriate. >>> >>> So you DON'T need to have a filename.rules.conf file that is a >>> copy of the supplied one with an extra rule at the top (deny >>> \.zip$ - -). If you have a lot of these files this can get very >>> awkward and hard to maintain. >>> >>> All you actually need is one copy of the supplied >>> filename.rules.conf file, and 1 file for each modification. In >>> this example we are going to block zip files for mail to/from >>> 'domain1.ie'. >>> >>> MailScanner.conf: >>> Filename Rules = %rules-dir%/filename.rules >>> >>> %rules-dir%/filename.rules: >>> FromOrTo: *@domain1.ie /etc/MailScanner/ >>> filename.domain1.ie.conf / etc/MailScanner/filename.rules.conf >>> >>> *** Here is the difference *** >>> /etc/MailScanner/filename.domain1.ie.conf: >>> deny \.zip$ - - >>> >>> /etc/MailScanner/filename.rules.conf: >>> Exactly as I supply it >>> >>> The thing to notice is the the filename.domain1.ie.conf only >>> needs to contain 1 line, it does not need to repeat the whole >>> of filename.rules.conf. >>> >>> Cool huh? >>> >>> On 29 Jun 2005, at 01:23, Michele Neylon:: Blacknight.ie wrote: >>> >>> >>> >>>> Following on my own issues with rulesets I posted the following: >>>> >>>> http://www.mneylon.com/blog/archives/2005/06/29/content- >>>> filtering- with-mails >>>> canner-part-1-file-types/ >>>> >>>> Any input, corrections etc., are welcome >>>> >>>> Michele >>>> -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jun 29 14:54:55 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:10 2006 Subject: File type rulesets Message-ID: On 29 Jun 2005, at 14:33, Brad Beckenhauer wrote: > Very cool! > > as Martin said: > "just spent a few mins getting my head around this..." > > Can we use "variable substitution" as shown below? My thought was > that this would shorten "the line". Yes, very good point. Using a %default-fn-rules% setting would shorten and simplify the example quite a bit. > Example: > > filename.rules > # set the variable to point to the default filename.rules.conf file > %def-file-rules% = %etc-dir%/filename.rules.conf > > # Direction Pattern Ruleset to use > # ------------------------------------------------- > FromOrTo: *@domainA.com %rules-dir%/ > filename.domainA.rules.conf %def-file-rules% > # > FromOrTo: john@doe.com %rules-dir%/ > filename.doe.com.rules.conf %def-file-rules% > # > FromOrTo: default %etc-dir%/filename.rules.conf > > > Brad > > > >>>> Julian Field 6/29/2005 7:41:11 AM >>> >>>> > On 29 Jun 2005, at 12:30, Martin Hepworth wrote: > > >> Julian >> >> just spend a few mins getting my head around this... >> >> OK this is quite nicely put, can this go in the wiki maybe with a >> full example rather than the partial you provided. >> > > How about you add it and mail me the URL and I will check it for you. > That you you can see if you really understand it, by you adding the > extra bits yourself. I will then just correct anthing that's wrong. > > >> I presume the followind would be correct... >> >> %rules-dir%/filename.rules: >> FromOrTo: *@domain1.ie /etc/MailScanner/filename.domain1.ie.conf / >> etc/MailScanner/filename.rules.conf >> FromOrTo: default /etc/MailScanner/filename.rules.conf >> > > Correct. > > >> Julian Field wrote: >> >> >>> No replies to this yet, did I scare everyone off? :-) >>> On 29 Jun 2005, at 10:41, Julian Field wrote: >>> >>> >>>> Where you say >>>> Filename Rules = %etc-dir%/filename.rules >>>> I think you mean >>>> Filename Rules = %rules-dir%/filename.rules >>>> and immediately below it I would say "/etc/MailScanner/rules" >>>> >>>> START READING HERE >>>> >>>> There is actually a way you can make this whole setup neater and >>>> easier to maintain. >>>> >>>> Whenever (in the MailScanner.conf or a *.rules file) you specify >>>> the name of a "filename.rules.conf" file, you can supply a space- >>>> separated list of filename.rules.conf files. >>>> >>>> The filename allow/deny rules that are applied are the >>>> concatenation of all the filename.rules.conf files that you have >>>> listed. >>>> >>>> The allow/deny rule that is used for a particular attachment is >>>> the first one that matches. It stops processing there and does >>>> the allow or deny (or deny+delete) that is appropriate. >>>> >>>> So you DON'T need to have a filename.rules.conf file that is a >>>> copy of the supplied one with an extra rule at the top (deny >>>> \.zip$ - -). If you have a lot of these files this can get very >>>> awkward and hard to maintain. >>>> >>>> All you actually need is one copy of the supplied >>>> filename.rules.conf file, and 1 file for each modification. In >>>> this example we are going to block zip files for mail to/from >>>> 'domain1.ie'. >>>> >>>> MailScanner.conf: >>>> Filename Rules = %rules-dir%/filename.rules >>>> >>>> %rules-dir%/filename.rules: >>>> FromOrTo: *@domain1.ie /etc/MailScanner/ >>>> filename.domain1.ie.conf / etc/MailScanner/filename.rules.conf >>>> >>>> *** Here is the difference *** >>>> /etc/MailScanner/filename.domain1.ie.conf: >>>> deny \.zip$ - - >>>> >>>> /etc/MailScanner/filename.rules.conf: >>>> Exactly as I supply it >>>> >>>> The thing to notice is the the filename.domain1.ie.conf only >>>> needs to contain 1 line, it does not need to repeat the whole >>>> of filename.rules.conf. >>>> >>>> Cool huh? >>>> >>>> On 29 Jun 2005, at 01:23, Michele Neylon:: Blacknight.ie wrote: >>>> >>>> >>>> >>>> >>>>> Following on my own issues with rulesets I posted the following: >>>>> >>>>> http://www.mneylon.com/blog/archives/2005/06/29/content- >>>>> filtering- with-mails >>>>> canner-part-1-file-types/ >>>>> >>>>> Any input, corrections etc., are welcome >>>>> >>>>> Michele -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Wed Jun 29 16:44:58 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:30:10 2006 Subject: Quick 'bayes' question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jason Williams wrote: > Got it. Got the results. Went rather quickly. > > synced Bayes databases from journal in 0 seconds: 1423 unique entries > (2521 total entries) > expired old Bayes database entries in 66 seconds > 152165 entries kept, 30945 deleted > token frequency: 1-occurence tokens: 59.17% > token frequency: less than 8 occurrences: 27.47% > > After that, is it safe to remove all those _toks files in the bayes > directory? Or not yet? Only the ones that have "expire" in their names. Obviously yo don't want to delete bayes_toks itself, as that IS your bayes database. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jwilliams at COURTESYMORTGAGE.COM Wed Jun 29 16:52:59 2005 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:30:10 2006 Subject: Quick 'bayes' question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dhawal Doshy wrote: > Jason Williams wrote: > >> Well im back. This time, a question on bayes. >> >> I've been working to get bayes setup and running properly (and I >> don't think bayes has evern been setup to work properly to be honest). >> >> First, in my spam.assassin.prefs.conf file, I have >> >> use_bayes 1 >> bayes_patch /usr/local/etc/MailScanner/bayes/ > > ========^^^^^ > Is this a typo or an error in your conf file? it's meant to be bayes_path > > - dhawal > Yep. A typo. My mistake. Jason ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jwilliams at COURTESYMORTGAGE.COM Wed Jun 29 17:06:41 2005 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:30:10 2006 Subject: Quick 'bayes' question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Scott Silva wrote: >Jason Williams spake the following on 6/28/2005 3:57 PM: > > >>Well im back. This time, a question on bayes. >> >>I've been working to get bayes setup and running properly (and I don't >>think bayes has evern been setup to work properly to be honest). >> >>First, in my spam.assassin.prefs.conf file, I have >> >>use_bayes 1 >>bayes_patch /usr/local/etc/MailScanner/bayes/ >>bayes_file_mode 0660 >> >># Bump up SpamAssassin scores on the high and low end >># score BAYES_00 -15.0 >># score BAYES_05 -5.0 >># score BAYES_95 5.0 >># score BAYES_99 15.0 >> >># To disable bayes autolearn >># bayes_auto_learn 0 >> >>Just trying to make sure I have the basics setup. >> >>I ran --lint, it found the bayes DB no problem. However, when I look in >>the bayes directory, I see a bunch of files that look like this: >> >>_toks.expire98xxx different numbers at the end. >> >>As I was reading over the site, it recommened to do a dump and look at >>the magic. Well here it is: >> >>0.000 0 3 0 non-token data: bayes db version >>0.000 0 0 0 non-token data: nspam >>0.000 0 2 0 non-token data: nham >>0.000 0 43 0 non-token data: ntokens >>0.000 0 1083442244 0 non-token data: oldest atime >>0.000 0 1083446498 0 non-token data: newest atime >>0.000 0 0 0 non-token data: last journal >>sync atime >>0.000 0 0 0 non-token data: last expiry atime >>0.000 0 0 0 non-token data: last expire >>atime delta >>0.000 0 0 0 non-token data: last expire >>reduction count >> >>Reading over the wiki site, there are a lot of things going on with the >>bayes system. >>First question I have is that if I want to train the bayesian learning >>system (or even to rebuild it) would I just point it to the quarantine >>directory? Seems logical. >> >>I'm sure im missing something. Been rather long, mind numbing day. >> >>I appreciate any feedback. >> >>Jason >> >> >> >Either you dumped the wrong database, or this one has very little in it. >Try sa-learn --dump magic --dbpath /path/to/bayes/bayes >Should be the bayes db path in spamassassin.prefs.conf. > >Mine has much more data; > >0.000 0 3 0 non-token data: bayes db version >0.000 0 29146 0 non-token data: nspam >0.000 0 81693 0 non-token data: nham >0.000 0 124702 0 non-token data: ntokens >0.000 0 1119230907 0 non-token data: oldest atime >0.000 0 1120001312 0 non-token data: newest atime >0.000 0 1119999608 0 non-token data: last journal >sync atime >0.000 0 1119929516 0 non-token data: last expiry atime >0.000 0 691200 0 non-token data: last expire >atime delta >0.000 0 28272 0 non-token data: last expire >reduction count > > > Ok. I came in this morning and tried a few things. I tried using -p to specifiy my .conf file. THat seemed to work. Using preference: sa-learn --dump magic -p /usr/local/etc/MailScanner/spam.assassin.prefs.conf 0.000 0 3 0 non-token data: bayes db version 0.000 0 1708 0 non-token data: nspam 0.000 0 4297 0 non-token data: nham 0.000 0 116128 0 non-token data: ntokens 0.000 0 1117950182 0 non-token data: oldest atime 0.000 0 1120060416 0 non-token data: newest atime 0.000 0 1120059537 0 non-token data: last journal sync atime 0.000 0 1120056393 0 non-token data: last expiry atime 0.000 0 2096156 0 non-token data: last expire atime delta 0.000 0 38206 0 non-token data: last expire reduction coun Looks much better. Like it should. It appears to have some good data in it, now I just need to get bayes working better so it can start spam killing. Jason ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Wed Jun 29 16:56:43 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:10 2006 Subject: File type rulesets Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field spake the following on 6/29/2005 4:13 AM: > On 29 Jun 2005, at 10:55, Michele Neylon wrote: > >> Julian Field <> scribbled on 29 June 2005 10:41: >> >> >>> Where you say >>> Filename Rules = %etc-dir%/filename.rules I think you mean Filename >>> Rules = %rules-dir%/filename.rules and immediately below it I would >>> say "/etc/MailScanner/rules" >>> >> >> Does it matter which directory the .rules > > > No, I just think it helps people to keep everything consistent. > >> >>> >>> START READING HERE >>> >>> >> >> >> >>> Cool huh? >>> >>> >> Damn. Now he tells me :( > > > MailScanner's configuration system is a bit cleverer than most people > realise. > :) I bet Julian is on the spammers 10 most hated list!! And if he isn't number one, he will be. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From gmatt at nerc.ac.uk Wed Jun 29 18:19:38 2005 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Thu Jan 12 21:30:10 2006 Subject: The Book -- new edition Message-ID: been lurking on this thread and just took a look through the wiki again and I thought of something that should go in one of these... testing. Its all very well to say "test your systems" but some sort of explanation of how to go about testing your lovely new mail systems configuration without exposing live email to possible problems would be great. At very least this should include MTA/MS/SA/related software config sanity checking, and how to push a few test emails through the system. How about gathering a days worth of qf files with null df files to send through? thoughts? GREG -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From sdouglas at netnettech.com Wed Jun 29 18:58:25 2005 From: sdouglas at netnettech.com (Steve Douglas) Date: Thu Jan 12 21:30:10 2006 Subject: Syntax Error That Doesn't Exist, Yet MS Thinks It Does Message-ID: My Mail Logs State the following: Jun 29 12:03:01 hprh MailScanner[5948]: Syntax error(s) in configuration file: Jun 29 12:03:01 hprh MailScanner[5948]: Unrecognised keyword "logiframetages" at line 497 Jun 29 12:03:01 hprh MailScanner[5948]: Aborting due to syntax errors in /etc/MailScanner/MailScanner.conf. My actual MailScanner on this line states the following: # Banning