From james_gray at ocs.com Tue Mar 1 01:11:59 2005 From: james_gray at ocs.com (James Gray) Date: Thu Jan 12 21:28:45 2006 Subject: [messed] up Perl? Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Tue, 1 Mar 2005 06:43 am, michele wrote: > On Mon, 2005-02-28 at 20:39 +0100, Wietse Muizelaar wrote: > > Hi, > > > > I seem to have a fucked up perl system, and I'm not sure on how to fix > > this > > > > :) > > Before you get a slap from anyone else I would recommend you refer to > your Perl as "screwed up", "b0rk" or any variation you wish, however the > usage of expletives is generally frowned upon Plus expletives get caught by my spamassassin rules and dumped. I pulled this one out of quarantine. Expletives have no place in a professional forum. -- James ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at BARENDSE.TO Tue Mar 1 09:01:06 2005 From: mailscanner at BARENDSE.TO (Remco Barendse) Date: Thu Jan 12 21:28:45 2006 Subject: SpamAssassin 3.0.2 will not update from install-Clam-SA Message-ID: I've sent this problem to the mailinglist before but at the time no solution for the problem. I'm using the tarball of install-Clam-SA version to update SpamAssassin and some other modules. However, it seems that the check in the script is not working properly, it keeps reporting that the latest version is already installed when in fact it is not: Oh good, module Mail::SpamAssassin version 3.0.2 is already installed. [root@lgw install-Clam-SA]# spamassassin --version SpamAssassin version 3.0.0 running on Perl version I suspect that the script may do this for other modules as well. I do not have 2 installations of perl in place, already checked that. Any idea where the problem is or how I can force the script to re-install everything? Thanks!! Remco ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Mar 1 09:11:38 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:45 2006 Subject: Beta release 4.39.4 Message-ID: Does it do rar extraction by default???? Looking at the docs I'm not sure it does. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Julian Field wrote: > Peter Bonivart wrote: > >> Martin Hepworth wrote: >> >>> on newer clam versions I believe this is clamd.conf. Both the daemon and >>> non-daemon versions now use the same defaults file I believe. >> >> >> >> They renamed the file from clamav.conf to clamd.conf to lessen the >> confusion about what it configured. It only configures clamd, not >> clamscan. > > > So what configures clamscan? Just the MailScanner -wrapper script? > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Mar 1 09:24:44 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:45 2006 Subject: Beta release 4.39.4 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] ClamAV can do it. So just use clamav or clamavmodule in your list of virus scanners. Martin Hepworth wrote: > Does it do rar extraction by default???? Looking at the docs I'm not > sure it does. > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Julian Field wrote: > >> Peter Bonivart wrote: >> >>> Martin Hepworth wrote: >>> >>>> on newer clam versions I believe this is clamd.conf. Both the >>>> daemon and >>>> non-daemon versions now use the same defaults file I believe. >>> >>> >>> >>> >>> They renamed the file from clamav.conf to clamd.conf to lessen the >>> confusion about what it configured. It only configures clamd, not >>> clamscan. >> >> >> >> So what configures clamscan? Just the MailScanner -wrapper script? >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From David.While at UCE.AC.UK Tue Mar 1 09:30:38 2005 From: David.While at UCE.AC.UK (David While) Date: Thu Jan 12 21:28:45 2006 Subject: New virus?? Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have just started to receive the following warnings. It appears that only Bitdefender currently spots this virus (I run Bitdefender, ClamAV, F-Prot and Antivir). Anyone else seeing it?? The following e-mails were found to have: Bad Filename Detected : Virus Detected Sender: xxxx@xxxxxxxxxxIP Address: 65.116.165.251 Recipient: belfast@boys-brigade.org.uk Subject: MessageID: j215N9QK011410 Report: Bitdefender: Found virus BehavesLike:Win32.SiteHijack in file price_new.zip Bitdefender: Found virus BehavesLike:Win32.SiteHijack in file prs_03.exe MailScanner: Executable DOS/Windows programs are dangerous in email (prs_03.exe) No programs allowed (prs_03.exe) Report: Bitdefender: Found virus BehavesLike:Win32.SiteHijack in file prs_03.exe MailScanner: Executable DOS/Windows programs are dangerous in email (prs_03.exe) No programs allowed (prs_03.exe) -- MailScanner Email Virus Scanner www.mailscanner.info From martinh at SOLID-STATE-LOGIC.COM Tue Mar 1 09:38:57 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:45 2006 Subject: Beta release 4.39.4 Message-ID: Julian no beta info on the downloads web page... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Julian Field wrote: > ClamAV can do it. So just use clamav or clamavmodule in your list of > virus scanners. > > Martin Hepworth wrote: > >> Does it do rar extraction by default???? Looking at the docs I'm not >> sure it does. >> >> >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >> >> Julian Field wrote: >> >>> Peter Bonivart wrote: >>> >>>> Martin Hepworth wrote: >>>> >>>>> on newer clam versions I believe this is clamd.conf. Both the >>>>> daemon and >>>>> non-daemon versions now use the same defaults file I believe. >>>> >>>> >>>> >>>> >>>> >>>> They renamed the file from clamav.conf to clamd.conf to lessen the >>>> confusion about what it configured. It only configures clamd, not >>>> clamscan. >>> >>> >>> >>> >>> So what configures clamscan? Just the MailScanner -wrapper script? >>> >>> -- >>> Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> Professional Support Services at www.MailScanner.biz >>> MailScanner thanks transtec Computers for their support >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >> >> >> >> ********************************************************************** >> >> This email and any files transmitted with it are confidential and >> intended solely for the use of the individual or entity to whom they >> are addressed. If you have received this email in error please notify >> the system manager. >> >> This footnote confirms that this email message has been swept >> for the presence of computer viruses and is believed to be clean. >> >> ********************************************************************** >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Mar 1 09:43:45 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:45 2006 Subject: ANNOUNCE: MailScanner stable release 4.39.5 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have just released the latest stable version, 4.39.5. This release contains some more configuration options for users of the 'clamavmodule' virus scanner, and some more improvements to the phishing net. It also contains a 'starter list' of sites to stop false alarms from the phishing net. There are also quite a few bug-fixes. You can download it as usual from www.mailscanner.info. The full Change Log is: * New Features and Improvements * - If the AttachmentWarning message put into a message is empty (zero-length) then the empty attachment won't be added to the message at all. - Added scanning of PE's by default to clamavmodule scanner. - Added feature when IP address in a ruleset has all 4 numbers, so that a full string match is done against the client IP, not a substring match. - Added support for output from latest F-Prot and archive bomb detection. - Set all virus scanners to SUPPORTED so no tweaking needed by users. - Added 4 new configuration options for setting all ClamAV settings when using the "clamavmodule" scanner: ClamAVmodule Maximum Recursion Level ClamAVmodule Maximum Files ClamAVmodule Maximum File Size ClamAVmodule Maximum Compression Ratio - Phishing net now traps website names containing unicode characters. * Fixes * - Corrected problem with tags that have no text contents and no . - 2 minor typos in the Swedish reports. - Changed check_MailScanner to check_mailscanner in cron job. - Fixed problem where files with no extension, inside a zip file, were extracted with ".dat" added onto the end of them. - Fixed problem with phishing net being confused by some malformed URLs. - Syslog calls are forced to 8-bit characters. - Fixed problems with nested input queues not being used consistently. - Custom Function reader no longer includes Debian dpkg files it should ignore. - Fixed problems with messages being rebuilt just because they contain or . - Fixed problems with some messages with sendmail nested input queue but flat output queue. - Fixed problem where an infected spam message containing a broken zip file could break MailScanner when delivered as an RFC-822 attachment to a new message. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Tue Mar 1 09:03:46 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:28:46 2006 Subject: SpamAssassin 3.0.2 will not update from install-Clam-SA Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I had the same problem. For me it only worked when I removed my spamassassin instalation and then installed again using the tarball version. ----- Original Message ----- From: "Remco Barendse" To: Sent: Tuesday, March 01, 2005 6:01 AM Subject: SpamAssassin 3.0.2 will not update from install-Clam-SA > I've sent this problem to the mailinglist before but at the time no > solution for the problem. > > I'm using the tarball of install-Clam-SA version to update SpamAssassin > and some other modules. > > However, it seems that the check in the script is not working properly, it > keeps reporting that the latest version is already installed when in fact > it is not: > > Oh good, module Mail::SpamAssassin version 3.0.2 is already installed. > > [root@lgw install-Clam-SA]# spamassassin --version > SpamAssassin version 3.0.0 > running on Perl version > > > I suspect that the script may do this for other modules as well. I do not > have 2 installations of perl in place, already checked that. > > Any idea where the problem is or how I can force the script to re-install > everything? > > Thanks!! > Remco > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Tue Mar 1 09:05:03 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:28:46 2006 Subject: New virus?? Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ]  I'm receiving lots of this warnings too, only from bitdefender... ----- Original Message ----- From: David While To: MAILSCANNER@JISCMAIL.AC.UK Sent: Tuesday, March 01, 2005 6:30 AM Subject: New virus?? I have just started to receive the following warnings. It appears that only Bitdefender currently spots this virus (I run Bitdefender, ClamAV, F-Prot and Antivir). Anyone else seeing it?? The following e-mails were found to have: Bad Filename Detected : Virus Detected Sender: xxxx@xxxxxxxxxxIP Address: 65.116.165.251 Recipient: belfast@boys-brigade.org.uk Subject: MessageID: j215N9QK011410 Report: Bitdefender: Found virus BehavesLike:Win32.SiteHijack in file price_new.zip Bitdefender: Found virus BehavesLike:Win32.SiteHijack in file prs_03.exe MailScanner: Executable DOS/Windows programs are dangerous in email (prs_03.exe) No programs allowed (prs_03.exe) Report: Bitdefender: Found virus BehavesLike:Win32.SiteHijack in file prs_03.exe MailScanner: Executable DOS/Windows programs are dangerous in email (prs_03.exe) No programs allowed (prs_03.exe) -- MailScanner Email Virus Scanner www.mailscanner.info ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From patrik.runald at F-SECURE.COM Tue Mar 1 09:55:47 2005 From: patrik.runald at F-SECURE.COM (Runald, Patrik) Date: Thu Jan 12 21:28:46 2006 Subject: New virus?? Message-ID: Hi. This is one of the three new Bagle variants found this morning. All three have been seeded this morning. Regards, Patrik > I have just started to receive the following warnings. It appears that only Bitdefender > currently spots this virus (I run Bitdefender, ClamAV, F-Prot and Antivir). > > Anyone else seeing it?? > > The following e-mails were found to have: Bad Filename Detected : Virus Detected > Sender: xxxx@xxxxxxxxxxIP Address: 65.116.165.251 > Recipient: belfast@boys-brigade.org.uk > Subject: > MessageID: j215N9QK011410 > Report: Bitdefender: Found virus BehavesLike:Win32.SiteHijack in file price_new.zip > Bitdefender: Found virus BehavesLike:Win32.SiteHijack in file prs_03.exe > MailScanner: Executable DOS/Windows programs are dangerous in email (prs_03.exe) > No programs allowed (prs_03.exe) > Report: Bitdefender: Found virus BehavesLike:Win32.SiteHijack in file prs_03.exe > MailScanner: Executable DOS/Windows programs are dangerous in email (prs_03.exe) > No programs allowed (prs_03.exe) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Christo at IT4AFRICA.CO.ZA Tue Mar 1 10:13:07 2005 From: Christo at IT4AFRICA.CO.ZA (Christo Bezuidenhout) Date: Thu Jan 12 21:28:46 2006 Subject: New virus?? {Virus Scanned} Message-ID: AVP detects it as MessageID: j216HARt001752 Report: [newprice.zip] prs_03.exe: Infected: Email-Worm.Win32.Bagle.bd [AVP] This avp is part of the F-Secure Suite.   From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Roger Jochem Sent: 01 March 2005 11:05 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: New virus?? {Virus Scanned} I'm receiving lots of this warnings too, only from bitdefender... ----- Original Message ----- From: mailto:David.While@UCE.AC.UK David While To: mailto:MAILSCANNER@JISCMAIL.AC.UK MAILSCANNER@JISCMAIL.AC.UK Sent: Tuesday, March 01, 2005 6:30 AM Subject: New virus?? I have just started to receive the following warnings. It appears that only Bitdefender currently spots this virus (I run Bitdefender, ClamAV, F-Prot and Antivir).   Anyone else seeing it??   The following e-mails were found to have: Bad Filename Detected : Virus Detected Sender: mailto:xxxx@xxxxxxxxxxIP xxxx@xxxxxxxxxxIP Address: 65.116.165.251 Recipient: mailto:belfast@boys-brigade.org.uk belfast@boys-brigade.org.uk Subject: MessageID: j215N9QK011410 Report: Bitdefender: Found virus BehavesLike:Win32.SiteHijack in file price_new.zip Bitdefender: Found virus BehavesLike:Win32.SiteHijack in file prs_03.exe MailScanner: Executable DOS/Windows programs are dangerous in email (prs_03.exe) No programs allowed (prs_03.exe) Report: Bitdefender: Found virus BehavesLike:Win32.SiteHijack in file prs_03.exe MailScanner: Executable DOS/Windows programs are dangerous in email (prs_03.exe) No programs allowed (prs_03.exe)   -- MailScanner Email Virus Scanner www.mailscanner.info www.mailscanner.info ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ ( http://www.mailscanner.biz/maq/ http://www.mailscanner.biz/maq/ ) and the archives ( http://www.jiscmail.ac.uk/lists/mailscanner.html http://www.jiscmail.ac.uk/lists/mailscanner.html ). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From prandal at HEREFORDSHIRE.GOV.UK Tue Mar 1 11:21:10 2005 From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil) Date: Thu Jan 12 21:28:46 2006 Subject: New virus?? Message-ID: We've received a couple of dozen since around 01:30 GMT. I've submitted a sample to virustotal.com, jotti.org, clamav.net and McAfee's webimmune.net. virustotal.com identifies it as W32.Bagle.bg (Kapersky), W32/Bagle.bl (F-Prot). virusscan.jotti.org calls it various things - Trojan.Dropper.Win32.FreshBind.11.b (and variants thereof). webimmune.net detected it heuristically as a Bagle variant, but McAfee's latest daily test DATs didn't pick it up. Well done Bitdefender. Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK ________________________________________________________________________________ From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Roger Jochem Sent: 01 March 2005 09:05 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: New virus?? I'm receiving lots of this warnings too, only from bitdefender... ----- Original Message ----- From: David While To: MAILSCANNER@JISCMAIL.AC.UK Sent: Tuesday, March 01, 2005 6:30 AM Subject: New virus?? I have just started to receive the following warnings. It appears that only Bitdefender currently spots this virus (I run Bitdefender, ClamAV, F-Prot and Antivir). Anyone else seeing it?? The following e-mails were found to have: Bad Filename Detected : Virus Detected Sender: xxxx@xxxxxxxxxxIP Address: 65.116.165.251 Recipient: belfast@boys-brigade.org.uk Subject: MessageID: j215N9QK011410 Report: Bitdefender: Found virus BehavesLike:Win32.SiteHijack in file price_new.zip Bitdefender: Found virus BehavesLike:Win32.SiteHijack in file prs_03.exe MailScanner: Executable DOS/Windows programs are dangerous in email (prs_03.exe) No programs allowed (prs_03.exe) Report: Bitdefender: Found virus BehavesLike:Win32.SiteHijack in file prs_03.exe MailScanner: Executable DOS/Windows programs are dangerous in email (prs_03.exe) No programs allowed (prs_03.exe) -- MailScanner Email Virus Scanner www.mailscanner.info ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Tue Mar 1 10:41:04 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:28:46 2006 Subject: Best value anti-virus programs Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thats true... There is no free update for the free version... See the Panda's answer to a message I send them: Right now, Panda Freeware is not entitled to updates for being a freeware version. As the fact that our freeware users are not able to update the virus signature file is also a big concern for us, we requested some time ago a change in this process that would allow you to work with an actualised antivirus. Thanks for your interest in our products and sending us your comments. ----- Original Message ----- From: "Paul Welsh" To: Sent: Monday, February 28, 2005 8:42 PM Subject: Re: Best value anti-virus programs > I may have another candidate for best value anti-virus program, Panda > Antivirus for Linux, which is being given away for free - see > http://www.pandasoftware.com/download/linux/linux.asp. > > Problem is, I can find nothing on Panda's web site to explain how one > obtains updated virus signature files without paying for a subscription. I > guess the thing to do is to purchase their PC product Panda Titanium > Antivirus 2005 for £24 from Amazon and that way you'll get a username and > password in order to download updates for a year. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From prandal at HEREFORDSHIRE.GOV.UK Tue Mar 1 11:39:17 2005 From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil) Date: Thu Jan 12 21:28:46 2006 Subject: New virus?? Message-ID: Oops, jotti.org identified it as Bagle.bl too. Must learn to read... Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK ________________________________________________________________________________ From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Randal, Phil Sent: 01 March 2005 11:21 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: New virus?? We've received a couple of dozen since around 01:30 GMT. I've submitted a sample to virustotal.com, jotti.org, clamav.net and McAfee's webimmune.net. virustotal.com identifies it as W32.Bagle.bg (Kapersky), W32/Bagle.bl (F-Prot). virusscan.jotti.org calls it various things - Trojan.Dropper.Win32.FreshBind.11.b (and variants thereof). webimmune.net detected it heuristically as a Bagle variant, but McAfee's latest daily test DATs didn't pick it up. Well done Bitdefender. Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK ________________________________________________________________________________ From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Roger Jochem Sent: 01 March 2005 09:05 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: New virus?? I'm receiving lots of this warnings too, only from bitdefender... ----- Original Message ----- From: David While To: MAILSCANNER@JISCMAIL.AC.UK Sent: Tuesday, March 01, 2005 6:30 AM Subject: New virus?? I have just started to receive the following warnings. It appears that only Bitdefender currently spots this virus (I run Bitdefender, ClamAV, F-Prot and Antivir). Anyone else seeing it?? The following e-mails were found to have: Bad Filename Detected : Virus Detected Sender: xxxx@xxxxxxxxxxIP Address: 65.116.165.251 Recipient: belfast@boys-brigade.org.uk Subject: MessageID: j215N9QK011410 Report: Bitdefender: Found virus BehavesLike:Win32.SiteHijack in file price_new.zip Bitdefender: Found virus BehavesLike:Win32.SiteHijack in file prs_03.exe MailScanner: Executable DOS/Windows programs are dangerous in email (prs_03.exe) No programs allowed (prs_03.exe) Report: Bitdefender: Found virus BehavesLike:Win32.SiteHijack in file prs_03.exe MailScanner: Executable DOS/Windows programs are dangerous in email (prs_03.exe) No programs allowed (prs_03.exe) -- MailScanner Email Virus Scanner www.mailscanner.info ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Tue Mar 1 12:33:34 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:46 2006 Subject: New virus?? Message-ID: Did more or less the same and got an extra.dat from McAfee that identifies at least two (different) types as "W32/Bagle.dldr (ED) virus", while still missing the third variant we've gotten (so far). Of course submitted that one too. Boy am I glad for BitDefender today... Got the first ones "heuristically" as "BehavesLike:Win32.SiteHijack" and (after a virus update either Win32.Bagle.BF@mm or "Trojan.Bagle.BE"... And these would have gotten through (well, most at least, since Clam would have gotten the "Trojan.Bagle.BE" as "Trojan.Small-57-3") if I'd just relied on McAfee and Clamav. -- Glenn -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Randal, Phil Sent: den 1 mars 2005 12:21 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: New virus?? We've received a couple of dozen since around 01:30 GMT. I've submitted a sample to virustotal.com, jotti.org, clamav.net and McAfee's webimmune.net. virustotal.com identifies it as W32.Bagle.bg (Kapersky), W32/Bagle.bl (F-Prot). virusscan.jotti.org calls it various things - Trojan.Dropper.Win32.FreshBind.11.b (and variants thereof). webimmune.net detected it heuristically as a Bagle variant, but McAfee's latest daily test DATs didn't pick it up. Well done Bitdefender. Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK ________________________________________________________________________________ From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Roger Jochem Sent: 01 March 2005 09:05 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: New virus?? I'm receiving lots of this warnings too, only from bitdefender... ----- Original Message ----- From: David While To: MAILSCANNER@JISCMAIL.AC.UK Sent: Tuesday, March 01, 2005 6:30 AM Subject: New virus?? I have just started to receive the following warnings. It appears that only Bitdefender currently spots this virus (I run Bitdefender, ClamAV, F-Prot and Antivir). Anyone else seeing it?? The following e-mails were found to have: Bad Filename Detected : Virus Detected Sender: xxxx@xxxxxxxxxxIP Address: 65.116.165.251 Recipient: belfast@boys-brigade.org.uk Subject: MessageID: j215N9QK011410 Report: Bitdefender: Found virus BehavesLike:Win32.SiteHijack in file price_new.zip Bitdefender: Found virus BehavesLike:Win32.SiteHijack in file prs_03.exe MailScanner: Executable DOS/Windows programs are dangerous in email (prs_03.exe) No programs allowed (prs_03.exe) Report: Bitdefender: Found virus BehavesLike:Win32.SiteHijack in file prs_03.exe MailScanner: Executable DOS/Windows programs are dangerous in email (prs_03.exe) No programs allowed (prs_03.exe) -- MailScanner Email Virus Scanner www.mailscanner.info ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ^@ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From patrik.runald at F-SECURE.COM Tue Mar 1 12:53:34 2005 From: patrik.runald at F-SECURE.COM (Runald, Patrik) Date: Thu Jan 12 21:28:46 2006 Subject: New virus?? Message-ID: It's been a busy morning. All in all we've found five new variants of Bagle two of which could be considered trojans and not e-mail worms as they don't actively spread via e-mail. Some AV vendors might detect some of them using the same name for two or more variants. Regards, Patrik --- Patrik Runald, Technical Manager F-Secure UK ________________________________________________________________________________ From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Steen, Glenn Sent: Tuesday, March 01, 2005 12:34 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: New virus?? Did more or less the same and got an extra.dat from McAfee that identifies at least two (different) types as "W32/Bagle.dldr (ED) virus", while still missing the third variant we've gotten (so far). Of course submitted that one too. Boy am I glad for BitDefender today... Got the first ones "heuristically" as "BehavesLike:Win32.SiteHijack" and (after a virus update either Win32.Bagle.BF@mm or "Trojan.Bagle.BE"... And these would have gotten through (well, most at least, since Clam would have gotten the "Trojan.Bagle.BE" as "Trojan.Small-57-3") if I'd just relied on McAfee and Clamav. -- Glenn -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Randal, Phil Sent: den 1 mars 2005 12:21 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: New virus?? We've received a couple of dozen since around 01:30 GMT. I've submitted a sample to virustotal.com, jotti.org, clamav.net and McAfee's webimmune.net. virustotal.com identifies it as W32.Bagle.bg (Kapersky), W32/Bagle.bl (F-Prot). virusscan.jotti.org calls it various things - Trojan.Dropper.Win32.FreshBind.11.b (and variants thereof). webimmune.net detected it heuristically as a Bagle variant, but McAfee's latest daily test DATs didn't pick it up. Well done Bitdefender. Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK ________________________________________________________________________________ From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Roger Jochem Sent: 01 March 2005 09:05 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: New virus?? I'm receiving lots of this warnings too, only from bitdefender... ----- Original Message ----- From: David While To: MAILSCANNER@JISCMAIL.AC.UK Sent: Tuesday, March 01, 2005 6:30 AM Subject: New virus?? I have just started to receive the following warnings. It appears that only Bitdefender currently spots this virus (I run Bitdefender, ClamAV, F-Prot and Antivir). Anyone else seeing it?? The following e-mails were found to have: Bad Filename Detected : Virus Detected Sender: xxxx@xxxxxxxxxxIP Address: 65.116.165.251 Recipient: belfast@boys-brigade.org.uk Subject: MessageID: j215N9QK011410 Report: Bitdefender: Found virus BehavesLike:Win32.SiteHijack in file price_new.zip Bitdefender: Found virus BehavesLike:Win32.SiteHijack in file prs_03.exe MailScanner: Executable DOS/Windows programs are dangerous in email (prs_03.exe) No programs allowed (prs_03.exe) Report: Bitdefender: Found virus BehavesLike:Win32.SiteHijack in file prs_03.exe MailScanner: Executable DOS/Windows programs are dangerous in email (prs_03.exe) No programs allowed (prs_03.exe) -- MailScanner Email Virus Scanner www.mailscanner.info ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Tue Mar 1 12:55:25 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:46 2006 Subject: Best value anti-virus programs Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hm, well... I for one got a bit miffed by that "strategic sales maneuver" by Panda. Since AV is never better than its updates, calling it free without giving away the updates is just plain ...unprintable... BTW, I saw your question to BD on their user list, and their answer. AFAICS that clears any questions about the state of the updates for BD (I'm not including it here... If you'd like to do so Paul, please do at your discretion). ... It further makes plain their "sales pitch" for their "BD for " products, which are MailScanner "workalikes" AFAICS. -- Glenn > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Paul Welsh > Sent: den 1 mars 2005 00:42 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Best value anti-virus programs > > > I may have another candidate for best value anti-virus program, Panda > Antivirus for Linux, which is being given away for free - see > http://www.pandasoftware.com/download/linux/linux.asp. > > Problem is, I can find nothing on Panda's web site to explain how one > obtains updated virus signature files without paying for a > subscription. I > guess the thing to do is to purchase their PC product Panda Titanium > Antivirus 2005 for £24 from Amazon and that way you'll get a > username and > password in order to download updates for a year. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Tue Mar 1 13:05:32 2005 From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:28:46 2006 Subject: Best value anti-virus programs Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > Thats true... There is no free update for the free version... > See the Panda's answer to a message I send them: > > Right now, Panda Freeware is not entitled to updates for > being a freeware version. > As the fact that our freeware users are not able to update > the virus signature file is also a big concern for us, we > requested some time ago a change in this process that would > allow you to work with an actualised antivirus. > Thanks for your interest in our products and sending us your comments. > > > ----- Original Message ----- > From: "Paul Welsh" > To: > Sent: Monday, February 28, 2005 8:42 PM > Subject: Re: Best value anti-virus programs > > >> I may have another candidate for best value anti-virus program, Panda >> Antivirus for Linux, which is being given away for free - see >> http://www.pandasoftware.com/download/linux/linux.asp. >> >> Problem is, I can find nothing on Panda's web site to explain how one >> obtains updated virus signature files without paying for a > subscription. > I >> guess the thing to do is to purchase their PC product Panda Titanium >> Antivirus 2005 for £24 from Amazon and that way you'll get a >> username and password in order to download updates for a year. >> I went down the paid route with them about 18 months ago. It was painful. It made me cry. You try to contact them and you get back a response which bears no relation to your query. One might try to argue that it was a language issue, but considering that I tried dealing with them in 3 different countries I finally concluded that they were simply "stupid". I asked for information on accessing the updates etc., which I had paid for. They refunded my credit card. Mad! Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location & domains http://www.blacknight.ie/ Tel. +353 59 9137101 Fax. +353 59 9146970 http://www.blacknight.ie/specialoffers.html ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Tue Mar 1 13:16:18 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:28:46 2006 Subject: New virus?? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Bitdefender on FreeBSD didnt detect any of them, BD on rhel4 detected loads :( ANyone using Bitdefender on Freebsdd wanna give me any off list tips? Runald, Patrik wrote: > It's been a busy morning. All in all we've found five new variants of > Bagle two of which could be > considered trojans and not e-mail worms as they don't actively spread > via e-mail. Some AV vendors > might detect some of them using the same name for two or more variants. > > Regards, > Patrik > > --- > Patrik Runald, > Technical Manager > F-Secure UK > > > ------------------------------------------------------------------------ > *From:* MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] > *On Behalf Of *Steen, Glenn > *Sent:* Tuesday, March 01, 2005 12:34 PM > *To:* MAILSCANNER@JISCMAIL.AC.UK > *Subject:* Re: New virus?? > > Did more or less the same and got an extra.dat from McAfee that > identifies at > least two (different) types as "W32/Bagle.dldr (ED) virus", while > still missing the > third variant we've gotten (so far). Of course submitted that one too. > > Boy am I glad for BitDefender today... Got the first ones > "heuristically" as > "BehavesLike:Win32.SiteHijack" and (after a virus update either > Win32.Bagle.BF@mm or "Trojan.Bagle.BE"... > And these would have gotten > through (well, most at least, since Clam would have gotten the > "Trojan.Bagle.BE" > as "Trojan.Small-57-3") if I'd just relied on McAfee and Clamav. > > -- Glenn > > -----Original Message----- > *From:* MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] *On Behalf Of *Randal, Phil > *Sent:* den 1 mars 2005 12:21 > *To:* MAILSCANNER@JISCMAIL.AC.UK > *Subject:* Re: New virus?? > > We've received a couple of dozen since around 01:30 GMT. > > I've submitted a sample to virustotal.com, jotti.org, clamav.net > and McAfee's webimmune.net. > > virustotal.com identifies it as W32.Bagle.bg (Kapersky), > W32/Bagle.bl (F-Prot). > > virusscan.jotti.org calls it various things - > Trojan.Dropper.Win32.FreshBind.11.b (and variants thereof). > > webimmune.net detected it heuristically as a Bagle variant, but > McAfee's latest daily test DATs didn't pick it up. > > Well done Bitdefender. > > Cheers, > > Phil > > ---- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > > > > ------------------------------------------------------------------------ > *From:* MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] *On Behalf Of *Roger Jochem > *Sent:* 01 March 2005 09:05 > *To:* MAILSCANNER@JISCMAIL.AC.UK > *Subject:* Re: New virus?? > > I'm receiving lots of this warnings too, only from > bitdefender... > > ----- Original Message ----- > *From:* David While > *To:* MAILSCANNER@JISCMAIL.AC.UK > > *Sent:* Tuesday, March 01, 2005 6:30 AM > *Subject:* New virus?? > > I have just started to receive the following warnings. > It appears that only Bitdefender currently spots this > virus (I run Bitdefender, ClamAV, F-Prot and Antivir). > > Anyone else seeing it?? > > > The following e-mails were found to have: Bad Filename > Detected : Virus Detected > > Sender: xxxx@xxxxxxxxxxIP > Address: 65.116.165.251 > > Recipient: belfast@boys-brigade.org.uk > > > Subject: > > MessageID: j215N9QK011410 > > Report: Bitdefender: Found virus > BehavesLike:Win32.SiteHijack in file price_new.zip > > Bitdefender: Found virus BehavesLike:Win32.SiteHijack in > file prs_03.exe > > MailScanner: Executable DOS/Windows programs are > dangerous in email (prs_03.exe) > > No programs allowed (prs_03.exe) > > Report: Bitdefender: Found virus > BehavesLike:Win32.SiteHijack in file prs_03.exe > > MailScanner: Executable DOS/Windows programs are > dangerous in email (prs_03.exe) > > No programs allowed (prs_03.exe) > > > > -- > > MailScanner > > Email Virus Scanner > > _www.mailscanner.info_ > > ------------------------ MailScanner list > ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the > website!* > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jep at OBRIEN-PIFER.COM Tue Mar 1 13:16:31 2005 From: jep at OBRIEN-PIFER.COM (James Pifer) Date: Thu Jan 12 21:28:46 2006 Subject: Maybe OT: lame server resolving 'x.x.x.x.ipwhois.rfc-ignorant.org' Message-ID: It's been a while since I've been on the list, and probably time I update my mailscanner installation, but it's been running pretty well for quite some time. Lately I've had some DNS problems, where my DNS server, bind 9, stops resolving correctly. Restarting the service seems to resolve it for an undetermined amount of time before it happens again. In troubleshooting this I found that I am getting tons of these entires in the messages log: lame server resolving '2.216.14.194.ipwhois.rfc-ignorant.org' I've googled and searched mailscanner's archive but so far haven't found a resolution. I commented these out of spam.lists.conf and reloaded MailScanner but that didn't seem to be causing it. #RFC-IGNORANT-DSN dsn.rfc-ignorant.org. #RFC-IGNORANT-POSTMASTER postmaster.rfc-ignorant.org. #RFC-IGNORANT-ABUSE abuse.rfc-ignorant.org. #RFC-IGNORANT-WHOIS whois.rfc-ignorant.org. #RFC-IGNORANT-IPWHOIS ipwhois.rfc-ignorant.org. Can anyone tell me how to properly stop these messages? I've seen a way to ignore them, but I'd rather stop them from happening in the first place. Any help is appreciated. James ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Tue Mar 1 13:43:51 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:28:46 2006 Subject: bitdefender FreeBSD Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have bitdefender installed in Freebsd and it appears to work ok if you for 'bdc' in the shell. But none of the wrapper scripts work. I have downloaded latest tar of MS and extract the wrapper and i get the same result when run from the shell. And BD doesnt appear to work from within MailLScanner either. running bitdefender-wrapper or running /usr/local/libexec/MailScanner/bitdefender-wrapper /opt/bdc produces the same results. -su-2.05b# /usr/local/libexec/MailScanner/bitdefender-wrapper /opt/bdc cat: /tmp/log.bdc.3202: No such file or directory rm: /tmp/log.bdc.3202: No such file or directory Running the clam av command from virus.scanners seems to work perfectly. /usr/local/libexec/MailScanner/clamav-wrapper /usr/local Any ideas what i need to do get this working? Thanks in advance Pete ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Tue Mar 1 14:11:55 2005 From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:28:46 2006 Subject: Maybe OT: lame server resolving 'x.x.x.x.ipwhois.rfc-ignorant.org' Message-ID: > Hello, > >> this I found that I am getting tons of these entires in the messages >> log: lame server resolving '2.216.14.194.ipwhois.rfc-ignorant.org' > > ipwhois.rfc-ignorant.org has been deprecated on 1/1/2005, see: > http://lists.megacity.org/pipermail/rfci-discuss/2004-October/ > 003094.html > > To get rid of the DNS-delays, set in spam.assassin.prefs.conf: score > RCVD_IN_RFCI 0.0 > You need to define it first or it will break :) Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location & domains http://www.blacknight.ie/ Tel. +353 59 9137101 Fax. +353 59 9146970 http://www.blacknight.ie/specialoffers.html ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From stef at L5NET.NET Tue Mar 1 15:51:59 2005 From: stef at L5NET.NET (Stef Morrell) Date: Thu Jan 12 21:28:46 2006 Subject: Reports not attached after upgrade to 4.39.5 Message-ID: Hi guys, I've just upgraded from 4.38.9 to 4.39.5. As part of my testing I sent myself an EICAR and noted that I didn't get the normal attachment with the "we found blah virus" and "quarantined it here" and what have you. I didn't have this problem with 4.38.9 so I'm guessing I've missed a step or made a stupid mistake. I've run upgrade_MailScanner_conf, copied my rules and reports directories and run upgrade_languages_conf (in that order!). Any help appreciated. Stef Stefan Morrell | Operations Director Tel: 0870 365 2813 | Level 5 Internet Ltd Fax: 0192 450 7307 | Part of the Alpha Omega Group stef@l5net.net | stef@aoc-uk.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jep at OBRIEN-PIFER.COM Tue Mar 1 14:18:46 2005 From: jep at OBRIEN-PIFER.COM (James Pifer) Date: Thu Jan 12 21:28:46 2006 Subject: Maybe OT: lame server resolving 'x.x.x.x.ipwhois.rfc-ignorant.org' Message-ID: On Tue, 2005-03-01 at 09:11, Michele Neylon :: Blacknight Solutions wrote: > > Hello, > > > >> this I found that I am getting tons of these entires in the messages > >> log: lame server resolving '2.216.14.194.ipwhois.rfc-ignorant.org' > > > > ipwhois.rfc-ignorant.org has been deprecated on 1/1/2005, see: > > http://lists.megacity.org/pipermail/rfci-discuss/2004-October/ > > 003094.html > > > > To get rid of the DNS-delays, set in spam.assassin.prefs.conf: score > > RCVD_IN_RFCI 0.0 > > > You need to define it first or it will break :) > What do you mean define it first? Thanks, James ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Tue Mar 1 14:19:56 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:46 2006 Subject: bitdefender FreeBSD Message-ID: Try /usr/local/libexec/MailScanner/bitdefender-wrapper /opt/bdc . .... And (looking at SweepViruses.pm) perhaps /usr/local/libexec/MailScanner/bitdefender-wrapper /opt/bdc --arc --mail --all . ... Still no go? -- Glenn > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Pete Russell > Sent: den 1 mars 2005 14:44 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: bitdefender FreeBSD > > > I have bitdefender installed in Freebsd and it appears to > work ok if you > for 'bdc' in the shell. But none of the wrapper scripts work. I have > downloaded latest tar of MS and extract the wrapper and i get the same > result when run from the shell. And BD doesnt appear to work > from within > MailLScanner either. > > running bitdefender-wrapper > or running > /usr/local/libexec/MailScanner/bitdefender-wrapper /opt/bdc > produces the same results. > > -su-2.05b# /usr/local/libexec/MailScanner/bitdefender-wrapper /opt/bdc > cat: /tmp/log.bdc.3202: No such file or directory > rm: /tmp/log.bdc.3202: No such file or directory > > Running the clam av command from virus.scanners seems to work > perfectly. > > /usr/local/libexec/MailScanner/clamav-wrapper /usr/local > > > Any ideas what i need to do get this working? > > Thanks in advance > Pete > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From adrik at SALESMANAGER.NL Tue Mar 1 14:26:06 2005 From: adrik at SALESMANAGER.NL (Adri Koppes) Date: Thu Jan 12 21:28:46 2006 Subject: bitdefender FreeBSD Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Update /usr/local/etc/MailScanner/virus.scanners/conf. For bitdefender set the WorkingDir to /usr/local/bdc instead of /opt/bdc. This is assuming you are using the 'beta' port of bdc for FreeBSD, which is installed in /usr/local/bdc. Adri. > -----Original Message----- > From: Steen, Glenn [mailto:Glenn.Steen@AP1.SE] > Sent: 01 March, 2005 15:20 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: bitdefender FreeBSD > > > Try > /usr/local/libexec/MailScanner/bitdefender-wrapper /opt/bdc . > > .... And (looking at SweepViruses.pm) perhaps > /usr/local/libexec/MailScanner/bitdefender-wrapper /opt/bdc > --arc --mail > --all . > > ... Still no go? > > -- Glenn > > > -----Original Message----- > > From: MailScanner mailing list > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Pete Russell > > Sent: den 1 mars 2005 14:44 > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: bitdefender FreeBSD > > > > > > I have bitdefender installed in Freebsd and it appears to > > work ok if you > > for 'bdc' in the shell. But none of the wrapper scripts work. I have > > downloaded latest tar of MS and extract the wrapper and i > get the same > > result when run from the shell. And BD doesnt appear to work > > from within > > MailLScanner either. > > > > running bitdefender-wrapper > > or running > > /usr/local/libexec/MailScanner/bitdefender-wrapper /opt/bdc > > produces the same results. > > > > -su-2.05b# > /usr/local/libexec/MailScanner/bitdefender-wrapper /opt/bdc > > cat: /tmp/log.bdc.3202: No such file or directory > > rm: /tmp/log.bdc.3202: No such file or directory > > > > Running the clam av command from virus.scanners seems to work > > perfectly. > > > > /usr/local/libexec/MailScanner/clamav-wrapper /usr/local > > > > > > Any ideas what i need to do get this working? > > > > Thanks in advance > > Pete > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Tue Mar 1 13:24:02 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:28:46 2006 Subject: Virus notifications Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, all! I found my problem with the top viruses not being shown in MailWatch for Mailscanner. If I disable virus notifications for the administrator, or put a rule ignoring virus like Bagle, Klez, and others, this viruses are not shown as top virus in MailWatch. And if I disable my MailScanner rule, I receive toons of useless messages in my mailbox. In my rule I was sending myself only viruses found from and inside sender, and unusual viruses, not the common one (klez, bagle, and others). Is there some way MailWatch still records all viruses for statistics purpose, and MailScanner send me a warning only for the virus I defined in the notices.rules? Regards Roger Jochem ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Tue Mar 1 16:45:45 2005 From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:28:46 2006 Subject: Maybe OT: lame server resolving 'x.x.x.x.ipwhois.rfc-ignorant.org' Message-ID: >>> RCVD_IN_RFCI 0.0 >>> >> You need to define it first or it will break :) >> > > What do you mean define it first? > If you want to refer to a DNS check in spam.assassin.prefs.conf it needs to be defined in spam.lists.conf otherwise linting the rules will fail :) Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location & domains http://www.blacknight.ie/ Tel. +353 59 9137101 Fax. +353 59 9146970 http://www.blacknight.ie/specialoffers.html ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From piper at HRZ.UNI-MARBURG.DE Tue Mar 1 14:33:55 2005 From: piper at HRZ.UNI-MARBURG.DE (Andreas Piper) Date: Thu Jan 12 21:28:46 2006 Subject: Maybe OT: lame server resolving 'x.x.x.x.ipwhois.rfc-ignorant.org' Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > > To get rid of the DNS-delays, set in spam.assassin.prefs.conf: > > score RCVD_IN_RFCI 0.0 > > You need to define it first or it will break :) sorry, as it seems to be used, I did assume it to be defined. It should be found in the SpamAssassin rules files, for my system (Debian with SA 2.64) e.g. RCVD_IN_RFCI is defined at /usr/share/spamassassin/20_dnsbl_tests.cf I reckon it's not anymore there in SA 3, so another solution would be to upgrade MS / SA ? Regards, Andreas Piper -- ________________________________________________________________________ Dr. Andreas Piper, Hochschulrechenzentrum der Philipps-Univ. Marburg Hans-Meerwein-Strasse, 35032 Marburg, Germany Phone: +49 6421 28-23521 Fax: -26994 Email: piper@HRZ.Uni-Marburg.DE ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Mar 1 17:20:44 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:46 2006 Subject: Maybe OT: lame server resolving 'x.x.x.x.ipwhois.rfc-ignorant.org' Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Michele Neylon :: Blacknight Solutions wrote: >>>>RCVD_IN_RFCI 0.0 >>>> >>>> >>>> >>>You need to define it first or it will break :) >>> >>> >>> >>What do you mean define it first? >> >> >> >If you want to refer to a DNS check in spam.assassin.prefs.conf it needs to >be defined in spam.lists.conf otherwise linting the rules will fail :) > > No it doesn't. The DNS checks done by SpamAssassin are totally independent of spam.lists.conf. In SpamAssassin 3 this rule has been renamed and you now need # JKF 01/03/2005 - rfcignorant list is dead score RCVD_IN_RFC_IPWHOIS 0 in spam.assassin.prefs.conf. You will need to restart MailScanner after making this change. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jep at OBRIEN-PIFER.COM Tue Mar 1 15:03:17 2005 From: jep at OBRIEN-PIFER.COM (James Pifer) Date: Thu Jan 12 21:28:46 2006 Subject: Maybe OT: lame server resolving 'x.x.x.x.ipwhois.rfc-ignorant.org' Message-ID: On Tue, 2005-03-01 at 09:33, Andreas Piper wrote: > > > To get rid of the DNS-delays, set in spam.assassin.prefs.conf: > > > score RCVD_IN_RFCI 0.0 > > > > You need to define it first or it will break :) > > sorry, > as it seems to be used, I did assume it to be defined. > > It should be found in the SpamAssassin rules files, for my system (Debian with > SA 2.64) e.g. RCVD_IN_RFCI is defined > at /usr/share/spamassassin/20_dnsbl_tests.cf > Looks like it's in there for me already. Everything seems to be working ok after make the change in the conf too. Thanks for the help. James ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michael at NOMENNESCIO.NET Tue Mar 1 13:54:58 2005 From: michael at NOMENNESCIO.NET (Mike) Date: Thu Jan 12 21:28:46 2006 Subject: Maybe OT: lame server resolving 'x.x.x.x.ipwhois.rfc-ignorant.org' Message-ID: [ The following text is in the "ISO-8859-15" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >Behalf Of James Pifer > >Lately I've had some DNS problems, where my DNS server, bind 9, stops >resolving correctly. Restarting the service seems to resolve it for an >undetermined amount of time before it happens again. In troubleshooting >this I found that I am getting tons of these entires in the messages >log: >lame server resolving '2.216.14.194.ipwhois.rfc-ignorant.org' > >Can anyone tell me how to properly stop these messages? I've seen a way >to ignore them, but I'd rather stop them from happening in the first >place. > >Any help is appreciated. Put this in your named.conf: logging { category lame-servers { null; }; }; (see Bv9ARM.ch06.html in your bind/doc/arm dir) >James Mike. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From piper at HRZ.UNI-MARBURG.DE Tue Mar 1 13:54:59 2005 From: piper at HRZ.UNI-MARBURG.DE (Andreas Piper) Date: Thu Jan 12 21:28:46 2006 Subject: Maybe OT: lame server resolving 'x.x.x.x.ipwhois.rfc-ignorant.org' Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, > this I found that I am getting tons of these entires in the messages > log: > lame server resolving '2.216.14.194.ipwhois.rfc-ignorant.org' ipwhois.rfc-ignorant.org has been deprecated on 1/1/2005, see: http://lists.megacity.org/pipermail/rfci-discuss/2004-October/003094.html To get rid of the DNS-delays, set in spam.assassin.prefs.conf: score RCVD_IN_RFCI 0.0 Regards, Andreas Piper ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Tue Mar 1 17:43:16 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:28:46 2006 Subject: Mail Relays Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello all! Analysing my MailWatch for MailScanner reports, I found a graphic that shows the Top 10 Mail Relays. Should this graphic show other servers than my own? In my case the graphic is showing some other servers, one of them, the smtp.jiscmail.ac.uk server. Is that correct? Regards Roger Jochem ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From chrisford at DKBBS.COM Tue Mar 1 17:54:54 2005 From: chrisford at DKBBS.COM (Christopher J Ford) Date: Thu Jan 12 21:28:46 2006 Subject: Mail Relays Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Roger Jochem wrote: >Hello all! > >Analysing my MailWatch for MailScanner reports, I found a graphic that shows >the Top 10 Mail Relays. Should this graphic show other servers than my own? >In my case the graphic is showing some other servers, one of them, the >smtp.jiscmail.ac.uk server. Is that correct? > >Regards > >Roger Jochem > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > > Considering that all of the user group mail for mailscanner comes from that destination. Yes it will show that.. but yes mine shows me my mail svr, and all of my backup and a few others. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raylund.lai at KANKANWOO.COM Tue Mar 1 18:36:20 2005 From: raylund.lai at KANKANWOO.COM (Raylund Lai) Date: Thu Jan 12 21:28:46 2006 Subject: bitdefender FreeBSD Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] You also need to update the /usr/local/libexec/MailScanner/bitdefender-autoupdate if you use this to update. Change my $PackageDir = shift || "/opt/bdc" to my $PackageDir = shift || "/usr/local/bdc". Cheers Raylund ----- Original Message ----- From: "Adri Koppes" To: Sent: Tuesday, March 01, 2005 9:26 AM Subject: Re: bitdefender FreeBSD > Update /usr/local/etc/MailScanner/virus.scanners/conf. > For bitdefender set the WorkingDir to /usr/local/bdc instead of /opt/bdc. > This is assuming you are using the 'beta' port of bdc for FreeBSD, which > is > installed in /usr/local/bdc. > > Adri. > > >> -----Original Message----- >> From: Steen, Glenn [mailto:Glenn.Steen@AP1.SE] >> Sent: 01 March, 2005 15:20 >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: bitdefender FreeBSD >> >> >> Try >> /usr/local/libexec/MailScanner/bitdefender-wrapper /opt/bdc . >> >> .... And (looking at SweepViruses.pm) perhaps >> /usr/local/libexec/MailScanner/bitdefender-wrapper /opt/bdc >> --arc --mail >> --all . >> >> ... Still no go? >> >> -- Glenn >> >> > -----Original Message----- >> > From: MailScanner mailing list >> > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Pete Russell >> > Sent: den 1 mars 2005 14:44 >> > To: MAILSCANNER@JISCMAIL.AC.UK >> > Subject: bitdefender FreeBSD >> > >> > >> > I have bitdefender installed in Freebsd and it appears to >> > work ok if you >> > for 'bdc' in the shell. But none of the wrapper scripts work. I have >> > downloaded latest tar of MS and extract the wrapper and i >> get the same >> > result when run from the shell. And BD doesnt appear to work >> > from within >> > MailLScanner either. >> > >> > running bitdefender-wrapper >> > or running >> > /usr/local/libexec/MailScanner/bitdefender-wrapper /opt/bdc >> > produces the same results. >> > >> > -su-2.05b# >> /usr/local/libexec/MailScanner/bitdefender-wrapper /opt/bdc >> > cat: /tmp/log.bdc.3202: No such file or directory >> > rm: /tmp/log.bdc.3202: No such file or directory >> > >> > Running the clam av command from virus.scanners seems to work >> > perfectly. >> > >> > /usr/local/libexec/MailScanner/clamav-wrapper /usr/local >> > >> > >> > Any ideas what i need to do get this working? >> > >> > Thanks in advance >> > Pete >> > >> > ------------------------ MailScanner list ------------------------ >> > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> > 'leave mailscanner' in the body of the email. >> > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> > >> > Support MailScanner development - buy the book off the website! >> > >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Tue Mar 1 18:45:39 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:28:46 2006 Subject: Mail Relays Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks for the reply! ----- Original Message ----- From: "Christopher J Ford" To: Sent: Tuesday, March 01, 2005 2:54 PM Subject: Re: Mail Relays > Roger Jochem wrote: > > >Hello all! > > > >Analysing my MailWatch for MailScanner reports, I found a graphic that shows > >the Top 10 Mail Relays. Should this graphic show other servers than my own? > >In my case the graphic is showing some other servers, one of them, the > >smtp.jiscmail.ac.uk server. Is that correct? > > > >Regards > > > >Roger Jochem > > > >------------------------ MailScanner list ------------------------ > >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >'leave mailscanner' in the body of the email. > >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > >Support MailScanner development - buy the book off the website! > > > > > > > > > Considering that all of the user group mail for mailscanner comes from > that destination. Yes it will show that.. but yes mine shows me my mail > svr, and all of my backup and a few others. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Mar 1 19:03:36 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:46 2006 Subject: bitdefender FreeBSD Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] You don't need to do this. The spec for the -autoupdate scripts is that they should be called with the installation directory as a parameter on the command-line. This is done for you so long as you use the update_virus_scanners script. Raylund Lai wrote: > You also need to update the > /usr/local/libexec/MailScanner/bitdefender-autoupdate if you use this to > update. > Change my $PackageDir = shift || "/opt/bdc" to my $PackageDir = shift || > "/usr/local/bdc". > > Cheers > Raylund > ----- Original Message ----- > From: "Adri Koppes" > To: > Sent: Tuesday, March 01, 2005 9:26 AM > Subject: Re: bitdefender FreeBSD > > >> Update /usr/local/etc/MailScanner/virus.scanners/conf. >> For bitdefender set the WorkingDir to /usr/local/bdc instead of >> /opt/bdc. >> This is assuming you are using the 'beta' port of bdc for FreeBSD, which >> is >> installed in /usr/local/bdc. >> >> Adri. >> >> >>> -----Original Message----- >>> From: Steen, Glenn [mailto:Glenn.Steen@AP1.SE] >>> Sent: 01 March, 2005 15:20 >>> To: MAILSCANNER@JISCMAIL.AC.UK >>> Subject: Re: bitdefender FreeBSD >>> >>> >>> Try >>> /usr/local/libexec/MailScanner/bitdefender-wrapper /opt/bdc . >>> >>> .... And (looking at SweepViruses.pm) perhaps >>> /usr/local/libexec/MailScanner/bitdefender-wrapper /opt/bdc >>> --arc --mail >>> --all . >>> >>> ... Still no go? >>> >>> -- Glenn >>> >>> > -----Original Message----- >>> > From: MailScanner mailing list >>> > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Pete Russell >>> > Sent: den 1 mars 2005 14:44 >>> > To: MAILSCANNER@JISCMAIL.AC.UK >>> > Subject: bitdefender FreeBSD >>> > >>> > >>> > I have bitdefender installed in Freebsd and it appears to >>> > work ok if you >>> > for 'bdc' in the shell. But none of the wrapper scripts work. I have >>> > downloaded latest tar of MS and extract the wrapper and i >>> get the same >>> > result when run from the shell. And BD doesnt appear to work >>> > from within >>> > MailLScanner either. >>> > >>> > running bitdefender-wrapper >>> > or running >>> > /usr/local/libexec/MailScanner/bitdefender-wrapper /opt/bdc >>> > produces the same results. >>> > >>> > -su-2.05b# >>> /usr/local/libexec/MailScanner/bitdefender-wrapper /opt/bdc >>> > cat: /tmp/log.bdc.3202: No such file or directory >>> > rm: /tmp/log.bdc.3202: No such file or directory >>> > >>> > Running the clam av command from virus.scanners seems to work >>> > perfectly. >>> > >>> > /usr/local/libexec/MailScanner/clamav-wrapper /usr/local >>> > >>> > >>> > Any ideas what i need to do get this working? >>> > >>> > Thanks in advance >>> > Pete >>> > >>> > ------------------------ MailScanner list ------------------------ >>> > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> > 'leave mailscanner' in the body of the email. >>> > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> > >>> > Support MailScanner development - buy the book off the website! >>> > >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From john at MINTRA.COM Tue Mar 1 20:44:22 2005 From: john at MINTRA.COM (John Adams) Date: Thu Jan 12 21:28:46 2006 Subject: Mail vanishes after hitting first MTA Message-ID: Users have complained that incoming mail is going missing with no bounce back. We checked our DNS and all the other issues (there is a secondary mx mail server but users fetch mail from this so it is not disappearing there) The emails are received by the server, we know this because a DotFoward file has been created for a user and the mails are getting forwarded correctly, to his blackberry. The dot foward is in the correct format with the leading fowardslash which makes a copy to the local user then fowards on to another account. Since most emails are correctly working as expected, showing both in the local user's mbox as well as in the forwarded account. We suspect there is somthing unique about the missing emails. looking in the mail log we noticed there are errors that include the domains from the missing emails. such as a lost mail from example.com machine foo[18123]: j1L42COt018123: lost input channel from xyz.example.com [123.123.123.123] to Daemon0 after rcpt As this is not even showing up in the mailwatch interface, we cannot figure out why it is not being delivered correctly. The best example being an mail (an enquiry for a large contact) which was cc to his workmate. did not come through to his mail box or to the workmate but was forwarded to the blackberry. Help please I don't want to see these people moving to MS exchange John ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Tue Mar 1 20:56:19 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:28:46 2006 Subject: bitdefender FreeBSD Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] None of those changed the output at all. :( Steen, Glenn wrote: > Try > /usr/local/libexec/MailScanner/bitdefender-wrapper /opt/bdc . > > .... And (looking at SweepViruses.pm) perhaps > /usr/local/libexec/MailScanner/bitdefender-wrapper /opt/bdc --arc --mail > --all . > > ... Still no go? > > -- Glenn > > >>-----Original Message----- >>From: MailScanner mailing list >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Pete Russell >>Sent: den 1 mars 2005 14:44 >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: bitdefender FreeBSD >> >> >>I have bitdefender installed in Freebsd and it appears to >>work ok if you >>for 'bdc' in the shell. But none of the wrapper scripts work. I have >>downloaded latest tar of MS and extract the wrapper and i get the same >>result when run from the shell. And BD doesnt appear to work >>from within >>MailLScanner either. >> >>running bitdefender-wrapper >>or running >>/usr/local/libexec/MailScanner/bitdefender-wrapper /opt/bdc >>produces the same results. >> >>-su-2.05b# /usr/local/libexec/MailScanner/bitdefender-wrapper /opt/bdc >>cat: /tmp/log.bdc.3202: No such file or directory >>rm: /tmp/log.bdc.3202: No such file or directory >> >>Running the clam av command from virus.scanners seems to work >>perfectly. >> >>/usr/local/libexec/MailScanner/clamav-wrapper /usr/local >> >> >>Any ideas what i need to do get this working? >> >>Thanks in advance >>Pete >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Tue Mar 1 21:02:22 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:28:46 2006 Subject: bitdefender FreeBSD Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have downloaded the latest tar package and temporarily moved in the new scripts for virus.scanner.conf, bitdefender-wrapper and still not working. I already had tried to add the line for the path to bitdefender, this didnt help either. This works fine from the command line - but in the wrapper is dont work at all :( bdc /opt/bdc Julian Field wrote: > You don't need to do this. The spec for the -autoupdate scripts is that > they should be called with the installation directory as a parameter on > the command-line. This is done for you so long as you use the > update_virus_scanners script. > > Raylund Lai wrote: > >> You also need to update the >> /usr/local/libexec/MailScanner/bitdefender-autoupdate if you use this to >> update. >> Change my $PackageDir = shift || "/opt/bdc" to my $PackageDir = shift || >> "/usr/local/bdc". >> >> Cheers >> Raylund >> ----- Original Message ----- >> From: "Adri Koppes" >> To: >> Sent: Tuesday, March 01, 2005 9:26 AM >> Subject: Re: bitdefender FreeBSD >> >> >>> Update /usr/local/etc/MailScanner/virus.scanners/conf. >>> For bitdefender set the WorkingDir to /usr/local/bdc instead of >>> /opt/bdc. >>> This is assuming you are using the 'beta' port of bdc for FreeBSD, which >>> is >>> installed in /usr/local/bdc. >>> >>> Adri. >>> >>> >>>> -----Original Message----- >>>> From: Steen, Glenn [mailto:Glenn.Steen@AP1.SE] >>>> Sent: 01 March, 2005 15:20 >>>> To: MAILSCANNER@JISCMAIL.AC.UK >>>> Subject: Re: bitdefender FreeBSD >>>> >>>> >>>> Try >>>> /usr/local/libexec/MailScanner/bitdefender-wrapper /opt/bdc . >>>> >>>> .... And (looking at SweepViruses.pm) perhaps >>>> /usr/local/libexec/MailScanner/bitdefender-wrapper /opt/bdc >>>> --arc --mail >>>> --all . >>>> >>>> ... Still no go? >>>> >>>> -- Glenn >>>> >>>> > -----Original Message----- >>>> > From: MailScanner mailing list >>>> > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Pete Russell >>>> > Sent: den 1 mars 2005 14:44 >>>> > To: MAILSCANNER@JISCMAIL.AC.UK >>>> > Subject: bitdefender FreeBSD >>>> > >>>> > >>>> > I have bitdefender installed in Freebsd and it appears to >>>> > work ok if you >>>> > for 'bdc' in the shell. But none of the wrapper scripts work. I have >>>> > downloaded latest tar of MS and extract the wrapper and i >>>> get the same >>>> > result when run from the shell. And BD doesnt appear to work >>>> > from within >>>> > MailLScanner either. >>>> > >>>> > running bitdefender-wrapper >>>> > or running >>>> > /usr/local/libexec/MailScanner/bitdefender-wrapper /opt/bdc >>>> > produces the same results. >>>> > >>>> > -su-2.05b# >>>> /usr/local/libexec/MailScanner/bitdefender-wrapper /opt/bdc >>>> > cat: /tmp/log.bdc.3202: No such file or directory >>>> > rm: /tmp/log.bdc.3202: No such file or directory >>>> > >>>> > Running the clam av command from virus.scanners seems to work >>>> > perfectly. >>>> > >>>> > /usr/local/libexec/MailScanner/clamav-wrapper /usr/local >>>> > >>>> > >>>> > Any ideas what i need to do get this working? >>>> > >>>> > Thanks in advance >>>> > Pete >>>> > >>>> > ------------------------ MailScanner list ------------------------ >>>> > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> > 'leave mailscanner' in the body of the email. >>>> > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>> > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> > >>>> > Support MailScanner development - buy the book off the website! >>>> > >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Tue Mar 1 21:03:47 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:28:46 2006 Subject: Sa-learn tricks Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Using sa-learn for this is well documented in the mailling list archives and the faq on www.mailscanner.info Good luck Pete Sanjay K. Patel wrote: > Although this is a bit of topic I was hoping someone here might have a > answer. I want to send spam not caught by mailscanner back to the server for > sa-learn to learn the spam. The question is "does sa-learn learn the content > of the spam or the headers also?". My concern is that all the headers will > have my info since I am forwarding it and I don't want sa-learn to think I > am a spammer. > > Also has anyone noticed that the Outlook junk filter catch's almost all the > spam that makes it through. I think it uses keywords which is pretty weak > but makes it easier for me to set a rule that forwards anything that hits > that folder to go back to the server. > > SKP > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Tue Mar 1 21:05:06 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:46 2006 Subject: Beta release 4.39.4 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Martin Hepworth wrote: > Does it do rar extraction by default???? Looking at the docs I'm not > sure it does. Clam does RAR v2 internally. The Clam wrapper is prepared for using an external unpacker as well, you just have to check the path and uncomment it. -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Tue Mar 1 21:16:13 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:28:46 2006 Subject: bitdefender FreeBSD Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Julian, is there a small chance that there is something wrong with the wrapper? I do #bdc --log=/tmp/log.$$ /opt/bdc; cat /tmp/log.$$ and it works fine. Which bdc returns /usr/bin/bdc Julian Field wrote: > You don't need to do this. The spec for the -autoupdate scripts is that > they should be called with the installation directory as a parameter on > the command-line. This is done for you so long as you use the > update_virus_scanners script. > > Raylund Lai wrote: > >> You also need to update the >> /usr/local/libexec/MailScanner/bitdefender-autoupdate if you use this to >> update. >> Change my $PackageDir = shift || "/opt/bdc" to my $PackageDir = shift || >> "/usr/local/bdc". >> >> Cheers >> Raylund >> ----- Original Message ----- >> From: "Adri Koppes" >> To: >> Sent: Tuesday, March 01, 2005 9:26 AM >> Subject: Re: bitdefender FreeBSD >> >> >>> Update /usr/local/etc/MailScanner/virus.scanners/conf. >>> For bitdefender set the WorkingDir to /usr/local/bdc instead of >>> /opt/bdc. >>> This is assuming you are using the 'beta' port of bdc for FreeBSD, which >>> is >>> installed in /usr/local/bdc. >>> >>> Adri. >>> >>> >>>> -----Original Message----- >>>> From: Steen, Glenn [mailto:Glenn.Steen@AP1.SE] >>>> Sent: 01 March, 2005 15:20 >>>> To: MAILSCANNER@JISCMAIL.AC.UK >>>> Subject: Re: bitdefender FreeBSD >>>> >>>> >>>> Try >>>> /usr/local/libexec/MailScanner/bitdefender-wrapper /opt/bdc . >>>> >>>> .... And (looking at SweepViruses.pm) perhaps >>>> /usr/local/libexec/MailScanner/bitdefender-wrapper /opt/bdc >>>> --arc --mail >>>> --all . >>>> >>>> ... Still no go? >>>> >>>> -- Glenn >>>> >>>> > -----Original Message----- >>>> > From: MailScanner mailing list >>>> > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Pete Russell >>>> > Sent: den 1 mars 2005 14:44 >>>> > To: MAILSCANNER@JISCMAIL.AC.UK >>>> > Subject: bitdefender FreeBSD >>>> > >>>> > >>>> > I have bitdefender installed in Freebsd and it appears to >>>> > work ok if you >>>> > for 'bdc' in the shell. But none of the wrapper scripts work. I have >>>> > downloaded latest tar of MS and extract the wrapper and i >>>> get the same >>>> > result when run from the shell. And BD doesnt appear to work >>>> > from within >>>> > MailLScanner either. >>>> > >>>> > running bitdefender-wrapper >>>> > or running >>>> > /usr/local/libexec/MailScanner/bitdefender-wrapper /opt/bdc >>>> > produces the same results. >>>> > >>>> > -su-2.05b# >>>> /usr/local/libexec/MailScanner/bitdefender-wrapper /opt/bdc >>>> > cat: /tmp/log.bdc.3202: No such file or directory >>>> > rm: /tmp/log.bdc.3202: No such file or directory >>>> > >>>> > Running the clam av command from virus.scanners seems to work >>>> > perfectly. >>>> > >>>> > /usr/local/libexec/MailScanner/clamav-wrapper /usr/local >>>> > >>>> > >>>> > Any ideas what i need to do get this working? >>>> > >>>> > Thanks in advance >>>> > Pete >>>> > >>>> > ------------------------ MailScanner list ------------------------ >>>> > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> > 'leave mailscanner' in the body of the email. >>>> > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>> > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> > >>>> > Support MailScanner development - buy the book off the website! >>>> > >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Mar 1 21:29:03 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:46 2006 Subject: Mail vanishes after hitting first MTA Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] This sounds like it is a problem with your MTA. MailScanner doesn't get involved in SMTP service or mail delivery at all. However, is the .forward file forwarding mail to a MailScanner server, or has the mail gone through MailScanner by the time it gets there? John Adams wrote: >Users have complained that incoming mail is going missing with no bounce >back. > >We checked our DNS and all the other issues (there is a secondary mx mail >server but users fetch mail from this so it is not disappearing there) > >The emails are received by the server, we know this because >a DotFoward file has been created for a user and the mails are getting >forwarded correctly, to his blackberry. > >The dot foward is in the correct format with the leading fowardslash >which makes a copy to the local user then fowards on to another account. > >Since most emails are correctly working as expected, showing both in the >local user's mbox as well as in the forwarded account. We suspect there >is >somthing unique about the missing emails. > >looking in the mail log we noticed there are errors that include the >domains from the missing emails. such as a lost mail from example.com > >machine foo[18123]: j1L42COt018123: lost input channel from >xyz.example.com >[123.123.123.123] to Daemon0 after rcpt > >As this is not even showing up in the mailwatch interface, we cannot >figure >out why it is not being delivered correctly. > >The best example being an mail (an enquiry for a large contact) which was >cc >to his workmate. did not come through to his mail box or to the workmate >but >was forwarded to the blackberry. > >Help please I don't want to see these people moving to MS exchange > >John > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jdavis at CS.ARIZONA.EDU Tue Mar 1 21:39:56 2005 From: jdavis at CS.ARIZONA.EDU (Jim Davis) Date: Thu Jan 12 21:28:46 2006 Subject: bitdefender FreeBSD Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Works like a champ here: ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2: "Attached Text" ] user 62 vol0 - 12191640 36700160 372177 - 62 user 201 vol0 - 11116156 15728640 351243 - 201 user 302 vol0 - 12004712 15728640 138326 - 302 user 120 vol0 - 1152712 1433600 21719 - 120 user * vol0 - 0 10485760 0 - * user 0 vol0 - 1618396 - 28904 - user 28 vol0 - 1899520 10485760 51438 - user 100 vol0 - 10287992 10485760 277366 - user 18 vol0 - 765192 10485760 18082 - user 103 vol0 - 8879732 10485760 38968 - user 150 vol0 - 2866020 10485760 122742 - user 298 vol0 - 831288 10485760 63949 - user 105 vol0 - 2983680 10485760 163715 - user 1858 vol0 - 118980 10485760 3254 - user 17 vol0 - 929388 10485760 46820 - user 265 vol0 - 1161868 10485760 55097 - user 278 vol0 - 1336408 10485760 23841 - user 245 vol0 - 257540 10485760 18248 - user 603 vol0 - 1492840 10485760 193337 - user 114 vol0 - 398720 10485760 12935 - user 14 vol0 - 1497856 10485760 54897 - user 41 vol0 - 1642852 10485760 28679 - user 128 vol0 - 4319712 10485760 63666 - user 235 vol0 - 150800 10485760 5860 - user 258 vol0 - 10219884 10485760 63858 - user 2154 vol0 - 374332 10485760 20848 - user 638 vol0 - 231708 10485760 23350 - user 57 vol0 - 1519604 10485760 24742 - user 240 vol0 - 70836 10485760 2038 - user 304 vol0 - 690348 10485760 18679 - user 222 vol0 - 3543520 10485760 98208 - user 233 vol0 - 18984 10485760 2217 - user 285 vol0 - 444804 10485760 9536 - user 104 vol0 - 8189696 10485760 67186 - user 155 vol0 - 291464 10485760 967 - user 63 vol0 - 556304 10485760 6410 - user 108 vol0 - 1733828 10485760 36350 - user 241 vol0 - 212172 10485760 34868 - user 262 vol0 - 433696 10485760 8345 - user 67 vol0 - 2400928 10485760 50252 - user 117 vol0 - 221652 10485760 7367 - user 234 vol0 - 140892 10485760 3346 - user 72 vol0 - 2370408 10485760 50024 - user 600 vol0 - 304124 10485760 9215 - user 12 vol0 - 839460 10485760 18475 - user 190 vol0 - 751388 10485760 58637 - user 307 vol0 - 79960 10485760 293 - user 15 vol0 - 946444 10485760 23692 - user 52 vol0 - 207656 10485760 9463 - user 199 vol0 - 369300 10485760 14002 - user 157 vol0 - 238012 10485760 28579 - user 203 vol0 - 648132 10485760 16754 - user 226 vol0 - 313948 10485760 10915 - user 111 vol0 - 2826168 10485760 17220 - user 249 vol0 - 288 10485760 72 - user 1055 vol0 - 195672 10485760 11329 - user 3086 vol0 - 690072 10485760 23462 - user 802 vol0 - 357380 10485760 59881 - user 209 vol0 - 535048 10485760 39309 - user 243 vol0 - 588956 10485760 61911 - user 1969 vol0 - 36728 10485760 2138 - user 122 vol0 - 493532 10485760 7238 - user 294 vol0 - 40764 10485760 12926 - user 2677 vol0 - 1489192 10485760 18181 - user 1738 vol0 - 80328 10485760 2787 - user 269 vol0 - 1528692 10485760 24300 - user 113 vol0 - 3474744 10485760 49705 - user 989 vol0 - 10344 10485760 260 - user 2489 vol0 - 1968636 10485760 6580 - user 257 vol0 - 705276 10485760 10918 - user 266 vol0 - 1217824 10485760 12084 - user 64 vol0 - 265996 10485760 18045 - user 94 vol0 - 573772 10485760 8540 - user 22 vol0 - 137872 10485760 1342 - user 164 vol0 - 18536 10485760 692 - user 1167 vol0 - 30568 10485760 1856 - user 61 vol0 - 122744 10485760 4087 - user 206 vol0 - 167068 10485760 7097 - user 26 vol0 - 15044 10485760 3306 - user 1696 vol0 - 1144 10485760 39 - user 268 vol0 - 797028 10485760 12849 - user 2696 vol0 - 117320 10485760 95 - user 1070 vol0 - 48668 10485760 4303 - user 299 vol0 - 346168 10485760 8914 - user 2405 vol0 - 6464 10485760 1095 - user 314 vol0 - 377592 10485760 6650 - user 290 vol0 - 120204 10485760 4359 - user 286 vol0 - 80 10485760 1 - user 99 vol0 - 1518536 10485760 11331 - user 65534 vol0 - 330356 10485760 3158 - user 191 vol0 - 46736 10485760 5499 - user 273 vol0 - 9688772 10485760 14603 - user 151 vol0 - 8253884 10485760 40953 - user 75 vol0 - 505048 10485760 15153 - user 2675 vol0 - 3076 10485760 658 - user 134 vol0 - 160904 10485760 1341 - user 225 vol0 - 227560 10485760 5015 - user 79 vol0 - 32336 10485760 2128 - user 282 vol0 - 50536 10485760 4584 - user 261 vol0 - 1292 10485760 125 - user 2408 vol0 - 1028 10485760 5920 - user 123 vol0 - 112940 10485760 8806 - user 107 vol0 - 104544 10485760 1553 - user 1030 vol0 - 84828 10485760 2187 - user 4017 vol0 - 65548 10485760 323 - user 301 vol0 - 12980 10485760 1869 - user 2492 vol0 - 34052 10485760 2027 - user 320 vol0 - 242052 10485760 10825 - user 118 vol0 - 1784896 10485760 1585 - user 685 vol0 - 100656 10485760 25879 - user 1782 vol0 - 34988 10485760 499 - user 2700 vol0 - 262728 10485760 2720 - user 2680 vol0 - 10056 10485760 273 - user 695 vol0 - 2412 10485760 302 - user 324 vol0 - 279244 10485760 5368 - user 247 vol0 - 10384 10485760 1406 - user 106 vol0 - 177268 10485760 8161 - user 654 vol0 - 186008 10485760 224 - user 186 vol0 - 44748 10485760 1403 - user 166 vol0 - 1288 10485760 109 - user 1455 vol0 - 204356 10485760 1463 - user 194 vol0 - 127728 10485760 10907 - user 162 vol0 - 42536 10485760 2731 - user 1173 vol0 - 85488 10485760 9628 - user 328 vol0 - 81388 10485760 579 - user 2988 vol0 - 53732 10485760 213 - user 82 vol0 - 199836 10485760 930 - user 198 vol0 - 73672 10485760 4079 - user 4099 vol0 - 155916 10485760 673 - user 604 vol0 - 89132 10485760 2172 - user 23 vol0 - 343380 10485760 4064 - user 4016 vol0 - 4704 10485760 765 - user 221 vol0 - 472088 10485760 1818 - user 1 vol0 - 37280 10485760 437 - user 607 vol0 - 56908 10485760 845 - user 292 vol0 - 105100 10485760 3079 - user 181 vol0 - 41492 10485760 2537 - user 141 vol0 - 14544 10485760 473 - user 224 vol0 - 45848 10485760 1087 - user 612 vol0 - 34564 10485760 3737 - user 665 vol0 - 188484 10485760 72 - user 196 vol0 - 1796376 10485760 2375 - user 6 vol0 - 130244 10485760 3134 - user 152 vol0 - 20676 10485760 170 - user 289 vol0 - 47304 10485760 207 - user 102 vol0 - 4076 10485760 1733 - user 281 vol0 - 55316 10485760 515 - user 853 vol0 - 27760 10485760 1432 - user 49 vol0 - 20552 10485760 1079 - user 2493 vol0 - 62804 10485760 1777 - user 254 vol0 - 24208 10485760 1104 - user 2081 vol0 - 564 10485760 91 - user 1091 vol0 - 10404 10485760 263 - user 293 vol0 - 13816 10485760 178 - user 4045 vol0 - 138024 10485760 3832 - user 667 vol0 - 10688 10485760 315 - user 2331 vol0 - 171988 10485760 461 - user 80 vol0 - 29520 10485760 866 - user 29 vol0 - 17700 10485760 87 - user 251 vol0 - 116020 10485760 2532 - user 280 vol0 - 644 10485760 69 - user 274 vol0 - 8916 10485760 725 - user 116 vol0 - 126620 10485760 126 - user 1659 vol0 - 2736 10485760 238 - user 2693 vol0 - 35720 10485760 44 - user 1100 vol0 - 146332 10485760 16 - user 2549 vol0 - 0 10485760 1 - user 295 vol0 - 281300 10485760 186 - user 231 vol0 - 56 10485760 7 - user 639 vol0 - 4692 10485760 190 - user 65 vol0 - 86820 10485760 917 - user 615 vol0 - 1668 10485760 11 - user 1692 vol0 - 580 10485760 4 - user 112 vol0 - 109736 10485760 126 - user 1800 vol0 - 257788 10485760 89 - user 296 vol0 - 880 10485760 26 - user 2398 vol0 - 2160 10485760 26 - user 133 vol0 - 13644 10485760 467 - user 2461 vol0 - 11888 10485760 84 - user 2423 vol0 - 35540 10485760 329 - user 641 vol0 - 10688 10485760 625 - user 3000 vol0 - 25540 10485760 79 - user 1877 vol0 - 3720 10485760 58 - user 1407 vol0 - 2552 10485760 92 - user 2490 vol0 - 13988 10485760 498 - user 1672 vol0 - 64 10485760 15 - user 4005 vol0 - 8148 10485760 61 - user 229 vol0 - 4972 10485760 1099 - user 524 vol0 - 60 10485760 2 - user 621 vol0 - 27468 10485760 2134 - user 876 vol0 - 5728 10485760 103 - user 220 vol0 - 3388 10485760 452 - user 144 vol0 - 4860 10485760 345 - user 1418 vol0 - 1204 10485760 304 - user 1863 vol0 - 304 10485760 66 - user 275 vol0 - 2908 10485760 358 - user 2294 vol0 - 8 10485760 2 - user 838 vol0 - 28 10485760 5 - user 303 vol0 - 4 10485760 1 - user 2385 vol0 - 4 10485760 1 - user 1661 vol0 - 32 10485760 9 - user 287 vol0 - 180 10485760 22 - user 14957 vol0 - 4 10485760 1 - user 17359 vol0 - 16 10485760 1 - user 18915 vol0 - 16 10485760 1 - user 8206 vol0 - 20 10485760 1 - user 13848 vol0 - 8 10485760 1 - user 19706 vol0 - 8 10485760 1 - user 16564 vol0 - 16 10485760 1 - user 633 vol0 - 410328 10485760 190 - user 2100 vol0 - 24 10485760 4 - user 184 vol0 - 337980 10485760 41 - user 10000 vol0 - 272 10485760 27 - user 4092 vol0 - 0 10485760 1 - user 327 vol0 - 37216 10485760 281 - user 2 vol0 - 356 10485760 11 - user 242 vol0 - 17440 10485760 351 - user 90 vol0 - 216 10485760 12 - user 238 vol0 - 652 10485760 16 - user 758 vol0 - 2804 10485760 255 - user 2494 vol0 - 84 10485760 5 - user 635 vol0 - 5740 10485760 102 - user 1610 vol0 - 972 10485760 173 - user 101 vol0 - 136 10485760 8 - user 1161 vol0 - 372 10485760 30 - user 4018 vol0 - 152 10485760 68 - user 1378 vol0 - 152 10485760 42 - user 1477 vol0 - 0 10485760 1 - user 602 vol0 - 664 10485760 38 - user 2979 vol0 - 780 10485760 42 - user 4 vol0 - 4 10485760 34 - user 98 vol0 - 28852 10485760 42 - user 1759 vol0 - 6408 10485760 144 - user 12903 vol0 - 8 10485760 1 - user 4027 vol0 - 2004 10485760 11 - user 501 vol0 - 1524 10485760 212 - user 4038 vol0 - 0 10485760 1 - user 1736 vol0 - 4 10485760 1 - user 8822 vol0 - 160 10485760 10 - user 944 vol0 - 180 10485760 28 - user 264 vol0 - 16012 10485760 78 - user 223 vol0 - 220 10485760 32 - user 1000 vol0 - 764 10485760 154 - user 500 vol0 - 3096 10485760 236 - user 310 vol0 - 8 10485760 2 - user 74 vol0 - 12 10485760 2 - user 727 vol0 - 8 10485760 2 - user 12781 vol0 - 12 10485760 1 - user 78 vol0 - 2500 10485760 374 - user 208 vol0 - 12 10485760 7 - user 738 vol0 - 124 10485760 13 - user 852 vol0 - 464 10485760 91 - user 1401 vol0 - 676 10485760 113 - user 73 vol0 - 2100 10485760 33 - user 629 vol0 - 12 10485760 2 - user 609 vol0 - 2496 10485760 126 - user 148 vol0 - 38968 10485760 12 - user 1623 vol0 - 8 10485760 6 - user 951 vol0 - 988 10485760 70 - user 130 vol0 - 36 10485760 3 - user 4012 vol0 - 20192 10485760 203 - user 2744 vol0 - 32 10485760 8 - user 1655 vol0 - 36 10485760 3 - user 1693 vol0 - 40 10485760 10 - user 1622 vol0 - 176 10485760 43 - user 1735 vol0 - 196 10485760 13 - user 4026 vol0 - 146076 10485760 17 - user 713 vol0 - 16 10485760 4 - user 511 vol0 - 0 10485760 1 - user 3 vol0 - 8 10485760 6 - user 827 vol0 - 4 10485760 1 - user 1551 vol0 - 4 10485760 1 - user 58 vol0 - 12 10485760 4 - user 1092 vol0 - 0 10485760 1 - user 1180 vol0 - 4 10485760 1 - user 1521 vol0 - 4 10485760 1 - user 1896 vol0 - 40 10485760 5 - user 983 vol0 - 4 10485760 1 - user 2389 vol0 - 152 10485760 6 - user 311 vol0 - 608 10485760 33 - user 360 vol0 - 24 10485760 1 - user 2658 vol0 - 12 10485760 4 - user 89 vol0 - 52 10485760 11 - user 1001 vol0 - 56 10485760 13 - user 2684 vol0 - 7920 10485760 10 - user 8933 vol0 - 12 10485760 1 - user 613 vol0 - 19500 10485760 44 - user 2368 vol0 - 800 10485760 21 - user 390 vol0 - 40 10485760 12 - user 205 vol0 - 0 10485760 5 - user 60001 vol0 - 572 10485760 3 - user 2993 vol0 - 100 10485760 14 - user 4010 vol0 - 9220 10485760 22 - user 1446 vol0 - 108 10485760 30 - user 722 vol0 - 1432 10485760 90 - user 1826 vol0 - 2900 10485760 48 - user 1198 vol0 - 56 10485760 4 - user 1635 vol0 - 4 10485760 1 - user 43 vol0 - 12 10485760 3 - user 1140 vol0 - 696 10485760 13 - user 4009 vol0 - 712 10485760 79 - user 896 vol0 - 4 10485760 1 - user 284 vol0 - 1056 10485760 35 - user 902 vol0 - 0 10485760 1 - user 4008 vol0 - 1296 10485760 7 - user 2141 vol0 - 4 10485760 1 - user 4011 vol0 - 12 10485760 7 - user 121 vol0 - 0 10485760 1 - user 512 vol0 - 72 10485760 11 - user 1569 vol0 - 0 10485760 1 - user 1371 vol0 - 4 10485760 1 - user 1120 vol0 - 0 10485760 1 - user 1346 vol0 - 8 10485760 2 - user 844 vol0 - 0 10485760 1 - user 790 vol0 - 0 10485760 1 - user 1146 vol0 - 0 10485760 1 - user 4088 vol0 - 28 10485760 10 - user 200 vol0 - 5540 10485760 2 - user 700 vol0 - 8 10485760 4 - user 2122 vol0 - 0 10485760 1 - user 1721 vol0 - 12 10485760 3 - user 1950 vol0 - 4 10485760 1 - user 5173 vol0 - 12 10485760 1 - user 4933 vol0 - 16 10485760 1 - user 2554 vol0 - 128 10485760 7 - user 1604 vol0 - 4 10485760 1 - user 93 vol0 - 0 10485760 1 - user 666 vol0 - 12 10485760 4 - user 1963 vol0 - 288 10485760 1 - user 1450 vol0 - 4 10485760 1 - user 60 vol0 - 0 10485760 1 - user 187 vol0 - 40 10485760 2 - user 366 vol0 - 4 10485760 1 - user 924 vol0 - 164 10485760 31 - user 1730 vol0 - 4 10485760 1 - user 270 vol0 - 0 10485760 3 - user 2455 vol0 - 4 10485760 1 - user 9300 vol0 - 8 10485760 1 - user 1049 vol0 - 8 10485760 2 - user 1364 vol0 - 8 10485760 2 - user 650 vol0 - 0 10485760 1 - user 2692 vol0 - 572 10485760 2 - user 538 vol0 - 24 10485760 8 - user 9581 vol0 - 12 10485760 1 - user 2439 vol0 - 4 10485760 1 - user 129 vol0 - 4 10485760 1 - user 237 vol0 - 8 10485760 2 - user 1052 vol0 - 4 10485760 1 - user 1076 vol0 - 20 10485760 1 - user 2018 vol0 - 0 10485760 2 - user 1680 vol0 - 4 10485760 1 - user 1519 vol0 - 12 10485760 3 - user 2999 vol0 - 0 10485760 1 - user 502 vol0 - 184 10485760 25 - user 787 vol0 - 40 10485760 5 - user 765 vol0 - 4 10485760 1 - user 165 vol0 - 16 10485760 4 - user 291 vol0 - 8 10485760 4 - user 2442 vol0 - 0 10485760 1 - user 1875 vol0 - 8 10485760 1 - user 4028 vol0 - 500 10485760 9 - user 693 vol0 - 576 10485760 15 - user 95 vol0 - 0 10485760 1 - user 1433 vol0 - 4 10485760 1 - user 916 vol0 - 32 10485760 1 - user 970 vol0 - 16 10485760 2 - user 507 vol0 - 72 10485760 10 - user 1973 vol0 - 8 10485760 1 - user 3423 vol0 - 8 10485760 1 - user 219 vol0 - 132 10485760 2 - user 4025 vol0 - 0 10485760 1 - user 4024 vol0 - 16 10485760 1 - user 87 vol0 - 4 10485760 1 - user 1839 vol0 - 0 10485760 0 - ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jdavis at CS.ARIZONA.EDU Tue Mar 1 21:47:39 2005 From: jdavis at CS.ARIZONA.EDU (Jim Davis) Date: Thu Jan 12 21:28:46 2006 Subject: bitdefender FreeBSD Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ok, now that I've turned off the random attachment generator... let's try that again: ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2: "Attached Text" ] Script started on Tue Mar 1 14:34:45 2005 bash-2.05b$ uname -a FreeBSD hackberry.cs.arizona.edu 4.10-RELEASE FreeBSD 4.10-RELEASE #4: Mon Jun 14 13:29:05 MST 2004 root@hackberry.cs.arizona.edu:/usr/obj/usr/src/sys/HACKBERRY i386 bash-2.05b$ grep bitdefender virus.scanners.conf virus.scanners.conf.sample virus.scanners.conf:bitdefender /usr/local/libexec/MailScanner/bitdefender-wrapper /usr/local/bdc virus.scanners.conf.sample:bitdefender /usr/local/libexec/MailScanner/bitdefender-wrapper /opt/bdc mpsh-2.05b$ /usr/local/libexec/MailScanner/bitdefender-wrapper /usr/local/bdc /t // // BDC scan report // // Time: Tue Mar 1 14:36:00 2005 // Command line: --log=/tmp/log.bdc.80779 /tmp // Core: AVCORE v1.0 (build 2223) (i386) (Nov 23 2004 17:56:43) // Engines: scan: 13, unpack: 4, archive: 38, mail: 6 // Total signatures: 101521 // /tmp/mkcf ok [...] Results: Folders :49 Files :2446 Packed :25 Infected files :0 Suspect files :0 Warnings :0 I/O errors :54 Files/second :135 Scan time :00:00:18 bash-2.05b$ exit Script done on Tue Mar 1 14:36:38 2005 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Tue Mar 1 22:30:05 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:28:46 2006 Subject: bitdefender FreeBSD Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks, changed virus.scanners.conf to this and it works now . Now i having iussue sgetting it going on RHEL4 :( cheers. Jim Davis wrote: > Ok, now that I've turned off the random attachment generator... let's > try that again: > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------------------------------------------------------ > > Script started on Tue Mar 1 14:34:45 2005 > bash-2.05b$ uname -a > FreeBSD hackberry.cs.arizona.edu 4.10-RELEASE FreeBSD 4.10-RELEASE #4: Mon Jun 14 13:29:05 MST 2004 root@hackberry.cs.arizona.edu:/usr/obj/usr/src/sys/HACKBERRY i386 > bash-2.05b$ grep bitdefender virus.scanners.conf virus.scanners.conf.sample > virus.scanners.conf:bitdefender /usr/local/libexec/MailScanner/bitdefender-wrapper /usr/local/bdc > virus.scanners.conf.sample:bitdefender /usr/local/libexec/MailScanner/bitdefender-wrapper /opt/bdc > mpsh-2.05b$ /usr/local/libexec/MailScanner/bitdefender-wrapper /usr/local/bdc /t > // > // BDC scan report > // > // Time: Tue Mar 1 14:36:00 2005 > // Command line: --log=/tmp/log.bdc.80779 /tmp > // Core: AVCORE v1.0 (build 2223) (i386) (Nov 23 2004 17:56:43) > // Engines: scan: 13, unpack: 4, archive: 38, mail: 6 > // Total signatures: 101521 > // > > /tmp/mkcf ok > [...] > > Results: > Folders :49 > Files :2446 > Packed :25 > Infected files :0 > Suspect files :0 > Warnings :0 > I/O errors :54 > Files/second :135 > Scan time :00:00:18 > > > bash-2.05b$ exit > > Script done on Tue Mar 1 14:36:38 2005 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From chrisford at DKBBS.COM Tue Mar 1 23:33:56 2005 From: chrisford at DKBBS.COM (Christopher J Ford) Date: Thu Jan 12 21:28:46 2006 Subject: RBLs (I Need help! :P ) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] First off I need to thank Julian because w/o MailScanner i'd still be in crap loads of spam. But off that subject. The RBLS in the config file. I dont quite get it? I mean I know what they do I think?, But what is the SPAM LIST = (blahblah) and SPAM DOMAIN LIST = It says see the "Spam List Definitions" but that doesnt explain very well what can go there or what should go. And I do have the BOOK btw. maybe I missed it? I did SEE it but it said once again see the Spam List Definitions.. Thank you. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Tue Mar 1 23:48:14 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:46 2006 Subject: RBLs (I Need help! :P ) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Christopher J Ford wrote: > But off that subject. The RBLS in the config file. I dont quite get it? > I mean I know what they do I think?, But what is the SPAM LIST = > (blahblah) and SPAM DOMAIN LIST = > > It says see the "Spam List Definitions" but that doesnt explain very > well what can go there > or what should go. And I do have the BOOK btw. maybe I missed it? I did > SEE it but it said once again see the Spam List Definitions.. The "Spam List" contains the short names for the lists defined in spam.lists.conf, see left column in that file. The difference between spam lists and spam domain lists are that the latter works with domain names, not ip addresses of the mail servers. If you use SpamAssassin I would recommend you to not use spam lists at all from MS. -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From nats at SSCRMNL.EDU.PH Wed Mar 2 02:48:50 2005 From: nats at SSCRMNL.EDU.PH (nats) Date: Thu Jan 12 21:28:46 2006 Subject: prob after upgrading MailScanner Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, I just upgrade MailScanner to 4-39.5-1 and when i start MAilScanner, it complains about HTML/TokeParser.pm, is this a sign of bad perl compiler? (ie two instances), i just get rid of the perl binary 5.8.5 and replaces with the old perl 5.8.0, but still i have the same problem. i install HTML::TokeParser from cpan and i have this failed tests t/entities.t t/headparser.t t/uentities.t anyone have an idea on how to work with kind of prob? Thanks in advance Nats ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Wed Mar 2 03:53:57 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:28:46 2006 Subject: bitdefender FreeBSD - solved FSBD and RHEL4 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Change to the latest scriptes (mine were 4.29 verisons) and BDC will work as it should in freebsd. RHEL4 requires compat-libstdc++3.3 tpo be installed. Available from the RHELAS4 channel on the rhn. hope this is usefull to some one else :) Pete Peter Russell wrote: > Thanks, changed virus.scanners.conf to this and it works now . > > Now i having iussue sgetting it going on RHEL4 :( > > cheers. > > Jim Davis wrote: > >> Ok, now that I've turned off the random attachment generator... let's >> try that again: >> >> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> >> ------------------------------------------------------------------------ >> >> Script started on Tue Mar 1 14:34:45 2005 >> bash-2.05b$ uname -a >> FreeBSD hackberry.cs.arizona.edu 4.10-RELEASE FreeBSD 4.10-RELEASE #4: >> Mon Jun 14 13:29:05 MST 2004 >> root@hackberry.cs.arizona.edu:/usr/obj/usr/src/sys/HACKBERRY i386 >> bash-2.05b$ grep bitdefender virus.scanners.conf >> virus.scanners.conf.sample >> virus.scanners.conf:bitdefender >> /usr/local/libexec/MailScanner/bitdefender-wrapper /usr/local/bdc >> virus.scanners.conf.sample:bitdefender >> /usr/local/libexec/MailScanner/bitdefender-wrapper /opt/bdc >> mpsh-2.05b$ /usr/local/libexec/MailScanner/bitdefender-wrapper >> /usr/local/bdc /t >> // >> // BDC scan report >> // >> // Time: Tue Mar 1 14:36:00 2005 >> // Command line: --log=/tmp/log.bdc.80779 /tmp >> // Core: AVCORE v1.0 (build 2223) (i386) (Nov 23 2004 17:56:43) >> // Engines: scan: 13, unpack: 4, archive: 38, mail: 6 >> // Total signatures: 101521 >> // >> >> /tmp/mkcf ok >> [...] >> >> Results: >> Folders :49 >> Files :2446 >> Packed :25 >> Infected files :0 >> Suspect files :0 >> Warnings :0 >> I/O errors :54 >> Files/second :135 >> Scan time :00:00:18 >> >> >> bash-2.05b$ exit >> >> Script done on Tue Mar 1 14:36:38 2005 >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Wed Mar 2 04:02:58 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:28:46 2006 Subject: OT - Clamav question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] IN the past i remember some one haviong a cool script/command that would show you stats on infections? I ahve a mailscanner machine on a PC that is suffering badly with heaps of viruses and i would love to know how to find out how many or what type of infections etc? TIA Pete ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From james_gray at ocs.com Wed Mar 2 04:20:17 2005 From: james_gray at ocs.com (James Gray) Date: Thu Jan 12 21:28:46 2006 Subject: OT - Clamav question Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Wed, 2 Mar 2005 03:02 pm, Peter Russell wrote: > IN the past i remember some one haviong a cool script/command that would > show you stats on infections? > > I ahve a mailscanner machine on a PC that is suffering badly with heaps > of viruses and i would love to know how to find out how many or what > type of infections etc? Are you thinking of the "vnames.pl" script which produces a bullet-list of viruses caught and a tally for each infection? http://web.csma.biz/apps/vnames.shtml HTH, James ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Wed Mar 2 08:23:56 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:28:46 2006 Subject: 4.39.5-1 - is sendmail locking broken again? Message-ID: With 4.39.5-1 I notice that jobs are being repeatedly re-scanned by MS again. This last happened with 4.35.11-1 back in December. It was fixed by updating to the latest RedHat AS/ES 3 kernel. I have not updated the kernel since I installed 4.38.9-1 which worked OK. I have RH AS 3 + Sendmail 8.12.11 + 4.39.5-1. Locking has been defaulting to "flock". Changing it to "posix" does not stop the re-scanning of the same messages. Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Wed Mar 2 08:43:07 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:28:46 2006 Subject: OT - Clamav question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] thanks - thats good, pity it emails instead of out to the screen. Anyone have any idea what the settings are for bitdefender? Pete James Gray wrote: > On Wed, 2 Mar 2005 03:02 pm, Peter Russell wrote: > >>IN the past i remember some one haviong a cool script/command that would >>show you stats on infections? >> >>I ahve a mailscanner machine on a PC that is suffering badly with heaps >>of viruses and i would love to know how to find out how many or what >>type of infections etc? > > > Are you thinking of the "vnames.pl" script which produces a bullet-list of > viruses caught and a tally for each infection? > > http://web.csma.biz/apps/vnames.shtml > > HTH, > > James > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Wed Mar 2 10:13:56 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:28:47 2006 Subject: 4.39.5-1 - is sendmail locking broken again? Message-ID: In addition to the locking problem I reported with 4.39.5 I also note that the MailScanner processes are becoming "defunct". There is no indication of a problem in the MailScanner log. However the "messages" file is repeatedly logging: Mar 2 10:06:49 cheviot7 root: Process did not exit cleanly, returned 25 with signal 0 Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." >-----Original Message----- >From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Quentin Campbell >Sent: 02 March 2005 08:24 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: 4.39.5-1 - is sendmail locking broken again? > >With 4.39.5-1 I notice that jobs are being repeatedly re-scanned by MS >again. This last happened with 4.35.11-1 back in December. It was fixed >by updating to the latest RedHat AS/ES 3 kernel. > >I have not updated the kernel since I installed 4.38.9-1 which worked >OK. > >I have RH AS 3 + Sendmail 8.12.11 + 4.39.5-1. > >Locking has been defaulting to "flock". Changing it to "posix" does not >stop the re-scanning of the same messages. > >Quentin >--- >PHONE: +44 191 222 8209 Information Systems and Services (ISS), > University of Newcastle, > Newcastle upon Tyne, >FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >--------------------------------------------------------------- >--------- >"Any opinion expressed above is mine. The University can get its own." > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Mar 2 11:08:25 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:47 2006 Subject: 4.39.5-1 - is sendmail locking broken again? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Switch into Debug mode and see what it says. Quentin Campbell wrote: >In addition to the locking problem I reported with 4.39.5 I also note >that the MailScanner processes are becoming "defunct". There is no >indication of a problem in the MailScanner log. > >However the "messages" file is repeatedly logging: > >Mar 2 10:06:49 cheviot7 root: Process did not exit cleanly, returned 25 >with signal 0 > > >Quentin >--- >PHONE: +44 191 222 8209 Information Systems and Services (ISS), > University of Newcastle, > Newcastle upon Tyne, >FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >------------------------------------------------------------------------ >"Any opinion expressed above is mine. The University can get its own." > > > >>-----Original Message----- >>From: MailScanner mailing list >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Quentin Campbell >>Sent: 02 March 2005 08:24 >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: 4.39.5-1 - is sendmail locking broken again? >> >>With 4.39.5-1 I notice that jobs are being repeatedly re-scanned by MS >>again. This last happened with 4.35.11-1 back in December. It was fixed >>by updating to the latest RedHat AS/ES 3 kernel. >> >>I have not updated the kernel since I installed 4.38.9-1 which worked >>OK. >> >>I have RH AS 3 + Sendmail 8.12.11 + 4.39.5-1. >> >>Locking has been defaulting to "flock". Changing it to "posix" does not >>stop the re-scanning of the same messages. >> >>Quentin >>--- >>PHONE: +44 191 222 8209 Information Systems and Services (ISS), >> University of Newcastle, >> Newcastle upon Tyne, >>FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >>--------------------------------------------------------------- >>--------- >>"Any opinion expressed above is mine. The University can get its own." >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> >> > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Wed Mar 2 11:19:03 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:28:47 2006 Subject: 4.39.5-1 - is sendmail locking broken again? Message-ID: J >-----Original Message----- >From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >Sent: 02 March 2005 11:08 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: 4.39.5-1 - is sendmail locking broken again? > >Switch into Debug mode and see what it says. > [snip] Julian You won't believe this but I am seeing the same problem that you fixed yesterday and incorporated into 4.39.5! I have checked Message.pm to make sure the fix is there. I am debugging MailScanner with just one job in the queue. It is not the same one (with the broken zip file) that I tested 4.39.5 with late yesterday before putting it into production. I am seeing in Debug mode: [root@cheviot7 mqueue.in]# check_mailscanner Starting MailScanner... In Debugging mode, not forking... SA bayes lock is /root/.spamassassin/bayes.lock Bayes lock is at /root/.spamassassin/bayes.lock Can't call method "print" on an undefined value at /usr/lib/perl5/site_perl/5.8.0/MIME/Entity.pm line 1803. [root@cheviot7 mqueue.in]# Quentin ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rakesh at NETCORE.CO.IN Wed Mar 2 11:15:13 2005 From: rakesh at NETCORE.CO.IN (Rakesh) Date: Thu Jan 12 21:28:47 2006 Subject: shipment time for the MailScanner book Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi guys, has any one bought the MailScanner in US, how many days it takes to ship over there. I am pretty confused whether I should ask for shipment in India or in US. Can anybody give me an approximate time frame. I need it shipped in 3 weeks, will I get the delivery in US in that duration. -- Regards, Rakesh B. Pal Emergic CleanMail Team. Netcore Solutions Pvt. Ltd. ======================================================================== It doesn't matter who you are, it's what you do that takes you far ======================================================================== ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Mar 2 11:33:29 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:47 2006 Subject: 4.39.5-1 - is sendmail locking broken again? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] In which case please send me the message, together with a list of exactly what configuration changes you have made from the default installation. Quentin Campbell wrote: >J > > >>-----Original Message----- >>From: MailScanner mailing list >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>Sent: 02 March 2005 11:08 >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: 4.39.5-1 - is sendmail locking broken again? >> >>Switch into Debug mode and see what it says. >> >> >> >[snip] > >Julian > >You won't believe this but I am seeing the same problem that you fixed >yesterday and incorporated into 4.39.5! I have checked Message.pm to >make sure the fix is there. > >I am debugging MailScanner with just one job in the queue. It is not the >same one (with the broken zip file) that I tested 4.39.5 with late >yesterday before putting it into production. > >I am seeing in Debug mode: > >[root@cheviot7 mqueue.in]# check_mailscanner >Starting MailScanner... >In Debugging mode, not forking... >SA bayes lock is /root/.spamassassin/bayes.lock >Bayes lock is at /root/.spamassassin/bayes.lock >Can't call method "print" on an undefined value at >/usr/lib/perl5/site_perl/5.8.0/MIME/Entity.pm line 1803. >[root@cheviot7 mqueue.in]# > >Quentin > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From adrik at SALESMANAGER.NL Wed Mar 2 11:31:46 2005 From: adrik at SALESMANAGER.NL (Adri Koppes) Date: Thu Jan 12 21:28:47 2006 Subject: Maybe OT: lame server resolving 'x.x.x.x.ipwhois.rfc-ignorant .org' Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] As far as I can check (see /usr/share/spamassassin/20_dnsbl_tests.cf and /usr/share/spamassassin/50_scores.cf) this has already been disabled in SA 3.01 and up. Adri. > -----Original Message----- > From: Julian Field [mailto:MailScanner@ECS.SOTON.AC.UK] > Sent: 01 March, 2005 18:21 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Maybe OT: lame server resolving > 'x.x.x.x.ipwhois.rfc-ignorant.org' > > > Michele Neylon :: Blacknight Solutions wrote: > > >>>>RCVD_IN_RFCI 0.0 > >>>> > >>>> > >>>> > >>>You need to define it first or it will break :) > >>> > >>> > >>> > >>What do you mean define it first? > >> > >> > >> > >If you want to refer to a DNS check in > spam.assassin.prefs.conf it needs to > >be defined in spam.lists.conf otherwise linting the rules > will fail :) > > > > > No it doesn't. The DNS checks done by SpamAssassin are totally > independent of spam.lists.conf. In SpamAssassin 3 this rule has been > renamed and you now need > > # JKF 01/03/2005 - rfcignorant list is dead > score RCVD_IN_RFC_IPWHOIS 0 > > in spam.assassin.prefs.conf. > > You will need to restart MailScanner after making this change. > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Mar 2 11:32:41 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:47 2006 Subject: shipment time for the MailScanner book Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Do you mean the book? It should take about 5 days in the US (theoretically) and 2 to 3 weeks worldwide. P.S. Like your sig, it's more true than most people realise :-) Rakesh wrote: > Hi guys, > > has any one bought the MailScanner in US, how many days it takes to ship > over there. I am pretty confused whether I should ask for shipment in > India or in US. Can anybody give me an approximate time frame. I need it > shipped in 3 weeks, will I get the delivery in US in that duration. > > -- > Regards, > Rakesh B. Pal > Emergic CleanMail Team. > Netcore Solutions Pvt. Ltd. > > ======================================================================== > It doesn't matter who you are, it's what you do that takes you far > ======================================================================== -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Mar 2 11:38:42 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:47 2006 Subject: 4.39.5-1 - is sendmail locking broken again? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Please apply these 2 patches: -----SNIP----- --- Message.pm.old 2005-03-01 09:01:52.000000000 +0000 +++ Message.pm 2005-03-02 11:36:01.000000000 +0000 @@ -840,6 +840,8 @@ 'X-Mailer' => undef, Data => \@original)); + # Prune all the dead branches off the tree + PruneEntityTree($bounce); # Stringify the message and send it -- this could be VERY large! my $bouncetext = $bounce->stringify; #print STDERR "Spam bounce message is this:\n$bouncetext"; -----SNIP----- -----SNIP----- --- MCPMessage.pm.old 2005-01-27 11:39:46.000000000 +0000 +++ MCPMessage.pm 2005-03-02 11:36:24.000000000 +0000 @@ -545,6 +545,8 @@ Data => \@original)); # Stringify the message and send it -- this could be VERY large! + # Prune all the dead branches off the tree + PruneEntityTree($bounce); my $bouncetext = $bounce->stringify; #print STDERR "Spam bounce message is this:\n$bouncetext"; if ($bouncetext) { -----SNIP----- Let me know if these help. Quentin Campbell wrote: >J > > >>-----Original Message----- >>From: MailScanner mailing list >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>Sent: 02 March 2005 11:08 >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: 4.39.5-1 - is sendmail locking broken again? >> >>Switch into Debug mode and see what it says. >> >> >> >[snip] > >Julian > >You won't believe this but I am seeing the same problem that you fixed >yesterday and incorporated into 4.39.5! I have checked Message.pm to >make sure the fix is there. > >I am debugging MailScanner with just one job in the queue. It is not the >same one (with the broken zip file) that I tested 4.39.5 with late >yesterday before putting it into production. > >I am seeing in Debug mode: > >[root@cheviot7 mqueue.in]# check_mailscanner >Starting MailScanner... >In Debugging mode, not forking... >SA bayes lock is /root/.spamassassin/bayes.lock >Bayes lock is at /root/.spamassassin/bayes.lock >Can't call method "print" on an undefined value at >/usr/lib/perl5/site_perl/5.8.0/MIME/Entity.pm line 1803. >[root@cheviot7 mqueue.in]# > >Quentin > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Wed Mar 2 11:33:11 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:28:47 2006 Subject: shipment time for the MailScanner book Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I received it in Brazil in less than 3 weeks... I imagine in US the deliver is much faster than that... ----- Original Message ----- From: "Rakesh" To: Sent: Wednesday, March 02, 2005 8:15 AM Subject: shipment time for the MailScanner book > Hi guys, > > has any one bought the MailScanner in US, how many days it takes to ship > over there. I am pretty confused whether I should ask for shipment in > India or in US. Can anybody give me an approximate time frame. I need it > shipped in 3 weeks, will I get the delivery in US in that duration. > > -- > Regards, > Rakesh B. Pal > Emergic CleanMail Team. > Netcore Solutions Pvt. Ltd. > > ======================================================================== > It doesn't matter who you are, it's what you do that takes you far > ======================================================================== > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Wed Mar 2 12:06:44 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:28:47 2006 Subject: 4.39.5-1 - is sendmail locking broken again? Message-ID: >-----Original Message----- >From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >Sent: 02 March 2005 11:33 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: 4.39.5-1 - is sendmail locking broken again? > >In which case please send me the message, together with a list of >exactly what configuration changes you have made from the default >installation. > [snip] Julian The same configuration change as before is causing the problem. It is the default "deliver attachment" action in %rules-dir%/Spam_Actions.rules. If I just make that action "deliver" then 4.39.5 works OK. The message's qf/df files that will repeat the problem can be found at ftp://unix.ncl.ac.uk/pub/users/nqgc. They are the ones with QID j21Kcajg023214. This message is both spam and carries a virus so in that regard it is similar to the previous message that caused problems with 4.39.4. Quentin ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Mar 2 12:12:59 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:47 2006 Subject: 4.39.5-1 - is sendmail locking broken again? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Quentin Campbell wrote: >>-----Original Message----- >>From: MailScanner mailing list >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>Sent: 02 March 2005 11:33 >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: 4.39.5-1 - is sendmail locking broken again? >> >>In which case please send me the message, together with a list of >>exactly what configuration changes you have made from the default >>installation. >> >> >> >[snip] > >Julian > >The same configuration change as before is causing the problem. It is >the default "deliver attachment" action in >%rules-dir%/Spam_Actions.rules. > >If I just make that action "deliver" then 4.39.5 works OK. > >The message's qf/df files that will repeat the problem can be found at >ftp://unix.ncl.ac.uk/pub/users/nqgc. They are the ones with QID >j21Kcajg023214. > >This message is both spam and carries a virus so in that regard it is >similar to the previous message that caused problems with 4.39.4. > > Did my patches help? -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Wed Mar 2 12:15:04 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:28:47 2006 Subject: 4.39.5-1 - is sendmail locking broken again? Message-ID: [snip] >Did my patches help? Julian Am about to try them. Quentin ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Mar 2 12:24:15 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:47 2006 Subject: 4.39.5-1 - is sendmail locking broken again? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Oh, and with "deliver attachment" I can't reproduce the problem :-( Quentin Campbell wrote: >[snip] > > >>Did my patches help? >> >> > >Julian > >Am about to try them. > > > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Wed Mar 2 12:42:49 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:28:47 2006 Subject: 4.39.5-1 - is sendmail locking broken again? Message-ID: >-----Original Message----- >From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >Sent: 02 March 2005 12:24 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: 4.39.5-1 - is sendmail locking broken again? > >Oh, and with "deliver attachment" I can't reproduce the problem :-( > [snip] Julian The patches to Message.pm and MCPMessage.pm make no difference. Quentin ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Wed Mar 2 13:23:56 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:28:47 2006 Subject: Beta release 4.39.4 Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Martin Hepworth > Sent: Tuesday, March 01, 2005 4:12 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Beta release 4.39.4 > > > Does it do rar extraction by default???? Looking at the docs I'm not > sure it does. > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > It's important to note that ClamAV only supports RAR v2, so the answer is: Uncomment the ScanRar line in the config file but pass the --unrar[=FULLPATH] option (and of course have the latest unrar) if you really want to handle rar files because v2 is quite old and not likely to be used much anymore. If you are using clamavmodule then you cannot use the external unrar (which is why I patch my MS versions with specific unrar code/function every release). Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From adrik at SALESMANAGER.NL Wed Mar 2 13:28:59 2005 From: adrik at SALESMANAGER.NL (Adri Koppes) Date: Thu Jan 12 21:28:47 2006 Subject: Beta release 4.39.4 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rick, Have you send you patches of to Julian?? There might be more people interested to have unrar functionality in MailScanner. Adri. > -----Original Message----- > From: Rick Cooper [mailto:rcooper@DWFORD.COM] > Sent: 02 March, 2005 14:24 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Beta release 4.39.4 > > > > -----Original Message----- > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > > Behalf Of Martin Hepworth > > Sent: Tuesday, March 01, 2005 4:12 AM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: Beta release 4.39.4 > > > > > > Does it do rar extraction by default???? Looking at the docs I'm not > > sure it does. > > > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > It's important to note that ClamAV only supports RAR v2, so > the answer is: > > Uncomment the ScanRar line in the config file > > but pass the --unrar[=FULLPATH] option (and of course have > the latest unrar) > if you really want to handle rar files because v2 is quite old and not > likely to be used much anymore. If you are using clamavmodule then you > cannot use the external unrar (which is why I patch my MS > versions with > specific unrar code/function every release). > > Rick > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Wed Mar 2 14:02:53 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:28:47 2006 Subject: Beta release 4.39.4 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Adri Koppes > Sent: Wednesday, March 02, 2005 8:29 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Beta release 4.39.4 > > > Rick, > > Have you send you patches of to Julian?? > There might be more people interested to have unrar functionality in > MailScanner. > > Adri. > Yes, I sent several last year (you will see part of the Unrar code commented out in Message.pm) and he used a few but did not use (I sent five or six): Logging the actual recipient(s) in the log (standard does host only), as well as the subject in a fairly easy to parse format, all the new stuff is placed at the end of the standard log line. UnpackRar code that function does the same as the UnPackZip function does. Is used if unrar is somewhere on your path, skipped if it is not. This also allows the filename/type checks to work the same as with zip files Code to handle archives with duplicate file names as the archive (nested also). I am not sure if Julian ever worked this out himself or not, I never saw mention of it again after I pointed out the MS would skip this condition. For instance if an attachment File.Zip contains a file named File.Zip MS will skip it and not unpack it (because it thinks it already did). My work around is not elegant (I prepend a time stamp to the file name). The problem with this approach is it would break some file name checks, if they are very specific, but it gets the file checked at least. I also wrote a patch that allows you to have different file name/type rules/rulesets for files contained within archives as opposed to just disabling unpacking and checking archives if you need to pass certain files in archives that you do not pass raw. I can understand why he skipped the logging thing, it changes the entire format of the spam logging line, but with that information I can send myself reports of what was tagged as spam that include the sender, recipients, scoring information and subject, and ninety out of a hundred times I don't have to bother looking at the message to determine if it truly is spam or not. I also know he is not in favor of having two sets of file name/type rules, one for raw and one for archives, because he fears it would be to complicated for some admins... So I understand that one. I can understand the code to handle file names that are duplicated within an archive (the file name/type checks) but it seems a big hole in security to me. I never heard why he didn't use the Unpack Rar code, and I never understood why it wasn't used. So I just make new patches every time a new release comes out, I apply them and propagate the patched version to all my mail servers. Kind of sucks when there are a lot of major changes though. I wish they were all in there so I didn't have to mess with it, but I think Julian has pretty good vision so I am sure there is a good reason why they didn't "make the cut", perhaps they are just to specific to my needs/wants Rick > > -----Original Message----- > > From: Rick Cooper [mailto:rcooper@DWFORD.COM] > > Sent: 02 March, 2005 14:24 > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: Beta release 4.39.4 > > > > > > > -----Original Message----- > > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > > > Behalf Of Martin Hepworth > > > Sent: Tuesday, March 01, 2005 4:12 AM > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > Subject: Re: Beta release 4.39.4 > > > > > > > > > Does it do rar extraction by default???? Looking at the docs I'm not > > > sure it does. > > > > > > > > > -- > > > Martin Hepworth > > > Snr Systems Administrator > > > Solid State Logic > > > Tel: +44 (0)1865 842300 > > > > > > > It's important to note that ClamAV only supports RAR v2, so > > the answer is: > > > > Uncomment the ScanRar line in the config file > > > > but pass the --unrar[=FULLPATH] option (and of course have > > the latest unrar) > > if you really want to handle rar files because v2 is quite old and not > > likely to be used much anymore. If you are using clamavmodule then you > > cannot use the external unrar (which is why I patch my MS > > versions with > > specific unrar code/function every release). > > > > Rick > > > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Mar 2 14:14:37 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:47 2006 Subject: 4.39.5-1 - is sendmail locking broken again? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Found and fixed. My recursion code was utter rubbish :-) Please apply the attached patch to Message.pm. Quentin Campbell wrote: >>-----Original Message----- >>From: MailScanner mailing list >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>Sent: 02 March 2005 12:24 >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: 4.39.5-1 - is sendmail locking broken again? >> >>Oh, and with "deliver attachment" I can't reproduce the problem :-( >> >> >> >[snip] > >Julian > >The patches to Message.pm and MCPMessage.pm make no difference. > >Quentin > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/X-GZIP 1.5KB. ] [ Unable to print this part. ] From MailScanner at ecs.soton.ac.uk Wed Mar 2 14:18:04 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:47 2006 Subject: Beta release 4.39.4 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I always try to at least reply, but good ideas do get lost sometimes. The unrar code would require another timeout wrapper round it, which I would have to copy from elsewhere, so it isn't trivial. I can't remember if I came up with a solution to the duplicated filenames problem or not, it was quite a long time ago. Rick Cooper wrote: >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >>Behalf Of Adri Koppes >>Sent: Wednesday, March 02, 2005 8:29 AM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: Beta release 4.39.4 >> >> >>Rick, >> >>Have you send you patches of to Julian?? >>There might be more people interested to have unrar functionality in >>MailScanner. >> >>Adri. >> >> >> > >Yes, I sent several last year (you will see part of the Unrar code commented >out in Message.pm) and he used a few but did not use (I sent five or six): > > Logging the actual recipient(s) in the log (standard does host only), as >well as the subject in a fairly easy > to parse format, all the new stuff is placed at the end of the standard log >line. > > UnpackRar code that function does the same as the UnPackZip function does. >Is used if unrar is > somewhere on your path, skipped if it is not. This also allows the >filename/type checks to work > the same as with zip files > > Code to handle archives with duplicate file names as the archive (nested >also). I am not sure if Julian > ever worked this out himself or not, I never saw mention of it again after >I pointed out the MS would > skip this condition. For instance if an attachment File.Zip contains a file >named File.Zip MS will skip > it and not unpack it (because it thinks it already did). My work around is >not elegant > (I prepend a time stamp to the file name). The problem with this approach >is it would break some file > name checks, if they are very specific, but it gets the file checked at >least. > >I also wrote a patch that allows you to have different file name/type >rules/rulesets for files contained within archives as opposed to just >disabling unpacking and checking archives if you need to pass certain files >in archives that you do not pass raw. > >I can understand why he skipped the logging thing, it changes the entire >format of the spam logging line, but with that information I can send myself >reports of what was tagged as spam that include the sender, recipients, >scoring information and subject, and ninety out of a hundred times I don't >have to bother looking at the message to determine if it truly is spam or >not. > >I also know he is not in favor of having two sets of file name/type rules, >one for raw and one for archives, because he fears it would be to >complicated for some admins... So I understand that one. > >I can understand the code to handle file names that are duplicated within an >archive (the file name/type checks) but it seems a big hole in security to >me. > >I never heard why he didn't use the Unpack Rar code, and I never understood >why it wasn't used. > >So I just make new patches every time a new release comes out, I apply them >and propagate the patched version to all my mail servers. Kind of sucks when >there are a lot of major changes though. I wish they were all in there so I >didn't have to mess with it, but I think Julian has pretty good vision so I >am sure there is a good reason why they didn't "make the cut", perhaps they >are just to specific to my needs/wants > >Rick > > > >>>-----Original Message----- >>>From: Rick Cooper [mailto:rcooper@DWFORD.COM] >>>Sent: 02 March, 2005 14:24 >>>To: MAILSCANNER@JISCMAIL.AC.UK >>>Subject: Re: Beta release 4.39.4 >>> >>> >>> >>> >>>>-----Original Message----- >>>>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >>>>Behalf Of Martin Hepworth >>>>Sent: Tuesday, March 01, 2005 4:12 AM >>>>To: MAILSCANNER@JISCMAIL.AC.UK >>>>Subject: Re: Beta release 4.39.4 >>>> >>>> >>>>Does it do rar extraction by default???? Looking at the docs I'm not >>>>sure it does. >>>> >>>> >>>>-- >>>>Martin Hepworth >>>>Snr Systems Administrator >>>>Solid State Logic >>>>Tel: +44 (0)1865 842300 >>>> >>>> >>>> >>>It's important to note that ClamAV only supports RAR v2, so >>>the answer is: >>> >>> Uncomment the ScanRar line in the config file >>> >>>but pass the --unrar[=FULLPATH] option (and of course have >>>the latest unrar) >>>if you really want to handle rar files because v2 is quite old and not >>>likely to be used much anymore. If you are using clamavmodule then you >>>cannot use the external unrar (which is why I patch my MS >>>versions with >>>specific unrar code/function every release). >>> >>>Rick >>> >>> >>>-- >>>This message has been scanned for viruses and >>>dangerous content by MailScanner, and is >>>believed to be clean. >>> >>>------------------------ MailScanner list ------------------------ >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>'leave mailscanner' in the body of the email. >>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>Support MailScanner development - buy the book off the website! >>> >>> >>> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >>-- >>This message has been scanned for viruses and >>dangerous content by MailScanner, and is >>believed to be clean. >> >> >> >> >> > > >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Wed Mar 2 14:23:42 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:28:47 2006 Subject: Deny Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Seems a dumb question, but how do I make a rule to deny files with the names: price8.zip price2.zip price.zip price*\.zip$ is not working. What is the correct sintax? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From adrik at SALESMANAGER.NL Wed Mar 2 14:25:04 2005 From: adrik at SALESMANAGER.NL (Adri Koppes) Date: Thu Jan 12 21:28:47 2006 Subject: Beta release 4.39.4 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian, If you have time, it would be nice to integrate the UnpackRar functions. I get quite a few rar files as attachments and can't automatically scan them for executable content, bad file types etc. My current solution is far from elegant. I just block the .rar extension. I never found out why it wouldn't block on filetype, eventhough I have added the type to filetype.rules.conf as: deny RAR No RAR Archives No RAR Archives allowed The blocked messages+attachtments are then quarantined and I can manually check before relasing them to the user, if he requests them. Best regards, Adri. > -----Original Message----- > From: Julian Field [mailto:MailScanner@ECS.SOTON.AC.UK] > Sent: 02 March, 2005 15:18 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Beta release 4.39.4 > > > I always try to at least reply, but good ideas do get lost sometimes. > The unrar code would require another timeout wrapper round it, which I > would have to copy from elsewhere, so it isn't trivial. > I can't remember if I came up with a solution to the duplicated > filenames problem or not, it was quite a long time ago. > > Rick Cooper wrote: > > >>-----Original Message----- > >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > >>Behalf Of Adri Koppes > >>Sent: Wednesday, March 02, 2005 8:29 AM > >>To: MAILSCANNER@JISCMAIL.AC.UK > >>Subject: Re: Beta release 4.39.4 > >> > >> > >>Rick, > >> > >>Have you send you patches of to Julian?? > >>There might be more people interested to have unrar functionality in > >>MailScanner. > >> > >>Adri. > >> > >> > >> > > > >Yes, I sent several last year (you will see part of the > Unrar code commented > >out in Message.pm) and he used a few but did not use (I sent > five or six): > > > > Logging the actual recipient(s) in the log (standard > does host only), as > >well as the subject in a fairly easy > > to parse format, all the new stuff is placed at the > end of the standard log > >line. > > > > UnpackRar code that function does the same as the > UnPackZip function does. > >Is used if unrar is > > somewhere on your path, skipped if it is not. This > also allows the > >filename/type checks to work > > the same as with zip files > > > > Code to handle archives with duplicate file names as > the archive (nested > >also). I am not sure if Julian > > ever worked this out himself or not, I never saw > mention of it again after > >I pointed out the MS would > > skip this condition. For instance if an attachment > File.Zip contains a file > >named File.Zip MS will skip > > it and not unpack it (because it thinks it already > did). My work around is > >not elegant > > (I prepend a time stamp to the file name). The > problem with this approach > >is it would break some file > > name checks, if they are very specific, but it gets > the file checked at > >least. > > > >I also wrote a patch that allows you to have different file name/type > >rules/rulesets for files contained within archives as opposed to just > >disabling unpacking and checking archives if you need to > pass certain files > >in archives that you do not pass raw. > > > >I can understand why he skipped the logging thing, it > changes the entire > >format of the spam logging line, but with that information I > can send myself > >reports of what was tagged as spam that include the sender, > recipients, > >scoring information and subject, and ninety out of a hundred > times I don't > >have to bother looking at the message to determine if it > truly is spam or > >not. > > > >I also know he is not in favor of having two sets of file > name/type rules, > >one for raw and one for archives, because he fears it would be to > >complicated for some admins... So I understand that one. > > > >I can understand the code to handle file names that are > duplicated within an > >archive (the file name/type checks) but it seems a big hole > in security to > >me. > > > >I never heard why he didn't use the Unpack Rar code, and I > never understood > >why it wasn't used. > > > >So I just make new patches every time a new release comes > out, I apply them > >and propagate the patched version to all my mail servers. > Kind of sucks when > >there are a lot of major changes though. I wish they were > all in there so I > >didn't have to mess with it, but I think Julian has pretty > good vision so I > >am sure there is a good reason why they didn't "make the > cut", perhaps they > >are just to specific to my needs/wants > > > >Rick > > > > > > > >>>-----Original Message----- > >>>From: Rick Cooper [mailto:rcooper@DWFORD.COM] > >>>Sent: 02 March, 2005 14:24 > >>>To: MAILSCANNER@JISCMAIL.AC.UK > >>>Subject: Re: Beta release 4.39.4 > >>> > >>> > >>> > >>> > >>>>-----Original Message----- > >>>>From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > >>>>Behalf Of Martin Hepworth > >>>>Sent: Tuesday, March 01, 2005 4:12 AM > >>>>To: MAILSCANNER@JISCMAIL.AC.UK > >>>>Subject: Re: Beta release 4.39.4 > >>>> > >>>> > >>>>Does it do rar extraction by default???? Looking at the > docs I'm not > >>>>sure it does. > >>>> > >>>> > >>>>-- > >>>>Martin Hepworth > >>>>Snr Systems Administrator > >>>>Solid State Logic > >>>>Tel: +44 (0)1865 842300 > >>>> > >>>> > >>>> > >>>It's important to note that ClamAV only supports RAR v2, so > >>>the answer is: > >>> > >>> Uncomment the ScanRar line in the config file > >>> > >>>but pass the --unrar[=FULLPATH] option (and of course have > >>>the latest unrar) > >>>if you really want to handle rar files because v2 is quite > old and not > >>>likely to be used much anymore. If you are using > clamavmodule then you > >>>cannot use the external unrar (which is why I patch my MS > >>>versions with > >>>specific unrar code/function every release). > >>> > >>>Rick > >>> > >>> > >>>-- > >>>This message has been scanned for viruses and > >>>dangerous content by MailScanner, and is > >>>believed to be clean. > >>> > >>>------------------------ MailScanner list ------------------------ > >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>>'leave mailscanner' in the body of the email. > >>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >>> > >>>Support MailScanner development - buy the book off the website! > >>> > >>> > >>> > >>------------------------ MailScanner list ------------------------ > >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>'leave mailscanner' in the body of the email. > >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> > >>Support MailScanner development - buy the book off the website! > >> > >>-- > >>This message has been scanned for viruses and > >>dangerous content by MailScanner, and is > >>believed to be clean. > >> > >> > >> > >> > >> > > > > > >-- > >This message has been scanned for viruses and > >dangerous content by MailScanner, and is > >believed to be clean. > > > >------------------------ MailScanner list ------------------------ > >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >'leave mailscanner' in the body of the email. > >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > >Support MailScanner development - buy the book off the website! > > > > > > > > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Mar 2 14:29:22 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:47 2006 Subject: MailScanner ANNOUNCE: New commercial product SMGateway Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] We are pleased to announce SMGateway, the first Secure Mail Gateway product from Fortress Systems Ltd. SMGateway is based on MailScanner, the world's most widely used e-mail gateway application. SMGateway employs MailScanner in conjunction with SpamAssassin, ClamAV and your choice of additional commercial virus scanners to provide the most effective, easy to use, anti-spam and anti-virus solution available. Fortress SMGateway has all of the functionality provided by MailScanner and SpamAssassin plus extensions and enhancements to provide a simple web based interface for users and administrators. These added features allow administrators to more easily install, control and configure e-mail gateway operations while allowing users and administrators to set their own spam preferences. SMGateway provides a web based administrative interface which allows administrators to easily: . Configure MailScanner including rule sets . Configure e-mail forwarding to any type of Mailhub . Setup multiple domains forwarding to different mailhubs . Roll-back to previous configurations . Easily backup configurations . Validate user on mailhub before acceptance of e-mail on gateway . Configure allowed file names and file types for attachments The Web based interface also allows the site administrator, domain administrators and individual users to easily set their own spam preferences, and administer white and black lists. Authentication to the web interface is provided for three levels of users: . Site administrators are allowed to set and change any configuration data for the entire site. . Domain administrators are allowed to set and change spam preferences, white and black lists for their specific domains. . Users are able to set their own spam preferences, white and black lists. The user's logon to the user web interface for setting individual or site preferences is automatically authenticated against their Microsoft Active Directory or any POP or IMAP mailhub. There is no need to setup or administer user accounts or logins on the gateway. SMGateway includes MailWatch for MailScanner, a real-time console for MailScanner. MailWatch provides a web based interface for: . Individual Message tracking . Release of messages from quarantine . Feeding ham (not-spam) and spam to the Bayesian filter . E-mail and Spam reporting and statistics . Real time message queuing statistics. SMGateway automatically installs and configures additional applications to help identify spam and viruses: . ClamAV is a highly regarded Open Source Virus Scanner . DCC (Distributed Checksum Clearinghouse) is a System of clients and servers that collect and count checksums of e-mail messages in order to detect spam . Pyzor is a collaborative, networked system to detect and block spam using identifying digests of messages . Razor2 is a distributed, collaborative, spam detection and filtering Network SMGateway supports the simultaneous use of multiple virus scanners including: . AntiVir . AVG . BitDefender . ClamAV . Command . CSS . DrWeb . eTrust . F-Prot . F-Secure . Inoculan . Inoculate . Kaspersky . McAfee . Nod32 . Norman . Panda . Sophos . SYMSymscan . Trend . Vexira SMGateway is currently supported only on a clean minimal installation of Red Hat 3 (ES or AS). Support for Red Hat 4 and CentOS 4 will be available shortly. The installation of MailScanner and all related applications takes approximately 5 minutes. Configuration for most common setups should take less than one hour. Known Limitations in this version include: . Web configuration of per domain and per user allowed filenames and filetypes is not possible from the GUI. . Release from quarantine using the MailWatch interface is only allowed for the site administrator. Pricing and Support SMGateway is available for download from our web site at no charge. Fortress systems does provide and charge for support and updates. To maintain a reliable business e-mail system, we strongly advise you purchase SMGateway in conjunction with a support package: Package 1: Web support; 12 hour response SLA and 1 year of updates US $849.00 Package 2: 5 x 8 Phone Support, 4 hr response SLA and 1 year of updates US $1,648.00 Package 3: 7 x 24 Phone Support, 4 hr response SLA and 1 year of updates US $2,547.00 Rapid and high quality support is vital in any modern business system. We provide a range of support packages at standard prices. Please do not hesitate to contact us if you require a support contract that is not listed here. To ensure we can give all customers who purchase support a very high quality of service, we are restricting the number of support packages that we sell. Support packages will be sold starting next Monday, March 7, on a "first come, first served" basis, and we will limit sales to avoid compromising our ability to provide high quality services. Please visit our web site for additional information on SMGateway: http://www.fsl.com/products/SMGateway_release.html To download please visit: http://www.fsl.com/company/register.php For detailed information on features and operations, please download the manual: http://www.fsl.com/support/Fortress-SMGateway-manual.pdf For information on a soon to be released appliance that utilizes a custom version of SMGateway, please visit: http://www.optimati.com We hope you will find our efforts to be of value to you and your organization. -- Julian Field and Stephen Swaney Chief Technology Officer and Chief Operating Officer Fortress Systems Ltd www.FSL.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Mar 2 14:31:39 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:47 2006 Subject: Deny Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] price[28]?\.zip$ Roger Jochem wrote: > Seems a dumb question, but how do I make a rule to deny files with the > names: > > price8.zip > price2.zip > price.zip > > price*\.zip$ is not working. What is the correct sintax? > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Wed Mar 2 14:34:26 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:28:47 2006 Subject: Deny Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks! ----- Original Message ----- From: "Julian Field" To: Sent: Wednesday, March 02, 2005 11:31 AM Subject: Re: Deny > price[28]?\.zip$ > > Roger Jochem wrote: > > Seems a dumb question, but how do I make a rule to deny files with the > > names: > > > > price8.zip > > price2.zip > > price.zip > > > > price*\.zip$ is not working. What is the correct sintax? > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From davidb at UNIQUEPHOTO.COM Wed Mar 2 14:37:24 2005 From: davidb at UNIQUEPHOTO.COM (David Ballengee) Date: Thu Jan 12 21:28:47 2006 Subject: Is it time to upgrade? Message-ID: I am running MailScanner version 4.36.4. What are the major benfits from updating to the lastest version 4.39.5? Thanks -- David Ballengee IT Supervisor Unique Photo (973)377-5555x259 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Mar 2 14:45:25 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:47 2006 Subject: Is it time to upgrade? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Read the Change Log at www.sng.ecs.soton.ac.uk/mailscanner/ChangeLog and see if any of it sounds useful to you. David Ballengee wrote: > I am running MailScanner version 4.36.4. > > What are the major benfits from updating to the lastest version 4.39.5? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From john at MINTRA.COM Wed Mar 2 14:47:10 2005 From: john at MINTRA.COM (John Adams) Date: Thu Jan 12 21:28:47 2006 Subject: Mail vanishes after hitting first MTA Message-ID: Thankyou for your response We have been missleading in our original post. We thought that the mails were not entering the mailscanner system as they were not showing in the mailwatch interface, on a search for recipient. However hey do actually appear if we search for sender. So if the mailscanner has successfully processed the mail and said it is clean. Indeed it does appear to be an MTA issue. We have looked at this and it seems that sendmail is set by default to. block unresolvable domains block unqualified senders So what happens is the mail get forwareded to the o2 mail server and the user reads it. The cc and other copy get dropped by the MTA without notification. This is because the the domains are not resolvable as they are in United Arab Emerates or Brasil, through timeous. We will make sendmail so that it does not block unresolvable and unqualified and hope that all the mailscanner will have remove unwanted stuff. I hope this works and has now undesirable effects. Fedora Core 1 Sendmail 8.12.10 Mailscanner 4.38.10-1 Spamassasin 2.63 Mailwatch 0.5.1 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dmaluski at n1ety.com Wed Mar 2 15:24:01 2005 From: dmaluski at n1ety.com (Dean Maluski) Date: Thu Jan 12 21:28:47 2006 Subject: Mysql Logging Message-ID: Tried setting up mysql logging based on maq. I'm not seeing any errors in logfile but I'm not getting updates in mysql mailscanner table after restarting mailscanner. Sorry for newbie question, I ordered the book a half hour ago. I did read entire contents of mysql FAQ and used both methods. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Wed Mar 2 15:52:47 2005 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:28:47 2006 Subject: MailScanner ANNOUNCE: New commercial product SMGateway Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian, You know that we are all going to try install it on "other" os platforms ;-) Lance Julian Field wrote: > We are pleased to announce SMGateway, the first Secure Mail Gateway > product from Fortress Systems Ltd. > > SMGateway is based on MailScanner, the world's most widely used e-mail > gateway application. SMGateway employs MailScanner in conjunction with > SpamAssassin, ClamAV and your choice of additional commercial virus > scanners to provide the most effective, easy to use, anti-spam and > anti-virus solution available. > > Fortress SMGateway has all of the functionality provided by MailScanner > and SpamAssassin plus extensions and enhancements to provide a simple > web based interface for users and administrators. These added features > allow administrators to more easily install, control and configure > e-mail gateway operations while allowing users and administrators to set > their own spam preferences. > > SMGateway provides a web based administrative interface which allows > administrators to easily: > > .. Configure MailScanner including rule sets > .. Configure e-mail forwarding to any type of Mailhub > .. Setup multiple domains forwarding to different mailhubs > .. Roll-back to previous configurations > .. Easily backup configurations > .. Validate user on mailhub before acceptance of e-mail on gateway > .. Configure allowed file names and file types for attachments > > The Web based interface also allows the site administrator, domain > administrators and individual users to easily set their own spam > preferences, and administer white and black lists. > > Authentication to the web interface is provided for three levels of > users: > > .. Site administrators are allowed to set and change any configuration > data for the entire site. > > .. Domain administrators are allowed to set and change spam preferences, > white and black lists for their specific domains. > > .. Users are able to set their own spam preferences, white and black > lists. > > The user's logon to the user web interface for setting individual or > site preferences is automatically authenticated against their Microsoft > Active Directory or any POP or IMAP mailhub. There is no need to setup > or administer user accounts or logins on the gateway. > > SMGateway includes MailWatch for MailScanner, a real-time console for > MailScanner. MailWatch provides a web based interface for: > > .. Individual Message tracking > .. Release of messages from quarantine > .. Feeding ham (not-spam) and spam to the Bayesian filter > .. E-mail and Spam reporting and statistics > .. Real time message queuing statistics. > > SMGateway automatically installs and configures additional applications > to help identify spam and viruses: > > .. ClamAV is a highly regarded Open Source Virus Scanner > > .. DCC (Distributed Checksum Clearinghouse) is a System of clients and > servers that collect and count checksums of e-mail messages in order to > detect spam > > .. Pyzor is a collaborative, networked system to detect and block spam > using identifying digests of messages > > .. Razor2 is a distributed, collaborative, spam detection and filtering > Network > > SMGateway supports the simultaneous use of multiple virus scanners > including: > > .. AntiVir > .. AVG > .. BitDefender > .. ClamAV > .. Command > .. CSS > .. DrWeb > .. eTrust > .. F-Prot > .. F-Secure > .. Inoculan > .. Inoculate > .. Kaspersky > .. McAfee > .. Nod32 > .. Norman > .. Panda > .. Sophos > .. SYMSymscan > .. Trend > .. Vexira > > SMGateway is currently supported only on a clean minimal installation of > Red Hat 3 (ES or AS). Support for Red Hat 4 and CentOS 4 will be > available shortly. > > The installation of MailScanner and all related applications takes > approximately 5 minutes. Configuration for most common setups should > take less than one hour. > Known Limitations in this version include: > > .. Web configuration of per domain and per user allowed filenames and > filetypes is not possible from the GUI. > > .. Release from quarantine using the MailWatch interface is only allowed > for the site administrator. > > Pricing and Support > > SMGateway is available for download from our web site at no charge. > Fortress systems does provide and charge for support and updates. To > maintain a reliable business e-mail system, we strongly advise you > purchase SMGateway in conjunction with a support package: > > Package 1: > Web support; 12 hour response SLA and 1 year of updates > US $849.00 > > Package 2: > 5 x 8 Phone Support, 4 hr response SLA and 1 year of updates > US $1,648.00 > > Package 3: > 7 x 24 Phone Support, 4 hr response SLA and 1 year of updates > US $2,547.00 > > Rapid and high quality support is vital in any modern business system. > We provide a range of support packages at standard prices. Please do not > hesitate to contact us if you require a support contract that is not > listed here. > > To ensure we can give all customers who purchase support a very high > quality of service, we are restricting the number of support packages > that we sell. Support packages will be sold starting next Monday, March > 7, on a "first come, first served" basis, and we will limit sales to > avoid compromising our ability to provide high quality services. > > Please visit our web site for additional information on SMGateway: > > http://www.fsl.com/products/SMGateway_release.html > > To download please visit: > > http://www.fsl.com/company/register.php > > For detailed information on features and operations, please download the > manual: > > http://www.fsl.com/support/Fortress-SMGateway-manual.pdf > > For information on a soon to be released appliance that utilizes a > custom version of SMGateway, please visit: > > http://www.optimati.com > > We hope you will find our efforts to be of value to you and your > organization. > > -- > Julian Field and Stephen Swaney > Chief Technology Officer and Chief Operating Officer > Fortress Systems Ltd > www.FSL.com > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at TC3NET.COM Wed Mar 2 16:18:59 2005 From: mike at TC3NET.COM (Michael Baird) Date: Thu Jan 12 21:28:47 2006 Subject: MailScanner ANNOUNCE: New commercial product SMGateway Message-ID: Is the package pricing below per machine? I think I'd like to switch to it, but I would only want the minimal support package, but I have multiple mailscanner boxes (on each incoming MX, and my outbound relays, with redundant boxes standing by for each). Even the base package would probably get costly for me. Regards Michael Baird > Julian, > > You know that we are all going to try install it on "other" os platforms ;-) > > Lance > > Julian Field wrote: > > > We are pleased to announce SMGateway, the first Secure Mail Gateway > > product from Fortress Systems Ltd. > > > > SMGateway is based on MailScanner, the world's most widely used e-mail > > gateway application. SMGateway employs MailScanner in conjunction with > > SpamAssassin, ClamAV and your choice of additional commercial virus > > scanners to provide the most effective, easy to use, anti-spam and > > anti-virus solution available. > > > > Fortress SMGateway has all of the functionality provided by MailScanner > > and SpamAssassin plus extensions and enhancements to provide a simple > > web based interface for users and administrators. These added features > > allow administrators to more easily install, control and configure > > e-mail gateway operations while allowing users and administrators to set > > their own spam preferences. > > > > SMGateway provides a web based administrative interface which allows > > administrators to easily: > > > > .. Configure MailScanner including rule sets > > .. Configure e-mail forwarding to any type of Mailhub > > .. Setup multiple domains forwarding to different mailhubs > > .. Roll-back to previous configurations > > .. Easily backup configurations > > .. Validate user on mailhub before acceptance of e-mail on gateway > > .. Configure allowed file names and file types for attachments > > > > The Web based interface also allows the site administrator, domain > > administrators and individual users to easily set their own spam > > preferences, and administer white and black lists. > > > > Authentication to the web interface is provided for three levels of > > users: > > > > .. Site administrators are allowed to set and change any configuration > > data for the entire site. > > > > .. Domain administrators are allowed to set and change spam preferences, > > white and black lists for their specific domains. > > > > .. Users are able to set their own spam preferences, white and black > > lists. > > > > The user's logon to the user web interface for setting individual or > > site preferences is automatically authenticated against their Microsoft > > Active Directory or any POP or IMAP mailhub. There is no need to setup > > or administer user accounts or logins on the gateway. > > > > SMGateway includes MailWatch for MailScanner, a real-time console for > > MailScanner. MailWatch provides a web based interface for: > > > > .. Individual Message tracking > > .. Release of messages from quarantine > > .. Feeding ham (not-spam) and spam to the Bayesian filter > > .. E-mail and Spam reporting and statistics > > .. Real time message queuing statistics. > > > > SMGateway automatically installs and configures additional applications > > to help identify spam and viruses: > > > > .. ClamAV is a highly regarded Open Source Virus Scanner > > > > .. DCC (Distributed Checksum Clearinghouse) is a System of clients and > > servers that collect and count checksums of e-mail messages in order to > > detect spam > > > > .. Pyzor is a collaborative, networked system to detect and block spam > > using identifying digests of messages > > > > .. Razor2 is a distributed, collaborative, spam detection and filtering > > Network > > > > SMGateway supports the simultaneous use of multiple virus scanners > > including: > > > > .. AntiVir > > .. AVG > > .. BitDefender > > .. ClamAV > > .. Command > > .. CSS > > .. DrWeb > > .. eTrust > > .. F-Prot > > .. F-Secure > > .. Inoculan > > .. Inoculate > > .. Kaspersky > > .. McAfee > > .. Nod32 > > .. Norman > > .. Panda > > .. Sophos > > .. SYMSymscan > > .. Trend > > .. Vexira > > > > SMGateway is currently supported only on a clean minimal installation of > > Red Hat 3 (ES or AS). Support for Red Hat 4 and CentOS 4 will be > > available shortly. > > > > The installation of MailScanner and all related applications takes > > approximately 5 minutes. Configuration for most common setups should > > take less than one hour. > > Known Limitations in this version include: > > > > .. Web configuration of per domain and per user allowed filenames and > > filetypes is not possible from the GUI. > > > > .. Release from quarantine using the MailWatch interface is only allowed > > for the site administrator. > > > > Pricing and Support > > > > SMGateway is available for download from our web site at no charge. > > Fortress systems does provide and charge for support and updates. To > > maintain a reliable business e-mail system, we strongly advise you > > purchase SMGateway in conjunction with a support package: > > > > Package 1: > > Web support; 12 hour response SLA and 1 year of updates > > US $849.00 > > > > Package 2: > > 5 x 8 Phone Support, 4 hr response SLA and 1 year of updates > > US $1,648.00 > > > > Package 3: > > 7 x 24 Phone Support, 4 hr response SLA and 1 year of updates > > US $2,547.00 > > > > Rapid and high quality support is vital in any modern business system. > > We provide a range of support packages at standard prices. Please do not > > hesitate to contact us if you require a support contract that is not > > listed here. > > > > To ensure we can give all customers who purchase support a very high > > quality of service, we are restricting the number of support packages > > that we sell. Support packages will be sold starting next Monday, March > > 7, on a "first come, first served" basis, and we will limit sales to > > avoid compromising our ability to provide high quality services. > > > > Please visit our web site for additional information on SMGateway: > > > > http://www.fsl.com/products/SMGateway_release.html > > > > To download please visit: > > > > http://www.fsl.com/company/register.php > > > > For detailed information on features and operations, please download the > > manual: > > > > http://www.fsl.com/support/Fortress-SMGateway-manual.pdf > > > > For information on a soon to be released appliance that utilizes a > > custom version of SMGateway, please visit: > > > > http://www.optimati.com > > > > We hope you will find our efforts to be of value to you and your > > organization. > > > > -- > > Julian Field and Stephen Swaney > > Chief Technology Officer and Chief Operating Officer > > Fortress Systems Ltd > > www.FSL.com > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Wed Mar 2 16:19:20 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:28:47 2006 Subject: 4.39.5-1 - is sendmail locking broken again? Message-ID: >-----Original Message----- >From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >Sent: 02 March 2005 14:15 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: 4.39.5-1 - is sendmail locking broken again? > >Found and fixed. My recursion code was utter rubbish :-) > >Please apply the attached patch to Message.pm. > Julian Thanks. It works now. How did you manage to recreate the problem at your end? Quentin ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at TC3NET.COM Wed Mar 2 16:22:08 2005 From: mike at TC3NET.COM (Michael Baird) Date: Thu Jan 12 21:28:47 2006 Subject: MailScanner ANNOUNCE: New commercial product SMGateway Message-ID: BTW, your download form wouldn't let me enter my information when I specified my Company Name, it responded with a javascript error no matter how I entered it, until I left it blank, at which point I received the success page. Regards Michael Baird > > > We are pleased to announce SMGateway, the first Secure Mail Gateway > > product from Fortress Systems Ltd. > > > > SMGateway is based on MailScanner, the world's most widely used e-mail > > gateway application. SMGateway employs MailScanner in conjunction with > > SpamAssassin, ClamAV and your choice of additional commercial virus > > scanners to provide the most effective, easy to use, anti-spam and > > anti-virus solution available. > > > > Fortress SMGateway has all of the functionality provided by MailScanner > > and SpamAssassin plus extensions and enhancements to provide a simple > > web based interface for users and administrators. These added features > > allow administrators to more easily install, control and configure > > e-mail gateway operations while allowing users and administrators to set > > their own spam preferences. > > > > SMGateway provides a web based administrative interface which allows > > administrators to easily: > > > > .. Configure MailScanner including rule sets > > .. Configure e-mail forwarding to any type of Mailhub > > .. Setup multiple domains forwarding to different mailhubs > > .. Roll-back to previous configurations > > .. Easily backup configurations > > .. Validate user on mailhub before acceptance of e-mail on gateway > > .. Configure allowed file names and file types for attachments > > > > The Web based interface also allows the site administrator, domain > > administrators and individual users to easily set their own spam > > preferences, and administer white and black lists. > > > > Authentication to the web interface is provided for three levels of > > users: > > > > .. Site administrators are allowed to set and change any configuration > > data for the entire site. > > > > .. Domain administrators are allowed to set and change spam preferences, > > white and black lists for their specific domains. > > > > .. Users are able to set their own spam preferences, white and black > > lists. > > > > The user's logon to the user web interface for setting individual or > > site preferences is automatically authenticated against their Microsoft > > Active Directory or any POP or IMAP mailhub. There is no need to setup > > or administer user accounts or logins on the gateway. > > > > SMGateway includes MailWatch for MailScanner, a real-time console for > > MailScanner. MailWatch provides a web based interface for: > > > > .. Individual Message tracking > > .. Release of messages from quarantine > > .. Feeding ham (not-spam) and spam to the Bayesian filter > > .. E-mail and Spam reporting and statistics > > .. Real time message queuing statistics. > > > > SMGateway automatically installs and configures additional applications > > to help identify spam and viruses: > > > > .. ClamAV is a highly regarded Open Source Virus Scanner > > > > .. DCC (Distributed Checksum Clearinghouse) is a System of clients and > > servers that collect and count checksums of e-mail messages in order to > > detect spam > > > > .. Pyzor is a collaborative, networked system to detect and block spam > > using identifying digests of messages > > > > .. Razor2 is a distributed, collaborative, spam detection and filtering > > Network > > > > SMGateway supports the simultaneous use of multiple virus scanners > > including: > > > > .. AntiVir > > .. AVG > > .. BitDefender > > .. ClamAV > > .. Command > > .. CSS > > .. DrWeb > > .. eTrust > > .. F-Prot > > .. F-Secure > > .. Inoculan > > .. Inoculate > > .. Kaspersky > > .. McAfee > > .. Nod32 > > .. Norman > > .. Panda > > .. Sophos > > .. SYMSymscan > > .. Trend > > .. Vexira > > > > SMGateway is currently supported only on a clean minimal installation of > > Red Hat 3 (ES or AS). Support for Red Hat 4 and CentOS 4 will be > > available shortly. > > > > The installation of MailScanner and all related applications takes > > approximately 5 minutes. Configuration for most common setups should > > take less than one hour. > > Known Limitations in this version include: > > > > .. Web configuration of per domain and per user allowed filenames and > > filetypes is not possible from the GUI. > > > > .. Release from quarantine using the MailWatch interface is only allowed > > for the site administrator. > > > > Pricing and Support > > > > SMGateway is available for download from our web site at no charge. > > Fortress systems does provide and charge for support and updates. To > > maintain a reliable business e-mail system, we strongly advise you > > purchase SMGateway in conjunction with a support package: > > > > Package 1: > > Web support; 12 hour response SLA and 1 year of updates > > US $849.00 > > > > Package 2: > > 5 x 8 Phone Support, 4 hr response SLA and 1 year of updates > > US $1,648.00 > > > > Package 3: > > 7 x 24 Phone Support, 4 hr response SLA and 1 year of updates > > US $2,547.00 > > > > Rapid and high quality support is vital in any modern business system. > > We provide a range of support packages at standard prices. Please do not > > hesitate to contact us if you require a support contract that is not > > listed here. > > > > To ensure we can give all customers who purchase support a very high > > quality of service, we are restricting the number of support packages > > that we sell. Support packages will be sold starting next Monday, March > > 7, on a "first come, first served" basis, and we will limit sales to > > avoid compromising our ability to provide high quality services. > > > > Please visit our web site for additional information on SMGateway: > > > > http://www.fsl.com/products/SMGateway_release.html > > > > To download please visit: > > > > http://www.fsl.com/company/register.php > > > > For detailed information on features and operations, please download the > > manual: > > > > http://www.fsl.com/support/Fortress-SMGateway-manual.pdf > > > > For information on a soon to be released appliance that utilizes a > > custom version of SMGateway, please visit: > > > > http://www.optimati.com > > > > We hope you will find our efforts to be of value to you and your > > organization. > > > > -- > > Julian Field and Stephen Swaney > > Chief Technology Officer and Chief Operating Officer > > Fortress Systems Ltd > > www.FSL.com > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Mar 2 16:26:48 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:47 2006 Subject: 4.39.5-1 - is sendmail locking broken again? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Quentin Campbell wrote: >>-----Original Message----- >>From: MailScanner mailing list >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>Sent: 02 March 2005 14:15 >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: 4.39.5-1 - is sendmail locking broken again? >> >>Found and fixed. My recursion code was utter rubbish :-) >> >>Please apply the attached patch to Message.pm. >> > > Julian > > Thanks. It works now. > > How did you manage to recreate the problem at your end? Hosed my installation completely, then re-installed a new copy and made the absolute minimum changes required to replicate your setup, but using the non-spam actions and high-scoring spam actions as well as the normal spam actions so that it would trigger every time. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Wed Mar 2 16:32:41 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:28:47 2006 Subject: MailScanner ANNOUNCE: New commercial product SMGateway Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Michael Baird > Sent: Wednesday, March 02, 2005 11:22 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: MailScanner ANNOUNCE: New commercial product SMGateway > > BTW, your download form wouldn't let me enter my information when I > specified my Company Name, it responded with a javascript error no > matter how I entered it, until I left it blank, at which point I > received the success page. > > Regards > Michael Baird > > > We have some error checking on the page which we are tuning in real time. This is now fixed and sorry for the inconvenience. Thanks, Steve Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at fsl.com Wed Mar 2 16:45:55 2005 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Jan 12 21:28:47 2006 Subject: MailScanner ANNOUNCE: New commercial product SMGateway Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Michael Baird > Sent: Wednesday, March 02, 2005 11:19 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: MailScanner ANNOUNCE: New commercial product SMGateway > > Is the package pricing below per machine? I think I'd like to switch to > it, but I would only want the minimal support package, but I have > multiple mailscanner boxes (on each incoming MX, and my outbound relays, > with redundant boxes standing by for each). Even the base package would > probably get costly for me. > > Regards > Michael Baird > The SMGateway products if the first of a few products we plan to produce. It's not suitable for all sites. Its primary intended use is for a site that runs 0 or 1 gateways fronting a mailhub. For example it is an excellent product to front an existing Microsoft Exchange 2003 or Domino Server. It can typically reduce the load and storage requirements on the backend mailhub by 50% simply by rejecting or trapping the really obvious junk. Add to that the ability to run multiple virus scanners and you really have a Secure Email Gateway - thanks to MailScanner. The fact that you can load the minimal OS required, load SMGateway and easily restore a backup configuration in less than an hour makes for a reasonable recovery scenario for a single gateway site. Our SMCluster products will introduce an architecture that will control multiple gateways. We expect it to be available later this year. It will be very reasonably priced by server not by mailbox. I hope this helps, Steve Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Wed Mar 2 16:46:10 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:28:47 2006 Subject: 4.39.5-1 - is sendmail locking broken again? Message-ID: Will this cause a new release of 4.39.5 to appear? I haven't upgraded yet, and I don't want to do so if another version is on the horizon. Jeff Earickson Colby College On Wed, 2 Mar 2005, Julian Field wrote: > Date: Wed, 2 Mar 2005 14:14:37 +0000 > From: Julian Field > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: 4.39.5-1 - is sendmail locking broken again? > > Found and fixed. My recursion code was utter rubbish :-) > > Please apply the attached patch to Message.pm. > > Quentin Campbell wrote: > >>> -----Original Message----- >>> From: MailScanner mailing list >>> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>> Sent: 02 March 2005 12:24 >>> To: MAILSCANNER@JISCMAIL.AC.UK >>> Subject: Re: 4.39.5-1 - is sendmail locking broken again? >>> >>> Oh, and with "deliver attachment" I can't reproduce the problem :-( >>> >>> >>> >> [snip] >> >> Julian >> >> The patches to Message.pm and MCPMessage.pm make no difference. >> >> Quentin >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> >> > > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Mar 2 17:17:22 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:47 2006 Subject: 4.39.5-1 - is sendmail locking broken again? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Yes, 4.39.6 is on its way, out by the time you have read this. Jeff A. Earickson wrote: > Will this cause a new release of 4.39.5 to appear? I haven't > upgraded yet, and I don't want to do so if another version is > on the horizon. > > Jeff Earickson > Colby College > > On Wed, 2 Mar 2005, Julian Field wrote: > >> Date: Wed, 2 Mar 2005 14:14:37 +0000 >> From: Julian Field >> Reply-To: MailScanner mailing list >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: 4.39.5-1 - is sendmail locking broken again? >> >> Found and fixed. My recursion code was utter rubbish :-) >> >> Please apply the attached patch to Message.pm. >> >> Quentin Campbell wrote: >> >>>> -----Original Message----- >>>> From: MailScanner mailing list >>>> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>>> Sent: 02 March 2005 12:24 >>>> To: MAILSCANNER@JISCMAIL.AC.UK >>>> Subject: Re: 4.39.5-1 - is sendmail locking broken again? >>>> >>>> Oh, and with "deliver attachment" I can't reproduce the problem :-( >>>> >>>> >>>> >>> [snip] >>> >>> Julian >>> >>> The patches to Message.pm and MCPMessage.pm make no difference. >>> >>> Quentin >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >>> >> >> -- >> Julian Field >> www.MailScanner.info >> MailScanner thanks transtec Computers for their support >> Buy the MailScanner book at www.MailScanner.info/store >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Mar 2 17:32:46 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:47 2006 Subject: 4.39.5-1 - is sendmail locking broken again? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have released 4.39.6 to include this fix. Don't like a bug that size in a "stable" release! Quentin Campbell wrote: >>-----Original Message----- >>From: MailScanner mailing list >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>Sent: 02 March 2005 14:15 >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: 4.39.5-1 - is sendmail locking broken again? >> >>Found and fixed. My recursion code was utter rubbish :-) >> >>Please apply the attached patch to Message.pm. >> >> >> >Julian > >Thanks. It works now. > >How did you manage to recreate the problem at your end? > >Quentin > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From hb.maillists at DFS.DK Wed Mar 2 17:34:50 2005 From: hb.maillists at DFS.DK (Henrik Bro) Date: Thu Jan 12 21:28:47 2006 Subject: SV: MailScanner ANNOUNCE: New commercial product SMGateway Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] From MailScanner at ecs.soton.ac.uk Wed Mar 2 18:07:22 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:47 2006 Subject: SV: MailScanner ANNOUNCE: New commercial product SMGateway Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Henrik Bro wrote: >From Julian^Òs e-mail: > >"To ensure we can give all customers who purchase support a very high >quality of service, we are restricting the number of support packages that >we sell." > >I am just not so lucky, that I can persuade my boss before Monday :( so what >to do, if I am not fast enough!... > > We won't be taking any orders for support until Monday and I don^Òt think that any orders placed on Monday or Tuesday will hit our cutoff limit. If you are really concerned, please email steve.swaney@fsl.com off list. >- Is it possible to get updates to the SMGateway products without a service >contract? > > You should be able to download new versions for free as you can now, but these will not be released more than every few months at least. To get the all of the latest protection and features you will need to purchase support. >- Do you plan any special educational / non-profit prices? > > We are considering non-profit discounts. We really need to see what our support costs are before we start discounting. If we do discount, we will refund the price difference to any non-profits. >-----Oprindelig meddelelse----- >Fra: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] På vegne >af Stephen Swaney >Sendt: 2. marts 2005 17:46 >Til: MAILSCANNER@JISCMAIL.AC.UK >Emne: Re: MailScanner ANNOUNCE: New commercial product SMGateway > > > >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>Behalf Of Michael Baird >>Sent: Wednesday, March 02, 2005 11:19 AM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: MailScanner ANNOUNCE: New commercial product SMGateway >> >>Is the package pricing below per machine? I think I'd like to switch >>to it, but I would only want the minimal support package, but I have >>multiple mailscanner boxes (on each incoming MX, and my outbound >>relays, with redundant boxes standing by for each). Even the base >>package would probably get costly for me. >> >>Regards >>Michael Baird >> >> >> >The SMGateway products if the first of a few products we plan to produce. >It's not suitable for all sites. Its primary intended use is for a site that >runs 0 or 1 gateways fronting a mailhub. For example it is an excellent >product to front an existing Microsoft Exchange 2003 or Domino Server. It >can typically reduce the load and storage requirements on the backend >mailhub by 50% simply by rejecting or trapping the really obvious junk. Add >to that the ability to run multiple virus scanners and you really have a >Secure Email Gateway - thanks to MailScanner. > >The fact that you can load the minimal OS required, load SMGateway and >easily restore a backup configuration in less than an hour makes for a >reasonable recovery scenario for a single gateway site. > >Our SMCluster products will introduce an architecture that will control >multiple gateways. We expect it to be available later this year. It will be >very reasonably priced by server not by mailbox. > >I hope this helps, > >Steve > >Steve Swaney >President >Fortress Systems Ltd. >Phone: 202 338-1670 >Cell: 202 352-3262 >www.fsl.com >steve.swaney@fsl.com > >------------------------ MailScanner list ------------------------ To >unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the >archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jrudd at UCSC.EDU Wed Mar 2 18:28:10 2005 From: jrudd at UCSC.EDU (John Rudd) Date: Thu Jan 12 21:28:47 2006 Subject: MailScanner ANNOUNCE: New commercial product SMGateway Message-ID: On Mar 2, 2005, at 6:29 AM, Julian Field wrote: > We are pleased to announce SMGateway, the first Secure Mail Gateway > product from Fortress Systems Ltd. - Active Directory Authentication? What about Kerberos? (POP/IMAP is good enough for us (since those check against our Kerberos pass phrases), but I'm curious if you're doing AD via LDAP, or AD via Kerberos, or some other aspect of AD authentication I'm not aware of ... and if you're doing it via AD's LDAP functionality, I wonder why you didn't also list LDAP authentication in the blurb) - Redhat only? No Solaris support? Any Solaris support planned? - Also, we use an array of machines to do our mailscanner work right now. Does SMGateway support this (Ie. users only have to set their options on one machine, instead of having to touch all 4 of them?). My impression is that because you're using MailWatch, which I thought uses mysql for various things, then it might be possible to put the mysql database on a separate machine, and thus have multiple work-horse machines that all use 1 configuration database. Is that an appropriate/accurate assumption? - When you say 1 year of updates, what do you mean exactly? (I mean, if it's free to download, does that mean I could install the new versions by hand for free, but you have some stream lined auto-update engine that costs money to keep feeding it? or is there some other aspect of updates that's not clearly being presented here? or what?) (don't get me wrong, the compelling part of the prices is the support contracts, and if we were to go down the SMGateway path, we would be getting a support contract regardless of what the updates part means ... but I'm curious what that part of the contract _actually_ means, considering the download is free) Since I've asked those other questions, I might as well ask these: - instead of email forwarding being user configured, can the administrator(s) turn it off and make it completely unavailable to the end user? We have other methods for setting up user forwards, and those need to remain our authoritative mechanisms. - does it allow per-user bayes databases? - does it allow bayes databases to be completely disabled? - it talks about mailwatch doing quarantine management; does MailWatch get upset if you turn off quarantining completely? - I recently wrote a script that reads through the sendmail and mailscanner syslogs and extracts data about each virus (relay that sent it, mail queue ID, viruses that were in the message, claimed SMTP Mail-From, date and time of the message) and mails $relay@abuse.net with a report about each infected message that relay sent us (1 stanza per message) ... I seem to recall that one of the things that MailWatch does with mysql is logging to mysql; can I still have it also do logging to syslog, so I don't have to re-write my nightly report? (we're actually evaluating vendor supported alternatives to MailScanner* right now ... including things like Sophos Pure Message and Ironport, etc. So, it's very interesting to me that this product would come out right as we're doing that, it might allow us to put MailScanner into our list of products; but Solaris and Clustering are on our requirements list (as "must") ... Linux and FreeBSD are just on our "should" list; if Solaris and Clustering are there, I could easily add this to our list of products to evaluate) (* I'm not unsatisfied with mailscanner, it's just that we have a larger set of interests and requirements that are being evaluated, and we would have to "roll our own" to just use mailscanner in that new picture ... which we would rather not do, so we're looking at our alternatives; a lot of what we're looking for, though, is on the list of SMGateway's features) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From shrek-m at GMX.DE Wed Mar 2 19:03:08 2005 From: shrek-m at GMX.DE (shrek-m@gmx.de) Date: Thu Jan 12 21:28:47 2006 Subject: [RFE] bugzilla.mailscanner.info (was: Re: Beta release 4.39.4) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > I always try to at least reply, but good ideas do get lost sometimes. "good ideas" should not get lost "bugs" should not get lost "patches" should not get lost ... http://www.bugzilla.org (mysql) https://bugzilla.redhat.com/bugzilla/ (postgresql) https://bugzilla.mozilla.org/page.cgi?id=fields.html#bug_severity Enhancement = request for enhancement = RFE eg. http://bugzilla.mailscanner.info -- shrek-m ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Wed Mar 2 20:01:40 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:28:47 2006 Subject: FW: MailScanner ANNOUNCE: New commercial product SMGateway Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of John Rudd > Sent: Wednesday, March 02, 2005 1:28 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: MailScanner ANNOUNCE: New commercial product SMGateway > > On Mar 2, 2005, at 6:29 AM, Julian Field wrote: > > > We are pleased to announce SMGateway, the first Secure Mail Gateway > > product from Fortress Systems Ltd. > > - Active Directory Authentication? What about Kerberos? (POP/IMAP is > good enough for us (since those check against our Kerberos pass > phrases), but I'm curious if you're doing AD via LDAP, or AD via > Kerberos, or some other aspect of AD authentication I'm not aware of > ... and if you're doing it via AD's LDAP functionality, I wonder why > you didn't also list LDAP authentication in the blurb) Our design goal was "no user account maintenance on the Gateway" and we tried to keep it as simple as possible and the word LDAP scares some people :). Even older Exchange servers can be configure to use POP or IMAP so we can pretty much allow any user to authenticate and log into the SMGateway server to set spam preferences with no need to setup users on the gateway. In the same vein, the ability to use milter-ahead means that for most back end mailhubs, rejecting email for unknown users is as simple as clicking on a checkbox > > - Redhat only? No Solaris support? Any Solaris support planned? > This is intended to be our lower cost, single gateway offering. As such, we felt the right OS to support first would be Red Hat and CentOS. Other OS support is being considered. Also please see my remarks on clustering below. > - Also, we use an array of machines to do our mailscanner work right > now. Does SMGateway support this (Ie. users only have to set their > options on one machine, instead of having to touch all 4 of them?). My > impression is that because you're using MailWatch, which I thought uses > mysql for various things, then it might be possible to put the mysql > database on a separate machine, and thus have multiple work-horse > machines that all use 1 configuration database. Is that an > appropriate/accurate assumption? This will be our SMCluster configuration due out later in the year. The architecture is already present in SMGateway. A SQL server stores configuration data and checkpoints (for roll backs) and populates and LDAP directory. In the SMCluster architecture, the web interface, database and LDAP directory are hosted on a standalone server. Each gateway has an LDAP replica and a few synchronized files. We have a few other tricks planned for SMCluster setup but that is the basic plan. > > - When you say 1 year of updates, what do you mean exactly? (I mean, > if it's free to download, does that mean I could install the new > versions by hand for free, but you have some stream lined auto-update > engine that costs money to keep feeding it? or is there some other > aspect of updates that's not clearly being presented here? or what?) > (don't get me wrong, the compelling part of the prices is the support > contracts, and if we were to go down the SMGateway path, we would be > getting a support contract regardless of what the updates part means > ... but I'm curious what that part of the contract _actually_ means, > considering the download is free) Yet it's free to download and use and yes you could simply keep updating by downloading and installing the new application and restoring your preferences. An experienced administrator could update many parts simply by building their own rpms to our specs. All of this would be fine with us. Our target customer is an organization that can see the benefits and cost savings of paying experts to do what experts do well and efficiently. We believe that for most organizations the maintenance costs of our SMGateway solution will be less than the cost of trying to keep all of the applications updated in-house. Our goal is to make an integrated MailScanner, SpamAssassin and MailWatch server so simple to install, configure and maintain that it will become the most obvious solution to the spam and virus problem. We hope to do this at a cost that will be affordable for everyone. Please note that the package consists of +70 rpms that all reside in /opt/Fortress. It took a lot longer to develop this way but we are as independent as possible from the Architecture and problems that can be caused by Operating System Updates. Anyone who has seen the operating system update package-skip-list(s) needed on Ensim or C-panel systems can appreciate the benefits of this approach. It also means that we can more quickly react to easily update individual applications as required. This has been difficult for most of our competition. Timely updating is absolutely essential for and anti-spam or anti-virus solution. > > Since I've asked those other questions, I might as well ask these: > > - instead of email forwarding being user configured, can the > administrator(s) turn it off and make it completely unavailable to the > end user? We have other methods for setting up user forwards, and > those need to remain our authoritative mechanisms. > We had not considered this but there is no reason that it could not be incorporated. > - does it allow per-user bayes databases? > No > - does it allow bayes databases to be completely disabled? > Yes > - it talks about mailwatch doing quarantine management; does MailWatch > get upset if you turn off quarantining completely? > Not at all. MailWatch never gets upset. It is quite a happy application :) > - I recently wrote a script that reads through the sendmail and > mailscanner syslogs and extracts data about each virus (relay that sent > it, mail queue ID, viruses that were in the message, claimed SMTP > Mail-From, date and time of the message) and mails $relay@abuse.net > with a report about each infected message that relay sent us (1 stanza > per message) ... I seem to recall that one of the things that MailWatch > does with mysql is logging to mysql; can I still have it also do > logging to syslog, so I don't have to re-write my nightly report? > You would probably find the MailWatch Database a rich place to mine for any customized reporting. I've had a peek at the latest cvs version and MailWatch is definitely an application you want to keep an eye on. > > (we're actually evaluating vendor supported alternatives to > MailScanner* right now ... including things like Sophos Pure Message > and Ironport, etc. So, it's very interesting to me that this product > would come out right as we're doing that, it might allow us to put > MailScanner into our list of products; but Solaris and Clustering are > on our requirements list (as "must") ... Linux and FreeBSD are just on > our "should" list; if Solaris and Clustering are there, I could easily > add this to our list of products to evaluate) > I know that clustering will be coming and with clustering, we will need to support the sleeker and more expensive hardware. Right now we are installing and supporting some fairly large multiple gateway solutions using MailScanner, SpamAssassin and MailWatch + custom programming and they work very well. We know there are some very large installations that use MailScanner successfully. We hope our clustering solution will make the administration of MailScanner in the enterprise a bit easier to install, maintain and operate. If you or any other enterprise sites are interested in working with us on the development of the SMCluster software, please email me off list. > (* I'm not unsatisfied with mailscanner, it's just that we have a > larger set of interests and requirements that are being evaluated, and > we would have to "roll our own" to just use mailscanner in that new > picture ... which we would rather not do, so we're looking at our > alternatives; a lot of what we're looking for, though, is on the list > of SMGateway's features) SMGateway is not and was not intended to be the product for every site. For smaller sites it can be the best solution available at any cost. While there are no hard and fast rules because of the differences between sites, I'd guess that for sites with under 75 users, outsourcing to an experienced site that uses MailScanner for email processing will be the most cost effective solution. Most of the MailScanner hosting sites here in the US appear to charge about 1/2 the price charged by Brightmail and Postini (who won't even talk to small sites). For the 75 to 2000 mailbox sites, SMGateway can be a very effective solution. Thanks for the questions, Steve Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From eneal at DFI-INTL.COM Wed Mar 2 20:34:25 2005 From: eneal at DFI-INTL.COM (Errol Neal) Date: Thu Jan 12 21:28:47 2006 Subject: MailScanner ANNOUNCE: New commercial product SMGateway Message-ID: Kudos to you all. What would really further interest and excite me is tight intergration with Exchange's existing spam mechanimism via the Spam Confidence Level. Did you guys have any plans in this regard? -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Wednesday, March 02, 2005 9:29 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: MailScanner ANNOUNCE: New commercial product SMGateway We are pleased to announce SMGateway, the first Secure Mail Gateway product from Fortress Systems Ltd. SMGateway is based on MailScanner, the world's most widely used e-mail gateway application. SMGateway employs MailScanner in conjunction with SpamAssassin, ClamAV and your choice of additional commercial virus scanners to provide the most effective, easy to use, anti-spam and anti-virus solution available. Fortress SMGateway has all of the functionality provided by MailScanner and SpamAssassin plus extensions and enhancements to provide a simple web based interface for users and administrators. These added features allow administrators to more easily install, control and configure e-mail gateway operations while allowing users and administrators to set their own spam preferences. SMGateway provides a web based administrative interface which allows administrators to easily: . Configure MailScanner including rule sets . Configure e-mail forwarding to any type of Mailhub . Setup multiple domains forwarding to different mailhubs . Roll-back to previous configurations . Easily backup configurations . Validate user on mailhub before acceptance of e-mail on gateway . Configure allowed file names and file types for attachments The Web based interface also allows the site administrator, domain administrators and individual users to easily set their own spam preferences, and administer white and black lists. Authentication to the web interface is provided for three levels of users: . Site administrators are allowed to set and change any configuration data for the entire site. . Domain administrators are allowed to set and change spam preferences, white and black lists for their specific domains. . Users are able to set their own spam preferences, white and black lists. The user's logon to the user web interface for setting individual or site preferences is automatically authenticated against their Microsoft Active Directory or any POP or IMAP mailhub. There is no need to setup or administer user accounts or logins on the gateway. SMGateway includes MailWatch for MailScanner, a real-time console for MailScanner. MailWatch provides a web based interface for: . Individual Message tracking . Release of messages from quarantine . Feeding ham (not-spam) and spam to the Bayesian filter . E-mail and Spam reporting and statistics . Real time message queuing statistics. SMGateway automatically installs and configures additional applications to help identify spam and viruses: . ClamAV is a highly regarded Open Source Virus Scanner . DCC (Distributed Checksum Clearinghouse) is a System of clients and servers that collect and count checksums of e-mail messages in order to detect spam . Pyzor is a collaborative, networked system to detect and block spam using identifying digests of messages . Razor2 is a distributed, collaborative, spam detection and filtering Network SMGateway supports the simultaneous use of multiple virus scanners including: . AntiVir . AVG . BitDefender . ClamAV . Command . CSS . DrWeb . eTrust . F-Prot . F-Secure . Inoculan . Inoculate . Kaspersky . McAfee . Nod32 . Norman . Panda . Sophos . SYMSymscan . Trend . Vexira SMGateway is currently supported only on a clean minimal installation of Red Hat 3 (ES or AS). Support for Red Hat 4 and CentOS 4 will be available shortly. The installation of MailScanner and all related applications takes approximately 5 minutes. Configuration for most common setups should take less than one hour. Known Limitations in this version include: . Web configuration of per domain and per user allowed filenames and filetypes is not possible from the GUI. . Release from quarantine using the MailWatch interface is only allowed for the site administrator. Pricing and Support SMGateway is available for download from our web site at no charge. Fortress systems does provide and charge for support and updates. To maintain a reliable business e-mail system, we strongly advise you purchase SMGateway in conjunction with a support package: Package 1: Web support; 12 hour response SLA and 1 year of updates US $849.00 Package 2: 5 x 8 Phone Support, 4 hr response SLA and 1 year of updates US $1,648.00 Package 3: 7 x 24 Phone Support, 4 hr response SLA and 1 year of updates US $2,547.00 Rapid and high quality support is vital in any modern business system. We provide a range of support packages at standard prices. Please do not hesitate to contact us if you require a support contract that is not listed here. To ensure we can give all customers who purchase support a very high quality of service, we are restricting the number of support packages that we sell. Support packages will be sold starting next Monday, March 7, on a "first come, first served" basis, and we will limit sales to avoid compromising our ability to provide high quality services. Please visit our web site for additional information on SMGateway: http://www.fsl.com/products/SMGateway_release.html To download please visit: http://www.fsl.com/company/register.php For detailed information on features and operations, please download the manual: http://www.fsl.com/support/Fortress-SMGateway-manual.pdf For information on a soon to be released appliance that utilizes a custom version of SMGateway, please visit: http://www.optimati.com We hope you will find our efforts to be of value to you and your organization. -- Julian Field and Stephen Swaney Chief Technology Officer and Chief Operating Officer Fortress Systems Ltd www.FSL.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Mar 2 20:42:15 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:47 2006 Subject: MailScanner ANNOUNCE: New commercial product SMGateway Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks! We have not yet implemented support for Exchange's Spam Confidence Level, but it is certainly something we will look at for a future release. Errol Neal wrote: >Kudos to you all. >What would really further interest and excite me is tight intergration >with Exchange's existing spam mechanimism via the Spam Confidence Level. >Did you guys have any plans in this regard? > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Wed Mar 2 20:49:43 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:28:47 2006 Subject: MailScanner ANNOUNCE: New commercial product SMGateway Message-ID: Excellent response. I dropped him a line direct with a bcc to yyou. What a team :) Steve Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Julian Field > Sent: Wednesday, March 02, 2005 3:42 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: MailScanner ANNOUNCE: New commercial product SMGateway > > Thanks! > We have not yet implemented support for Exchange's Spam Confidence > Level, but it is certainly something we will look at for a future release. > > Errol Neal wrote: > > >Kudos to you all. > >What would really further interest and excite me is tight intergration > >with Exchange's existing spam mechanimism via the Spam Confidence Level. > >Did you guys have any plans in this regard? > > > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Wed Mar 2 21:14:04 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:28:47 2006 Subject: MailScanner ANNOUNCE: New commercial product SMGateway Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] That really look slike a fantastic product - kudos to you all. It looks as though it will suit the Exchange admins who have ebnever touched linux before? install the os, install your RPM and your set? But for those of us who dont really care about having a gui to ms.conf will we be missing anything sticking with mailscanner? Or would it even be more benificial sticking with MS as the release frequency of the free to donwload version of SM gateway is likely to be less thab MS ? MS development will continue as normal? Will the GUIs bits be available for us to intsall on existing systems? Will SMgateway support things like postfix? Will any of you development gurus ever builds a search feature for mailwatch ? :) Do you ahve plans to build this type thing on an ISP scale? (10s of thousands of users) Will mailling list type support be on another list of this one? Thanks Pete Stephen Swaney wrote: > Excellent response. I dropped him a line direct with a bcc to yyou. > > What a team :) > > Steve > > Steve Swaney > President > Fortress Systems Ltd. > Phone: 202 338-1670 > Cell: 202 352-3262 > www.fsl.com > steve.swaney@fsl.com > > >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>Behalf Of Julian Field >>Sent: Wednesday, March 02, 2005 3:42 PM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: MailScanner ANNOUNCE: New commercial product SMGateway >> >>Thanks! >>We have not yet implemented support for Exchange's Spam Confidence >>Level, but it is certainly something we will look at for a future release. >> >>Errol Neal wrote: >> >> >>>Kudos to you all. >>>What would really further interest and excite me is tight intergration >>>with Exchange's existing spam mechanimism via the Spam Confidence Level. >>>Did you guys have any plans in this regard? >>> >>> >> >>-- >>Julian Field >>www.MailScanner.info >>Buy the MailScanner book at www.MailScanner.info/store >>Professional Support Services at www.MailScanner.biz >>MailScanner thanks transtec Computers for their support >> >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From listacct at TULSACONNECT.COM Wed Mar 2 21:06:49 2005 From: listacct at TULSACONNECT.COM (Mike Bacher) Date: Thu Jan 12 21:28:47 2006 Subject: MailScanner ANNOUNCE: New commercial product SMGateway Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] John Rudd wrote: > On Mar 2, 2005, at 6:29 AM, Julian Field wrote: > >> We are pleased to announce SMGateway, the first Secure Mail Gateway >> product from Fortress Systems Ltd. > > > - Active Directory Authentication? What about Kerberos? (POP/IMAP is > good enough for us (since those check against our Kerberos pass > phrases), but I'm curious if you're doing AD via LDAP, or AD via > Kerberos, or some other aspect of AD authentication I'm not aware of > ... and if you're doing it via AD's LDAP functionality, I wonder why > you didn't also list LDAP authentication in the blurb) Recipient checking is available via LDAP and milter-ahead (basically, it opens a persistent SMTP channel to the mailhub and does RCPT TO's, with some intelligent caching) > - Redhat only? No Solaris support? Any Solaris support planned? The biggest (and really the only) barrier to using it on other platforms is the fact that the product is totally RPM based. I would love to be able to run it on FreeBSD as that is what we run our MailScanner machines on now, but it would require some work to get things going. > - Also, we use an array of machines to do our mailscanner work right > now. Does SMGateway support this (Ie. users only have to set their > options on one machine, instead of having to touch all 4 of them?). My > impression is that because you're using MailWatch, which I thought uses > mysql for various things, then it might be possible to put the mysql > database on a separate machine, and thus have multiple work-horse > machines that all use 1 configuration database. Is that an > appropriate/accurate assumption? That would require SMCluster, which isn't out yet.. (we have the same config, and need it too) -- ----------------------------------------- Mike Bacher / listacct@tulsaconnect.com TCIS - TulsaConnect Internet Services Phone: 918-584-1100x110 Fax: 918-582-5776 ----------------------------------------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From andrew.allen at ZEALOUSWORKS.COM Wed Mar 2 21:19:07 2005 From: andrew.allen at ZEALOUSWORKS.COM (Andrew Allen) Date: Thu Jan 12 21:28:47 2006 Subject: Red Hat Enterprise Linux 4 Message-ID: Is anyone yet running MailScanner on RHEL 4? Any reasons why I shouldn’t? When will SMGateway support RHEL 4? Sorry if it’s been asked before… Kind Regards, Andrew Allen (MCSE BCIP) • Director & Principle Consultant • Zealous Works Ltd // http://www.zealousworks.com/ • Voice: +44 (0) 870 922 0527 • Fax: +44 (0) 870 460 1527 • • Yahoo! Messenger, AOL Instant Messenger & Skype: zealousworks • Disclaimer: Email from people at zealousworks.com does not necessarily represent official policy of Zealous Works Ltd. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From listacct at TULSACONNECT.COM Wed Mar 2 21:31:09 2005 From: listacct at TULSACONNECT.COM (Mike Bacher) Date: Thu Jan 12 21:28:47 2006 Subject: MailScanner ANNOUNCE: New commercial product SMGateway Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Peter Russell wrote: > But for those of us who dont really care about having a gui to ms.conf > will we be missing anything sticking with mailscanner? Or would it even > be more benificial sticking with MS as the release frequency of the free > to donwload version of SM gateway is likely to be less thab MS ? Per user whitelist/blacklists, MailWatch, ability for domain admins to control their own spam prefs, etc.. -- ----------------------------------------- Mike Bacher / listacct@tulsaconnect.com TCIS - TulsaConnect Internet Services Phone: 918-584-1100x110 Fax: 918-582-5776 ----------------------------------------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Mar 2 21:33:52 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:47 2006 Subject: MailScanner ANNOUNCE: New commercial product SMGateway Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Peter Russell wrote: > That really look slike a fantastic product - kudos to you all. Thanks, much appreciated! > > It looks as though it will suit the Exchange admins who have ebnever > touched linux before? install the os, install your RPM and your set? That's the idea, yes. There are an awful lot of Exchange admins out there who are desperate for a solution they can afford. And if you want us to manage your entire server, including all OS updates and patches, the whole works, then we can do that for you too. The instructions we send you even include a click-by-click guide to installing the OS so you really don't need to know how to do anything other than put a CD into the drive and follow instructions. > But for those of us who dont really care about having a gui to ms.conf > will we be missing anything sticking with mailscanner? No. There is only one version of the source of MailScanner, and I have no intention of letting that change. > Or would it even > be more benificial sticking with MS as the release frequency of the free > to donwload version of SM gateway is likely to be less thab MS ? If you are happy to admin MS as you do now, then stick with the www.mailscanner.info version of the system. The cores are the same, but we may well not update SMGateway as fast as I update MailScanner itself. > > MS development will continue as normal? Yes. > > Will the GUIs bits be available for us to intsall on existing systems? You can always tear apart the SMGateway download and use bits of it. We are quite happy for you to do that if you want to, but you won't be able to get support via the standard packages, you would be asking for custom support for your system if you need it. > Will SMgateway support things like postfix? Not yet, but that is planned for a future release. > > Will any of you development gurus ever builds a search feature for > mailwatch ? :) Ask on the MailWatch mailing list and see what Steve is up to in that regard. > > Do you ahve plans to build this type thing on an ISP scale? (10s of > thousands of users) There will be a SMCluster package towards the end of this year, which will be designed to handle a cluster of MailScanner servers. This should have abilities such as treating the quarantine as a single entity, regardless of how it is actually stored. Given enough horsepower, SMGateway will already handle tens of thousands of users, but MailWatch's requirements are quite high for very busy mail servers. > > Will mailling list type support be on another list of this one? We are still working on that one. You will of course be able to get help from the MailScanner community as you can now, where the issue is actually to do with MailScanner itself and not one of the extra components. > Stephen Swaney wrote: > >> Excellent response. I dropped him a line direct with a bcc to yyou. >> >> What a team :) >> >> Steve >> >> Steve Swaney >> President >> Fortress Systems Ltd. >> Phone: 202 338-1670 >> Cell: 202 352-3262 >> www.fsl.com >> steve.swaney@fsl.com >> >> >>> -----Original Message----- >>> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>> Behalf Of Julian Field >>> Sent: Wednesday, March 02, 2005 3:42 PM >>> To: MAILSCANNER@JISCMAIL.AC.UK >>> Subject: Re: MailScanner ANNOUNCE: New commercial product SMGateway >>> >>> Thanks! >>> We have not yet implemented support for Exchange's Spam Confidence >>> Level, but it is certainly something we will look at for a future >>> release. >>> >>> Errol Neal wrote: >>> >>> >>>> Kudos to you all. >>>> What would really further interest and excite me is tight intergration >>>> with Exchange's existing spam mechanimism via the Spam Confidence >>>> Level. >>>> Did you guys have any plans in this regard? >>>> -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Wed Mar 2 21:42:16 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:28:47 2006 Subject: Red Hat Enterprise Linux 4 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Am running MailScanner on RHEL on 3 machines with SA3, clam and bitdefender etc Working beautifully - we have selinux OFF - but intend to test it further. I know bitdefedner wont work with seliniux on. Stephen Swaney wrote: >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>Behalf Of Andrew Allen >>Sent: Wednesday, March 02, 2005 4:19 PM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Red Hat Enterprise Linux 4 >> > > > Is anyone yet running MailScanner on RHEL 4? Any reasons why I shouldn't? > >>When will SMGateway support RHEL 4? > > > Probably runs now. We just haven't had time to test but will do so very > shortly. > > >>Sorry if it's been asked before. >>Kind Regards, >> >>Andrew Allen (MCSE BCIP) >>. Director & Principle Consultant . >> > > > Stewve > Steve Swaney > President > Fortress Systems Ltd. > Phone: 202 338-1670 > Cell: 202 352-3262 > www.fsl.com > steve.swaney@fsl.com > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Mar 2 21:41:23 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:47 2006 Subject: MailScanner ANNOUNCE: New commercial product SMGateway Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Quick correction: Peter Russell wrote: > Will any of you development gurus ever builds a search feature for > mailwatch ? :) It's already there. Look at the reports page. You can add filters in all of the later versions. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Mar 2 21:35:27 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:47 2006 Subject: Red Hat Enterprise Linux 4 Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Andrew Allen wrote: > Is anyone yet running MailScanner on RHEL 4? > I believe so, yes. Check the list archive. > Any reasons why I shouldn^Òt? > No. > When will SMGateway support RHEL 4? > It's one of the subjects of our first update. > Sorry if it^Òs been asked before^Å > > > Kind Regards, > > **Andrew Allen** (MCSE BCIP) > ^Õ Director & Principle Consultant ^Õ > > > **Zealous Works Ltd // http://www.zealousworks.com/** > > ^Õ Voice: +44 (0) 870 922 0527 ^Õ Fax: +44 (0) 870 460 1527 ^Õ > ^Õ Yahoo! Messenger, AOL Instant Messenger & Skype: zealousworks ^Õ > > **Disclaimer: Email from people at zealousworks.com does not > necessarily represent official policy of Zealous Works Ltd.** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Wed Mar 2 21:35:31 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:28:47 2006 Subject: Red Hat Enterprise Linux 4 Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Andrew Allen > Sent: Wednesday, March 02, 2005 4:19 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Red Hat Enterprise Linux 4 > Is anyone yet running MailScanner on RHEL 4? Any reasons why I shouldn't? > When will SMGateway support RHEL 4? Probably runs now. We just haven't had time to test but will do so very shortly. > Sorry if it's been asked before. > Kind Regards, > > Andrew Allen (MCSE BCIP) > . Director & Principle Consultant . > Stewve Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Wed Mar 2 21:46:27 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:28:47 2006 Subject: MailScanner ANNOUNCE: New commercial product SMGateway Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Fantastic sutff, thanks so much for the detailed reply - its pretty darned exciting. And the servioce you guys provide - I am sure you will be a letter from the queen any day for the Order of Anit Virus and Anti Spam Empire ? :) Julian Field wrote: > Peter Russell wrote: > >> That really look slike a fantastic product - kudos to you all. > > > Thanks, much appreciated! > >> >> It looks as though it will suit the Exchange admins who have ebnever >> touched linux before? install the os, install your RPM and your set? > > > That's the idea, yes. > There are an awful lot of Exchange admins out there who are desperate > for a solution they can afford. > > And if you want us to manage your entire server, including all OS > updates and patches, the whole works, then we can do that for you too. > The instructions we send you even include a click-by-click guide to > installing the OS so you really don't need to know how to do anything > other than put a CD into the drive and follow instructions. > >> But for those of us who dont really care about having a gui to ms.conf >> will we be missing anything sticking with mailscanner? > > > No. There is only one version of the source of MailScanner, and I have > no intention of letting that change. > >> Or would it even >> be more benificial sticking with MS as the release frequency of the free >> to donwload version of SM gateway is likely to be less thab MS ? > > > If you are happy to admin MS as you do now, then stick with the > www.mailscanner.info version of the system. The cores are the same, but > we may well not update SMGateway as fast as I update MailScanner itself. > >> >> MS development will continue as normal? > > > Yes. > >> >> Will the GUIs bits be available for us to intsall on existing systems? > > > You can always tear apart the SMGateway download and use bits of it. We > are quite happy for you to do that if you want to, but you won't be able > to get support via the standard packages, you would be asking for custom > support for your system if you need it. > >> Will SMgateway support things like postfix? > > > Not yet, but that is planned for a future release. > >> >> Will any of you development gurus ever builds a search feature for >> mailwatch ? :) > > > Ask on the MailWatch mailing list and see what Steve is up to in that > regard. > >> >> Do you ahve plans to build this type thing on an ISP scale? (10s of >> thousands of users) > > > There will be a SMCluster package towards the end of this year, which > will be designed to handle a cluster of MailScanner servers. This should > have abilities such as treating the quarantine as a single entity, > regardless of how it is actually stored. Given enough horsepower, > SMGateway will already handle tens of thousands of users, but > MailWatch's requirements are quite high for very busy mail servers. > >> >> Will mailling list type support be on another list of this one? > > > We are still working on that one. You will of course be able to get help > from the MailScanner community as you can now, where the issue is > actually to do with MailScanner itself and not one of the extra components. > >> Stephen Swaney wrote: >> >>> Excellent response. I dropped him a line direct with a bcc to yyou. >>> >>> What a team :) >>> >>> Steve >>> >>> Steve Swaney >>> President >>> Fortress Systems Ltd. >>> Phone: 202 338-1670 >>> Cell: 202 352-3262 >>> www.fsl.com >>> steve.swaney@fsl.com >>> >>> >>>> -----Original Message----- >>>> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>>> Behalf Of Julian Field >>>> Sent: Wednesday, March 02, 2005 3:42 PM >>>> To: MAILSCANNER@JISCMAIL.AC.UK >>>> Subject: Re: MailScanner ANNOUNCE: New commercial product SMGateway >>>> >>>> Thanks! >>>> We have not yet implemented support for Exchange's Spam Confidence >>>> Level, but it is certainly something we will look at for a future >>>> release. >>>> >>>> Errol Neal wrote: >>>> >>>> >>>>> Kudos to you all. >>>>> What would really further interest and excite me is tight intergration >>>>> with Exchange's existing spam mechanimism via the Spam Confidence >>>>> Level. >>>>> Did you guys have any plans in this regard? >>>>> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From hb.maillists at DFS.DK Wed Mar 2 21:47:38 2005 From: hb.maillists at DFS.DK (Henrik Bro) Date: Thu Jan 12 21:28:48 2006 Subject: SV: MailScanner ANNOUNCE: New commercial product SMGateway Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] This is what I have been dreaming about for a long time :) But I have a question?: Does the milter-ahead in SMGateway support closed mail-lists. I have tried to use it before, but could not get it to work. I think the problem was, that when the MS server did RCPT TO, it used a blank MAIL FROM. /henrik -----Oprindelig meddelelse----- Fra: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] På vegne af Stephen Swaney Sendt: 2. marts 2005 21:02 Til: MAILSCANNER@JISCMAIL.AC.UK Emne: FW: MailScanner ANNOUNCE: New commercial product SMGateway > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of John Rudd > Sent: Wednesday, March 02, 2005 1:28 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: MailScanner ANNOUNCE: New commercial product SMGateway > > On Mar 2, 2005, at 6:29 AM, Julian Field wrote: > > > We are pleased to announce SMGateway, the first Secure Mail Gateway > > product from Fortress Systems Ltd. > > - Active Directory Authentication? What about Kerberos? (POP/IMAP is > good enough for us (since those check against our Kerberos pass > phrases), but I'm curious if you're doing AD via LDAP, or AD via > Kerberos, or some other aspect of AD authentication I'm not aware of > ... and if you're doing it via AD's LDAP functionality, I wonder why > you didn't also list LDAP authentication in the blurb) Our design goal was "no user account maintenance on the Gateway" and we tried to keep it as simple as possible and the word LDAP scares some people :). Even older Exchange servers can be configure to use POP or IMAP so we can pretty much allow any user to authenticate and log into the SMGateway server to set spam preferences with no need to setup users on the gateway. In the same vein, the ability to use milter-ahead means that for most back end mailhubs, rejecting email for unknown users is as simple as clicking on a checkbox > > - Redhat only? No Solaris support? Any Solaris support planned? > This is intended to be our lower cost, single gateway offering. As such, we felt the right OS to support first would be Red Hat and CentOS. Other OS support is being considered. Also please see my remarks on clustering below. > - Also, we use an array of machines to do our mailscanner work right > now. Does SMGateway support this (Ie. users only have to set their > options on one machine, instead of having to touch all 4 of them?). > My impression is that because you're using MailWatch, which I thought > uses mysql for various things, then it might be possible to put the > mysql database on a separate machine, and thus have multiple > work-horse machines that all use 1 configuration database. Is that an > appropriate/accurate assumption? This will be our SMCluster configuration due out later in the year. The architecture is already present in SMGateway. A SQL server stores configuration data and checkpoints (for roll backs) and populates and LDAP directory. In the SMCluster architecture, the web interface, database and LDAP directory are hosted on a standalone server. Each gateway has an LDAP replica and a few synchronized files. We have a few other tricks planned for SMCluster setup but that is the basic plan. > > - When you say 1 year of updates, what do you mean exactly? (I mean, > if it's free to download, does that mean I could install the new > versions by hand for free, but you have some stream lined auto-update > engine that costs money to keep feeding it? or is there some other > aspect of updates that's not clearly being presented here? or what?) > (don't get me wrong, the compelling part of the prices is the support > contracts, and if we were to go down the SMGateway path, we would be > getting a support contract regardless of what the updates part means > ... but I'm curious what that part of the contract _actually_ means, > considering the download is free) Yet it's free to download and use and yes you could simply keep updating by downloading and installing the new application and restoring your preferences. An experienced administrator could update many parts simply by building their own rpms to our specs. All of this would be fine with us. Our target customer is an organization that can see the benefits and cost savings of paying experts to do what experts do well and efficiently. We believe that for most organizations the maintenance costs of our SMGateway solution will be less than the cost of trying to keep all of the applications updated in-house. Our goal is to make an integrated MailScanner, SpamAssassin and MailWatch server so simple to install, configure and maintain that it will become the most obvious solution to the spam and virus problem. We hope to do this at a cost that will be affordable for everyone. Please note that the package consists of +70 rpms that all reside in /opt/Fortress. It took a lot longer to develop this way but we are as independent as possible from the Architecture and problems that can be caused by Operating System Updates. Anyone who has seen the operating system update package-skip-list(s) needed on Ensim or C-panel systems can appreciate the benefits of this approach. It also means that we can more quickly react to easily update individual applications as required. This has been difficult for most of our competition. Timely updating is absolutely essential for and anti-spam or anti-virus solution. > > Since I've asked those other questions, I might as well ask these: > > - instead of email forwarding being user configured, can the > administrator(s) turn it off and make it completely unavailable to the > end user? We have other methods for setting up user forwards, and > those need to remain our authoritative mechanisms. > We had not considered this but there is no reason that it could not be incorporated. > - does it allow per-user bayes databases? > No > - does it allow bayes databases to be completely disabled? > Yes > - it talks about mailwatch doing quarantine management; does MailWatch > get upset if you turn off quarantining completely? > Not at all. MailWatch never gets upset. It is quite a happy application :) > - I recently wrote a script that reads through the sendmail and > mailscanner syslogs and extracts data about each virus (relay that > sent it, mail queue ID, viruses that were in the message, claimed SMTP > Mail-From, date and time of the message) and mails $relay@abuse.net > with a report about each infected message that relay sent us (1 stanza > per message) ... I seem to recall that one of the things that > MailWatch does with mysql is logging to mysql; can I still have it > also do logging to syslog, so I don't have to re-write my nightly report? > You would probably find the MailWatch Database a rich place to mine for any customized reporting. I've had a peek at the latest cvs version and MailWatch is definitely an application you want to keep an eye on. > > (we're actually evaluating vendor supported alternatives to > MailScanner* right now ... including things like Sophos Pure Message > and Ironport, etc. So, it's very interesting to me that this product > would come out right as we're doing that, it might allow us to put > MailScanner into our list of products; but Solaris and Clustering are > on our requirements list (as "must") ... Linux and FreeBSD are just on > our "should" list; if Solaris and Clustering are there, I could easily > add this to our list of products to evaluate) > I know that clustering will be coming and with clustering, we will need to support the sleeker and more expensive hardware. Right now we are installing and supporting some fairly large multiple gateway solutions using MailScanner, SpamAssassin and MailWatch + custom programming and they work very well. We know there are some very large installations that use MailScanner successfully. We hope our clustering solution will make the administration of MailScanner in the enterprise a bit easier to install, maintain and operate. If you or any other enterprise sites are interested in working with us on the development of the SMCluster software, please email me off list. > (* I'm not unsatisfied with mailscanner, it's just that we have a > larger set of interests and requirements that are being evaluated, and > we would have to "roll our own" to just use mailscanner in that new > picture ... which we would rather not do, so we're looking at our > alternatives; a lot of what we're looking for, though, is on the list > of SMGateway's features) SMGateway is not and was not intended to be the product for every site. For smaller sites it can be the best solution available at any cost. While there are no hard and fast rules because of the differences between sites, I'd guess that for sites with under 75 users, outsourcing to an experienced site that uses MailScanner for email processing will be the most cost effective solution. Most of the MailScanner hosting sites here in the US appear to charge about 1/2 the price charged by Brightmail and Postini (who won't even talk to small sites). For the 75 to 2000 mailbox sites, SMGateway can be a very effective solution. Thanks for the questions, Steve Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From andrew.allen at ZEALOUSWORKS.COM Wed Mar 2 21:53:42 2005 From: andrew.allen at ZEALOUSWORKS.COM (Andrew Allen) Date: Thu Jan 12 21:28:48 2006 Subject: MailScanner Guestbook Message-ID: Off topic a little, but I noticed the guestbook has been attracting spam recently: http://www.sng.ecs.soton.ac.uk/mailscanner/book/guestbook.php Also, I sent an email to info@fcl.com earlier and noticed it bounced back: info@fsl.com on 02/03/2005 15:27 You do not have permission to send to this recipient. For assistance, contact your system administrator. ... User unknown> Kind Regards, Andrew Allen (MCSE BCIP) • Director & Principle Consultant • Zealous Works Ltd // http://www.zealousworks.com/ • Voice: +44 (0) 870 922 0527 • Fax: +44 (0) 870 460 1527 • • Yahoo! Messenger, AOL Instant Messenger & Skype: zealousworks • Disclaimer: Email from people at zealousworks.com does not necessarily represent official policy of Zealous Works Ltd. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Wed Mar 2 22:01:09 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:28:48 2006 Subject: MailScanner ANNOUNCE: New commercial product SMGateway Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Henrik Bro > Sent: Wednesday, March 02, 2005 4:48 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: SV: MailScanner ANNOUNCE: New commercial product SMGateway > > This is what I have been dreaming about for a long time :) > Thanks for the kind words > But I have a question?: > > Does the milter-ahead in SMGateway support closed mail-lists. I have tried > to use it before, but could not get it to work. > > I think the problem was, that when the MS server did RCPT TO, it used a > blank MAIL FROM. > Milter-ahead will accept email only if destination mailhub will accept email for the recipients address. If mail to the address is deliverable on the mail hub, it will be accepted on the gateway. Where Milter-ahead is quite nice is its intelligent error handling and intelligent caching of results. For all the details please visit: http://www.milter.info/milter-ahead/index.shtml Hope this helps, Steve Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jrudd at UCSC.EDU Wed Mar 2 22:01:45 2005 From: jrudd at UCSC.EDU (John Rudd) Date: Thu Jan 12 21:28:48 2006 Subject: MailScanner ANNOUNCE: New commercial product SMGateway Message-ID: On Mar 2, 2005, at 13:06, Mike Bacher wrote: > John Rudd wrote: >> On Mar 2, 2005, at 6:29 AM, Julian Field wrote: >> >>> We are pleased to announce SMGateway, the first Secure Mail Gateway >>> product from Fortress Systems Ltd. >> >> >> - Active Directory Authentication? What about Kerberos? (POP/IMAP is >> good enough for us (since those check against our Kerberos pass >> phrases), but I'm curious if you're doing AD via LDAP, or AD via >> Kerberos, or some other aspect of AD authentication I'm not aware of >> ... and if you're doing it via AD's LDAP functionality, I wonder why >> you didn't also list LDAP authentication in the blurb) > > Recipient checking is available via LDAP and milter-ahead (basically, > it opens a > persistent SMTP channel to the mailhub and does RCPT TO's, with some > intelligent caching) So, what exactly is milter-ahead? Is this just a few checks that are done as part of a milter, or is this doing the full mailscanner implementation in a milter? (and, what we do now is distribute an aliases file to each of our sendmail boxes, and those are how we get valid vs not-valid address support for our scanning boxes; the file is automated generated every few hours, and the sendmail boxes also periodically/automatically import it; part of this is a legacy issue and part of it is because our older mailing list system uses the aliases file for lists) Do domains have default forwards? It might be interesting to say that the default forward for a given domain is to send it to mailhub A, and the default domain to send it to for a second domain is mailhub B, but not allow users to over-ride that, and yet still have this recipient checking going on to insure that the end address is valid. (our existing mechanisms is that our athena based account management system manages the aliases file, both for mailing lists and user forwards; that information also gets extracted and incorporated into communigate pro's "redirect" option; users can manage either of them, but we're planning to retire the athena stuff, so the authoritative location will be the end mail hub, not the scanning hosts, so what we want the scanning hosts to do is just send it all to the mailhub. But, it has to be the right mailhub for that domain, and it has to be rejecting invalid addresses at the front door. Our existing plan had been to just munge the aliases file, but if SMGateway has domain defaults for that kind of thing, then that allows us to eliminate that piece) >> - Redhat only? No Solaris support? Any Solaris support planned? > > The biggest (and really the only) barrier to using it on other > platforms is the fact that > the product is totally RPM based. I would love to be able to run it > on FreeBSD as that is > what we run our MailScanner machines on now, but it would require some > work to get things > going. Hm. So, does that mean that if you move toward supporting Solaris you would: a) require the customer to have RPM on Solaris? (we used to do all of a bunch of internal solaris packaging with rpm's at Cygnus) b) support Solaris pkg's? c) come up with a tar based distribution? (I think any of those is fine, just curious what direction you might go) >> - Also, we use an array of machines to do our mailscanner work right >> now. Does SMGateway support this (Ie. users only have to set their >> options on one machine, instead of having to touch all 4 of them?). >> My >> impression is that because you're using MailWatch, which I thought >> uses >> mysql for various things, then it might be possible to put the mysql >> database on a separate machine, and thus have multiple work-horse >> machines that all use 1 configuration database. Is that an >> appropriate/accurate assumption? > > That would require SMCluster, which isn't out yet.. (we have the same > config, and need it too) > How long until it's out (ball park). We can probably eval the stand-alone version without any problem, but when we go to deployment, we'll most definitely need the clustering support. Oh, one other thing: what other parts of the mail system are you going to support? For example, if we have problems with the domain stuff in sendmail, are you going to support that, or just the domain parts of SMGateway/SMCluster? If we had questions and stuff about SSL and SMTP-Auth, and doing the same exact user authentication as we're doing for the web configuration stuff (ex. proxy it off to the IMAP server), would you have help/information/etc. around that? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From chrisford at DKBBS.COM Wed Mar 2 22:15:42 2005 From: chrisford at DKBBS.COM (Christopher J Ford) Date: Thu Jan 12 21:28:48 2006 Subject: blacklist & whitelist question. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Say I wanted to block anything from spam.au or even spam.spam.au, or even spam-spam.spam.au can I do a From: *@*.au in my blacklist rules file?? Thank you.. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From listacct at TULSACONNECT.COM Wed Mar 2 22:35:47 2005 From: listacct at TULSACONNECT.COM (Mike Bacher) Date: Thu Jan 12 21:28:48 2006 Subject: MailScanner ANNOUNCE: New commercial product SMGateway Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] John Rudd wrote: > So, what exactly is milter-ahead? Is this just a few checks that are > done as part of a milter, or is this doing the full mailscanner > implementation in a milter? http://www.milter.info/milter-ahead/index.shtml > (and, what we do now is distribute an aliases file to each of our > sendmail boxes, and those are how we get valid vs not-valid address > support for our scanning boxes; the file is automated generated every > few hours, and the sendmail boxes also periodically/automatically > import it; part of this is a legacy issue and part of it is because our > older mailing list system uses the aliases file for lists) You wouldn't need to do that anymore. > Do domains have default forwards? It might be interesting to say that > the default forward for a given domain is to send it to mailhub A, and > the default domain to send it to for a second domain is mailhub B, but > not allow users to over-ride that, and yet still have this recipient > checking going on to insure that the end address is valid. I think the only way to do it is to define a per-domain mailhost. But, if you are doing it via an automated API method, it shouldn't matter. My understanding is that the config data is stored in MySQL, and then a process takes that data and pushes into the LDAP database. > Hm. So, does that mean that if you move toward supporting Solaris you > would: > > a) require the customer to have RPM on Solaris? (we used to do all of a > bunch of internal solaris packaging with rpm's at Cygnus) > > b) support Solaris pkg's? > > c) come up with a tar based distribution? > > (I think any of those is fine, just curious what direction you might go) Would be a question for Stephen. I think the idea behind the RPM thing was ease of upgrades/maintainability. My vote would be for a tar based distro.. > How long until it's out (ball park). We can probably eval the > stand-alone version without any problem, but when we go to deployment, > we'll most definitely need the clustering support. I think they are shooting for sometime late this year, not sure though.. -- ----------------------------------------- Mike Bacher / listacct@tulsaconnect.com TCIS - TulsaConnect Internet Services Phone: 918-584-1100x110 Fax: 918-582-5776 ----------------------------------------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Mar 2 22:40:15 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:48 2006 Subject: MailScanner ANNOUNCE: New commercial product SMGateway Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] John Rudd wrote: > On Mar 2, 2005, at 13:06, Mike Bacher wrote: > >> John Rudd wrote: >> >>> On Mar 2, 2005, at 6:29 AM, Julian Field wrote: >>> >>>> We are pleased to announce SMGateway, the first Secure Mail Gateway >>>> product from Fortress Systems Ltd. >>> >>> >>> >>> - Active Directory Authentication? What about Kerberos? (POP/IMAP is >>> good enough for us (since those check against our Kerberos pass >>> phrases), but I'm curious if you're doing AD via LDAP, or AD via >>> Kerberos, or some other aspect of AD authentication I'm not aware of >>> ... and if you're doing it via AD's LDAP functionality, I wonder why >>> you didn't also list LDAP authentication in the blurb) >> >> >> Recipient checking is available via LDAP and milter-ahead (basically, >> it opens a >> persistent SMTP channel to the mailhub and does RCPT TO's, with some >> intelligent caching) > > > So, what exactly is milter-ahead? See http://www.milter.info/milter-ahead/index.shtml > Hm. So, does that mean that if you move toward supporting Solaris you > would: > > a) require the customer to have RPM on Solaris? (we used to do all of a > bunch of internal solaris packaging with rpm's at Cygnus) > > b) support Solaris pkg's? > > c) come up with a tar based distribution? Probably (c), else (b). >>> now. Does SMGateway support this (Ie. users only have to set their >>> options on one machine, instead of having to touch all 4 of them?). >>> My >>> impression is that because you're using MailWatch, which I thought >>> uses >>> mysql for various things, then it might be possible to put the mysql >>> database on a separate machine, and thus have multiple work-horse >>> machines that all use 1 configuration database. Is that an >>> appropriate/accurate assumption? >> >> >> That would require SMCluster, which isn't out yet.. (we have the same >> config, and need it too) >> > - Also, we use an array of machines to do our mailscanner work right > > How long until it's out (ball park). We can probably eval the > stand-alone version without any problem, but when we go to deployment, > we'll most definitely need the clustering support. Later this year. > Oh, one other thing: what other parts of the mail system are you going > to support? For example, if we have problems with the domain stuff in > sendmail, are you going to support that, or just the domain parts of > SMGateway/SMCluster? If we had questions and stuff about SSL and > SMTP-Auth, and doing the same exact user authentication as we're doing > for the web configuration stuff (ex. proxy it off to the IMAP server), > would you have help/information/etc. around that? We haven't done this yet. You will need to discuss that with us off-list to see what can be done for you here. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Mar 2 22:41:08 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:48 2006 Subject: blacklist & whitelist question. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Yes. Correct syntax is From: *@*.au yes Christopher J Ford wrote: > Say I wanted to block anything from spam.au or even spam.spam.au, or > even spam-spam.spam.au > > can I do a From: *@*.au in my blacklist rules file?? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dh at UPTIME.AT Wed Mar 2 22:43:06 2005 From: dh at UPTIME.AT (David H.) Date: Thu Jan 12 21:28:48 2006 Subject: MailScanner ANNOUNCE: New commercial product SMGateway Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Julian Field wrote: | John Rudd wrote: | |> Oh, one other thing: what other parts of the mail system are you going |> to support? For example, if we have problems with the domain stuff in |> sendmail, are you going to support that, or just the domain parts of |> SMGateway/SMCluster? If we had questions and stuff about SSL and |> SMTP-Auth, and doing the same exact user authentication as we're doing |> for the web configuration stuff (ex. proxy it off to the IMAP server), |> would you have help/information/etc. around that? | | | We haven't done this yet. You will need to discuss that with us off-list | to see what can be done for you here. | I have done this various times using Sendmail. Fell free to contact me off list. There are numerous ways to do this with open source tools. - -d -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (Darwin) iD8DBQFCJkF6PMoaMn4kKR4RA4ZOAJ4hWxu6R6bzElO8nFWYhpBhI8AUNQCdFOPF +fAGmmuU+xKk3ekk/b4GgS8= =Sdym -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Wed Mar 2 22:44:49 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:28:48 2006 Subject: MailScanner ANNOUNCE: New commercial product SMGateway Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of John Rudd > Sent: Wednesday, March 02, 2005 5:02 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: MailScanner ANNOUNCE: New commercial product SMGateway > > On Mar 2, 2005, at 13:06, Mike Bacher wrote: > > > John Rudd wrote: > >> On Mar 2, 2005, at 6:29 AM, Julian Field wrote: > >> > >>> We are pleased to announce SMGateway, the first Secure Mail Gateway > >>> product from Fortress Systems Ltd. > >> > >> > >> - Active Directory Authentication? What about Kerberos? (POP/IMAP is > >> good enough for us (since those check against our Kerberos pass > >> phrases), but I'm curious if you're doing AD via LDAP, or AD via > >> Kerberos, or some other aspect of AD authentication I'm not aware of > >> ... and if you're doing it via AD's LDAP functionality, I wonder why > >> you didn't also list LDAP authentication in the blurb) > > > > Recipient checking is available via LDAP and milter-ahead (basically, > > it opens a > > persistent SMTP channel to the mailhub and does RCPT TO's, with some > > intelligent caching) > > So, what exactly is milter-ahead? Is this just a few checks that are > done as part of a milter, or is this doing the full mailscanner > implementation in a milter? > It's milter-ahead http://www.milter.info/milter-ahead/index.shtml not a milter implementation of MailScanner (hmmmm, now that would be a MILTER). Milter-ahead just checks to see if the mail would be accepted if presented for delivery at the mailhub before it is accepted at the gateway. It's very simple to configure and works very well even on sites with high volumes for the hardware. It's not as efficient as locally accessible db or ldap file to validate users but it's a lot better than using nothing and y sites. We have seen very substantial load decreases on gateways and mailhub where nothing is used to validate users on the mailhub and then milter is installed. The reason is simple. Blocking the junk email at the front door stops MailScanner and all of the related applications for doing a lot of useless work and these messages never hit the mailhub. A couple of caveats: 1. Milter-ahead works only with sendmail. There are other techniques which perform similar checks for Exim and Postfix. 2. Milter-ahead will not work with Exchange 5.5 or Exchange 2000 mailhubs. These servers cannot be configured not to blindly accept email for any address at acceptable domains :( and then bounce it back to the non-existent spammer ). > (and, what we do now is distribute an aliases file to each of our > sendmail boxes, and those are how we get valid vs not-valid address > support for our scanning boxes; the file is automated generated every > few hours, and the sendmail boxes also periodically/automatically > import it; part of this is a legacy issue and part of it is because our > older mailing list system uses the aliases file for lists) > Milter-ahead will accept email as soon as the user account is added to the hub. > Do domains have default forwards? It might be interesting to say that > the default forward for a given domain is to send it to mailhub A, and > the default domain to send it to for a second domain is mailhub B, but > not allow users to over-ride that, and yet still have this recipient > checking going on to insure that the end address is valid. > It looks at the mailertable, if the entry is in the form: domain.com esmtp:[mailhub.domain.com] (Note the [ ]'s) milter-ahead will be called. If the entry is in the form domain.com esmtp:mailhub.domain.com milter-ahead ahead will not be called. > (our existing mechanisms are that our athena based account management > system manages the aliases file, both for mailing lists and user > forwards; that information also gets extracted and incorporated into > communigate pro's "redirect" option; users can manage either of them, > but we're planning to retire the athena stuff, so the authoritative > location will be the end mail hub, not the scanning hosts, so what we > want the scanning hosts to do is just send it all to the mailhub. But, > it has to be the right mailhub for that domain, and it has to be > rejecting invalid addresses at the front door. Our existing plan had > been to just munge the aliases file, but if SMGateway has domain > defaults for that kind of thing, then that allows us to eliminate that > piece) > > I think you should definitely look at milter-ahead as one of the possibilities. At least until SMCluster is available :) Hope this helps, Steve Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From chrisford at DKBBS.COM Wed Mar 2 22:52:20 2005 From: chrisford at DKBBS.COM (Christopher J Ford) Date: Thu Jan 12 21:28:48 2006 Subject: blacklist & whitelist question. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > Yes. Correct syntax is > From: *@*.au yes > > Christopher J Ford wrote: > >> Say I wanted to block anything from spam.au or even spam.spam.au, or >> even spam-spam.spam.au >> >> can I do a From: *@*.au in my blacklist rules file?? > > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > Ah.. thank you.. and thank for MailScanner :) Id still be deleting my 900+ peices of spam crap aday and deleteing importion ones too cuz i woul;d get tired of looking! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Wed Mar 2 23:07:55 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:28:48 2006 Subject: Beta release 4.39.4 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Julian Field > Sent: Wednesday, March 02, 2005 9:18 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Beta release 4.39.4 > > > I always try to at least reply, but good ideas do get lost sometimes. > The unrar code would require another timeout wrapper round it, which I > would have to copy from elsewhere, so it isn't trivial. > I can't remember if I came up with a solution to the duplicated > filenames problem or not, it was quite a long time ago. > How about this for a timeout wrapper. It should work as a general purpose wrapper for commands that use system or backticks. I put it together from code you use eleswhere. So a line like: $unrar =`which unrar`; return 0 unless $unrar !~ /no unrar in)/i && $unrar ne ""; would be $unrar = SafePipe("which unrar",30,"ST"); return 0 unless $unrar !~ /(no unrar in|^COMMAND_TIMED_OUT$)/i && $unrar ne ""; and system("$unrar e -p- -idp $safename 2>&1"); unless ("$?" == 0 && !$IsEncrypted) { would be unless (RcSafePipe("$unrar e -p- -idp $safename 2>&1",30,"EC") == 0 && !$IsEncrypted) { It appears to work fine, and handles the time out fine as well. Rick sub SafePipe{ # Modified Julian's code from SweepOther.pm # Changed to allow execution of a given command line with a time # control # # $Cmd = command line to execute # $timeout = max time in seconds to allow execution # $ReturnType = ST For String or Anything else for error code # # Replaces backtick or system calls that are looking for both # string output or an error code my ($Cmd, $TimeOut,$ReturnType) = @_; my($Kid, $pid, $TimedOut, $PipeReturn, $Str); $Kid = new FileHandle; $TimedOut = 0; eval { die "Can't fork: $!" unless defined($pid = open($Kid, '-|')); if ($pid) { # In the parent local $SIG{ALRM} = sub { $TimedOut = 1; die "Command Timed Out" }; alarm $TimeOut; # Only process the output if we are scanning, not disinfecting while(<$Kid>) { $Str .= $_; #print STDERR "Processing line \"$_\"\n"; } close $Kid; $PipeReturn = $?; $pid = 0; # 2.54 alarm 0; # Workaround for bug in perl shipped with Solaris 9, # it doesn't unblock the SIGALRM after handling it. eval { my $unblockset = POSIX::SigSet->new(SIGALRM); sigprocmask(SIG_UNBLOCK, $unblockset) or die "Could not unblock alarm: $!\n"; }; } else { # In the child POSIX::setsid(); # for testing time out # sleep 40; exec $Cmd; MailScanner::Log::WarnLog("Can't run $Cmd command! "); exit 1; } }; alarm 0; # 2.53 # Note to self: I only close the KID in the parent, not in the child. MailScanner::Log::DebugLog("Completed $Cmd"); # Catch failures other than the alarm MailScanner::Log::DieLog("$Cmd failed with real error: $@") if $@ and $@ !~ /Command Timed Out/; #print STDERR "pid = $pid and \@ = $@\n"; # In which case any failures must be the alarm if ($@ or $pid>0) { # Kill the running child process my($i); kill -15, $pid; # Wait for up to 5 seconds for it to die for ($i=0; $i<5; $i++) { sleep 1; waitpid($pid, &POSIX::WNOHANG); ($pid=0),last unless kill(0, $pid); kill -15, $pid; } # And if it didn't respond to 11 nice kills, we kill -9 it if ($pid) { kill -9, $pid; waitpid $pid, 0; # 2.53 } } # Return failure if the command timed out, otherwise return success if ($TimedOut){ MailScanner::Log::WarnLog("$Cmd timed out!"); return "COMMAND_TIMED_OUT"; } if($ReturnType eq "ST"){ return $Str; }else{ return $PipeReturn; } } -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Wed Mar 2 23:13:35 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:28:48 2006 Subject: MailScanner ANNOUNCE: New commercial product SMGateway Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > We are pleased to announce SMGateway, the first Secure Mail Gateway > product from Fortress Systems Ltd. > > SMGateway is based on MailScanner, the world's most widely used e-mail ... Is this what was hinted to in the middle of last month? -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mauriciopcavalcanti at HOTMAIL.COM Thu Mar 3 00:07:34 2005 From: mauriciopcavalcanti at HOTMAIL.COM (Mauricio Cavalcanti) Date: Thu Jan 12 21:28:48 2006 Subject: MISSING_SUBJECT Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Not all, but many e-mails which has normal subject has MISSING SUBJECT score, as above: MailScanner-SpamCheck: not spam, SpamAssassin (score=3.37, required 5.7, DNS_FROM_RFC_ABUSE 0.37, DNS_FROM_RFC_POST 1.38, FORGED_RCVD_HELO 0.05, MISSING_SUBJECT 1.57) Why? Thks in advance, Mauricio. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu Mar 3 00:21:39 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:28:48 2006 Subject: MISSING_SUBJECT Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Mauricio Cavalcanti wrote: > Not all, but many e-mails which has normal subject has MISSING SUBJECT > score, as above: > > MailScanner-SpamCheck: not spam, SpamAssassin (score=3.37, required 5.7, > DNS_FROM_RFC_ABUSE 0.37, DNS_FROM_RFC_POST 1.38, FORGED_RCVD_HELO 0.05, > MISSING_SUBJECT 1.57) > > Why? > > Thks in advance, > Mauricio. > Check headers for multiple subject lines, one of which is empty. -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jrudd at UCSC.EDU Thu Mar 3 01:03:20 2005 From: jrudd at UCSC.EDU (John Rudd) Date: Thu Jan 12 21:28:48 2006 Subject: OT: blocking RFC/best practices violators Message-ID: There's sort of three questions here: 1) I seem to recall a tool on a web page that you could tell it your domain and it would tell you what RFC's and bad practices you were violating (things like "you don't have a postmaster address at your mail server" and "you don't have an MX server for your domain", etc.). Anyone know which one I'm talking about? 2) anyone know of an RBL that is build around that concept? For example, we've got a problem lately with some senders coming from domains that are either violating an RFC (no postmaster) or something that HAS to be a best practice violation. Ex: sbcglobel.net (which is not sbcglobal.net, a valid ISP) where the domain has an MX record ... to a host that evaluates as localhost. So, bounces and vacation replies and such just clutter up our queue for a long while. It would be nice if there was an RBL that had multiple lists/return codes that covered different types of problems like this, or places whose contact with abuse.net bounces, or they don't have a postmaster address, etc. 3) anyone know of an existing milter that covers that example (if sender domain has an MX record that gets you to 127.x.y.z, then reject the message)? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raylund.lai at KANKANWOO.COM Thu Mar 3 01:31:01 2005 From: raylund.lai at KANKANWOO.COM (Raylund Lai) Date: Thu Jan 12 21:28:48 2006 Subject: blocking RFC/best practices violators Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Are you looking for this one? http://www.dnsreport.com/ Cheers Raylund ----- Original Message ----- From: "John Rudd" To: Sent: Wednesday, March 02, 2005 8:03 PM Subject: OT: blocking RFC/best practices violators > There's sort of three questions here: > > 1) I seem to recall a tool on a web page that you could tell it your > domain and it would tell you what RFC's and bad practices you were > violating (things like "you don't have a postmaster address at your > mail server" and "you don't have an MX server for your domain", etc.). > Anyone know which one I'm talking about? > > 2) anyone know of an RBL that is build around that concept? For > example, we've got a problem lately with some senders coming from > domains that are either violating an RFC (no postmaster) or something > that HAS to be a best practice violation. Ex: sbcglobel.net (which is > not sbcglobal.net, a valid ISP) where the domain has an MX record ... > to a host that evaluates as localhost. So, bounces and vacation > replies and such just clutter up our queue for a long while. It would > be nice if there was an RBL that had multiple lists/return codes that > covered different types of problems like this, or places whose contact > with abuse.net bounces, or they don't have a postmaster address, etc. > > 3) anyone know of an existing milter that covers that example (if > sender domain has an MX record that gets you to 127.x.y.z, then reject > the message)? > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Thu Mar 3 01:32:37 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:48 2006 Subject: OT: blocking RFC/best practices violators Message-ID: At 08:03 PM 3/2/2005, John Rudd wrote: >2) anyone know of an RBL that is build around that concept? For >example, we've got a problem lately with some senders coming from >domains that are either violating an RFC (no postmaster) or something >that HAS to be a best practice violation. rfc-ignorant.org is a RBL that does this.. they have multiple lists including no postmaster, no abuse, refusal of DSN, invalid Whois data, and bogux MX. Unfortunately most of the lists rather high in the FP rate.. there's a lot of major ISP's out there that are quite RFC ignorant. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From spamtrap71892316634 at ANIME.NET Thu Mar 3 01:38:29 2005 From: spamtrap71892316634 at ANIME.NET (Dan Hollis) Date: Thu Jan 12 21:28:48 2006 Subject: OT: blocking RFC/best practices violators Message-ID: On Wed, 2 Mar 2005, Matt Kettler wrote: > Unfortunately most of the lists rather high in the FP rate.. there's a lot > of major ISP's out there that are quite RFC ignorant. there are even more which arent ignorant, they deliberately choose not to have a working postmaster@ etc. and unlike abuse@, postmaster@ is not optional, no way no how, no matter how you stretch or twist or bend the RFCs. -Dan ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jrudd at UCSC.EDU Thu Mar 3 01:54:43 2005 From: jrudd at UCSC.EDU (John Rudd) Date: Thu Jan 12 21:28:48 2006 Subject: blocking RFC/best practices violators Message-ID: That's the one! Thanks On Mar 2, 2005, at 17:31, Raylund Lai wrote: > Are you looking for this one? > http://www.dnsreport.com/ > > Cheers > Raylund > ----- Original Message ----- > From: "John Rudd" > To: > Sent: Wednesday, March 02, 2005 8:03 PM > Subject: OT: blocking RFC/best practices violators > > >> There's sort of three questions here: >> >> 1) I seem to recall a tool on a web page that you could tell it your >> domain and it would tell you what RFC's and bad practices you were >> violating (things like "you don't have a postmaster address at your >> mail server" and "you don't have an MX server for your domain", etc.). >> Anyone know which one I'm talking about? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cstone at AXINT.NET Thu Mar 3 01:57:29 2005 From: cstone at AXINT.NET (Chris Stone) Date: Thu Jan 12 21:28:48 2006 Subject: OT: blocking RFC/best practices violators Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > 1) I seem to recall a tool on a web page that you could tell it your > domain and it would tell you what RFC's and bad practices you were > violating (things like "you don't have a postmaster address at your > mail server" and "you don't have an MX server for your domain", etc.). > Anyone know which one I'm talking about? Some of these are checked at http://www.dnsreport.com > 2) anyone know of an RBL that is build around that concept? For > example, we've got a problem lately with some senders coming from > domains that are either violating an RFC (no postmaster) or something > that HAS to be a best practice violation. Ex: sbcglobel.net (which is > not sbcglobal.net, a valid ISP) where the domain has an MX record ... > to a host that evaluates as localhost. So, bounces and vacation > replies and such just clutter up our queue for a long while. It would > be nice if there was an RBL that had multiple lists/return codes that > covered different types of problems like this, or places whose contact > with abuse.net bounces, or they don't have a postmaster address, etc. http://rfc-ignorant.org > 3) anyone know of an existing milter that covers that example (if > sender domain has an MX record that gets you to 127.x.y.z, then reject > the message)? milter-sender will does quite nicely - http://www.milter.info/milter-sender/index.shtml Chris ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jrudd at UCSC.EDU Thu Mar 3 01:58:19 2005 From: jrudd at UCSC.EDU (John Rudd) Date: Thu Jan 12 21:28:48 2006 Subject: OT: blocking RFC/best practices violators Message-ID: On Mar 2, 2005, at 17:38, Dan Hollis wrote: > On Wed, 2 Mar 2005, Matt Kettler wrote: >> Unfortunately most of the lists rather high in the FP rate.. there's >> a lot >> of major ISP's out there that are quite RFC ignorant. That's disappointing, but understandable (not understandable that they're doing it, understandable that it makes the lists probably not very useful to me at work). > there are even more which arent ignorant, they deliberately choose not > to > have a working postmaster@ etc. and unlike abuse@, postmaster@ is not > optional, no way no how, no matter how you stretch or twist or bend the > RFCs. Yeah, some of the bounces I'm getting back from sending to $relay@abuse.net for our "you sent us viruses yesterday" report come back as bounces that were sent to postmaster@their-domain but they don't have a postmaster account. Makes me think I ought to just not accept their email at all. Thanks to both of you for your responses. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Thu Mar 3 02:19:06 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:48 2006 Subject: OT: blocking RFC/best practices violators Message-ID: At 08:38 PM 3/2/2005, Dan Hollis wrote: >On Wed, 2 Mar 2005, Matt Kettler wrote: > > Unfortunately most of the lists rather high in the FP rate.. there's a lot > > of major ISP's out there that are quite RFC ignorant. > >there are even more which arent ignorant, they deliberately choose not to >have a working postmaster@ etc. and unlike abuse@, postmaster@ is not >optional, no way no how, no matter how you stretch or twist or bend the >RFCs. I'd still categorize willful disregard for the rules as being "ignorant".. Ignorance can come from a lack of awareness off fact, i.e.: ignorance of the fact the RFC exists. However, ignorance can also be a general lack of education, as in the definition "an unlearned group incapable of understanding complex issues". I'd suggest your deliberate choosers fall into the second definition of ignorant. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Mar 3 08:52:36 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:48 2006 Subject: Beta release 4.39.4 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rick Cooper wrote: >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >>Behalf Of Julian Field >>Sent: Wednesday, March 02, 2005 9:18 AM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: Beta release 4.39.4 >> >> >>I always try to at least reply, but good ideas do get lost sometimes. >>The unrar code would require another timeout wrapper round it, which I >>would have to copy from elsewhere, so it isn't trivial. >>I can't remember if I came up with a solution to the duplicated >>filenames problem or not, it was quite a long time ago. >> > > > > How about this for a timeout wrapper. It should work as a general purpose > wrapper for commands that use system or backticks. I put it together from > code you use eleswhere. So a line like: > > $unrar =`which unrar`; > return 0 unless $unrar !~ /no unrar in)/i && $unrar ne ""; > > would be $unrar = SafePipe("which unrar",30,"ST"); > return 0 unless $unrar !~ /(no unrar in|^COMMAND_TIMED_OUT$)/i && > $unrar ne ""; > and > system("$unrar e -p- -idp $safename 2>&1"); > unless ("$?" == 0 && !$IsEncrypted) { > > would be > > unless (RcSafePipe("$unrar e -p- -idp $safename 2>&1",30,"EC") == 0 && > !$IsEncrypted) { > > It appears to work fine, and handles the time out fine as well. > > Rick > > sub SafePipe{ > # Modified Julian's code from SweepOther.pm > # Changed to allow execution of a given command line with a time > # control > # > # $Cmd = command line to execute > # $timeout = max time in seconds to allow execution > # $ReturnType = ST For String or Anything else for error code > # > # Replaces backtick or system calls that are looking for both > # string output or an error code > > my ($Cmd, $TimeOut,$ReturnType) = @_; > my($Kid, $pid, $TimedOut, $PipeReturn, $Str); > $Kid = new FileHandle; > $TimedOut = 0; > > eval { > die "Can't fork: $!" unless defined($pid = open($Kid, '-|')); > if ($pid) { > # In the parent > local $SIG{ALRM} = sub { $TimedOut = 1; die "Command Timed Out" }; > alarm $TimeOut; > # Only process the output if we are scanning, not disinfecting > while(<$Kid>) { > $Str .= $_; > #print STDERR "Processing line \"$_\"\n"; > } > close $Kid; > $PipeReturn = $?; > $pid = 0; # 2.54 > alarm 0; > # Workaround for bug in perl shipped with Solaris 9, > # it doesn't unblock the SIGALRM after handling it. > eval { > my $unblockset = POSIX::SigSet->new(SIGALRM); > sigprocmask(SIG_UNBLOCK, $unblockset) > or die "Could not unblock alarm: $!\n"; > }; > } else { > # In the child > POSIX::setsid(); > # for testing time out > # sleep 40; exec $Cmd; > MailScanner::Log::WarnLog("Can't run $Cmd command! "); > exit 1; > } > }; > alarm 0; # 2.53 > > # Note to self: I only close the KID in the parent, not in the child. > MailScanner::Log::DebugLog("Completed $Cmd"); > > # Catch failures other than the alarm > MailScanner::Log::DieLog("$Cmd failed with real error: $@") > if $@ and $@ !~ /Command Timed Out/; > > #print STDERR "pid = $pid and \@ = $@\n"; > > # In which case any failures must be the alarm > if ($@ or $pid>0) { > # Kill the running child process > my($i); > kill -15, $pid; > # Wait for up to 5 seconds for it to die > for ($i=0; $i<5; $i++) { > sleep 1; > waitpid($pid, &POSIX::WNOHANG); > ($pid=0),last unless kill(0, $pid); > kill -15, $pid; > } > # And if it didn't respond to 11 nice kills, we kill -9 it > if ($pid) { > kill -9, $pid; > waitpid $pid, 0; # 2.53 > } > } > > # Return failure if the command timed out, otherwise return success > > if ($TimedOut){ > MailScanner::Log::WarnLog("$Cmd timed out!"); > return "COMMAND_TIMED_OUT"; > } > if($ReturnType eq "ST"){ > return $Str; > }else{ > return $PipeReturn; > } > } > That looks great thanks. Now how do I tell which files were the result of the unrar expansion? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Mar 3 08:52:59 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:48 2006 Subject: MailScanner ANNOUNCE: New commercial product SMGateway Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Scott Silva wrote: > Julian Field wrote: > >>We are pleased to announce SMGateway, the first Secure Mail Gateway >>product from Fortress Systems Ltd. >> >>SMGateway is based on MailScanner, the world's most widely used e-mail ... > > > Is this what was hinted to in the middle of last month? Yes. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Thu Mar 3 09:13:15 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:28:48 2006 Subject: A question re "Ignore Spam Whitelist If ..." Message-ID: I _never_ want mail originating on campus to be tagged as spam. Thus we have always whitelisted mail originating at this site by listing our campus network IP ranges in ~/rules/spam.whitelist.rules. We see many messages originating on campus that have more than 20 (usually local) recipients. When you added the "Ignore Spam Whitelist If Recipients Exceed = 20" option some time ago, I bumped the number up to 1000 to avoid this overiding "spam.whitelist.rules". We thus lose the protection the "Ignore Spam Whitelist If ..." option provided. What I really want is the ability to absolutely whitelist a subset of address or IP ranges while allowing other options to conditionally ignore the whitelisting of addresses outside that subset. How can I do this? Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Thu Mar 3 09:21:10 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:28:48 2006 Subject: A question re "Ignore Spam Whitelist If ..." Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Quentin Campbell wrote: >I _never_ want mail originating on campus to be tagged as spam. > >Thus we have always whitelisted mail originating at this site by listing >our campus network IP ranges in ~/rules/spam.whitelist.rules. > >We see many messages originating on campus that have more than 20 >(usually local) recipients. > >When you added the "Ignore Spam Whitelist If Recipients Exceed = 20" >option some time ago, I bumped the number up to 1000 to avoid this >overiding "spam.whitelist.rules". We thus lose the protection the >"Ignore Spam Whitelist If ..." option provided. > >What I really want is the ability to absolutely whitelist a subset of >address or IP ranges while allowing other options to conditionally >ignore the whitelisting of addresses outside that subset. > >How can I do this? > > Can you not just make a rule set based on 'spam check =' so you don't spam scan any of your internal IP range but scan all external mail? This would have the same effect as white listing. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Mar 3 09:22:55 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:48 2006 Subject: A question re "Ignore Spam Whitelist If ..." Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Quentin Campbell wrote: > I _never_ want mail originating on campus to be tagged as spam. > > Thus we have always whitelisted mail originating at this site by listing > our campus network IP ranges in ~/rules/spam.whitelist.rules. > > We see many messages originating on campus that have more than 20 > (usually local) recipients. > > When you added the "Ignore Spam Whitelist If Recipients Exceed = 20" > option some time ago, I bumped the number up to 1000 to avoid this > overiding "spam.whitelist.rules". We thus lose the protection the > "Ignore Spam Whitelist If ..." option provided. > > What I really want is the ability to absolutely whitelist a subset of > address or IP ranges while allowing other options to conditionally > ignore the whitelisting of addresses outside that subset. Surely you can do this with a ruleset on the "Ignore Spam Whitelist If ..." option, or else move your spam whitelist ruleset to the "Spam Checks" option. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu Mar 3 09:26:22 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:48 2006 Subject: A question re "Ignore Spam Whitelist If ..." Message-ID: Quentin another option would be separate inbound and outbound servers. That way the outbound servers would only virus and do other checks, but not call SA at all. I guess it depends how many servers you have right now and what checks you do on outbound email. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Quentin Campbell wrote: > I _never_ want mail originating on campus to be tagged as spam. > > Thus we have always whitelisted mail originating at this site by listing > our campus network IP ranges in ~/rules/spam.whitelist.rules. > > We see many messages originating on campus that have more than 20 > (usually local) recipients. > > When you added the "Ignore Spam Whitelist If Recipients Exceed = 20" > option some time ago, I bumped the number up to 1000 to avoid this > overiding "spam.whitelist.rules". We thus lose the protection the > "Ignore Spam Whitelist If ..." option provided. > > What I really want is the ability to absolutely whitelist a subset of > address or IP ranges while allowing other options to conditionally > ignore the whitelisting of addresses outside that subset. > > How can I do this? > > Quentin > --- > PHONE: +44 191 222 8209 Information Systems and Services (ISS), > University of Newcastle, > Newcastle upon Tyne, > FAX: +44 191 222 8765 United Kingdom, NE1 7RU. > ------------------------------------------------------------------------ > "Any opinion expressed above is mine. The University can get its own." > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website!
**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From sargastic at YAHOO.FR Thu Mar 3 09:16:20 2005 From: sargastic at YAHOO.FR (Violaine G.) Date: Thu Jan 12 21:28:48 2006 Subject: External virus scanners Message-ID: Hello you all, We are currently playing with MailScanner (Postfix, clamAV and SpamAssassin were already up and running, we were only looking for some nice and clever glue to link everithing without getting stuck inside the bottle), and I must say it is impressive. I have one question, though. How is it possible to use virus scanners that are running on some OTHER system than the Postfix+MailScanner box ? In one environment, we would like to use MailScanner but the target site has already bought a virus scanner (poor fellow !), running on a dedicated computer, so we would like to "link" MailScanner to this external, on another box, virus scanner. Any documentation about how to do that ? Tia, VG. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From john at TRADOC.FR Thu Mar 3 09:28:35 2005 From: john at TRADOC.FR (John Wilcock) Date: Thu Jan 12 21:28:48 2006 Subject: A question re "Ignore Spam Whitelist If ..." Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Quentin Campbell wrote: > I _never_ want mail originating on campus to be tagged as spam. > > Thus we have always whitelisted mail originating at this site by listing > our campus network IP ranges in ~/rules/spam.whitelist.rules. > > We see many messages originating on campus that have more than 20 > (usually local) recipients. > > When you added the "Ignore Spam Whitelist If Recipients Exceed = 20" > option some time ago, I bumped the number up to 1000 to avoid this > overiding "spam.whitelist.rules". We thus lose the protection the > "Ignore Spam Whitelist If ..." option provided. > > What I really want is the ability to absolutely whitelist a subset of > address or IP ranges while allowing other options to conditionally > ignore the whitelisting of addresses outside that subset. > > How can I do this? How about a ruleset on Ignore Spam Whitelist If Recipients Exceed ? John. -- -- Over 2500 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raylund.lai at KANKANWOO.COM Thu Mar 3 09:29:42 2005 From: raylund.lai at KANKANWOO.COM (Raylund Lai) Date: Thu Jan 12 21:28:48 2006 Subject: A question re "Ignore Spam Whitelist If ..." Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] If you do want "no" spam check for internal outbound emails, may be using a rules file for "Spam Checks =". e.g. Spam Checks = %rules-dir%/spam.checks.rules spam.checks.rules: From: 10.0. no FromOrTo: default yes Cheers Raylund ----- Original Message ----- From: "Quentin Campbell" To: Sent: Thursday, March 03, 2005 4:13 AM Subject: A question re "Ignore Spam Whitelist If ..." I _never_ want mail originating on campus to be tagged as spam. Thus we have always whitelisted mail originating at this site by listing our campus network IP ranges in ~/rules/spam.whitelist.rules. We see many messages originating on campus that have more than 20 (usually local) recipients. When you added the "Ignore Spam Whitelist If Recipients Exceed = 20" option some time ago, I bumped the number up to 1000 to avoid this overiding "spam.whitelist.rules". We thus lose the protection the "Ignore Spam Whitelist If ..." option provided. What I really want is the ability to absolutely whitelist a subset of address or IP ranges while allowing other options to conditionally ignore the whitelisting of addresses outside that subset. How can I do this? Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu Mar 3 09:32:58 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:48 2006 Subject: External virus scanners Message-ID: Hi first of all I guess there's the need for the two comouters to talk somehow. Does the customers virus scanner have some sort of network client/server architecture so you can install the client on the MS computer and use it that way, or do you have to build this first? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Violaine G. wrote: > Hello you all, > > We are currently playing with MailScanner (Postfix, clamAV and SpamAssassin > were already up and running, we were only looking for some nice and clever > glue to link everithing without getting stuck inside the bottle), and I must > say it is impressive. > > I have one question, though. How is it possible to use virus scanners that > are running on some OTHER system than the Postfix+MailScanner box ? In one > environment, we would like to use MailScanner but the target site has > already bought a virus scanner (poor fellow !), running on a dedicated > computer, so we would like to "link" MailScanner to this external, on > another box, virus scanner. > > Any documentation about how to do that ? > > Tia, > > VG. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website!
**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From sargastic at YAHOO.FR Thu Mar 3 09:39:47 2005 From: sargastic at YAHOO.FR (Violaine Grimly) Date: Thu Jan 12 21:28:48 2006 Subject: External virus scanners Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] --- Martin Hepworth a écrit : > first of all I guess there's the need for the two > comouters to talk somehow. Does the customers virus > scanner have some sort of network client/server > architecture so you can install the client on the MS > computer and use it that way, or do you have to > build this first? Hmmm... Good question. They are using Aladdin e-Safe, which currently receives the mails to scan through SMTP, just like it were a 'real' mail server. I do not know anything more (yet) but I'm going to look around. If there is a e-Safe client that can run on the MailScanner box, I bet this would be the way to go. But is is still possible to plug a 'smtp client' in MailScanner, if there is no specific client ? Tia, VG. Découvrez le nouveau Yahoo! Mail : 250 Mo d'espace de stockage pour vos mails ! Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Mar 3 09:42:16 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:48 2006 Subject: External virus scanners Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] There is a "generic" virus scanner, with which you could implement some sort of client/server architecture to talk to this other scanner. Violaine G. wrote: > Hello you all, > > We are currently playing with MailScanner (Postfix, clamAV and SpamAssassin > were already up and running, we were only looking for some nice and clever > glue to link everithing without getting stuck inside the bottle), and I must > say it is impressive. > > I have one question, though. How is it possible to use virus scanners that > are running on some OTHER system than the Postfix+MailScanner box ? In one > environment, we would like to use MailScanner but the target site has > already bought a virus scanner (poor fellow !), running on a dedicated > computer, so we would like to "link" MailScanner to this external, on > another box, virus scanner. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Thu Mar 3 10:08:07 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:28:48 2006 Subject: OT - Clamav question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I would like to try and get it to handle Bitdefender. only need to modify ONE (or maybe 2) line of code from what i can see. The output and string values for Bitdefender. ANy idea whgat they might be? # Scanner Strings my %Scanners = ( bitdefender => { Output => '/(.+) Found virus (.*)', String => '/(.+) Found virus (.*)\'}, sophos => { Output => '>>> Virus', String => '>>> Virus \'(.*)\''}, sophossavi => { Output => 'INFECTED::', String => 'INFECTED:: (.*)::'}, inoculan => { Output => 'was infected by virus', String => 'was infected by virus \[(.*)\]'}, clamav => { Output => 'FOUND', String => ':.* (.*) FOUND'}, command => { Output => 'Infection:', String => 'Infection: (.*)'}, "f-prot" => { Output => 'Infection:', String => 'Infection: (.*)'}, mcafee => { Output => 'Found the', James Gray wrote: > On Wed, 2 Mar 2005 03:02 pm, Peter Russell wrote: > >>IN the past i remember some one haviong a cool script/command that would >>show you stats on infections? >> >>I ahve a mailscanner machine on a PC that is suffering badly with heaps >>of viruses and i would love to know how to find out how many or what >>type of infections etc? > > > Are you thinking of the "vnames.pl" script which produces a bullet-list of > viruses caught and a tally for each infection? > > http://web.csma.biz/apps/vnames.shtml > > HTH, > > James > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Thu Mar 3 10:13:06 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:28:48 2006 Subject: External virus scanners Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Maybe the license permit you to install on any machine? a site type license? Julian Field wrote: > There is a "generic" virus scanner, with which you could implement some > sort of client/server architecture to talk to this other scanner. > > Violaine G. wrote: > >> Hello you all, >> >> We are currently playing with MailScanner (Postfix, clamAV and >> SpamAssassin >> were already up and running, we were only looking for some nice and >> clever >> glue to link everithing without getting stuck inside the bottle), and >> I must >> say it is impressive. >> >> I have one question, though. How is it possible to use virus scanners >> that >> are running on some OTHER system than the Postfix+MailScanner box ? In >> one >> environment, we would like to use MailScanner but the target site has >> already bought a virus scanner (poor fellow !), running on a dedicated >> computer, so we would like to "link" MailScanner to this external, on >> another box, virus scanner. > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From darren at TORSION.CO.UK Thu Mar 3 10:13:04 2005 From: darren at TORSION.CO.UK (Darren Walker) Date: Thu Jan 12 21:28:48 2006 Subject: F-prot problem Message-ID: Hi, I have a Raq 3 which developed a problem so I reinstalled it. I don't know what version of F-prot it was running previously. It is running Mailscanner V3 because I had problems with upgrading perl on the raq. I installed V4 Mailscanner and it failed on a number of perl files, I used CPAN to upgrade Perl and then the Raq GUI wouldn't operate. So I had to reinstall the Raq again. F-PROT ANTIVIRUS Program version: 4.4.6 Engine version: 3.14.13 Mar 4 20:23:46 www5 sendmail[17990]: starting daemon (8.9.3): SMTP Mar 4 20:23:46 www5 sendmail[17993]: starting daemon (8.9.3): queueing@00:15:00 Mar 4 20:25:34 www5 sendmail[18138]: UAA18138: from=, size=1575, class=0, pri=31575, nrcpts=1, msgid=<000001c51fd7$5e0a2500$8801a8c0@Lappy>, proto=ESMTP, relay=raq4.torsion.co.uk [99.999.99.99] Mar 4 20:25:35 www5 mailscanner[15024]: Scanning 1 messages, 1978 bytes Mar 4 20:25:36 www5 mailscanner[15024]: Either you've found a bug in MailScanner's F-Prot output parser, or F-Prot's output format has changed! F-Prot said this "Search: .". Please mail the author of MailScanner Mar 4 20:25:36 www5 mailscanner[15024]: Either you've found a bug in MailScanner's F-Prot output parser, or F-Prot's output format has changed! F-Prot said this "Action: Report only". Please mail the author of MailScanner Mar 4 20:25:36 www5 mailscanner[15024]: Either you've found a bug in MailScanner's F-Prot output parser, or F-Prot's output format has changed! F-Prot said this "Files: "Dumb" scan of all files". Please mail the author of MailScanner Mar 4 20:25:36 www5 mailscanner[15024]: Either you've found a bug in MailScanner's F-Prot output parser, or F-Prot's output format has changed! F-Prot said this "Switches: -ARCHIVE -PACKED -SERVER -OLD". Please mail the author of MailScanner Mar 4 20:25:36 www5 mailscanner[15024]: Scanned 1 messages, 1978 bytes in 1 seconds Mar 4 20:25:36 www5 sendmail[18144]: UAA18138: to=, delay=00:00:02, xdelay=00:00:00, mailer=local, stat=Sent ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Mar 3 10:21:01 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:48 2006 Subject: F-prot problem Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Your debug info shows you are still running MailScanner 3 which is no longer supported. Darren Walker wrote: >Hi, > >I have a Raq 3 which developed a problem so I reinstalled it. I don't know >what version of F-prot it was running previously. It is running Mailscanner >V3 because I had problems with upgrading perl on the raq. I installed V4 >Mailscanner and it failed on a number of perl files, I used CPAN to upgrade >Perl and then the Raq GUI wouldn't operate. So I had to reinstall the Raq >again. > > >F-PROT ANTIVIRUS >Program version: 4.4.6 >Engine version: 3.14.13 > >Mar 4 20:23:46 www5 sendmail[17990]: starting daemon (8.9.3): SMTP >Mar 4 20:23:46 www5 sendmail[17993]: starting daemon (8.9.3): >queueing@00:15:00 >Mar 4 20:25:34 www5 sendmail[18138]: UAA18138: from=, >size=1575, class=0, pri=31575, nrcpts=1, >msgid=<000001c51fd7$5e0a2500$8801a8c0@Lappy>, proto=ESMTP, >relay=raq4.torsion.co.uk [99.999.99.99] >Mar 4 20:25:35 www5 mailscanner[15024]: Scanning 1 messages, 1978 bytes >Mar 4 20:25:36 www5 mailscanner[15024]: Either you've found a bug in >MailScanner's F-Prot output parser, or F-Prot's output format has changed! >F-Prot said this "Search: .". Please mail the author of MailScanner >Mar 4 20:25:36 www5 mailscanner[15024]: Either you've found a bug in >MailScanner's F-Prot output parser, or F-Prot's output format has changed! >F-Prot said this "Action: Report only". Please mail the author of >MailScanner >Mar 4 20:25:36 www5 mailscanner[15024]: Either you've found a bug in >MailScanner's F-Prot output parser, or F-Prot's output format has changed! >F-Prot said this "Files: "Dumb" scan of all files". Please mail the author >of MailScanner >Mar 4 20:25:36 www5 mailscanner[15024]: Either you've found a bug in >MailScanner's F-Prot output parser, or F-Prot's output format has changed! >F-Prot said this "Switches: -ARCHIVE -PACKED -SERVER -OLD". Please mail the >author of MailScanner >Mar 4 20:25:36 www5 mailscanner[15024]: Scanned 1 messages, 1978 bytes in 1 >seconds >Mar 4 20:25:36 www5 sendmail[18144]: UAA18138: >to=, delay=00:00:02, xdelay=00:00:00, >mailer=local, stat=Sent > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From davidj at synaq.com Thu Mar 3 10:13:53 2005 From: davidj at synaq.com (David Jacobson) Date: Thu Jan 12 21:28:48 2006 Subject: OT - Etrust Reg Exp for MailWatch Message-ID: Hi There, I wonder if anyone has setup the regular expression for the lame CA Etrust (inocmd32) or whatever the hell it's called :) I've tried a few regular expressions in functions.php, it seems I'm just missing it by a bit... Thanks in advance. -- Regards, David Jacobson Technical Director SYNAQ (Pty) Ltd Tel: 0860 0 SYNAQ (79627) Direct: 011 290 6388 Fax: 011 290 6389 Cell: 083 235 0760 Mail: davidj@synaq.com Web: http://www.synaq.com Key Fingerprint 8246 FCE1 3C22 7EFB E61B 18DF 6E8B 65E8 BD50 78A1 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "This is a digitally signed message part" ] [ Application/PGP-SIGNATURE 196bytes. ] [ Unable to print this part. ] From sargastic at YAHOO.FR Thu Mar 3 10:23:48 2005 From: sargastic at YAHOO.FR (Violaine Grimly) Date: Thu Jan 12 21:28:48 2006 Subject: External virus scanners Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] --- Pete Russell a écrit : > Maybe the license permit you to install on any > machine? a site type license? That is unfortunately not an option. The virus scanner computer is "out of limits" from our point of view, must not be changed or bypassed (and it runs on a Windows box). VG. Découvrez le nouveau Yahoo! Mail : 250 Mo d'espace de stockage pour vos mails ! Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Thu Mar 3 10:26:42 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:28:48 2006 Subject: External virus scanners Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Send all the mail to it, scan it and return it to mailscanner? Violaine Grimly wrote: > --- Pete Russell a écrit : > >>Maybe the license permit you to install on any >>machine? a site type license? > > > That is unfortunately not an option. The virus scanner > computer is "out of limits" from our point of view, > must not be changed or bypassed (and it runs on a > Windows box). > > VG. > > > > > > > Découvrez le nouveau Yahoo! Mail : 250 Mo d'espace de stockage pour vos mails ! > Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com/ > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From john at TRADOC.FR Thu Mar 3 10:35:11 2005 From: john at TRADOC.FR (John Wilcock) Date: Thu Jan 12 21:28:48 2006 Subject: External virus scanners Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Pete Russell wrote: > Violaine Grimly wrote: >> That is unfortunately not an option. The virus scanner >> computer is "out of limits" from our point of view, >> must not be changed or bypassed (and it runs on a >> Windows box). > Send all the mail to it, scan it and return it to mailscanner? Or just scan it in MailScanner, then send it to their box clean to prove how good MS is! John. -- -- Over 2500 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu Mar 3 10:54:23 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:48 2006 Subject: External virus scanners Message-ID: Oh good a site with a policy they adhere to. (no I'm not being funny I like this). That's probably not a bad idea...let MS prove itself and then they can make business descision rather than a technical one. Should they want to move the scanner off the windows box to the MS box they can do this at a later date. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 John Wilcock wrote: > Pete Russell wrote: > >> Violaine Grimly wrote: >> >>> That is unfortunately not an option. The virus scanner >>> computer is "out of limits" from our point of view, >>> must not be changed or bypassed (and it runs on a >>> Windows box). > > >> Send all the mail to it, scan it and return it to mailscanner? > > > Or just scan it in MailScanner, then send it to their box clean to prove > how good MS is! > > John.
**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From adrik at SALESMANAGER.NL Thu Mar 3 11:07:42 2005 From: adrik at SALESMANAGER.NL (Adri Koppes) Date: Thu Jan 12 21:28:48 2006 Subject: External virus scanners Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Can't you use Mailscanner as the primary MX for your domain to accept all incoming mail? Install ClamAV, BitDefender or some other free virus scanner on the MailScanner machine to try to catch as many virusses at the MailScanner gateway. The use the mailertable or smarthost feature of sendmail to forward all cleaned mail from MailScanner to your existing Windows server with the SMTP virus scanner, which scans the mail again and delivers to the users. After a while, evaluate whether you really need the external scanner by checking how many virusses it has caught? Adri. > -----Original Message----- > From: John Wilcock [mailto:john@TRADOC.FR] > Sent: 03 March, 2005 11:35 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: External virus scanners > > > Pete Russell wrote: > > Violaine Grimly wrote: > >> That is unfortunately not an option. The virus scanner > >> computer is "out of limits" from our point of view, > >> must not be changed or bypassed (and it runs on a > >> Windows box). > > > Send all the mail to it, scan it and return it to mailscanner? > > Or just scan it in MailScanner, then send it to their box > clean to prove > how good MS is! > > John. > > -- > -- Over 2500 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Thu Mar 3 11:39:35 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:28:48 2006 Subject: A question re "Ignore Spam Whitelist If ..." - SORTED & THANKS! Message-ID: Blimey! What an impressively helpful and immedite response. Thanks for all the suggestions. Raylund Lai, Drew Marshall and Julian, among others, suggested moving my block of local IP addresses for which no spam scanning was to take place from the spam.whitelist.rules file to a new rules file to be used with the "Spam Checks =" option. I have done this. Raylund provided the most detailed answer for which my thanks. Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." >-----Original Message----- >From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Raylund Lai >Sent: 03 March 2005 09:30 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: A question re "Ignore Spam Whitelist If ..." > >If you do want "no" spam check for internal outbound emails, >may be using a >rules file for "Spam Checks =". >e.g. Spam Checks = %rules-dir%/spam.checks.rules > >spam.checks.rules: >From: 10.0. no >FromOrTo: default yes > >Cheers >Raylund > >----- Original Message ----- >From: "Quentin Campbell" >To: >Sent: Thursday, March 03, 2005 4:13 AM >Subject: A question re "Ignore Spam Whitelist If ..." > > >I _never_ want mail originating on campus to be tagged as spam. > >Thus we have always whitelisted mail originating at this site >by listing >our campus network IP ranges in ~/rules/spam.whitelist.rules. > >We see many messages originating on campus that have more than 20 >(usually local) recipients. > >When you added the "Ignore Spam Whitelist If Recipients Exceed = 20" >option some time ago, I bumped the number up to 1000 to avoid this >overiding "spam.whitelist.rules". We thus lose the protection the >"Ignore Spam Whitelist If ..." option provided. > >What I really want is the ability to absolutely whitelist a subset of >address or IP ranges while allowing other options to conditionally >ignore the whitelisting of addresses outside that subset. > >How can I do this? > >Quentin >--- >PHONE: +44 191 222 8209 Information Systems and Services (ISS), > University of Newcastle, > Newcastle upon Tyne, >FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >--------------------------------------------------------------- >--------- >"Any opinion expressed above is mine. The University can get its own." > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Thu Mar 3 12:19:47 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:28:48 2006 Subject: Beta release 4.39.4 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Julian Field > Sent: Thursday, March 03, 2005 3:53 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Beta release 4.39.4 > > [...] > > That looks great thanks. Now how do I tell which files were the result > of the unrar expansion? > I will try and get the time to put the patch together with the latest release today or tomorrow. I could post the sub here but there are a couple of new vars ahead of the call, plus there is a check in the clamavmodule call that modifies the check for encrypted since it would have been handled in the unpackrar sub. I have to separate the unrar stuff from my other patches and, of course test it before posting it. Thanks Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From P.G.M.Peters at UTWENTE.NL Thu Mar 3 12:15:19 2005 From: P.G.M.Peters at UTWENTE.NL (Peter Peters) Date: Thu Jan 12 21:28:48 2006 Subject: MailScanner ANNOUNCE: New commercial product SMGateway Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Peter Russell wrote on 2-3-2005 22:46: > Fantastic sutff, thanks so much for the detailed reply - its pretty > darned exciting. > > And the servioce you guys provide - I am sure you will be a letter from > the queen any day for the Order of Anit Virus and Anti Spam Empire ? Those things usually don't happen to the good people, do they? People like BG get knighted I read. -- Peter Peters, senior beheerder (Security) Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Thu Mar 3 14:34:00 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:48 2006 Subject: bayes 00 Message-ID: I think my bayes is messed up. I have several dozen e-mails that I think are spam. The rule for bayes_00 is letting it through. Here is the score: X-SBSD-MailScanner-SpamCheck: not spam, SpamAssassin (score=3.294, required 3.75, BAYES_00 -2.60, DCC_CHECK 2.17, DIGEST_MULTIPLE 0.10, HTML_90_100 0.02, HTML_IMAGE_RATIO_02 0.02, HTML_MESSAGE 0.00, MIME_HTML_ONLY 0.18, RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK 1.51, RCVD_IN_NJABL_SPAM 1.84) X-SBSD-MailScanner-SpamScore: 3 Any idea? This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu Mar 3 14:41:49 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:48 2006 Subject: bayes 00 Message-ID: David restore from an earlier version...?? You backup the thing, yes??? Anyway reminds us what extra rules you run like the SARE ones etc.. They may help. What version of SA and do you run the URI-RBL stuff? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 David Curtis wrote: > I think my bayes is messed up. I have several dozen e-mails that I think > are spam. The rule for bayes_00 is letting it through. > Here is the score: > X-SBSD-MailScanner-SpamCheck: not spam, SpamAssassin (score=3.294, > required 3.75, BAYES_00 -2.60, DCC_CHECK 2.17, DIGEST_MULTIPLE 0.10, > HTML_90_100 0.02, HTML_IMAGE_RATIO_02 0.02, HTML_MESSAGE 0.00, > MIME_HTML_ONLY 0.18, RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK 1.51, > RCVD_IN_NJABL_SPAM 1.84) > X-SBSD-MailScanner-SpamScore: 3 > > Any idea? > > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website!
**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Andreas.Doerfler at KEMPTEN.DE Thu Mar 3 14:45:52 2005 From: Andreas.Doerfler at KEMPTEN.DE ([iso-8859-1] Dörfler Andreas) Date: Thu Jan 12 21:28:48 2006 Subject: bayes 00 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] dont realy know what u want to know now. reduce the scores via spam.assassin.prefs.conf if thats the question: score BAYES_00 -1.800 greetings andy --free your mind, use open source http://www.mono-project.com ASCII ribbon campaign ( ) - against HTML email X & vCards / \ >-----Original Message----- >From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of David Curtis >Sent: Thursday, March 03, 2005 3:34 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: bayes 00 > > >I think my bayes is messed up. I have several dozen e-mails >that I think are spam. The rule for bayes_00 is letting it >through. Here is the score: >X-SBSD-MailScanner-SpamCheck: not spam, SpamAssassin >(score=3.294, required 3.75, BAYES_00 -2.60, DCC_CHECK 2.17, >DIGEST_MULTIPLE 0.10, HTML_90_100 0.02, HTML_IMAGE_RATIO_02 >0.02, HTML_MESSAGE 0.00, MIME_HTML_ONLY 0.18, >RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK 1.51, >RCVD_IN_NJABL_SPAM 1.84) >X-SBSD-MailScanner-SpamScore: 3 > >Any idea? > > > > > > > >This email may contain information protected under the Family >Educational Rights and Privacy Act (FERPA) or the Health >Insurance Portability and Accountability Act (HIPAA). If this >email contains confidential and/or privileged health or >student information and you are not entitled to access such >information under FERPA or HIPAA, federal regulations require >that you destroy this email without reviewing it and you may >not forward it to anyone. > >------------------------ MailScanner list >------------------------ To unsubscribe, email >jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in >the body of the email. Before posting, read the MAQ >(http://www.mailscanner.biz/maq/) and the archives >(http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From smhickel at CHARTERMI.NET Thu Mar 3 14:57:52 2005 From: smhickel at CHARTERMI.NET (Steve Hickel) Date: Thu Jan 12 21:28:48 2006 Subject: Sophos and Mailscanner Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] All, Does anyone know which sophos product works with Mailscanner and fedora?? r, Steve -- Steve Hickel -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu Mar 3 15:01:38 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:48 2006 Subject: Sophos and Mailscanner Message-ID: Standard SAVI licence will work fine.... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Steve Hickel wrote: > All, > > Does anyone know which sophos product works with Mailscanner and fedora?? > > r, > > Steve > -- > Steve Hickel > > > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. > MailScanner thanks transtec Computers for > their support. ------------------------ MailScanner list > ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!*
**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Thu Mar 3 15:04:30 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:48 2006 Subject: bayes 00 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Fresh install of Fedora Core 3. Postfix 2.2 Fresh install of SA 3.0.2. Fresh install of Razor and DCC and MailScanner 4.39.6-1. I followed the MailScanner install doc. >>> martinh@SOLID-STATE-LOGIC.COM 03/03 9:41 AM >>> David restore from an earlier version...?? You backup the thing, yes??? Anyway reminds us what extra rules you run like the SARE ones etc.. They may help. What version of SA and do you run the URI-RBL stuff? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 David Curtis wrote: > I think my bayes is messed up. I have several dozen e-mails that I think > are spam. The rule for bayes_00 is letting it through. > Here is the score: > X-SBSD-MailScanner-SpamCheck: not spam, SpamAssassin (score=3.294, > required 3.75, BAYES_00 -2.60, DCC_CHECK 2.17, DIGEST_MULTIPLE 0.10, > HTML_90_100 0.02, HTML_IMAGE_RATIO_02 0.02, HTML_MESSAGE 0.00, > MIME_HTML_ONLY 0.18, RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK 1.51, > RCVD_IN_NJABL_SPAM 1.84) > X-SBSD-MailScanner-SpamScore: 3 > > Any idea? > > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website!
**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Thu Mar 3 15:06:47 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:48 2006 Subject: bayes 00 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I know I can tweak the score...I just don't understand why bayes would score something like this so low. Is there something wrong with my bayes data base? Should it be scored so low when everything else scores it so differently? >>> Andreas.Doerfler@KEMPTEN.DE 03/03 9:45 AM >>> dont realy know what u want to know now. reduce the scores via spam.assassin.prefs.conf if thats the question: score BAYES_00 -1.800 greetings andy --free your mind, use open source http://www.mono-project.com ASCII ribbon campaign ( ) - against HTML email X & vCards / \ >-----Original Message----- >From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of David Curtis >Sent: Thursday, March 03, 2005 3:34 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: bayes 00 > > >I think my bayes is messed up. I have several dozen e-mails >that I think are spam. The rule for bayes_00 is letting it >through. Here is the score: >X-SBSD-MailScanner-SpamCheck: not spam, SpamAssassin >(score=3.294, required 3.75, BAYES_00 -2.60, DCC_CHECK 2.17, >DIGEST_MULTIPLE 0.10, HTML_90_100 0.02, HTML_IMAGE_RATIO_02 >0.02, HTML_MESSAGE 0.00, MIME_HTML_ONLY 0.18, >RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK 1.51, >RCVD_IN_NJABL_SPAM 1.84) >X-SBSD-MailScanner-SpamScore: 3 > >Any idea? > > > > > > > >This email may contain information protected under the Family >Educational Rights and Privacy Act (FERPA) or the Health >Insurance Portability and Accountability Act (HIPAA). If this >email contains confidential and/or privileged health or >student information and you are not entitled to access such >information under FERPA or HIPAA, federal regulations require >that you destroy this email without reviewing it and you may >not forward it to anyone. > >------------------------ MailScanner list >------------------------ To unsubscribe, email >jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in >the body of the email. Before posting, read the MAQ >(http://www.mailscanner.biz/maq/) and the archives >(http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu Mar 3 15:14:40 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:48 2006 Subject: bayes 00 Message-ID: David you have to teach bayes when it's wrong. (see info in sa-learn) also having alot of the rules from www.rulesemporium.com/rules.htm can help alot too. Drip feed them in and see which ones help the most. DO NOT use bigevil.cf, instead make sure the URI-RBL's are turned on, again these help alot. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 David Curtis wrote: > Fresh install of Fedora Core 3. Postfix 2.2 Fresh install of SA 3.0.2. > Fresh install of Razor and DCC and MailScanner 4.39.6-1. I followed the > MailScanner install doc. > > >>> martinh@SOLID-STATE-LOGIC.COM 03/03 9:41 AM >>> > David > > restore from an earlier version...?? You backup the thing, yes??? > > Anyway reminds us what extra rules you run like the SARE ones etc.. They > may help. What version of SA and do you run the URI-RBL stuff? > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > David Curtis wrote: > > I think my bayes is messed up. I have several dozen e-mails that I think > > are spam. The rule for bayes_00 is letting it through. > > Here is the score: > > X-SBSD-MailScanner-SpamCheck: not spam, SpamAssassin (score=3.294, > > required 3.75, BAYES_00 -2.60, DCC_CHECK 2.17, DIGEST_MULTIPLE 0.10, > > HTML_90_100 0.02, HTML_IMAGE_RATIO_02 0.02, HTML_MESSAGE 0.00, > > MIME_HTML_ONLY 0.18, RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK 1.51, > > RCVD_IN_NJABL_SPAM 1.84) > > X-SBSD-MailScanner-SpamScore: 3 > > > > Any idea? > > > > > > > > > > > > > > > > This email may contain information protected under the Family > > Educational Rights and Privacy Act (FERPA) or the Health Insurance > > Portability and Accountability Act (HIPAA). If this email contains > > confidential and/or privileged health or student information and you > > are not entitled to access such information under FERPA or HIPAA, > > federal regulations require that you destroy this email without > > reviewing it and you may not forward it to anyone. > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > >
********************************************************************** >
>
This email and any files transmitted with it are confidential and >
intended solely for the use of the individual or entity to whom they >
are addressed. If you have received this email in error please notify >
the system manager. >
>
This footnote confirms that this email message has been swept >
for the presence of computer viruses and is believed to be clean. >
>
********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!*
**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Thu Mar 3 15:23:45 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:48 2006 Subject: bayes 00 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks. I am not sure how to sa-learn in this case. We are setup as a gateway for an GroupWise server. >>> martinh@SOLID-STATE-LOGIC.COM 03/03 10:14 AM >>> David you have to teach bayes when it's wrong. (see info in sa-learn) also having alot of the rules from www.rulesemporium.com/rules.htm can help alot too. Drip feed them in and see which ones help the most. DO NOT use bigevil.cf, instead make sure the URI-RBL's are turned on, again these help alot. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 David Curtis wrote: > Fresh install of Fedora Core 3. Postfix 2.2 Fresh install of SA 3.0.2. > Fresh install of Razor and DCC and MailScanner 4.39.6-1. I followed the > MailScanner install doc. > > >>> martinh@SOLID-STATE-LOGIC.COM 03/03 9:41 AM >>> > David > > restore from an earlier version...?? You backup the thing, yes??? > > Anyway reminds us what extra rules you run like the SARE ones etc.. They > may help. What version of SA and do you run the URI-RBL stuff? > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > David Curtis wrote: > > I think my bayes is messed up. I have several dozen e-mails that I think > > are spam. The rule for bayes_00 is letting it through. > > Here is the score: > > X-SBSD-MailScanner-SpamCheck: not spam, SpamAssassin (score=3.294, > > required 3.75, BAYES_00 -2.60, DCC_CHECK 2.17, DIGEST_MULTIPLE 0.10, > > HTML_90_100 0.02, HTML_IMAGE_RATIO_02 0.02, HTML_MESSAGE 0.00, > > MIME_HTML_ONLY 0.18, RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK 1.51, > > RCVD_IN_NJABL_SPAM 1.84) > > X-SBSD-MailScanner-SpamScore: 3 > > > > Any idea? > > > > > > > > > > > > > > > > This email may contain information protected under the Family > > Educational Rights and Privacy Act (FERPA) or the Health Insurance > > Portability and Accountability Act (HIPAA). If this email contains > > confidential and/or privileged health or student information and you > > are not entitled to access such information under FERPA or HIPAA, > > federal regulations require that you destroy this email without > > reviewing it and you may not forward it to anyone. > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > >
********************************************************************** >
>
This email and any files transmitted with it are confidential and >
intended solely for the use of the individual or entity to whom they >
are addressed. If you have received this email in error please notify >
the system manager. >
>
This footnote confirms that this email message has been swept >
for the presence of computer viruses and is believed to be clean. >
>
********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!*
**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From wechsler at PHASE.ORG Thu Mar 3 16:04:35 2005 From: wechsler at PHASE.ORG (Wechsler) Date: Thu Jan 12 21:28:48 2006 Subject: Which Bayes files? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Quick query (which really boils down to my reading of the syntax of a specific comment in Mailscanner.conf): I'm running Mailscanner 4.38.10 and SpamAssassin 3.0.2 on a Debian-Sarge server, with Exim 4.44 (all from Debian's testing packages). Both exim and mailscanner run as the user 'Debian-exim'. I have: SpamAssassin User State Dir = /var/lib/MailScanner in Mailscanner.conf This file tells me that: # The per-user files (bayes, auto-whitelist, user_prefs) are looked # for here and in ~/.spamassassin/. Note the files are mutable. Leaving aside the fact that I dunno what "mutable" means in this context, what does '~' mean. OK, it's a home directory, but is it the home of the mail recipient or of the 'user' that MailScanner's running as? Asking that another way (humour me for completeness!), which bayes files is SA looking at in my case? And: Is there any way I can get MS to tell me where it's looking, or how much Bayes data (if any) it's finding to work on? I get the odd feeling I'm sending the training data to the wrong place at the moment... Ok, so not such a 'quick query' as I thought, but at least I worked out the earlier '70 errors in spamassassin --lint -D' issue before annoying the list with it ;) (Answer: SA was finding a set of rules from a 2.64 install and getting very upset). The return on these questions should hopefully be of use - I'm about halfway through writing a "Guide to installing Mailscanner on Debian-Sarge" which will *thoroughly* cover my recent experiences of installing this combination. It should be online later today. Richard George, MEng (Electronics D.Trip), University of Southampton :) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu Mar 3 16:21:57 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:48 2006 Subject: Which Bayes files? Message-ID: Richard in spam.assassin.prefs.conf you can force the bayes directory. I use that then I know where the heck things are. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Wechsler wrote: > Quick query (which really boils down to my reading of the syntax of a > specific comment in Mailscanner.conf): > > I'm running Mailscanner 4.38.10 and SpamAssassin 3.0.2 on a Debian-Sarge > server, with Exim 4.44 (all from Debian's testing packages). > > Both exim and mailscanner run as the user 'Debian-exim'. > > I have: > SpamAssassin User State Dir = /var/lib/MailScanner > > in Mailscanner.conf > This file tells me that: > > # The per-user files (bayes, auto-whitelist, user_prefs) are looked > # for here and in ~/.spamassassin/. Note the files are mutable. > > Leaving aside the fact that I dunno what "mutable" means in this > context, what does '~' mean. OK, it's a home directory, but is it the > home of the mail recipient or of the 'user' that MailScanner's running as? > > Asking that another way (humour me for completeness!), which bayes files > is SA looking at in my case? > > And: Is there any way I can get MS to tell me where it's looking, or how > much Bayes data (if any) it's finding to work on? I get the odd feeling > I'm sending the training data to the wrong place at the moment... > > > Ok, so not such a 'quick query' as I thought, but at least I worked out > the earlier '70 errors in spamassassin --lint -D' issue before annoying > the list with it ;) (Answer: SA was finding a set of rules from a 2.64 > install and getting very upset). > > > The return on these questions should hopefully be of use - I'm about > halfway through writing a "Guide to installing Mailscanner on > Debian-Sarge" which will *thoroughly* cover my recent experiences of > installing this combination. It should be online later today. > > Richard George, > MEng (Electronics D.Trip), University of Southampton :) > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website!
**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Thu Mar 3 16:36:44 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:28:48 2006 Subject: Burned by clamavmodule, Mail-ClamAV, symlinks Message-ID: Julian, I just realized in the course of the 4.39.6 upgrade that I've been badly burned by clamavmodule and the Mail-ClamAV perl module for a while. This is due to my way of doing things, and it took a while to figure out. But it is also due to how Mail-ClamAV installs. To those using clamavmodule, BEWARE! I install ClamAV into /opt, into a subdirectory clamav-[version]. Then I have a symlink for /opt/clamav -> /opt/clamav-[version]. I refer to the symlink in my MailScanner.conf settings. The problem: When I built and installed a new version of Mail-ClamAV, (specifying -I/opt/clamav/include and -L/opt/clamav/lib in the Makefile.PL), it followed the link and built its perl code with references to the version number. So, while I thought that I could move the symlink to point to a new version of ClamAV, the perl module was looking at the old version. Since MailScanner's virus updates put my update files in /opt/clamav and clamavmodule was looking in an old version directory, my Clam virus updates were way out of date. ==> Ouch!! I found this problem when I zapped old /opt/clamav-[version] directories and MailScanner started complaining about ClamAV missing. The issue seems to be in the building and installation of Mail-ClamAV. I haven't detected similar issues with sophossavi (I use the same symlink setup with Sophos versions too). Would this be a problem with Sophos? I've changed back from clamavmodule to clamav in my MS settings. Jeff Earickson Colby College ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Thu Mar 3 16:44:01 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:48 2006 Subject: Which Bayes files? Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth > Sent: den 3 mars 2005 17:22 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Which Bayes files? > > > Richard > > in spam.assassin.prefs.conf you can force the bayes directory. I use > that then I know where the heck things are. Very true, I do the same... Since I'm a MailWatch-user, where this is a prerequisite. If you can determine which files are the "primaries" (ie. what MS is using), it would be easy to move them wherever you'd like... Just see to it that the Run As MS user can get at them fro rw. Look below for further comments. > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Wechsler wrote: > > Quick query (which really boils down to my reading of the > syntax of a > > specific comment in Mailscanner.conf): > > > > I'm running Mailscanner 4.38.10 and SpamAssassin 3.0.2 on a > Debian-Sarge > > server, with Exim 4.44 (all from Debian's testing packages). > > > > Both exim and mailscanner run as the user 'Debian-exim'. > > > > I have: > > SpamAssassin User State Dir = /var/lib/MailScanner > > > > in Mailscanner.conf > > This file tells me that: > > > > # The per-user files (bayes, auto-whitelist, user_prefs) are looked > > # for here and in ~/.spamassassin/. Note the files are mutable. > > > > Leaving aside the fact that I dunno what "mutable" means in this > > context, what does '~' mean. OK, it's a home directory, but > is it the > > home of the mail recipient or of the 'user' that > MailScanner's running as? SA is run by MS, so in this case it should be the Debian-exim user. > > > > Asking that another way (humour me for completeness!), > which bayes files > > is SA looking at in my case? ~Debian-exim/.spamassassin/.... > > > > And: Is there any way I can get MS to tell me where it's > looking, or how > > much Bayes data (if any) it's finding to work on? I get the > odd feeling > > I'm sending the training data to the wrong place at the moment... Not MS, but SA. "su - Debian-exim" and run spamassassin -D -p /etc/MailScanner/spam.assassin.prefs.conf --lint 2>&1 | grep bayes (If you use MailWatch, there's a convenient link to click in the "Other" section... One of the reasons you need be specific about bayes_* placement in MW (the other being sa-learn)). Most of this is deducible from the list archives, and the available docs;) Cheers -- Glenn > > > > > > Ok, so not such a 'quick query' as I thought, but at least > I worked out > > the earlier '70 errors in spamassassin --lint -D' issue > before annoying > > the list with it ;) (Answer: SA was finding a set of rules > from a 2.64 > > install and getting very upset). > > > > > > The return on these questions should hopefully be of use - I'm about > > halfway through writing a "Guide to installing Mailscanner on > > Debian-Sarge" which will *thoroughly* cover my recent experiences of > > installing this combination. It should be online later today. > > > > Richard George, > > MEng (Electronics D.Trip), University of Southampton :) > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > >
/>************************************************************ > ********** >
>
This email and any files transmitted with it are > confidential and >
intended solely for the use of the individual or entity > to whom they >
are addressed. If you have received this email in error > please notify >
the system manager. >
>
This footnote confirms that this email message has been swept >
for the presence of computer viruses and is believed to > be clean. >
>
/>************************************************************ > ********** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From wechsler at PHASE.ORG Thu Mar 3 16:49:36 2005 From: wechsler at PHASE.ORG (Wechsler) Date: Thu Jan 12 21:28:48 2006 Subject: Installing Mailscanner on Debian-testing - with exim 4 and clamAV Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ok, first draft of the document I mentioned earlier. I'm not claiming that this is the best or only way to do this, but it works for me: http://www.phase.org/journal/byjid/8550 (yes, I know, I need to set up some decent URLs on that site ;) That said, if there are any grievious errors in there, please let me know! Thanks, Richard ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jimc at LARIDIAN.COM Thu Mar 3 16:41:22 2005 From: jimc at LARIDIAN.COM (Jim Coates) Date: Thu Jan 12 21:28:48 2006 Subject: Rules for random character subjects? Message-ID: Hi all... I seem to have a large number of messages that have garbage subject lines (either made up of foreign characters or random characters) that get past MailScanner/Spam Assassin. Have any of you found a decent ruleset that stops these? Thanks, Jim Coates Laridian, Inc ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From wechsler at PHASE.ORG Thu Mar 3 16:55:16 2005 From: wechsler at PHASE.ORG (Wechsler) Date: Thu Jan 12 21:28:48 2006 Subject: Which Bayes files? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Steen, Glenn wrote: >>>And: Is there any way I can get MS to tell me where it's >> >>looking, or how >> >>>much Bayes data (if any) it's finding to work on? I get the >> >>odd feeling >> >>>I'm sending the training data to the wrong place at the moment... > > Not MS, but SA. "su - Debian-exim" and run > spamassassin -D -p /etc/MailScanner/spam.assassin.prefs.conf --lint 2>&1 > | grep bayes Ahm, thanks. That seems to give me /var/lib/MailScanner/bayes* as my source. Might have to do some tweaking 'round here... > (If you use MailWatch, there's a convenient link to click in the > "Other" section... One of the reasons you need be specific about > bayes_* placement in MW (the other being sa-learn)). > > Most of this is deducible from the list archives, and the available > docs;) *grin* Fair point - I'd just been deducing far too much recently and thought I'd see if anyone could confirm my assumptions! Many thanks, Richard ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Mar 3 17:14:10 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:48 2006 Subject: Installing Mailscanner on Debian-testing - with exim 4 and clamAV Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Richard, When you get it finished, could I possibly host it (or even just a link to it) on www.mailscanner.info please? These resources are far more use when they can be found centrally. Wechsler wrote: > Ok, first draft of the document I mentioned earlier. I'm not claiming > that this is the best or only way to do this, but it works for me: > > http://www.phase.org/journal/byjid/8550 > > (yes, I know, I need to set up some decent URLs on that site ;) > > That said, if there are any grievious errors in there, please let me > know! > > Thanks, > Richard > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Thu Mar 3 17:23:15 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:48 2006 Subject: Which Bayes files? Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Wechsler > Sent: den 3 mars 2005 18:19 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Which Bayes files? > > > Wechsler wrote: > > Steen, Glenn wrote: > > >> Not MS, but SA. "su - Debian-exim" and run > >> spamassassin -D -p > /etc/MailScanner/spam.assassin.prefs.conf --lint 2>&1 > >> | grep bayes > > > > > > Ahm, thanks. That seems to give me /var/lib/MailScanner/bayes* as my > > source. Might have to do some tweaking 'round here... > > Right, looks like I do - and, in the interests of letting others learn > from my mistakes, here's what I need to change: > > I've got crontab tasks running as Debian-exim on two IMAP folders: > falsepos, and falseneg, as follows: (I'm sure you can guess > the other). > > 15 * * * * /usr/bin/sa-learn --mbox --spam > /home2/wechsler/mail/falseneg > > This, not-very-surprisingly, learns to > "~Debian-exim/.spamassassin/bayes*" > > To get it to learn to the desired location, I just pull in MS's SA > config file: (the following being really one line) > > /usr/bin/sa-learn --mbox --spam -p \ > /etc/MailScanner/spam.assassin.prefs.conf > /home2/wechsler/mail/falseneg > > That seems to learn to the "right place" for me. Make sense to you? Yep, that would be right... Provided one can trust the ones filling in the falseneg/falsepos folders:-). -- Glenn > > > Thanks again, > > Richard > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Peter.Bates at LSHTM.AC.UK Thu Mar 3 17:15:00 2005 From: Peter.Bates at LSHTM.AC.UK (Peter Bates) Date: Thu Jan 12 21:28:48 2006 Subject: SAVI-Perl/Sophos on RedHat Enterprise 4 Message-ID: Hello all... Sorry, not strictly an MS problem, just wondering if anyone else had stumbled over this... I'm playing with a test box on RHEL4. Sophos installed fine, and using 'sophos' as the virus scanner, all is okay. However, I normally try and install SAVI-Perl for obvious reasons. The latest version would appear to be 0.30. I installed Sophos, and then edited Makefile.PL as normal: 'LIBS' => ['-L/usr/local/Sophos/lib -R/usr/local/Sophos/lib -lsavi'], I run make: cp SAVI.pm blib/lib/SAVI.pm AutoSplitting blib/lib/SAVI.pm (blib/lib/auto/SAVI) /usr/bin/perl /usr/lib/perl5/5.8.5/ExtUtils/xsubpp -typemap /usr/lib/perl5/5.8.5/ExtUtils/typemap -typemap typemap SAVI.xs > SAVI.xsc && mv SAVI.xsc SAVI.c Please specify prototyping behavior for SAVI.xs (see perlxs manual) gcc -c -I. -D_REENTRANT -D_GNU_SOURCE -DDEBUGGING -fno-strict-aliasing -pipe -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -g -pipe -m32 -march=i386 -mtune=pentium4 -DVERSION=\"0.30\" -DXS_VERSION=\"0.30\" -fPIC "-I/usr/lib/perl5/5.8.5/i386-linux-thread-multi/CORE" SAVI.c Running Mkbootstrap for SAVI () chmod 644 SAVI.bs rm -f blib/arch/auto/SAVI/SAVI.so gcc -shared -L/usr/local/lib SAVI.o -o blib/arch/auto/SAVI/SAVI.so -L/usr/local/Sophos/lib -R/usr/local/Sophos/lib -lsavi gcc: unrecognized option `-R/usr/local/Sophos/lib' chmod 755 blib/arch/auto/SAVI/SAVI.so cp SAVI.bs blib/arch/auto/SAVI/SAVI.bs chmod 644 blib/arch/auto/SAVI/SAVI.bs Manifying blib/man3/SAVI.3pm ... it's the 'gcc: unrecognized option' that looks to me that isn't actually building the .so shared library... there is, though, a SAVI.so in blib/arch/auto/SAVI. make test shows: PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t t/use....Can't load '/root/av/sophos/SAVI-Perl-0.30/blib/arch/auto/SAVI/SAVI.so' for module SAVI: libsavi.so.3: cannot open shared object file: No such file or directory at /usr/lib/perl5/5.8.5/i386-linux-thread-multi/DynaLoader.pm line 230. at t/use.t line 8 ... it is, however, there. Running a forced 'make install' and then using 'sophossavi' in MailScanner elicits errors about not being able to find SAVI: Mar 3 16:41:16 james MailScanner[16086]: SAVI Perl module not found, did you install it? Anyone else swimming in these dark waters before I try the auth of SAVI-Perl? ---------------------------------------------------------------------------------------------------> Peter Bates, Systems Support Officer, IT Services. London School of Hygiene & Tropical Medicine. Telephone:0207-958 8353 / Fax: 0207- 636 9838 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From wechsler at PHASE.ORG Thu Mar 3 17:18:59 2005 From: wechsler at PHASE.ORG (Wechsler) Date: Thu Jan 12 21:28:48 2006 Subject: Which Bayes files? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Wechsler wrote: > Steen, Glenn wrote: >> Not MS, but SA. "su - Debian-exim" and run >> spamassassin -D -p /etc/MailScanner/spam.assassin.prefs.conf --lint 2>&1 >> | grep bayes > > > Ahm, thanks. That seems to give me /var/lib/MailScanner/bayes* as my > source. Might have to do some tweaking 'round here... Right, looks like I do - and, in the interests of letting others learn from my mistakes, here's what I need to change: I've got crontab tasks running as Debian-exim on two IMAP folders: falsepos, and falseneg, as follows: (I'm sure you can guess the other). 15 * * * * /usr/bin/sa-learn --mbox --spam /home2/wechsler/mail/falseneg This, not-very-surprisingly, learns to "~Debian-exim/.spamassassin/bayes*" To get it to learn to the desired location, I just pull in MS's SA config file: (the following being really one line) /usr/bin/sa-learn --mbox --spam -p \ /etc/MailScanner/spam.assassin.prefs.conf /home2/wechsler/mail/falseneg That seems to learn to the "right place" for me. Make sense to you? Thanks again, Richard ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu Mar 3 17:25:15 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:48 2006 Subject: Rules for random character subjects? Message-ID: Jim quick replay - on way home.. have a look in www.rulesemporium.com/rules.htm for things what will cover this. Chickenpox rules are good too (on the other). -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Jim Coates wrote: > Hi all... > > I seem to have a large number of messages that have garbage subject lines > (either made up of foreign characters or random characters) that get past > MailScanner/Spam Assassin. > > Have any of you found a decent ruleset that stops these? > > Thanks, > Jim Coates > Laridian, Inc > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website!
**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Thu Mar 3 17:24:54 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:49 2006 Subject: Installing Mailscanner on Debian-testing - with exim 4 and clamAV Message-ID: Another idea would for Richard to perhaps join in the dokuwiki project... So that it gets into place from the start. Look in the archives for Ugos contact info. -- Glenn > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field > Sent: den 3 mars 2005 18:14 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Installing Mailscanner on Debian-testing - with > exim 4 and clamAV > > > Richard, > > When you get it finished, could I possibly host it (or even > just a link > to it) on www.mailscanner.info please? These resources are > far more use > when they can be found centrally. > > Wechsler wrote: > > > Ok, first draft of the document I mentioned earlier. I'm > not claiming > > that this is the best or only way to do this, but it works for me: > > > > http://www.phase.org/journal/byjid/8550 > > > > (yes, I know, I need to set up some decent URLs on that site ;) > > > > That said, if there are any grievious errors in there, please let me > > know! > > > > Thanks, > > Richard > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Mar 3 17:30:47 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:49 2006 Subject: SAVI-Perl/Sophos on RedHat Enterprise 4 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Try removing the -R option and add /usr/local/Sophos/lib to /etc/ld.so.conf then run ldconfig. Peter Bates wrote: >Hello all... > >Sorry, not strictly an MS problem, just wondering if anyone else had >stumbled over this... > >I'm playing with a test box on RHEL4. > >Sophos installed fine, and using 'sophos' as the virus scanner, all is >okay. > >However, I normally try and install SAVI-Perl for obvious reasons. > >The latest version would appear to be 0.30. > >I installed Sophos, and then edited Makefile.PL as normal: > 'LIBS' => ['-L/usr/local/Sophos/lib -R/usr/local/Sophos/lib >-lsavi'], > >I run make: > >cp SAVI.pm blib/lib/SAVI.pm >AutoSplitting blib/lib/SAVI.pm (blib/lib/auto/SAVI) >/usr/bin/perl /usr/lib/perl5/5.8.5/ExtUtils/xsubpp -typemap >/usr/lib/perl5/5.8.5/ExtUtils/typemap -typemap typemap SAVI.xs > >SAVI.xsc && mv SAVI.xsc SAVI.c >Please specify prototyping behavior for SAVI.xs (see perlxs manual) >gcc -c -I. -D_REENTRANT -D_GNU_SOURCE -DDEBUGGING -fno-strict-aliasing >-pipe -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 >-I/usr/include/gdbm -O2 -g -pipe -m32 -march=i386 -mtune=pentium4 >-DVERSION=\"0.30\" -DXS_VERSION=\"0.30\" -fPIC >"-I/usr/lib/perl5/5.8.5/i386-linux-thread-multi/CORE" SAVI.c >Running Mkbootstrap for SAVI () >chmod 644 SAVI.bs >rm -f blib/arch/auto/SAVI/SAVI.so >gcc -shared -L/usr/local/lib SAVI.o -o blib/arch/auto/SAVI/SAVI.so >-L/usr/local/Sophos/lib -R/usr/local/Sophos/lib -lsavi >gcc: unrecognized option `-R/usr/local/Sophos/lib' >chmod 755 blib/arch/auto/SAVI/SAVI.so >cp SAVI.bs blib/arch/auto/SAVI/SAVI.bs >chmod 644 blib/arch/auto/SAVI/SAVI.bs >Manifying blib/man3/SAVI.3pm > >... it's the 'gcc: unrecognized option' that looks to me that isn't >actually building the .so shared library... there is, though, a SAVI.so >in blib/arch/auto/SAVI. > >make test shows: > >PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" >"test_harness(0, 'blib/lib', 'blib/arch')" t/*.t >t/use....Can't load >'/root/av/sophos/SAVI-Perl-0.30/blib/arch/auto/SAVI/SAVI.so' for module >SAVI: libsavi.so.3: cannot open shared object file: No such file or >directory at /usr/lib/perl5/5.8.5/i386-linux-thread-multi/DynaLoader.pm >line 230. > at t/use.t line 8 > >... it is, however, there. > >Running a forced 'make install' and then using 'sophossavi' in >MailScanner elicits errors about not being able to find SAVI: > >Mar 3 16:41:16 james MailScanner[16086]: SAVI Perl module not found, >did you >install it? > >Anyone else swimming in these dark waters before I try the auth of >SAVI-Perl? > > > >---------------------------------------------------------------------------------------------------> >Peter Bates, Systems Support Officer, IT Services. >London School of Hygiene & Tropical Medicine. >Telephone:0207-958 8353 / Fax: 0207- 636 9838 > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From wechsler at PHASE.ORG Thu Mar 3 17:29:42 2005 From: wechsler at PHASE.ORG (Wechsler) Date: Thu Jan 12 21:28:49 2006 Subject: Installing Mailscanner on Debian-testing - with exim 4 and clamAV Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > Richard, > > When you get it finished, could I possibly host it (or even just a link > to it) on www.mailscanner.info please? These resources are far more use > when they can be found centrally. Julian - You're more than welcome to link to it at least (I agree, the easier it is to find, the better) - I'd rather keep the 'canonical' version under my control though, so's I can beat the bugs out of it. If there prove to be any hosting issues with my server, though, I'll send it over to be hosted on .info. Thanks for all your work - glad to be able to give a little bit back! Richard ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From smhickel at CHARTERMI.NET Thu Mar 3 17:53:49 2005 From: smhickel at CHARTERMI.NET (Steve Hickel) Date: Thu Jan 12 21:28:49 2006 Subject: SAVI-Perl/Sophos on RedHat Enterprise 4 Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Just curious, what is the exact name of the sophos product you installed with mailscanner?? Someone wants me to add sophos as a third virus scanner (in addition to clamav and f-prot) and I am trying to figure out which sophos product I should use to do that? Thanks Steve On Thu, 2005-03-03 at 17:15 +0000, Peter Bates wrote: Hello all... Sorry, not strictly an MS problem, just wondering if anyone else had stumbled over this... I'm playing with a test box on RHEL4. Sophos installed fine, and using 'sophos' as the virus scanner, all is okay. However, I normally try and install SAVI-Perl for obvious reasons. The latest version would appear to be 0.30. I installed Sophos, and then edited Makefile.PL as normal: 'LIBS' => ['-L/usr/local/Sophos/lib -R/usr/local/Sophos/lib -lsavi'], I run make: cp SAVI.pm blib/lib/SAVI.pm AutoSplitting blib/lib/SAVI.pm (blib/lib/auto/SAVI) /usr/bin/perl /usr/lib/perl5/5.8.5/ExtUtils/xsubpp -typemap /usr/lib/perl5/5.8.5/ExtUtils/typemap -typemap typemap SAVI.xs > SAVI.xsc && mv SAVI.xsc SAVI.c Please specify prototyping behavior for SAVI.xs (see perlxs manual) gcc -c -I. -D_REENTRANT -D_GNU_SOURCE -DDEBUGGING -fno-strict-aliasing -pipe -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -g -pipe -m32 -march=i386 -mtune=pentium4 -DVERSION=\"0.30\" -DXS_VERSION=\"0.30\" -fPIC "-I/usr/lib/perl5/5.8.5/i386-linux-thread-multi/CORE" SAVI.c Running Mkbootstrap for SAVI () chmod 644 SAVI.bs rm -f blib/arch/auto/SAVI/SAVI.so gcc -shared -L/usr/local/lib SAVI.o -o blib/arch/auto/SAVI/SAVI.so -L/usr/local/Sophos/lib -R/usr/local/Sophos/lib -lsavi gcc: unrecognized option `-R/usr/local/Sophos/lib' chmod 755 blib/arch/auto/SAVI/SAVI.so cp SAVI.bs blib/arch/auto/SAVI/SAVI.bs chmod 644 blib/arch/auto/SAVI/SAVI.bs Manifying blib/man3/SAVI.3pm ... it's the 'gcc: unrecognized option' that looks to me that isn't actually building the .so shared library... there is, though, a SAVI.so in blib/arch/auto/SAVI. make test shows: PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t t/use....Can't load '/root/av/sophos/SAVI-Perl-0.30/blib/arch/auto/SAVI/SAVI.so' for module SAVI: libsavi.so.3: cannot open shared object file: No such file or directory at /usr/lib/perl5/5.8.5/i386-linux-thread-multi/DynaLoader.pm line 230. at t/use.t line 8 ... it is, however, there. Running a forced 'make install' and then using 'sophossavi' in MailScanner elicits errors about not being able to find SAVI: Mar 3 16:41:16 james MailScanner[16086]: SAVI Perl module not found, did you install it? Anyone else swimming in these dark waters before I try the auth of SAVI-Perl? ---------------------------------------------------------------------------------------------------> Peter Bates, Systems Support Officer, IT Services. London School of Hygiene & Tropical Medicine. Telephone:0207-958 8353 / Fax: 0207- 636 9838 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- Steve Hickel -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jimc at LARIDIAN.COM Thu Mar 3 17:52:35 2005 From: jimc at LARIDIAN.COM (Jim Coates) Date: Thu Jan 12 21:28:49 2006 Subject: Rules for random character subjects? Message-ID: Martin, Thanks... I found a link off to ccert.edu.cn (from the rulesemporium site) which has what looks to be a good ruleset for removing Chinese character spam etc. I've got it in place and we shall see how it works. Thanks again, Jim Coates Laridian, Inc. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth Sent: Thursday, March 03, 2005 11:25 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Rules for random character subjects? Jim quick replay - on way home.. have a look in www.rulesemporium.com/rules.htm for things what will cover this. Chickenpox rules are good too (on the other). -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Jim Coates wrote: > Hi all... > > I seem to have a large number of messages that have garbage subject > lines (either made up of foreign characters or random characters) that > get past MailScanner/Spam Assassin. > > Have any of you found a decent ruleset that stops these? > > Thanks, > Jim Coates > Laridian, Inc > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > mailscanner' in the body of the email. Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website!
**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Mar 3 18:00:56 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:49 2006 Subject: Installing Mailscanner on Debian-testing - with exim 4 and clamAV Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] As someone suggested, putting it on the wiki might be the best idea all round. Wechsler wrote: > Julian Field wrote: > >> Richard, >> >> When you get it finished, could I possibly host it (or even just a link >> to it) on www.mailscanner.info please? These resources are far more use >> when they can be found centrally. > > > Julian - > > You're more than welcome to link to it at least (I agree, the easier it > is to find, the better) - I'd rather keep the 'canonical' version under > my control though, so's I can beat the bugs out of it. If there prove to > be any hosting issues with my server, though, I'll send it over to be > hosted on .info. > > Thanks for all your work - glad to be able to give a little bit back! > > Richard > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Mar 3 18:02:18 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:49 2006 Subject: SAVI-Perl/Sophos on RedHat Enterprise 4 Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] You just need the command-line scanner product, not anything for mail servers or anything like that. I believe they call it their SAVI licence. Steve Hickel wrote: > Just curious, what is the exact name of the sophos product you > installed with mailscanner?? Someone wants me to add sophos as a third > virus scanner (in addition to clamav and f-prot) and I am trying to > figure out which sophos product I should use to do that? Thanks > > Steve > > On Thu, 2005-03-03 at 17:15 +0000, Peter Bates wrote: > >>Hello all... >> >>Sorry, not strictly an MS problem, just wondering if anyone else had >>stumbled over this... >> >>I'm playing with a test box on RHEL4. >> >>Sophos installed fine, and using 'sophos' as the virus scanner, all is >>okay. >> >>However, I normally try and install SAVI-Perl for obvious reasons. >> >>The latest version would appear to be 0.30. >> >>I installed Sophos, and then edited Makefile.PL as normal: >> 'LIBS' => ['-L/usr/local/Sophos/lib -R/usr/local/Sophos/lib >>-lsavi'], >> >>I run make: >> >>cp SAVI.pm blib/lib/SAVI.pm >>AutoSplitting blib/lib/SAVI.pm (blib/lib/auto/SAVI) >>/usr/bin/perl /usr/lib/perl5/5.8.5/ExtUtils/xsubpp -typemap >>/usr/lib/perl5/5.8.5/ExtUtils/typemap -typemap typemap SAVI.xs > >>SAVI.xsc && mv SAVI.xsc SAVI.c >>Please specify prototyping behavior for SAVI.xs (see perlxs manual) >>gcc -c -I. -D_REENTRANT -D_GNU_SOURCE -DDEBUGGING -fno-strict-aliasing >>-pipe -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 >>-I/usr/include/gdbm -O2 -g -pipe -m32 -march=i386 -mtune=pentium4 >>-DVERSION=\"0.30\" -DXS_VERSION=\"0.30\" -fPIC >>"-I/usr/lib/perl5/5.8.5/i386-linux-thread-multi/CORE" SAVI.c >>Running Mkbootstrap for SAVI () >>chmod 644 SAVI.bs >>rm -f blib/arch/auto/SAVI/SAVI.so >>gcc -shared -L/usr/local/lib SAVI.o -o blib/arch/auto/SAVI/SAVI.so >>-L/usr/local/Sophos/lib -R/usr/local/Sophos/lib -lsavi >>gcc: unrecognized option `-R/usr/local/Sophos/lib' >>chmod 755 blib/arch/auto/SAVI/SAVI.so >>cp SAVI.bs blib/arch/auto/SAVI/SAVI.bs >>chmod 644 blib/arch/auto/SAVI/SAVI.bs >>Manifying blib/man3/SAVI.3pm >> >>... it's the 'gcc: unrecognized option' that looks to me that isn't >>actually building the .so shared library... there is, though, a SAVI.so >>in blib/arch/auto/SAVI. >> >>make test shows: >> >>PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" >>"test_harness(0, 'blib/lib', 'blib/arch')" t/*.t >>t/use....Can't load >>'/root/av/sophos/SAVI-Perl-0.30/blib/arch/auto/SAVI/SAVI.so' for module >>SAVI: libsavi.so.3: cannot open shared object file: No such file or >>directory at /usr/lib/perl5/5.8.5/i386-linux-thread-multi/DynaLoader.pm >>line 230. >> at t/use.t line 8 >> >>... it is, however, there. >> >>Running a forced 'make install' and then using 'sophossavi' in >>MailScanner elicits errors about not being able to find SAVI: >> >>Mar 3 16:41:16 james MailScanner[16086]: SAVI Perl module not found, >>did you >>install it? >> >>Anyone else swimming in these dark waters before I try the auth of >>SAVI-Perl? >> >> >> >>---------------------------------------------------------------------------------------------------> >>Peter Bates, Systems Support Officer, IT Services. >>London School of Hygiene & Tropical Medicine. >>Telephone:0207-958 8353 / Fax: 0207- 636 9838 >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> > > -- > Steve Hickel > > > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. > MailScanner thanks transtec Computers for > their support. ------------------------ MailScanner list > ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Peter.Bates at LSHTM.AC.UK Thu Mar 3 17:51:58 2005 From: Peter.Bates at LSHTM.AC.UK (Peter Bates) Date: Thu Jan 12 21:28:49 2006 Subject: SAVI-Perl/Sophos on RedHat Enterprise 4 Message-ID: Hello all... > MailScanner@ECS.SOTON.AC.UK 03/03/05 17:30:47 >>> >Try removing the -R option and add /usr/local/Sophos/lib to >/etc/ld.so.conf then run ldconfig. Worked first time! RHEL4 also has the interesting 'include /etc/ld.so.conf.d' so I could have just dropped in a file called 'sophos' in there with the relevant path listed. Julian... you are the proverbial * ! (That's a star, and not some expletive). ---------------------------------------------------------------------------------------------------> Peter Bates, Systems Support Officer, IT Services. London School of Hygiene & Tropical Medicine. Telephone:0207-958 8353 / Fax: 0207- 636 9838 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dmehler26 at woh.rr.com Thu Mar 3 18:23:57 2005 From: dmehler26 at woh.rr.com (dave) Date: Thu Jan 12 21:28:49 2006 Subject: Bayes file Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, FreeBSD 5.3-RELEASE, MS-4.3.9, sa3.01, i've downloaded bayes3 i believe it is, i am trying to control the influx of spam. I am not sure where to put these files and/or what to do with any configuration? Any help appreciated. Thanks. Dave. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Thu Mar 3 18:25:28 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:49 2006 Subject: Rules for random character subjects? Message-ID: At 11:41 AM 3/3/2005, Jim Coates wrote: >I seem to have a large number of messages that have garbage subject lines >(either made up of foreign characters or random characters) that get past >MailScanner/Spam Assassin. > >Have any of you found a decent ruleset that stops these? I use the FVGT_s_OBFU_* rules for this with good success.. they're kind of old, but work well for me.. I don't think there's a CF file out there for them, but they are on exit0.us: http://www.exit0.us/index.php?pagename=FredsRules ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu Mar 3 19:36:38 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:28:49 2006 Subject: OT - Clamav question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Pete Russell wrote: > I would like to try and get it to handle Bitdefender. only need to > modify ONE (or maybe 2) line of code from what i can see. > > The output and string values for Bitdefender. ANy idea whgat they might be? > > # Scanner Strings > my %Scanners = ( > bitdefender => { > Output => '/(.+) Found virus (.*)', > String => '/(.+) Found virus (.*)\'}, > sophos => { > Output => '>>> Virus', > String => '>>> Virus \'(.*)\''}, > sophossavi => { > Output => 'INFECTED::', > String => 'INFECTED:: (.*)::'}, > inoculan => { > Output => 'was infected by virus', > String => 'was infected by virus \[(.*)\]'}, > clamav => { > Output => 'FOUND', > String => ':.* (.*) FOUND'}, > command => { > Output => 'Infection:', > String => 'Infection: (.*)'}, > "f-prot" => { > Output => 'Infection:', > String => 'Infection: (.*)'}, > mcafee => { > Output => 'Found the', Maybe start with this; bitdefender=> { Output => '\/.*infected:', String => '\/.*infected: (.*)' }, Might take some playing, but this is out of Vispan. I had to give credit where credit is due! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From sargastic at YAHOO.FR Thu Mar 3 20:11:38 2005 From: sargastic at YAHOO.FR (Violaine Grimly) Date: Thu Jan 12 21:28:49 2006 Subject: External virus scanners Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] --- John Wilcock a écrit : > > Or just scan it in MailScanner, then send it to > their box clean to prove > how good MS is! I'm going to take flak for it, but I love this idea (Martin and Adri, thanks for the same kind of idea). VG. Découvrez le nouveau Yahoo! Mail : 250 Mo d'espace de stockage pour vos mails ! Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Thu Mar 3 21:17:55 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:28:49 2006 Subject: Rules for random character subjects? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Does anyone know which of the rulesdujour are now handled by SA3.02 by default? It seems from the doco that bigevil is automatically enabled as a default RBL check? Does this cover any fo the other ruledujour? Or what needs to be done to ahve ALL of these on? Just follow the normal ruledujour procedure for SA 2.6 ? thanks Pete Martin Hepworth wrote: > Jim > > quick replay - on way home.. > > have a look in www.rulesemporium.com/rules.htm for things what will > cover this. Chickenpox rules are good too (on the other). > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Thu Mar 3 21:20:15 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:28:49 2006 Subject: bayes 00 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Then its really hard - unlress you archive a users or a lot of incoming mail for a while, OR setup a mailbox to spam and ham on your servers. Again, it will require a little planning and research. There is a guide in the maq on www.mailscanner.info and plebnty in the list archives. Let us know how you go. David Curtis wrote: > Thanks. > I am not sure how to sa-learn in this case. We are setup as a gateway > for an GroupWise server. > > > > >>> martinh@SOLID-STATE-LOGIC.COM 03/03 10:14 AM >>> > David > > you have to teach bayes when it's wrong. (see info in sa-learn) > > also having alot of the rules from www.rulesemporium.com/rules.htm > can > help alot too. Drip feed them in and see which ones help the most. > > DO NOT use bigevil.cf, instead make sure the URI-RBL's are turned on, > again these help alot. > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > David Curtis wrote: > > Fresh install of Fedora Core 3. Postfix 2.2 Fresh install of SA 3.0.2. > > Fresh install of Razor and DCC and MailScanner 4.39.6-1. I followed the > > MailScanner install doc. > > > > >>> martinh@SOLID-STATE-LOGIC.COM 03/03 9:41 AM >>> > > David > > > > restore from an earlier version...?? You backup the thing, yes??? > > > > Anyway reminds us what extra rules you run like the SARE ones etc.. They > > may help. What version of SA and do you run the URI-RBL stuff? > > > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > > > David Curtis wrote: > > > I think my bayes is messed up. I have several dozen e-mails that I > think > > > are spam. The rule for bayes_00 is letting it through. > > > Here is the score: > > > X-SBSD-MailScanner-SpamCheck: not spam, SpamAssassin (score=3.294, > > > required 3.75, BAYES_00 -2.60, DCC_CHECK 2.17, DIGEST_MULTIPLE 0.10, > > > HTML_90_100 0.02, HTML_IMAGE_RATIO_02 0.02, HTML_MESSAGE 0.00, > > > MIME_HTML_ONLY 0.18, RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK 1.51, > > > RCVD_IN_NJABL_SPAM 1.84) > > > X-SBSD-MailScanner-SpamScore: 3 > > > > > > Any idea? > > > > > > > > > > > > > > > > > > > > > > > > This email may contain information protected under the Family > > > Educational Rights and Privacy Act (FERPA) or the Health Insurance > > > Portability and Accountability Act (HIPAA). If this email contains > > > confidential and/or privileged health or student information and you > > > are not entitled to access such information under FERPA or HIPAA, > > > federal regulations require that you destroy this email without > > > reviewing it and you may not forward it to anyone. > > > > > > ------------------------ MailScanner list ------------------------ > > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > > 'leave mailscanner' in the body of the email. > > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > > > Support MailScanner development - buy the book off the website! > > > >
/>********************************************************************** > >
> >
This email and any files transmitted with it are confidential and > >
intended solely for the use of the individual or entity to whom > they > >
are addressed. If you have received this email in error please > notify > >
the system manager. > >
> >
This footnote confirms that this email message has been swept > >
for the presence of computer viruses and is believed to be clean. > >
> >
/>********************************************************************** > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > > > > > > > > This email may contain information protected under the Family > > Educational Rights and Privacy Act (FERPA) or the Health Insurance > > Portability and Accountability Act (HIPAA). If this email contains > > confidential and/or privileged health or student information and you > > are not entitled to access such information under FERPA or HIPAA, > > federal regulations require that you destroy this email without > > reviewing it and you may not forward it to anyone. > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > *Support MailScanner development - buy the book off the website!* > >
********************************************************************** >
>
This email and any files transmitted with it are confidential and >
intended solely for the use of the individual or entity to whom they >
are addressed. If you have received this email in error please notify >
the system manager. >
>
This footnote confirms that this email message has been swept >
for the presence of computer viruses and is believed to be clean. >
>
********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Thu Mar 3 21:23:46 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:28:49 2006 Subject: Which Bayes files? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] When i first build a mailscanner machine i make /etc/mail/spamassassin/local.cf a symlink to /etc/MailScanner/spam.assassin.prefs to avoid all these type of hassles. Pete Wechsler wrote: > Wechsler wrote: > >> Steen, Glenn wrote: > > >>> Not MS, but SA. "su - Debian-exim" and run >>> spamassassin -D -p /etc/MailScanner/spam.assassin.prefs.conf --lint 2>&1 >>> | grep bayes >> >> >> >> Ahm, thanks. That seems to give me /var/lib/MailScanner/bayes* as my >> source. Might have to do some tweaking 'round here... > > > Right, looks like I do - and, in the interests of letting others learn > from my mistakes, here's what I need to change: > > I've got crontab tasks running as Debian-exim on two IMAP folders: > falsepos, and falseneg, as follows: (I'm sure you can guess the other). > > 15 * * * * /usr/bin/sa-learn --mbox --spam /home2/wechsler/mail/falseneg > > This, not-very-surprisingly, learns to "~Debian-exim/.spamassassin/bayes*" > > To get it to learn to the desired location, I just pull in MS's SA > config file: (the following being really one line) > > /usr/bin/sa-learn --mbox --spam -p \ > /etc/MailScanner/spam.assassin.prefs.conf /home2/wechsler/mail/falseneg > > That seems to learn to the "right place" for me. Make sense to you? > > > Thanks again, > > Richard > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jimc at LARIDIAN.COM Thu Mar 3 21:23:58 2005 From: jimc at LARIDIAN.COM (Jim Coates) Date: Thu Jan 12 21:28:49 2006 Subject: bayes 00 Message-ID: I've toyed with the idea of creating a mailbox for SPAM and HAM that users can forward email into to be learned using a CRON job. However, I'm concerned that since they would be forwarding the email, the headers would be incorrect (different from the original). Is there a way around this as it seems ideal to simply let users forward email that they consider SPAM into some sort of account the be learned on a CRON basis by SpamAssassin? Jim Coates Laridian, Inc. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Peter Russell Sent: Thursday, March 03, 2005 3:20 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: bayes 00 Then its really hard - unlress you archive a users or a lot of incoming mail for a while, OR setup a mailbox to spam and ham on your servers. Again, it will require a little planning and research. There is a guide in the maq on www.mailscanner.info and plebnty in the list archives. Let us know how you go. David Curtis wrote: > Thanks. > I am not sure how to sa-learn in this case. We are setup as a gateway > for an GroupWise server. > > > > >>> martinh@SOLID-STATE-LOGIC.COM 03/03 10:14 AM >>> > David > > you have to teach bayes when it's wrong. (see info in sa-learn) > > also having alot of the rules from www.rulesemporium.com/rules.htm > can help alot too. Drip feed > them in and see which ones help the most. > > DO NOT use bigevil.cf, instead make sure the URI-RBL's are turned on, > again these help alot. > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > David Curtis wrote: > > Fresh install of Fedora Core 3. Postfix 2.2 Fresh install of SA > 3.0.2. > Fresh install of Razor and DCC and MailScanner 4.39.6-1. I > followed the > MailScanner install doc. > > > >>> martinh@SOLID-STATE-LOGIC.COM 03/03 9:41 AM >>> > > David > > > > restore from an earlier version...?? You backup the thing, yes??? > > > > Anyway reminds us what extra rules you run like the SARE ones etc.. They > > may help. What version of SA and do you run the URI-RBL stuff? > > > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > > > David Curtis wrote: > > > I think my bayes is messed up. I have several dozen e-mails that I > think > > > are spam. The rule for bayes_00 is letting it through. > > > Here is the score: > > > X-SBSD-MailScanner-SpamCheck: not spam, SpamAssassin (score=3.294, > > > required 3.75, BAYES_00 -2.60, DCC_CHECK 2.17, DIGEST_MULTIPLE 0.10, > > > HTML_90_100 0.02, HTML_IMAGE_RATIO_02 0.02, HTML_MESSAGE 0.00, > > > MIME_HTML_ONLY 0.18, RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK 1.51, > > > RCVD_IN_NJABL_SPAM 1.84) > > > X-SBSD-MailScanner-SpamScore: 3 > > > > > > Any idea? > > > > > > > > > > > > > > > > > > > > > > > > This email may contain information protected under the Family > > > Educational Rights and Privacy Act (FERPA) or the Health Insurance > > > Portability and Accountability Act (HIPAA). If this email contains > > > confidential and/or privileged health or student information and you > > > are not entitled to access such information under FERPA or HIPAA, > > > federal regulations require that you destroy this email without > > > reviewing it and you may not forward it to anyone. > > > > > > ------------------------ MailScanner list ------------------------ > > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > > 'leave mailscanner' in the body of the email. > > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > > > Support MailScanner development - buy the book off the website! > > > >
/>********************************************************************** > >
> >
This email and any files transmitted with it are confidential and > >
intended solely for the use of the individual or entity to whom > they > >
are addressed. If you have received this email in error please > notify > >
the system manager. > >
> >
This footnote confirms that this email message has been swept > >
for the presence of computer viruses and is believed to be clean. > >
> >
/>********************************************************************** > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > > > > > > > > This email may contain information protected under the Family > > Educational Rights and Privacy Act (FERPA) or the Health Insurance > > Portability and Accountability Act (HIPAA). If this email contains > > confidential and/or privileged health or student information and you > > are not entitled to access such information under FERPA or HIPAA, > > federal regulations require that you destroy this email without > > reviewing it and you may not forward it to anyone. > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > *Support MailScanner development - buy the book off the website!* > >
/>********************************************************************** >
>
This email and any files transmitted with it are confidential and >
intended solely for the use of the individual or entity to whom they >
are addressed. If you have received this email in error please notify >
the system manager. >
>
This footnote confirms that this email message has been swept >
for the presence of computer viruses and is believed to be clean. >
>
********************************************************************** > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > mailscanner' in the body of the email. Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > mailscanner' in the body of the email. Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Thu Mar 3 21:28:28 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:28:49 2006 Subject: SAVI-Perl/Sophos on RedHat Enterprise 4 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] also note that the mail-CLamAV fails on RHEL4 too. Its the last thing to get working, all of the other associated products worked fine. Removing previously used /root/.cpan/build/Mail-ClamAV-0.14 CPAN.pm: Going to build S/SA/SABECK/Mail-ClamAV-0.14.tar.gz Checking if your kit is complete... Looks good Writing Makefile for Mail::ClamAV /usr/bin/perl -Mblib -MInline=NOISY,_INSTALL_ -MMail::ClamAV -e1 0.14 blib/arch Can't open blib/lib/Mail/ClamAV.pm: No such file or directory. Can't locate Mail/ClamAV.pm in @INC (@INC contains: /root/.cpan/build/Mail-ClamAV-0.14/blib/arch /root/.cpan/build/Mail-ClamAV-0.14/blib/lib /usr/lib/perl5/5.8.5/i386-linux-thread-multi /usr/lib/perl5/5.8.5 /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.4/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.2/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.1/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.5 /usr/lib/perl5/site_perl/5.8.4 /usr/lib/perl5/site_perl/5.8.3 /usr/lib/perl5/site_perl/5.8.2 /usr/lib/perl5/site_perl/5.8.1 /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.4/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.2/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.1/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.5 /usr/lib/perl5/vendor_perl/5.8.4 /usr/lib/perl5/vendor_perl/5.8.3 /usr/lib/perl5/vendor_perl/5.8.2 /usr/lib/perl5/vendor_perl/5.8.1 /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl .). BEGIN failed--compilation aborted. make: *** [ClamAV.inl] Error 2 make: *** Waiting for unfinished jobs.... cp ClamAV.pm blib/lib/Mail/ClamAV.pm make: *** Waiting for unfinished jobs.... /usr/bin/make -j3 -- NOT OK Running make test Can't test without successful make Running make install make had returned bad status, install seems impossible Peter Bates wrote: > Hello all... > > >>MailScanner@ECS.SOTON.AC.UK 03/03/05 17:30:47 >>> >>Try removing the -R option and add /usr/local/Sophos/lib to >>/etc/ld.so.conf then run ldconfig. > > > Worked first time! > > RHEL4 also has the interesting 'include /etc/ld.so.conf.d' > so I could have just dropped in a file called 'sophos' in there > with the relevant path listed. > > Julian... you are the proverbial * ! > > (That's a star, and not some expletive). > > > > ---------------------------------------------------------------------------------------------------> > Peter Bates, Systems Support Officer, IT Services. > London School of Hygiene & Tropical Medicine. > Telephone:0207-958 8353 / Fax: 0207- 636 9838 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu Mar 3 21:23:08 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:28:49 2006 Subject: External virus scanners Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Violaine Grimly wrote: > --- John Wilcock a écrit : > >>Or just scan it in MailScanner, then send it to >>their box clean to prove >>how good MS is! > > > I'm going to take flak for it, but I love this idea > (Martin and Adri, thanks for the same kind of idea). > > VG. Or send it from their box to MailScanner and see what their box misses! If it lets just one virus through, while a "free" product catches it, maybe mgmt. will take notice. -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From zen23003 at ZEN.CO.UK Thu Mar 3 21:38:56 2005 From: zen23003 at ZEN.CO.UK (Paul Welsh) Date: Thu Jan 12 21:28:49 2006 Subject: Panda not working Message-ID: Anyone managed to get panda working? I'm running MailScanner 4.38.9 on RH9 with the pavcl program file dated 1 July 03. I installed pavcl from rpm. pavcl is in /usr/bin and I have the pav.sig signature file in /usr/lib/panda. The .sig file is dated today, so the autoupdate is working. The /usr/lib/MailScanner/panda-wrapper file refers to /bin/pavcl rather than /usr/bin/pavcl so I guess there's one potential problem. The /etc/MailScanner/virus.scanners.conf file contains the line: panda /usr/lib/MailScanner/panda-wrapper /usr There's the following advice in virus.scanners.conf: # You can test a -wrapper script with a command like this: # /usr/lib/MailScanner/f-secure-wrapper /opt/f-secure/fsav /tmp # That command will attempt to scan /tmp using F-Secure. If it works you # should see some sensible output. If it fails, you will probably just see # an error message such as "Command not found" or similar. I've tried the command: /usr/lib/MailScanner/panda-wrapper /usr/bin/pavcl /tmp Along with a whole load of permutations. I've tried changing panda-wrapper and virus.scanners.conf but all to no avail. I just get "Virus: 0" as the response, even though there's a valid eicar.com test file in the directory that's being scanned and the equivalent f-prot command works fine. Running pavcl direct from the command line detects the eicar file. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Thu Mar 3 22:37:12 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:28:49 2006 Subject: bayes 00 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] YEah tghis is everyone's concern. Its been documented in the archives that most people attempt to use either an IMAP script on the mailscanner machine to pull the mail from the exchange/groupwise/domino server to an mbox/maildir and then run sa-learn on - as imap does a copy basically, rather than forwarding and destroying the original headers. Or even better is have access on your mail system so everyone can COPY into another mailbox and then run sa-learn on it. You could get bayes to ignore all the headers and just learn the content? I am not sure what everyone does about checking through all the mail to make sure the usrs ahvent put ham in the spa,m box etc Jim Coates wrote: > I've toyed with the idea of creating a mailbox for SPAM and HAM that users > can forward email into to be learned using a CRON job. > > However, I'm concerned that since they would be forwarding the email, the > headers would be incorrect (different from the original). > > Is there a way around this as it seems ideal to simply let users forward > email that they consider SPAM into some sort of account the be learned on a > CRON basis by SpamAssassin? > > Jim Coates > Laridian, Inc. > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf > Of Peter Russell > Sent: Thursday, March 03, 2005 3:20 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: bayes 00 > > > Then its really hard - unlress you archive a users or a lot of incoming mail > for a while, OR setup a mailbox to spam and ham on your servers. Again, it > will require a little planning and research. There is a guide in the maq on > www.mailscanner.info and plebnty in the list archives. > > Let us know how you go. > > > David Curtis wrote: > >>Thanks. >>I am not sure how to sa-learn in this case. We are setup as a gateway >>for an GroupWise server. >> >> >> >> >>> martinh@SOLID-STATE-LOGIC.COM 03/03 10:14 AM >>> >>David >> >>you have to teach bayes when it's wrong. (see info in sa-learn) >> >>also having alot of the rules from www.rulesemporium.com/rules.htm >> can help alot too. Drip feed >>them in and see which ones help the most. >> >>DO NOT use bigevil.cf, instead make sure the URI-RBL's are turned on, >>again these help alot. >> >> >>-- >>Martin Hepworth >>Snr Systems Administrator >>Solid State Logic >>Tel: +44 (0)1865 842300 >> >> >>David Curtis wrote: >> > Fresh install of Fedora Core 3. Postfix 2.2 Fresh install of SA >>3.0.2. > Fresh install of Razor and DCC and MailScanner 4.39.6-1. I >>followed the > MailScanner install doc. > >> > >>> martinh@SOLID-STATE-LOGIC.COM 03/03 9:41 AM >>> >> > David >> > >> > restore from an earlier version...?? You backup the thing, yes??? >> > >> > Anyway reminds us what extra rules you run like the SARE ones etc.. > > They > >> > may help. What version of SA and do you run the URI-RBL stuff? >> > >> > >> > -- >> > Martin Hepworth >> > Snr Systems Administrator >> > Solid State Logic >> > Tel: +44 (0)1865 842300 >> > >> > >> > David Curtis wrote: >> > > I think my bayes is messed up. I have several dozen e-mails that I >>think >> > > are spam. The rule for bayes_00 is letting it through. >> > > Here is the score: >> > > X-SBSD-MailScanner-SpamCheck: not spam, SpamAssassin (score=3.294, >> > > required 3.75, BAYES_00 -2.60, DCC_CHECK 2.17, DIGEST_MULTIPLE > > 0.10, > >> > > HTML_90_100 0.02, HTML_IMAGE_RATIO_02 0.02, HTML_MESSAGE 0.00, >> > > MIME_HTML_ONLY 0.18, RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK > > 1.51, > >> > > RCVD_IN_NJABL_SPAM 1.84) >> > > X-SBSD-MailScanner-SpamScore: 3 >> > > >> > > Any idea? >> > > >> > > >> > > >> > > >> > > >> > > >> > > >> > > This email may contain information protected under the Family >> > > Educational Rights and Privacy Act (FERPA) or the Health Insurance >> > > Portability and Accountability Act (HIPAA). If this email contains >> > > confidential and/or privileged health or student information and you >> > > are not entitled to access such information under FERPA or HIPAA, >> > > federal regulations require that you destroy this email without >> > > reviewing it and you may not forward it to anyone. >> > > >> > > ------------------------ MailScanner list ------------------------ >> > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> > > 'leave mailscanner' in the body of the email. >> > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> > > >> > > Support MailScanner development - buy the book off the website! >> > >> >
>/>********************************************************************** >> >
>> >
This email and any files transmitted with it are confidential and >> >
intended solely for the use of the individual or entity to whom >>they >> >
are addressed. If you have received this email in error please >>notify >> >
the system manager. >> >
>> >
This footnote confirms that this email message has been swept >> >
for the presence of computer viruses and is believed to be clean. >> >
>> >
>/>********************************************************************** >> > >> > ------------------------ MailScanner list ------------------------ >> > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> > 'leave mailscanner' in the body of the email. >> > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> > >> > Support MailScanner development - buy the book off the website! >> > >> > >> > >> > >> > >> > >> > >> > This email may contain information protected under the Family >> > Educational Rights and Privacy Act (FERPA) or the Health Insurance >> > Portability and Accountability Act (HIPAA). If this email contains >> > confidential and/or privileged health or student information and you >> > are not entitled to access such information under FERPA or HIPAA, >> > federal regulations require that you destroy this email without >> > reviewing it and you may not forward it to anyone. >> > >> > ------------------------ MailScanner list ------------------------ >> > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> > 'leave mailscanner' in the body of the email. >> > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) >> > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> > >> > *Support MailScanner development - buy the book off the website!* >> >>
>/>********************************************************************** >>
>>
This email and any files transmitted with it are confidential and >>
intended solely for the use of the individual or entity to whom they >>
are addressed. If you have received this email in error please > > notify > >>
the system manager. >>
>>
This footnote confirms that this email message has been swept >>
for the presence of computer viruses and is believed to be clean. >>
>>
> />********************************************************************** > >>------------------------ MailScanner list ------------------------ To >>unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >>mailscanner' in the body of the email. Before posting, read the MAQ >>(http://www.mailscanner.biz/maq/) and the archives >>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> >> >> >> >> >>This email may contain information protected under the Family >>Educational Rights and Privacy Act (FERPA) or the Health Insurance >>Portability and Accountability Act (HIPAA). If this email contains >>confidential and/or privileged health or student information and you >>are not entitled to access such information under FERPA or HIPAA, >>federal regulations require that you destroy this email without >>reviewing it and you may not forward it to anyone. >> >>------------------------ MailScanner list ------------------------ To >>unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >>mailscanner' in the body of the email. Before posting, read the MAQ >>(http://www.mailscanner.biz/maq/) and the archives >>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>*Support MailScanner development - buy the book off the website!* > > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > mailscanner' in the body of the email. Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jimc at LARIDIAN.COM Thu Mar 3 22:41:37 2005 From: jimc at LARIDIAN.COM (Jim Coates) Date: Thu Jan 12 21:28:49 2006 Subject: bayes 00 Message-ID: The concern with using IMAP for us is that my company's employees aren't centrally located (IE - we aren't all in the same office) and I don't trust IMAP without being part of the VPN etc. I could make everyone log in to the VPN and then copy over to IMAP, but it would cause their Outlook etc to give failure notices anytime they weren't connected to the VPN (as the IMAP accounts would not be able to be reached). We don't leave any copies of mail on the server itself once the user pulls it down, so I can't have them log back in via webmail etc to move it either. Hmmm... I'd like to hear what others are doing, as we have a couple users that in spite of the MailScanner and SpamAssassin settings, they are still getting a good deal of spam per day. Thanks, Jim Coates Laridian, Inc. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Peter Russell Sent: Thursday, March 03, 2005 4:37 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: bayes 00 YEah tghis is everyone's concern. Its been documented in the archives that most people attempt to use either an IMAP script on the mailscanner machine to pull the mail from the exchange/groupwise/domino server to an mbox/maildir and then run sa-learn on - as imap does a copy basically, rather than forwarding and destroying the original headers. Or even better is have access on your mail system so everyone can COPY into another mailbox and then run sa-learn on it. You could get bayes to ignore all the headers and just learn the content? I am not sure what everyone does about checking through all the mail to make sure the usrs ahvent put ham in the spa,m box etc Jim Coates wrote: > I've toyed with the idea of creating a mailbox for SPAM and HAM that > users can forward email into to be learned using a CRON job. > > However, I'm concerned that since they would be forwarding the email, > the headers would be incorrect (different from the original). > > Is there a way around this as it seems ideal to simply let users > forward email that they consider SPAM into some sort of account the be > learned on a CRON basis by SpamAssassin? > > Jim Coates > Laridian, Inc. > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Peter Russell > Sent: Thursday, March 03, 2005 3:20 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: bayes 00 > > > Then its really hard - unlress you archive a users or a lot of > incoming mail for a while, OR setup a mailbox to spam and ham on your > servers. Again, it will require a little planning and research. There > is a guide in the maq on www.mailscanner.info and plebnty in the list > archives. > > Let us know how you go. > > > David Curtis wrote: > >>Thanks. >>I am not sure how to sa-learn in this case. We are setup as a gateway >>for an GroupWise server. >> >> >> >> >>> martinh@SOLID-STATE-LOGIC.COM 03/03 10:14 AM >>> >>David >> >>you have to teach bayes when it's wrong. (see info in sa-learn) >> >>also having alot of the rules from www.rulesemporium.com/rules.htm >> can help alot too. Drip feed >>them in and see which ones help the most. >> >>DO NOT use bigevil.cf, instead make sure the URI-RBL's are turned on, >>again these help alot. >> >> >>-- >>Martin Hepworth >>Snr Systems Administrator >>Solid State Logic >>Tel: +44 (0)1865 842300 >> >> >>David Curtis wrote: >> > Fresh install of Fedora Core 3. Postfix 2.2 Fresh install of SA >>3.0.2. > Fresh install of Razor and DCC and MailScanner 4.39.6-1. I >>followed the > MailScanner install doc. > >> > >>> martinh@SOLID-STATE-LOGIC.COM 03/03 9:41 AM >>> >> > David >> > >> > restore from an earlier version...?? You backup the thing, yes??? >> > >> > Anyway reminds us what extra rules you run like the SARE ones etc.. > > They > >> > may help. What version of SA and do you run the URI-RBL stuff? >> > >> > >> > -- >> > Martin Hepworth >> > Snr Systems Administrator >> > Solid State Logic >> > Tel: +44 (0)1865 842300 >> > >> > >> > David Curtis wrote: >> > > I think my bayes is messed up. I have several dozen e-mails that >> > I >>think >> > > are spam. The rule for bayes_00 is letting it through. > Here >> > is the score: > X-SBSD-MailScanner-SpamCheck: not spam, >> > SpamAssassin (score=3.294, > required 3.75, BAYES_00 -2.60, >> > DCC_CHECK 2.17, DIGEST_MULTIPLE > > 0.10, > >> > > HTML_90_100 0.02, HTML_IMAGE_RATIO_02 0.02, HTML_MESSAGE 0.00, >> > > MIME_HTML_ONLY 0.18, RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK > > 1.51, > >> > > RCVD_IN_NJABL_SPAM 1.84) >> > > X-SBSD-MailScanner-SpamScore: 3 >> > > >> > > Any idea? >> > > >> > > >> > > >> > > >> > > >> > > >> > > >> > > This email may contain information protected under the Family > >> > Educational Rights and Privacy Act (FERPA) or the Health Insurance >> > > Portability and Accountability Act (HIPAA). If this email >> > contains > confidential and/or privileged health or student >> > information and you > are not entitled to access such information >> > under FERPA or HIPAA, > federal regulations require that you >> > destroy this email without > reviewing it and you may not forward >> > it to anyone. > > ------------------------ MailScanner list >> > ------------------------ > To unsubscribe, email >> > jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in >> > the body of the email. > Before posting, read the MAQ >> > (http://www.mailscanner.biz/maq/) and > the archives >> > (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> > > >> > > Support MailScanner development - buy the book off the website! >> > >> >
>/>******************************************************************** >>** >> >
>> >
This email and any files transmitted with it are confidential >> > and
intended solely for the use of the individual or entity >> > to whom >>they >> >
are addressed. If you have received this email in error >> > please >>notify >> >
the system manager. >> >
>> >
This footnote confirms that this email message has been swept >> >
for the presence of computer viruses and is believed to be >> > clean.

>/>******************************************************************** >>** >> > >> > ------------------------ MailScanner list ------------------------ >> > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> > 'leave mailscanner' in the body of the email. Before posting, read >> > the MAQ (http://www.mailscanner.biz/maq/) and the archives >> > (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> > >> > Support MailScanner development - buy the book off the website! >> > >> > >> > >> > >> > >> > >> > >> > This email may contain information protected under the Family >> > Educational Rights and Privacy Act (FERPA) or the Health Insurance >> > Portability and Accountability Act (HIPAA). If this email contains >> > confidential and/or privileged health or student information and >> > you are not entitled to access such information under FERPA or >> > HIPAA, federal regulations require that you destroy this email >> > without reviewing it and you may not forward it to anyone. >> > >> > ------------------------ MailScanner list ------------------------ >> > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> > 'leave mailscanner' in the body of the email. Before posting, read >> > the MAQ (http://www.mailscanner.biz/maq/) and the archives >> > (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> > >> > *Support MailScanner development - buy the book off the website!* >> >>
>/>******************************************************************** >>** >>
>>
This email and any files transmitted with it are confidential and >>
intended solely for the use of the individual or entity to whom they >>
are addressed. If you have received this email in error please > > notify > >>
the system manager. >>
>>
This footnote confirms that this email message has been swept >>
for the presence of computer viruses and is believed to be >>clean.

> />******************************************************************** > ** > >>------------------------ MailScanner list ------------------------ To >>unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >>mailscanner' in the body of the email. Before posting, read the MAQ >>(http://www.mailscanner.biz/maq/) and the archives >>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> >> >> >> >> >>This email may contain information protected under the Family >>Educational Rights and Privacy Act (FERPA) or the Health Insurance >>Portability and Accountability Act (HIPAA). If this email contains >>confidential and/or privileged health or student information and you >>are not entitled to access such information under FERPA or HIPAA, >>federal regulations require that you destroy this email without >>reviewing it and you may not forward it to anyone. >> >>------------------------ MailScanner list ------------------------ To >>unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >>mailscanner' in the body of the email. Before posting, read the MAQ >>(http://www.mailscanner.biz/maq/) and the archives >>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>*Support MailScanner development - buy the book off the website!* > > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > mailscanner' in the body of the email. Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > mailscanner' in the body of the email. Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Thu Mar 3 22:45:44 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:28:49 2006 Subject: OT - Clamav question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Perfect!!!! Thanks so much. Scott Silva wrote: > Pete Russell wrote: > >>I would like to try and get it to handle Bitdefender. only need to >>modify ONE (or maybe 2) line of code from what i can see. >> >>The output and string values for Bitdefender. ANy idea whgat they might be? >> >># Scanner Strings >>my %Scanners = ( >> bitdefender => { >> Output => '/(.+) Found virus (.*)', >> String => '/(.+) Found virus (.*)\'}, >> sophos => { >> Output => '>>> Virus', >> String => '>>> Virus \'(.*)\''}, >> sophossavi => { >> Output => 'INFECTED::', >> String => 'INFECTED:: (.*)::'}, >> inoculan => { >> Output => 'was infected by virus', >> String => 'was infected by virus \[(.*)\]'}, >> clamav => { >> Output => 'FOUND', >> String => ':.* (.*) FOUND'}, >> command => { >> Output => 'Infection:', >> String => 'Infection: (.*)'}, >> "f-prot" => { >> Output => 'Infection:', >> String => 'Infection: (.*)'}, >> mcafee => { >> Output => 'Found the', > > > Maybe start with this; > bitdefender=> { > Output => '\/.*infected:', > String => '\/.*infected: (.*)' }, > > Might take some playing, but this is out of Vispan. I had to give credit > where credit is due! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Thu Mar 3 22:57:10 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:28:49 2006 Subject: bayes 00 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] umm maybe you should be thinking about bayes and spam assassin setting son your server. Most folks dont get many spams thorugh on a well tuned gateway. Then once you are sure you ahve done everything you can move onto catching and learning from the users? The outlook bit has been discussed many times in the archives. Jim Coates wrote: > The concern with using IMAP for us is that my company's employees aren't > centrally located (IE - we aren't all in the same office) and I don't trust > IMAP without being part of the VPN etc. > > I could make everyone log in to the VPN and then copy over to IMAP, but it > would cause their Outlook etc to give failure notices anytime they weren't > connected to the VPN (as the IMAP accounts would not be able to be reached). > > We don't leave any copies of mail on the server itself once the user pulls > it down, so I can't have them log back in via webmail etc to move it either. > > Hmmm... > > I'd like to hear what others are doing, as we have a couple users that in > spite of the MailScanner and SpamAssassin settings, they are still getting a > good deal of spam per day. > > Thanks, > Jim Coates > Laridian, Inc. > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf > Of Peter Russell > Sent: Thursday, March 03, 2005 4:37 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: bayes 00 > > > YEah tghis is everyone's concern. Its been documented in the archives that > most people attempt to use either an IMAP script on the mailscanner machine > to pull the mail from the exchange/groupwise/domino server to an > mbox/maildir and then run sa-learn on - as imap does a copy basically, > rather than forwarding and destroying the original headers. > > Or even better is have access on your mail system so everyone can COPY into > another mailbox and then run sa-learn on it. > > You could get bayes to ignore all the headers and just learn the content? > > I am not sure what everyone does about checking through all the mail to make > sure the usrs ahvent put ham in the spa,m box etc > > > Jim Coates wrote: > >>I've toyed with the idea of creating a mailbox for SPAM and HAM that >>users can forward email into to be learned using a CRON job. >> >>However, I'm concerned that since they would be forwarding the email, >>the headers would be incorrect (different from the original). >> >>Is there a way around this as it seems ideal to simply let users >>forward email that they consider SPAM into some sort of account the be >>learned on a CRON basis by SpamAssassin? >> >>Jim Coates >>Laridian, Inc. >> >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>Behalf Of Peter Russell >>Sent: Thursday, March 03, 2005 3:20 PM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: bayes 00 >> >> >>Then its really hard - unlress you archive a users or a lot of >>incoming mail for a while, OR setup a mailbox to spam and ham on your >>servers. Again, it will require a little planning and research. There >>is a guide in the maq on www.mailscanner.info and plebnty in the list >>archives. >> >>Let us know how you go. >> >> >>David Curtis wrote: >> >> >>>Thanks. >>>I am not sure how to sa-learn in this case. We are setup as a gateway >>>for an GroupWise server. >>> >>> >>> >>> >>>>>>martinh@SOLID-STATE-LOGIC.COM 03/03 10:14 AM >>> >>> >>>David >>> >>>you have to teach bayes when it's wrong. (see info in sa-learn) >>> >>>also having alot of the rules from www.rulesemporium.com/rules.htm >>> can help alot too. Drip feed >>>them in and see which ones help the most. >>> >>>DO NOT use bigevil.cf, instead make sure the URI-RBL's are turned on, >>>again these help alot. >>> >>> >>>-- >>>Martin Hepworth >>>Snr Systems Administrator >>>Solid State Logic >>>Tel: +44 (0)1865 842300 >>> >>> >>>David Curtis wrote: >>> >>>>Fresh install of Fedora Core 3. Postfix 2.2 Fresh install of SA >>> >>>3.0.2. > Fresh install of Razor and DCC and MailScanner 4.39.6-1. I >>>followed the > MailScanner install doc. > >>> >>>> >>> martinh@SOLID-STATE-LOGIC.COM 03/03 9:41 AM >>> >>>>David >>>> >>>>restore from an earlier version...?? You backup the thing, yes??? >>>> >>>>Anyway reminds us what extra rules you run like the SARE ones etc.. >> >>They >> >> >>>>may help. What version of SA and do you run the URI-RBL stuff? >>>> >>>> >>>>-- >>>>Martin Hepworth >>>>Snr Systems Administrator >>>>Solid State Logic >>>>Tel: +44 (0)1865 842300 >>>> >>>> >>>>David Curtis wrote: >>>> > I think my bayes is messed up. I have several dozen e-mails that >>>>I >>> >>>think >>> >>>> > are spam. The rule for bayes_00 is letting it through. > Here >>>>is the score: > X-SBSD-MailScanner-SpamCheck: not spam, >>>>SpamAssassin (score=3.294, > required 3.75, BAYES_00 -2.60, >>>>DCC_CHECK 2.17, DIGEST_MULTIPLE >> >>0.10, >> >> >>>> > HTML_90_100 0.02, HTML_IMAGE_RATIO_02 0.02, HTML_MESSAGE 0.00, >>>> >>>>> MIME_HTML_ONLY 0.18, RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK >> >>1.51, >> >> >>>> > RCVD_IN_NJABL_SPAM 1.84) >>>> > X-SBSD-MailScanner-SpamScore: 3 >>>> > >>>> > Any idea? >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > This email may contain information protected under the Family > >>>>Educational Rights and Privacy Act (FERPA) or the Health Insurance >>>> >>>>>Portability and Accountability Act (HIPAA). If this email >>>> >>>>contains > confidential and/or privileged health or student >>>>information and you > are not entitled to access such information >>>>under FERPA or HIPAA, > federal regulations require that you >>>>destroy this email without > reviewing it and you may not forward >>>>it to anyone. > > ------------------------ MailScanner list >>>>------------------------ > To unsubscribe, email >>>>jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in >>>>the body of the email. > Before posting, read the MAQ >>>>(http://www.mailscanner.biz/maq/) and > the archives >>>>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> > >>>> > Support MailScanner development - buy the book off the website! >>>> >>>>
>> >>>/>******************************************************************** >>>** >>> >>>>
>>>>
This email and any files transmitted with it are confidential >>>>and
intended solely for the use of the individual or entity >>>>to whom >>> >>>they >>> >>>>
are addressed. If you have received this email in error >>>>please >>> >>>notify >>> >>>>
the system manager. >>>>
>>>>
This footnote confirms that this email message has been swept >>>>
for the presence of computer viruses and is believed to be >>>>clean.

>> >>>/>******************************************************************** >>>** >>> >>>>------------------------ MailScanner list ------------------------ >>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>'leave mailscanner' in the body of the email. Before posting, read >>>>the MAQ (http://www.mailscanner.biz/maq/) and the archives >>>>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>>Support MailScanner development - buy the book off the website! >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>>This email may contain information protected under the Family >>>>Educational Rights and Privacy Act (FERPA) or the Health Insurance >>>>Portability and Accountability Act (HIPAA). If this email contains >>>>confidential and/or privileged health or student information and >>>>you are not entitled to access such information under FERPA or >>>>HIPAA, federal regulations require that you destroy this email >>>>without reviewing it and you may not forward it to anyone. >>>> >>>>------------------------ MailScanner list ------------------------ >>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>'leave mailscanner' in the body of the email. Before posting, read >>>>the MAQ (http://www.mailscanner.biz/maq/) and the archives >>>>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>>*Support MailScanner development - buy the book off the website!* >>> >>>
>>/>******************************************************************** >>>** >>>
>>>
This email and any files transmitted with it are confidential and >>>
intended solely for the use of the individual or entity to whom they >>>
are addressed. If you have received this email in error please >> >>notify >> >> >>>
the system manager. >>>
>>>
This footnote confirms that this email message has been swept >>>
for the presence of computer viruses and is believed to be >>>clean.

> >>/>******************************************************************** >>** >> >> >>>------------------------ MailScanner list ------------------------ To >>>unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >>>mailscanner' in the body of the email. Before posting, read the MAQ >>>(http://www.mailscanner.biz/maq/) and the archives >>>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>Support MailScanner development - buy the book off the website! >>> >>> >>> >>> >>> >>> >>> >>>This email may contain information protected under the Family >>>Educational Rights and Privacy Act (FERPA) or the Health Insurance >>>Portability and Accountability Act (HIPAA). If this email contains >>>confidential and/or privileged health or student information and you >>>are not entitled to access such information under FERPA or HIPAA, >>>federal regulations require that you destroy this email without >>>reviewing it and you may not forward it to anyone. >>> >>>------------------------ MailScanner list ------------------------ To >>>unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >>>mailscanner' in the body of the email. Before posting, read the MAQ >>>(http://www.mailscanner.biz/maq/) and the archives >>>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>*Support MailScanner development - buy the book off the website!* >> >> >>------------------------ MailScanner list ------------------------ To >>unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >>mailscanner' in the body of the email. Before posting, read the MAQ >>(http://www.mailscanner.biz/maq/) and the archives >>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >>------------------------ MailScanner list ------------------------ To >>unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >>mailscanner' in the body of the email. Before posting, read the MAQ >>(http://www.mailscanner.biz/maq/) and the archives >>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> > > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > mailscanner' in the body of the email. Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jimc at LARIDIAN.COM Thu Mar 3 23:28:16 2005 From: jimc at LARIDIAN.COM (Jim Coates) Date: Thu Jan 12 21:28:49 2006 Subject: bayes 00 Message-ID: I will take a look at the archives. I think my settings on bayes and SpamAssassin are decent, as there really are only a couple users that are getting much of anything. Thanks, Jim -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Peter Russell Sent: Thursday, March 03, 2005 4:57 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: bayes 00 umm maybe you should be thinking about bayes and spam assassin setting son your server. Most folks dont get many spams thorugh on a well tuned gateway. Then once you are sure you ahve done everything you can move onto catching and learning from the users? The outlook bit has been discussed many times in the archives. Jim Coates wrote: > The concern with using IMAP for us is that my company's employees > aren't centrally located (IE - we aren't all in the same office) and I > don't trust IMAP without being part of the VPN etc. > > I could make everyone log in to the VPN and then copy over to IMAP, > but it would cause their Outlook etc to give failure notices anytime > they weren't connected to the VPN (as the IMAP accounts would not be > able to be reached). > > We don't leave any copies of mail on the server itself once the user > pulls it down, so I can't have them log back in via webmail etc to > move it either. > > Hmmm... > > I'd like to hear what others are doing, as we have a couple users that > in spite of the MailScanner and SpamAssassin settings, they are still > getting a good deal of spam per day. > > Thanks, > Jim Coates > Laridian, Inc. > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Peter Russell > Sent: Thursday, March 03, 2005 4:37 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: bayes 00 > > > YEah tghis is everyone's concern. Its been documented in the archives > that most people attempt to use either an IMAP script on the > mailscanner machine to pull the mail from the > exchange/groupwise/domino server to an mbox/maildir and then run > sa-learn on - as imap does a copy basically, rather than forwarding > and destroying the original headers. > > Or even better is have access on your mail system so everyone can COPY > into another mailbox and then run sa-learn on it. > > You could get bayes to ignore all the headers and just learn the > content? > > I am not sure what everyone does about checking through all the mail > to make sure the usrs ahvent put ham in the spa,m box etc > > > Jim Coates wrote: > >>I've toyed with the idea of creating a mailbox for SPAM and HAM that >>users can forward email into to be learned using a CRON job. >> >>However, I'm concerned that since they would be forwarding the email, >>the headers would be incorrect (different from the original). >> >>Is there a way around this as it seems ideal to simply let users >>forward email that they consider SPAM into some sort of account the be >>learned on a CRON basis by SpamAssassin? >> >>Jim Coates >>Laridian, Inc. >> >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>Behalf Of Peter Russell >>Sent: Thursday, March 03, 2005 3:20 PM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: bayes 00 >> >> >>Then its really hard - unlress you archive a users or a lot of >>incoming mail for a while, OR setup a mailbox to spam and ham on your >>servers. Again, it will require a little planning and research. There >>is a guide in the maq on www.mailscanner.info and plebnty in the list >>archives. >> >>Let us know how you go. >> >> >>David Curtis wrote: >> >> >>>Thanks. >>>I am not sure how to sa-learn in this case. We are setup as a gateway >>>for an GroupWise server. >>> >>> >>> >>> >>>>>>martinh@SOLID-STATE-LOGIC.COM 03/03 10:14 AM >>> >>> >>>David >>> >>>you have to teach bayes when it's wrong. (see info in sa-learn) >>> >>>also having alot of the rules from www.rulesemporium.com/rules.htm >>> can help alot too. Drip feed >>>them in and see which ones help the most. >>> >>>DO NOT use bigevil.cf, instead make sure the URI-RBL's are turned on, >>>again these help alot. >>> >>> >>>-- >>>Martin Hepworth >>>Snr Systems Administrator >>>Solid State Logic >>>Tel: +44 (0)1865 842300 >>> >>> >>>David Curtis wrote: >>> >>>>Fresh install of Fedora Core 3. Postfix 2.2 Fresh install of SA >>> >>>3.0.2. > Fresh install of Razor and DCC and MailScanner 4.39.6-1. I >>>followed the > MailScanner install doc. > >>> >>>> >>> martinh@SOLID-STATE-LOGIC.COM 03/03 9:41 AM >>> >>>>David >>>> >>>>restore from an earlier version...?? You backup the thing, yes??? >>>> >>>>Anyway reminds us what extra rules you run like the SARE ones etc.. >> >>They >> >> >>>>may help. What version of SA and do you run the URI-RBL stuff? >>>> >>>> >>>>-- >>>>Martin Hepworth >>>>Snr Systems Administrator >>>>Solid State Logic >>>>Tel: +44 (0)1865 842300 >>>> >>>> >>>>David Curtis wrote: >>>> > I think my bayes is messed up. I have several dozen e-mails that >>>>I >>> >>>think >>> >>>> > are spam. The rule for bayes_00 is letting it through. > Here >>>>is the score: > X-SBSD-MailScanner-SpamCheck: not spam, >>>>SpamAssassin (score=3.294, > required 3.75, BAYES_00 -2.60, >>>>DCC_CHECK 2.17, DIGEST_MULTIPLE >> >>0.10, >> >> >>>> > HTML_90_100 0.02, HTML_IMAGE_RATIO_02 0.02, HTML_MESSAGE 0.00, >>>> >>>>> MIME_HTML_ONLY 0.18, RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK >> >>1.51, >> >> >>>> > RCVD_IN_NJABL_SPAM 1.84) >>>> > X-SBSD-MailScanner-SpamScore: 3 >>>> > >>>> > Any idea? >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > This email may contain information protected under the Family > >>>>Educational Rights and Privacy Act (FERPA) or the Health Insurance >>>> >>>>>Portability and Accountability Act (HIPAA). If this email >>>> >>>>contains > confidential and/or privileged health or student >>>>information and you > are not entitled to access such information >>>>under FERPA or HIPAA, > federal regulations require that you >>>>destroy this email without > reviewing it and you may not forward >>>>it to anyone. > > ------------------------ MailScanner list >>>>------------------------ > To unsubscribe, email >>>>jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in >>>>the body of the email. > Before posting, read the MAQ >>>>(http://www.mailscanner.biz/maq/) and > the archives >>>>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> > >>>> > Support MailScanner development - buy the book off the website! >>>> >>>>
>> >>>/>******************************************************************* >>>* >>>** >>> >>>>
>>>>
This email and any files transmitted with it are confidential >>>>and
intended solely for the use of the individual or entity to >>>>whom >>> >>>they >>> >>>>
are addressed. If you have received this email in error please >>> >>>notify >>> >>>>
the system manager. >>>>
>>>>
This footnote confirms that this email message has been swept >>>>
for the presence of computer viruses and is believed to be >>>>clean.

>> >>>/>******************************************************************* >>>* >>>** >>> >>>>------------------------ MailScanner list ------------------------ >>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >>>>mailscanner' in the body of the email. Before posting, read the MAQ >>>>(http://www.mailscanner.biz/maq/) and the archives >>>>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>>Support MailScanner development - buy the book off the website! >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>>This email may contain information protected under the Family >>>>Educational Rights and Privacy Act (FERPA) or the Health Insurance >>>>Portability and Accountability Act (HIPAA). If this email contains >>>>confidential and/or privileged health or student information and you >>>>are not entitled to access such information under FERPA or HIPAA, >>>>federal regulations require that you destroy this email without >>>>reviewing it and you may not forward it to anyone. >>>> >>>>------------------------ MailScanner list ------------------------ >>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >>>>mailscanner' in the body of the email. Before posting, read the MAQ >>>>(http://www.mailscanner.biz/maq/) and the archives >>>>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>>*Support MailScanner development - buy the book off the website!* >>> >>>
>>/>******************************************************************* >>>* >>>** >>>
>>>
This email and any files transmitted with it are confidential and >>>
intended solely for the use of the individual or entity to whom they >>>
are addressed. If you have received this email in error please >> >>notify >> >> >>>
the system manager. >>>
>>>
This footnote confirms that this email message has been swept >>>
for the presence of computer viruses and is believed to be >>>clean.

> >>/>******************************************************************** >>** >> >> >>>------------------------ MailScanner list ------------------------ To >>>unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >>>mailscanner' in the body of the email. Before posting, read the MAQ >>>(http://www.mailscanner.biz/maq/) and the archives >>>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>Support MailScanner development - buy the book off the website! >>> >>> >>> >>> >>> >>> >>> >>>This email may contain information protected under the Family >>>Educational Rights and Privacy Act (FERPA) or the Health Insurance >>>Portability and Accountability Act (HIPAA). If this email contains >>>confidential and/or privileged health or student information and you >>>are not entitled to access such information under FERPA or HIPAA, >>>federal regulations require that you destroy this email without >>>reviewing it and you may not forward it to anyone. >>> >>>------------------------ MailScanner list ------------------------ To >>>unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >>>mailscanner' in the body of the email. Before posting, read the MAQ >>>(http://www.mailscanner.biz/maq/) and the archives >>>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>*Support MailScanner development - buy the book off the website!* >> >> >>------------------------ MailScanner list ------------------------ To >>unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >>mailscanner' in the body of the email. Before posting, read the MAQ >>(http://www.mailscanner.biz/maq/) and the archives >>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >>------------------------ MailScanner list ------------------------ To >>unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >>mailscanner' in the body of the email. Before posting, read the MAQ >>(http://www.mailscanner.biz/maq/) and the archives >>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> > > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > mailscanner' in the body of the email. Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > mailscanner' in the body of the email. Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu Mar 3 23:47:43 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:28:49 2006 Subject: OT - Clamav question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Scott Silva wrote: > Pete Russell wrote: > >>I would like to try and get it to handle Bitdefender. only need to >>modify ONE (or maybe 2) line of code from what i can see. >> >>The output and string values for Bitdefender. ANy idea whgat they might be? >> >># Scanner Strings >>my %Scanners = ( >> bitdefender => { >> Output => '/(.+) Found virus (.*)', >> String => '/(.+) Found virus (.*)\'}, >> sophos => { >> Output => '>>> Virus', >> String => '>>> Virus \'(.*)\''}, >> sophossavi => { >> Output => 'INFECTED::', >> String => 'INFECTED:: (.*)::'}, >> inoculan => { >> Output => 'was infected by virus', >> String => 'was infected by virus \[(.*)\]'}, >> clamav => { >> Output => 'FOUND', >> String => ':.* (.*) FOUND'}, >> command => { >> Output => 'Infection:', >> String => 'Infection: (.*)'}, >> "f-prot" => { >> Output => 'Infection:', >> String => 'Infection: (.*)'}, >> mcafee => { >> Output => 'Found the', > > > Maybe start with this; > bitdefender=> { > Output => '\/.*infected:', > String => '\/.*infected: (.*)' }, > > Might take some playing, but this is out of Vispan. I had to give credit > where credit is due! > As a matter of fact, try this one as I got it working today; I will have to send a diff to the writer -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2: "Attached Text" ] #!/usr/bin/perl -w # # vnames.pl [-v] Version 2.1.2 - 4/5/2004 # ---------------------------------------------------------------------------- # Print a report of all the e-mail viruses received today. # # Contributors v.2.x.x: # McAfee French, Text Formatting - Denis Beauchemin (Denis.Beauchemin@USherbrooke.ca) # H+BEDV AntiVir Support - Wolfgang Bönschen (wolfgang@antares.de) # McAfee virus|trojan fix - James Gray (james@grayonline.id.au) # BitDefender support - Scott Silva (ssilva@sgvwater.com) # Refined & Expanded Scanners - Joshua Hirsh (joshua.hirsh@partnersolutions.ca) # originally from David While's MailStats.pl script: (http://staff.cie.uce.ac.uk/~id001869/mailstats/). # Panda support - Pedro Rosa (Pedro.Rosa@SA.FC.UL.PT) # # Contributors v.1.x.x: # Sophos Support - Aaron Seelye (aseelye-lists@eltopia.com) # F-Prot Support - jburzenski (jburzenski@americanhm.com) # # Copyright, (c) 2003-2004, Corey S. McFadden & Associates (contact@csma.biz) # www.csma.biz # By postal mail: # McFadden Associates # PO Box 20665 # Lehigh Valley, PA 18002 # U.S.A. # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # Definable Vars $Scanner = "mcafee,clamav,bitdefender"; # comma sep: sophos,sophossavi,inoculan,clamav,command,f-prot, # mcafee,mcafee_fr,fsecure,panda,antivir,bitdefender $HTML = "yes"; # yes|no (no=text only) $Sort = "count"; #count|name (count=ascending) $MailLogFile = "/var/log/maillog"; $SendMail = "/usr/sbin/sendmail"; $StatsFile = "/root/virus.log"; # Scanner Strings my %Scanners = ( sophos => { Output => '>>> Virus', String => '>>> Virus \'(.*)\''}, sophossavi => { Output => 'INFECTED::', String => 'INFECTED:: (.*)::'}, inoculan => { Output => 'was infected by virus', String => 'was infected by virus \[(.*)\]'}, clamav => { Output => 'FOUND', String => ':.* (.*) FOUND'}, command => { Output => 'Infection:', String => 'Infection: (.*)'}, "f-prot" => { Output => 'Infection:', String => 'Infection: (.*)'}, mcafee => { Output => 'Found the', String => 'Found the (.*) (virus|trojan) !!!'}, mcafee_fr => { Output => 'contient le', String => 'contient le (?:virus|ver|cheval de Troie) (.*) !!!'}, fsecure => { Output => '.*Infection: (.*)', String => '.*Infection: (.*)'}, panda => { Output => 'Virus: (.*)', String => '.* => (.*)##'}, antivir => { Output => 'ALERT: (.*)', String => 'ALERT: \[(.*)\]'}, bitdefender => { Output => '\/.*infected:', String => '\/.*infected: (.*)'}, ); my %ScannerText = ( sophos => "Sophos SAV", sophossavi => "Sophos SAVI", inoculan => "Inoculan", clamav => "ClamAV", command => "Command", "f-prot" => "F-Prot", mcafee => "McAfee", mcafee_fr => "McAfee (with French messages)", fsecure => "FSecure", panda => "Panda Antivirus", antivir => "H+BEDV AntiVir", bitdefender =>"BitDefender Antivirus" ); # Internal Vars $EmailTo = $ARGV[0]; if ($EmailTo eq "") { print "\tUsage: vnames.pl [-v] \n"; exit 1; } if ($EmailTo eq "-v") { print "\n"; print "\tvnames.pl - MailScanner Virus Filter Report.\n"; print "\t Version 2.1.2, released 4/5/2004.\n"; print "\t http://web.csma.biz/apps/vnames.shtml\n\n"; print "\tScanners supported:\n"; foreach $in(sort(keys %ScannerText)) { printf "\t %-12s %-20s\n", $in, $ScannerText{$in}; } print "\n"; exit 0; } @UseScanners = split(/,/,$Scanner); $now_date = localtime(time); @TIM = split(/\ /,$now_date); # Check this $AnsiDate = ""; # # Program Main # &parse_date; open (SENDMAIL,"|$SendMail $EmailTo") or die "Cannot open $SendMail."; &print_header; foreach $in(@UseScanners) { &init_vars; &print_sectionheader($in); &check_log($in); &print_sortedresults; &print_sectionfooter; } &print_footer; close SENDMAIL; #&write_stats; # # Program Subroutines # sub init_vars { %Seen = (); @SortedList = (); @Names1 = (); $count = 0; } sub print_header { # Print e-mail header my $myhostname = (`hostname`); $myhostname =~ s/\n//g; print SENDMAIL "Reply-to: root\@$myhostname\n"; print SENDMAIL "Subject: E-Mail Viruses ($TIM[0]) - $myhostname\n"; print SENDMAIL "To: $EmailTo\n"; if ($HTML eq "yes") { print SENDMAIL "Content-type: text/html\;\n\n"; print SENDMAIL "\n"; } else { print SENDMAIL "\n"; } } sub print_sectionheader { # Start each scanner block # Current scanner name must be supplied my $currentscanner = $_[0]; if ($HTML eq "yes") { print SENDMAIL "

\n"; print SENDMAIL "Viruses found by MailScanner \&\; $ScannerText{$currentscanner} today:\n"; } else { print SENDMAIL "Viruses found by MailScanner \& $ScannerText{$currentscanner} today:\n"; } } sub print_sectionfooter { if ($HTML eq "yes") { print SENDMAIL "


"; } else { print SENDMAIL "\n\n"; } } sub check_log { # Current scanner name must be supplied my $currentscanner = $_[0]; my $ThisScanner = $Scanners{$currentscanner}; open (MAILLOG,$MailLogFile); while ($cline = ) { $cline =~ s/\n//g; if ($cline =~ "$TIM[1] $TIM[2]") { if ($cline =~ /$ThisScanner->{Output}/) { ($vname) = ($cline =~ /$ThisScanner->{String}/); $count = ($count + 1); $vname =~ s/\ //g; $vname =~ s/\n//g; push @Names1,"$vname"; } } } close MAILLOG; } sub print_sortedresults { # Take the resulting array, Names1, and sort with a count. my @UniqueList = (); foreach $in(@Names1) { push (@UniqueList,$in) unless ($Seen{$in}); $Seen{$in}++; } @SortedList = sort(@UniqueList); if ($HTML eq "yes") { # HTML output print SENDMAIL "\n"; if ($Sort eq "count") { # Sorted by count foreach $in(sort { $Seen{$b} <=> $Seen{$a} } keys %Seen) { # print SENDMAIL "\n"; print SENDMAIL "\n"; } } else { # Sorted by name foreach $in(@SortedList) { print SENDMAIL "\n"; } } print SENDMAIL "
\ \ $in\ \  $Seen{$in}
\ \ $in$Seen{$in}
\ \ $in$Seen{$in}
\n"; } else { # Text output if ($Sort eq "count") { # Sorted by count foreach $in(sort { $Seen{$b} <=> $Seen{$a} } keys %Seen) { printf SENDMAIL " - %-28s %7d\n", $in, $Seen{$in}; } } else { # Sorted by name foreach $in(@SortedList) { printf SENDMAIL " - %-28s %7d\n", $in, $Seen{$in}; } } } if ($count eq 0) { print SENDMAIL "None.\n"; } else { print SENDMAIL "A total of $count viruses were found and filtered.\n"; } } sub print_footer { if ($HTML eq "yes") { print SENDMAIL "\n"; } else { print SENDMAIL "\n"; } } sub write_stats { # Write CSV Stats for Excel graphs and whatnot open (STAT, ">>$StatsFile"); foreach $in(@SortedList) { print STAT "$AnsiDate,$in,$Seen{$in}\n"; } close STAT; } sub parse_date { my $date=localtime(); my ($day, $month, $num, $time, $year) = split(/\s+/,$date); if ($month eq "Jan") { $month = "1"; } if ($month eq "Feb") { $month = "2"; } if ($month eq "Mar") { $month = "3"; } if ($month eq "Apr") { $month = "4"; } if ($month eq "May") { $month = "5"; } if ($month eq "Jun") { $month = "6"; } if ($month eq "Jul") { $month = "7"; } if ($month eq "Aug") { $month = "8"; } if ($month eq "Sep") { $month = "9"; } if ($month eq "Oct") { $month = "10"; } if ($month eq "Nov") { $month = "11"; } if ($month eq "Dec") { $month = "12"; } $month = int($month); $num = int($num); if ($month < 10) { $fmonth = "0$month"; } else { $fmonth = "$month"; }; if ($num < 10) { $fnum = "0$num"; } else { $fnum = "$num"; }; $AnsiDate = "$year-$fmonth-$fnum"; } exit 0; ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Fri Mar 4 00:42:07 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:28:49 2006 Subject: Razor-agent.log - how? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have been pulling my hair out trying to force the razor to stop logging in my hold dir for postfix. MailScanner run ass the user postfix. I have the following set. 1. Output from sa --lint test Razor-Log: Computed razorhome from env: /var/www/.razor Razor-Log: Found razorhome: /var/www/.razor Razor-Log: read_file: 16 items read from /var/www/.razor/razor-agent.conf Mar 04 11:29:16.839322 check[22261]: [ 5] computed razorhome=/var/www/.razor, conf=/var/www/.razor/razor-agent.conf, ident=/var/www/.razor/identity everything else is successful. 2. [root@car-mbus-sw1 ~]# ls -al /var/www/.razor/ total 40 drwxrwxrwx 2 postfix apache 4096 Mar 4 11:32 . drwxr-xr-x 9 root root 4096 Mar 4 11:06 .. -rwxrwxrwx 1 postfix apache 719 Mar 4 11:32 razor-agent.conf -rwxrwxrwx 1 postfix apache 357 Mar 4 11:26 razor-agent.log -rwxrwxrwx 1 postfix apache 429 Mar 4 11:26 server.folly.cloudmark.com.conf -rwxrwxrwx 1 postfix apache 62 Mar 4 11:26 servers.catalogue.lst -rwxrwxrwx 1 postfix apache 0 Mar 4 11:28 servers.catalogue.lst.lock -rwxrwxrwx 1 postfix apache 14 Mar 4 11:26 servers.discovery.lst -rwxrwxrwx 1 postfix apache 38 Mar 4 11:26 servers.nomination.lst -rwxrwxrwx 1 postfix apache 0 Mar 4 11:28 servers.nomination.lst.lock -rwxrwxrwx 1 postfix apache 537 Mar 4 11:28 server.tension.cloudmark.com.conf 3. contents of raz-agent.conf debuglevel = 0 identity = identity ignorelist = 0 listfile_catalogue = servers.catalogue.lst listfile_discovery = servers.discovery.lst listfile_nomination = servers.nomination.lst logfile = /dev/null logic_method = 4 min_cf = ac razorzone = razor2.cloudmark.com What else do i need to do to force this buggar of thing to stop logging to my postfix/hold dir? Thanks in advance for ANY tips Pete ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Fri Mar 4 01:26:55 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:28:49 2006 Subject: Unrar Patches Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian, I have attached the two patches needed to do the unrar handling. I have tested them with various rar files and forced time outs and everything seems fine. Hopefully I have them commented well enough for you to "get them" without wondering why this or that was done. They also include the code for handling the duplicate filename problem but that code is noted and commented out. I also took the liberty of moving that annoying "RAR Module failure" message into the info section of the parseclamavmodule section (since about every rar close to modern is going to cause it). There is a line (95) in the Message.pm.diff file that had me puzzled because it was in the patch I sent last year that allowed the reports to separate the problems in the report.txt. I noticed the items were still in languages.txt but I am not sure if you did something else with the code so if that shouldn't be there now please comment it out or remove it. There are also a couple of changes to the SafePipe sub, I noticed while running in debug that an error popped up regarding SIGALARM not being a valid parameter so I added "use POSIX qw(:signal_h);" just before the eval. I also open STDIN to /dev/null in the child before the exec. Leaving STDIN alone did cause problems in certain cases and might have something to do with the Solaris problem you noted, I can't test that. Last odd thing I noted, while running in debug mode, is a bunch of " uninitialized value" errors that revolved around the use of f-prot version checking, every instance of $tnefname = $message->{entity2file}{$message->{tnefentity}} and $top->head->mime_attr('content-disposition'). I fixed them while I was testing but removed the fixes before creating the diff files. I don't know if you noticed them or not but they occurred with every test message I sent that had an attachment. I doubt that they are causing any problems, just extra noise when you are debugging. Thanks Rick Cooper -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/X-GZIP 8KB. ] [ Unable to print this part. ] From eneal at dfi-intl.com Fri Mar 4 00:00:00 2005 From: eneal at dfi-intl.com (Errol Uriel Neal Jr.) Date: Thu Jan 12 21:28:49 2006 Subject: Razor-agent.log - how? Message-ID: This can be controlled by setting the razor home in your sa config file. But this needs to coincide with the location you created your razor configs in. Run razor-admin --create with the switch that controlls its home then edit the razor confi file and your sa config file. I may not be giving the directions in the right order, but its all there. If you don't get it right, or if no one else responds before I get to my servers, then ill correct myself where needed. Errol -----Original Message----- From: Peter Russell Date: Fri, 4 Mar 2005 11:42:07 To:MAILSCANNER@JISCMAIL.AC.UK Subject: Razor-agent.log - how? I have been pulling my hair out trying to force the razor to stop logging in my hold dir for postfix. MailScanner run ass the user postfix. I have the following set. 1. Output from sa --lint test Razor-Log: Computed razorhome from env: /var/www/.razor Razor-Log: Found razorhome: /var/www/.razor Razor-Log: read_file: 16 items read from /var/www/.razor/razor-agent.conf Mar 04 11:29:16.839322 check[22261]: [ 5] computed razorhome=/var/www/.razor, conf=/var/www/.razor/razor-agent.conf, ident=/var/www/.razor/identity everything else is successful. 2. [root@car-mbus-sw1 ~]# ls -al /var/www/.razor/ total 40 drwxrwxrwx 2 postfix apache 4096 Mar 4 11:32 . drwxr-xr-x 9 root root 4096 Mar 4 11:06 .. -rwxrwxrwx 1 postfix apache 719 Mar 4 11:32 razor-agent.conf -rwxrwxrwx 1 postfix apache 357 Mar 4 11:26 razor-agent.log -rwxrwxrwx 1 postfix apache 429 Mar 4 11:26 server.folly.cloudmark.com.conf -rwxrwxrwx 1 postfix apache 62 Mar 4 11:26 servers.catalogue.lst -rwxrwxrwx 1 postfix apache 0 Mar 4 11:28 servers.catalogue.lst.lock -rwxrwxrwx 1 postfix apache 14 Mar 4 11:26 servers.discovery.lst -rwxrwxrwx 1 postfix apache 38 Mar 4 11:26 servers.nomination.lst -rwxrwxrwx 1 postfix apache 0 Mar 4 11:28 servers.nomination.lst.lock -rwxrwxrwx 1 postfix apache 537 Mar 4 11:28 server.tension.cloudmark.com.conf 3. contents of raz-agent.conf debuglevel = 0 identity = identity ignorelist = 0 listfile_catalogue = servers.catalogue.lst listfile_discovery = servers.discovery.lst listfile_nomination = servers.nomination.lst logfile = /dev/null logic_method = 4 min_cf = ac razorzone = razor2.cloudmark.com What else do i need to do to force this buggar of thing to stop logging to my postfix/hold dir? Thanks in advance for ANY tips Pete ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! __________________________________________ Errol Uriel Neal Jr. Network Administrator DFI International, Inc. 1717 Pennsylvania Ave NW, Suite 1300 Washington, DC 20006 Tel (202)452-6955 Fax (202)452-6910 eneal@dfi-intl.com www.dfi-intl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Fri Mar 4 06:27:49 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:28:49 2006 Subject: Which Bayes files? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Peter Russell wrote: > When i first build a mailscanner machine i make > /etc/mail/spamassassin/local.cf a symlink to > /etc/MailScanner/spam.assassin.prefs to avoid all these type of hassles. > > Pete > As pointed out by someone sometime back, this MIGHT be a bad idea as SA will use both /etc/mail/spamassassin/local.cf & /etc/MailScanner/spam.assassin.prefs thereby using more resources.. I maybe wrong though. Can anyone clarify? - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Mar 4 08:12:45 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:49 2006 Subject: ANNOUNCE: Knowledge-base about SMGateway Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] We have our SMGateway Knowledge base started. The site below will be our web based support homepage, but anyone who downloaded SMGateway will be able to use the KnowledgeBase. Please go to: http://support.fsl.com/cgi-bin/pdesk.cgi And select "Articles" on the left side of the page. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From devi.sambamoorthy at INMAIL.TRANQUILMONEY.COM Fri Mar 4 09:13:03 2005 From: devi.sambamoorthy at INMAIL.TRANQUILMONEY.COM (Devi Sambamoorthy) Date: Thu Jan 12 21:28:49 2006 Subject: Inform Recipient About Virus Mail Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I want to inform my recipients about virus mail they are receiving. Hence I changed the configuration, Deliver Cleaned Message = to a ruleset In the rule set I am stating, To: expecting, that the recipient being my users deliver the warning mesg For all other users I don't want the warning mesg. But what happens now is, other users also, say @yahoo.com receiving the warning mesg. Can someone advice how can i achieve this? Regards Devi S. From MailScanner at ecs.soton.ac.uk Fri Mar 4 09:18:09 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:49 2006 Subject: Inform Recipient About Virus Mail Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] You need to say To: domain.com yes in your ruleset. You should also add a default rule FromOrTo: default no then "reload" or restart MailScanner. Devi Sambamoorthy wrote: > I want to inform my recipients about virus mail they are receiving. > > Hence I changed the configuration, > > Deliver Cleaned Message = to a ruleset > > In the rule set I am stating, > > To: > > expecting, that the recipient being my users deliver the warning mesg > For all other users I don't want the warning mesg. > > > But what happens now is, other users also, say @yahoo.com receiving > the warning mesg. > > Can someone advice how can i achieve this? > > Regards > Devi S. > > > > > > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Fri Mar 4 09:22:15 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:49 2006 Subject: External virus scanners Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Violaine Grimly > Sent: den 3 mars 2005 21:12 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: External virus scanners > > > --- John Wilcock a écrit : > > > > Or just scan it in MailScanner, then send it to > > their box clean to prove > > how good MS is! > > I'm going to take flak for it, but I love this idea > (Martin and Adri, thanks for the same kind of idea). A good strategy is always to be prepared (why do I feel like a boyscout, suddenly?-), and start out ... slow. Don't delete too much, just quarantine (store) etc. And look at implementing MailWatch (if feasible for your organization)... That was what brought my PHB over, especially the easy stats and convenient quarantine release ... Done right, you'll get no flak at all, just kudos;-) -- Glenn > > VG. > > > > > > > Découvrez le nouveau Yahoo! Mail : 250 Mo d'espace de > stockage pour vos mails ! > Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com/ > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From wechsler at PHASE.ORG Fri Mar 4 09:23:02 2005 From: wechsler at PHASE.ORG (Wechsler) Date: Thu Jan 12 21:28:49 2006 Subject: Zero epoch-date Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Since I've switched over to exim4 and Mailscanner, I'm getting one particular list mail that gets its date 'zeroed' (actually I think it's completely missing, but Thunderbird displays it as 1/1/70). Now this could well be an exim4 issue (when I was running Exim3 and no MailScanner, a date was appearing from 'somewhere'). Obviously, zeroed dates don't help with sorting mail, so can anyone suggest which step of the chain is causing the problem? (I'm suspecting it may be the message sender failing to provide a date, but, as noted, something must have been filling them in in the past). If it's not a Mailscanner issue, my apologies for raising it here. Headers are: From - Tue Mar 1 09:07:22 2005 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 Return-path: Envelope-to: richard@phase.org Delivery-date: Tue, 01 Mar 2005 00:56:35 +0000 Received: from gate09.smwebhost.com ([62.189.242.169] helo=smgs-me-1.s3ms.com) by heifong.phase.org with smtp (Exim 4.44) id 1D5vge-0007P6-Av for richard@phase.org; Tue, 01 Mar 2005 00:56:32 +0000 From: TheUNIXJobBoard.com To: Subject: LONDON + PHP/APACHE ...Jobs from the Unix Job Board MIME-Version: 1.0 Content-Type: text/html Content-Transfer-Encoding: base64 X-PhaseOrg-MailScanner: Found to be clean X-PhaseOrg-MailScanner-SpamCheck: not spam, SpamAssassin (score=-90.908, required 6, CLICK_BELOW 1.52, CLICK_HERE_LINK 1.79, DATE_MISSING 0.25, HTML_40_50 0.47, HTML_LINK_CLICK_HERE 0.10, HTML_MESSAGE 0.00, MAILTO_LINK 0.04, MIME_BASE64_TEXT 1.10, MIME_HTML_NO_CHARSET 0.72, MIME_HTML_ONLY 0.10, RCVD_IN_ORBS 1.00, RCVD_IN_OSIRUSOFT_COM 2.00, USER_IN_WHITELIST -100.00) X-MailScanner-From: vacancies@theitjobboard.com Status: O X-UID: 52296 Content-Length: 23896 X-Keywords: And in the 'safety' archive: heifong:/var/spool/MailScanner/archive/20050301# cat 1D5vge-0007P6-Av-H 1D5vge-0007P6-Av-H root 0 0 1109638592 0 -helo_name smgs-me-1.s3ms.com -host_address 62.189.242.169.4156 -host_name gate09.smwebhost.com -interface_address 80.68.88.241.25 -received_protocol smtp -body_linecount 314 -deliver_firsttime XX 1 richard@phase.org 200P Received: from gate09.smwebhost.com ([62.189.242.169] helo=smgs-me-1.s3ms.com) by heifong.phase.org with smtp (Exim 4.44) id 1D5vge-0007P6-Av for richard@phase.org; Tue, 01 Mar 2005 00:56:32 +0000 058F From: TheUNIXJobBoard.com 028T To: 061 Subject: LONDON + PHP/APACHE ...Jobs from the Unix Job Board 018 MIME-Version: 1.0 024 Content-Type: text/html 034 Content-Transfer-Encoding: base64 Many thanks, Richard ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Mar 4 09:35:31 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:49 2006 Subject: Zero epoch-date Message-ID: Hi the From - header is bust Looking at the -H file there's no Date: there either so Thunderbird is displaying the information correctly. An example of what should be in the header file from by 4.43 (must upgrade to 4.50) 038 Date: Fri, 04 Mar 2005 08:24:39 -0100 -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Wechsler wrote: > Since I've switched over to exim4 and Mailscanner, I'm getting one > particular list mail that gets its date 'zeroed' (actually I think it's > completely missing, but Thunderbird displays it as 1/1/70). Now this > could well be an exim4 issue (when I was running Exim3 and no > MailScanner, a date was appearing from 'somewhere'). > > Obviously, zeroed dates don't help with sorting mail, so can anyone > suggest which step of the chain is causing the problem? > (I'm suspecting it may be the message sender failing to provide a date, > but, as noted, something must have been filling them in in the past). > > If it's not a Mailscanner issue, my apologies for raising it here. > > Headers are: > > From - Tue Mar 1 09:07:22 2005 > X-Mozilla-Status: 0001 > X-Mozilla-Status2: 00000000 > Return-path: > Envelope-to: richard@phase.org > Delivery-date: Tue, 01 Mar 2005 00:56:35 +0000 > Received: from gate09.smwebhost.com ([62.189.242.169] > helo=smgs-me-1.s3ms.com) > by heifong.phase.org with smtp (Exim 4.44) > id 1D5vge-0007P6-Av > for richard@phase.org; Tue, 01 Mar 2005 00:56:32 +0000 > From: TheUNIXJobBoard.com > To: > Subject: LONDON + PHP/APACHE ...Jobs from the Unix Job Board > MIME-Version: 1.0 > Content-Type: text/html > Content-Transfer-Encoding: base64 > X-PhaseOrg-MailScanner: Found to be clean > X-PhaseOrg-MailScanner-SpamCheck: not spam, SpamAssassin (score=-90.908, > required 6, CLICK_BELOW 1.52, CLICK_HERE_LINK 1.79, > DATE_MISSING 0.25, HTML_40_50 0.47, HTML_LINK_CLICK_HERE 0.10, > HTML_MESSAGE 0.00, MAILTO_LINK 0.04, MIME_BASE64_TEXT 1.10, > MIME_HTML_NO_CHARSET 0.72, MIME_HTML_ONLY 0.10, RCVD_IN_ORBS 1.00, > RCVD_IN_OSIRUSOFT_COM 2.00, USER_IN_WHITELIST -100.00) > X-MailScanner-From: vacancies@theitjobboard.com > Status: O > X-UID: 52296 > Content-Length: 23896 > X-Keywords: > > And in the 'safety' archive: > > heifong:/var/spool/MailScanner/archive/20050301# cat 1D5vge-0007P6-Av-H > 1D5vge-0007P6-Av-H > root 0 0 > > 1109638592 0 > -helo_name smgs-me-1.s3ms.com > -host_address 62.189.242.169.4156 > -host_name gate09.smwebhost.com > -interface_address 80.68.88.241.25 > -received_protocol smtp > -body_linecount 314 > -deliver_firsttime > XX > 1 > richard@phase.org > > 200P Received: from gate09.smwebhost.com ([62.189.242.169] > helo=smgs-me-1.s3ms.com) > by heifong.phase.org with smtp (Exim 4.44) > id 1D5vge-0007P6-Av > for richard@phase.org; Tue, 01 Mar 2005 00:56:32 +0000 > 058F From: TheUNIXJobBoard.com > 028T To: > 061 Subject: LONDON + PHP/APACHE ...Jobs from the Unix Job Board > 018 MIME-Version: 1.0 > 024 Content-Type: text/html > 034 Content-Transfer-Encoding: base64 > > > Many thanks, > Richard > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website!
**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Fri Mar 4 09:46:50 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:49 2006 Subject: Panda not working Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Paul Welsh > Sent: den 3 mars 2005 22:39 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Panda not working > > > Anyone managed to get panda working? > > I'm running MailScanner 4.38.9 on RH9 with the pavcl program > file dated 1 > July 03. I installed pavcl from rpm. > > pavcl is in /usr/bin and I have the pav.sig signature file in > /usr/lib/panda. The .sig file is dated today, so the > autoupdate is working. > > The /usr/lib/MailScanner/panda-wrapper file refers to > /bin/pavcl rather than > /usr/bin/pavcl so I guess there's one potential problem. > > The /etc/MailScanner/virus.scanners.conf file contains the line: > > panda /usr/lib/MailScanner/panda-wrapper /usr > > There's the following advice in virus.scanners.conf: > > # You can test a -wrapper script with a command like this: > # /usr/lib/MailScanner/f-secure-wrapper /opt/f-secure/fsav /tmp > # That command will attempt to scan /tmp using F-Secure. If > it works you > # should see some sensible output. If it fails, you will > probably just see > # an error message such as "Command not found" or similar. > > I've tried the command: > > /usr/lib/MailScanner/panda-wrapper /usr/bin/pavcl /tmp Try /usr/lib/MailScanner/panda-wrapper /usr /tmp since the lines $pavcl = shift; $pavcl .= '/bin/pavcl'; would first set $pavcl to /usr, then concatenate /bin/pavcl onto that, making $pavcl (which is used further down) be /usr/bin/pavcl If that doesn't work, try it while standing in the /tmp directory. Looking at it, it seems like the wrapper ignores any path, but will preserve scanner options. -- Glenn > > Along with a whole load of permutations. I've tried changing > panda-wrapper > and virus.scanners.conf but all to no avail. I just get > "Virus: 0" as the > response, even though there's a valid eicar.com test file in > the directory > that's being scanned and the equivalent f-prot command works > fine. Running > pavcl direct from the command line detects the eicar file. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From wechsler at PHASE.ORG Fri Mar 4 09:47:23 2005 From: wechsler at PHASE.ORG (Wechsler) Date: Thu Jan 12 21:28:49 2006 Subject: Installing Mailscanner on Debian-testing - with exim 4 and clamAV Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > As someone suggested, putting it on the wiki might be the best idea all > round. > I've modified the article a little and added some conditions of copying. Subject to these, feel free to use it as you will. (http://www.phase.org/journal/byjid/8550) Note that I'm unlikely to be able to wikify it myself, for a while at least. Richard ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Fri Mar 4 10:03:43 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:49 2006 Subject: Razor-agent.log - how? Message-ID: [ The following text is in the "windows-1251" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Seems like that is the home dir for your webserver, not postfix? Perhaps this is from MailWatch? No matter... Another way to solve this is to create the .razor directory in ~postfix and make it writeable to postfix, then run the discovery/setup as the postfix user ... If you run in a chroot jail, this might entail "su - postfix -s /bin/sh" and ... well discover away:-). At least how I solved it. My .02^Ès worth...:-) -- Glenn > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Errol Uriel Neal Jr. > Sent: den 4 mars 2005 01:00 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Razor-agent.log - how? > > > This can be controlled by setting the razor home in your sa > config file. But this needs to coincide with the location you > created your razor configs in. > Run razor-admin --create with the switch that controlls its > home then edit the razor confi file and your sa config file. > I may not be giving the directions in the right order, but > its all there. If you don't get it right, or if no one else > responds before I get to my servers, then ill correct myself > where needed. > > Errol > -----Original Message----- > From: Peter Russell > Date: Fri, 4 Mar 2005 11:42:07 > To:MAILSCANNER@JISCMAIL.AC.UK > Subject: Razor-agent.log - how? > > I have been pulling my hair out trying to force the razor to stop > logging in my hold dir for postfix. MailScanner run ass the > user postfix. > > > I have the following set. > > 1. > Output from sa --lint test > Razor-Log: Computed razorhome from env: /var/www/.razor > Razor-Log: Found razorhome: /var/www/.razor > Razor-Log: read_file: 16 items read from > /var/www/.razor/razor-agent.conf > Mar 04 11:29:16.839322 check[22261]: [ 5] computed > razorhome=/var/www/.razor, conf=/var/www/.razor/razor-agent.conf, > ident=/var/www/.razor/identity > > everything else is successful. > > 2. > [root@car-mbus-sw1 ~]# ls -al /var/www/.razor/ > total 40 > drwxrwxrwx 2 postfix apache 4096 Mar 4 11:32 . > drwxr-xr-x 9 root root 4096 Mar 4 11:06 .. > -rwxrwxrwx 1 postfix apache 719 Mar 4 11:32 razor-agent.conf > -rwxrwxrwx 1 postfix apache 357 Mar 4 11:26 razor-agent.log > -rwxrwxrwx 1 postfix apache 429 Mar 4 11:26 > server.folly.cloudmark.com.conf > -rwxrwxrwx 1 postfix apache 62 Mar 4 11:26 servers.catalogue.lst > -rwxrwxrwx 1 postfix apache 0 Mar 4 11:28 > servers.catalogue.lst.lock > -rwxrwxrwx 1 postfix apache 14 Mar 4 11:26 servers.discovery.lst > -rwxrwxrwx 1 postfix apache 38 Mar 4 11:26 servers.nomination.lst > -rwxrwxrwx 1 postfix apache 0 Mar 4 11:28 > servers.nomination.lst.lock > -rwxrwxrwx 1 postfix apache 537 Mar 4 11:28 > server.tension.cloudmark.com.conf > > 3. > contents of raz-agent.conf > > debuglevel = 0 > identity = identity > ignorelist = 0 > listfile_catalogue = servers.catalogue.lst > listfile_discovery = servers.discovery.lst > listfile_nomination = servers.nomination.lst > logfile = /dev/null > logic_method = 4 > min_cf = ac > razorzone = razor2.cloudmark.com > > What else do i need to do to force this buggar of thing to > stop logging > to my postfix/hold dir? > > Thanks in advance for ANY tips > Pete > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > __________________________________________ > Errol Uriel Neal Jr. > Network Administrator > DFI International, Inc. > 1717 Pennsylvania Ave NW, Suite 1300 > Washington, DC 20006 > Tel (202)452-6955 > Fax (202)452-6910 > eneal@dfi-intl.com > www.dfi-intl.com > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Fri Mar 4 10:42:30 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:28:49 2006 Subject: Razor-agent.log - how? Message-ID: [ The following text is in the "windows-1251" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Steen, Glenn wrote: > Seems like that is the home dir for your webserver, not postfix? > Perhaps this is from MailWatch? > No matter... Another way to solve this is to create the .razor > directory in ~postfix and make it writeable to postfix, then > run the discovery/setup as the postfix user ... If you run in a > chroot jail, this might entail "su - postfix -s /bin/sh" and ... > well discover away:-). > At least how I solved it. My .02^Ès worth...:-) > > -- Glenn > Some more unsolicited advise RAZOR INSTALL (stolen conveniently from http://wiki.apache.org/spamassassin/RazorSiteWide) ================================================== Install Razor as per http://razor.sourceforge.net/docs/install.php upto step 4. Use the following commands to configure razor for SA, replace '/etc/mail/spamassassin/' with your preferred path: razor-admin -home=/etc/mail/spamassassin/.razor -create razor-admin -home=/etc/mail/spamassassin/.razor -discover razor-admin -home=/etc/mail/spamassassin/.razor -register If you have already done the above without the '-home' parameter then use the following step: mv ~/.razor /etc/mail/spamassassin/ Add to /etc/MailScanner/spam.assassin.prefs.conf, the following lines: razor_config /etc/mail/spamassassin/.razor/razor-agent.conf razor_timeout 10 Add to /etc/mail/spamassassin/.razor/razor-agent.conf the following line: razorhome = /etc/mail/spamassassin/.razor/ Use this in your crontab for razor discovery: minute hour * * * /usr/bin/razor-admin \ -conf=/etc/mail/spamassassin/.razor/razor-agent.conf -discover Ideally it should never complain about razor home or log again. Also use the following command for lint: /usr/bin/spamassassin -x -D \ -p /etc/MailScanner/spam.assassin.prefs.conf --lint 2 more units of whatever currency, - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Andreas.Doerfler at KEMPTEN.DE Fri Mar 4 11:36:34 2005 From: Andreas.Doerfler at KEMPTEN.DE ([iso-8859-1] Dörfler Andreas) Date: Thu Jan 12 21:28:49 2006 Subject: OT-INFO: sbl blocks big freemailer Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] hi there, just a info for all sbl (spamhaus) users: sbl actual blocks 217.72.192.242, its a relay host from web.de (biggest? german freemailer) http://www.spamhaus.org/sbl/sbl.lasso?query=SBL21142 take a look to your spammails for blocked web.de mails, that sbl block is wrong have a nive weekend greetings andy --free your mind, use open source http://www.mono-project.com ASCII ribbon campaign ( ) - against HTML email X & vCards / \ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From prandal at HEREFORDSHIRE.GOV.UK Fri Mar 4 11:39:27 2005 From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil) Date: Thu Jan 12 21:28:49 2006 Subject: SAVI-Perl/Sophos on RedHat Enterprise 4 Message-ID: Installing Mail::ClamAV 0.14 fails on Fedora Core 1 too. Haven't the time to look at it right now, alas: Running make test PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t t/Mail-ClamAV....ok 5/13# Failed test (t/Mail-ClamAV.t at line 82) t/Mail-ClamAV....NOK 6# Failed test (t/Mail-ClamAV.t at line 84) t/Mail-ClamAV....NOK 7# Failed test (t/Mail-ClamAV.t at line 87) t/Mail-ClamAV....NOK 8# Failed test (t/Mail-ClamAV.t at line 90) t/Mail-ClamAV....ok 10/13# Failed test (t/Mail-ClamAV.t at line 100) t/Mail-ClamAV....NOK 11# Failed test (t/Mail-ClamAV.t at line 101) t/Mail-ClamAV....NOK 12# Failed test (t/Mail-ClamAV.t at line 102) t/Mail-ClamAV....NOK 13# Looks like you failed 7 tests of 13. t/Mail-ClamAV....dubious Test returned status 7 (wstat 1792, 0x700) Scalar found where operator expected at (eval 152) line 1, near "'int' $__val" (Missing operator before $__val?) DIED. FAILED tests 6-9, 11-13 Failed 7/13 tests, 46.15% okay Failed Test Stat Wstat Total Fail Failed List of Failed ------------------------------------------------------------------------ ------- t/Mail-ClamAV.t 7 1792 13 7 53.85% 6-9 11-13 Failed 1/1 test scripts, 0.00% okay. 7/13 subtests failed, 46.15% okay. make: *** [test_dynamic] Error 2 /usr/bin/make test -- NOT OK Running make install make test had returned bad status, won't install without force Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Peter Russell > Sent: 03 March 2005 21:28 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: SAVI-Perl/Sophos on RedHat Enterprise 4 > > also note that the mail-CLamAV fails on RHEL4 too. Its the > last thing to get working, all of the other associated > products worked fine. > > > > Removing previously used /root/.cpan/build/Mail-ClamAV-0.14 > > CPAN.pm: Going to build S/SA/SABECK/Mail-ClamAV-0.14.tar.gz > > Checking if your kit is complete... > Looks good > Writing Makefile for Mail::ClamAV > /usr/bin/perl -Mblib -MInline=NOISY,_INSTALL_ -MMail::ClamAV > -e1 0.14 blib/arch Can't open blib/lib/Mail/ClamAV.pm: No > such file or directory. > Can't locate Mail/ClamAV.pm in @INC (@INC contains: > /root/.cpan/build/Mail-ClamAV-0.14/blib/arch > /root/.cpan/build/Mail-ClamAV-0.14/blib/lib > /usr/lib/perl5/5.8.5/i386-linux-thread-multi > /usr/lib/perl5/5.8.5 > /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5.8.4/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5.8.2/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5.8.1/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5.8.5 /usr/lib/perl5/site_perl/5.8.4 > /usr/lib/perl5/site_perl/5.8.3 /usr/lib/perl5/site_perl/5.8.2 > /usr/lib/perl5/site_perl/5.8.1 /usr/lib/perl5/site_perl/5.8.0 > /usr/lib/perl5/site_perl > /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8.4/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8.2/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8.1/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8.5 /usr/lib/perl5/vendor_perl/5.8.4 > /usr/lib/perl5/vendor_perl/5.8.3 /usr/lib/perl5/vendor_perl/5.8.2 > /usr/lib/perl5/vendor_perl/5.8.1 > /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl .). > BEGIN failed--compilation aborted. > make: *** [ClamAV.inl] Error 2 > make: *** Waiting for unfinished jobs.... > cp ClamAV.pm blib/lib/Mail/ClamAV.pm > make: *** Waiting for unfinished jobs.... > /usr/bin/make -j3 -- NOT OK > Running make test > Can't test without successful make > Running make install > make had returned bad status, install seems impossible > > > Peter Bates wrote: > > Hello all... > > > > > >>MailScanner@ECS.SOTON.AC.UK 03/03/05 17:30:47 >>> Try > removing the -R > >>option and add /usr/local/Sophos/lib to /etc/ld.so.conf then run > >>ldconfig. > > > > > > Worked first time! > > > > RHEL4 also has the interesting 'include /etc/ld.so.conf.d' > > so I could have just dropped in a file called 'sophos' in > there with > > the relevant path listed. > > > > Julian... you are the proverbial * ! > > > > (That's a star, and not some expletive). > > > > > > > > > -------------------------------------------------------------- > -------------------------------------> > > Peter Bates, Systems Support Officer, IT Services. > > London School of Hygiene & Tropical Medicine. > > Telephone:0207-958 8353 / Fax: 0207- 636 9838 > > > > ------------------------ MailScanner list > ------------------------ To > > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and the > > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > > > > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From devi.sambamoorthy at INMAIL.TRANQUILMONEY.COM Fri Mar 4 11:47:00 2005 From: devi.sambamoorthy at INMAIL.TRANQUILMONEY.COM (Devi Sambamoorthy) Date: Thu Jan 12 21:28:49 2006 Subject: Inform Recipient About Virus Mail Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] yeah I missed it. now it works. Thanks ----- Original Message ----- From: "Julian Field" To: Sent: Friday, March 04, 2005 2:48 PM Subject: Re: Inform Recipient About Virus Mail > You need to say > > To: domain.com yes > > in your ruleset. You should also add a default rule > > FromOrTo: default no > > then "reload" or restart MailScanner. > > Devi Sambamoorthy wrote: > > > I want to inform my recipients about virus mail they are receiving. > > > > Hence I changed the configuration, > > > > Deliver Cleaned Message = to a ruleset > > > > In the rule set I am stating, > > > > To: > > > > expecting, that the recipient being my users deliver the warning mesg > > For all other users I don't want the warning mesg. > > > > > > But what happens now is, other users also, say @yahoo.com receiving > > the warning mesg. > > > > Can someone advice how can i achieve this? > > > > Regards > > Devi S. > > > > > > > > > > > > > > > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcin.rozek at IOS.EDU.PL Fri Mar 4 11:49:37 2005 From: marcin.rozek at IOS.EDU.PL ([ISO-8859-2] Marcin Ro¿ek) Date: Thu Jan 12 21:28:49 2006 Subject: SAVI-Perl/Sophos on RedHat Enterprise 4 Message-ID: [ The following text is in the "ISO-8859-2" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Randal, Phil napisa³(a): > Installing Mail::ClamAV 0.14 fails on Fedora Core 1 too. Haven't the > time to look at it right now, alas: > > Running make test > PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" > "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t > t/Mail-ClamAV....ok 5/13# Failed test (t/Mail-ClamAV.t at line 82) > t/Mail-ClamAV....NOK 6# Failed test (t/Mail-ClamAV.t at line 84) > t/Mail-ClamAV....NOK 7# Failed test (t/Mail-ClamAV.t at line 87) > t/Mail-ClamAV....NOK 8# Failed test (t/Mail-ClamAV.t at line 90) > t/Mail-ClamAV....ok 10/13# Failed test (t/Mail-ClamAV.t at line 100) > t/Mail-ClamAV....NOK 11# Failed test (t/Mail-ClamAV.t at line 101) > t/Mail-ClamAV....NOK 12# Failed test (t/Mail-ClamAV.t at line 102) > t/Mail-ClamAV....NOK 13# Looks like you failed 7 tests of 13. > t/Mail-ClamAV....dubious > Test returned status 7 (wstat 1792, 0x700) > Scalar found where operator expected at (eval 152) line 1, near "'int' > $__val" > (Missing operator before $__val?) > DIED. FAILED tests 6-9, 11-13 > Failed 7/13 tests, 46.15% okay > Failed Test Stat Wstat Total Fail Failed List of Failed > ------------------------------------------------------------------------ > ------- > t/Mail-ClamAV.t 7 1792 13 7 53.85% 6-9 11-13 > Failed 1/1 test scripts, 0.00% okay. 7/13 subtests failed, 46.15% okay. > make: *** [test_dynamic] Error 2 > /usr/bin/make test -- NOT OK > Running make install > make test had returned bad status, won't install without force I reported this to author. The answer is that it is *safe* to ignore that tests and install (works fine for me). However, author will release new version with fixed tests soon. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From james at grayonline.id.au Fri Mar 4 11:53:12 2005 From: james at grayonline.id.au (James Gray) Date: Thu Jan 12 21:28:49 2006 Subject: SAVI-Perl/Sophos on RedHat Enterprise 4 Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Fri, 4 Mar 2005 10:39 pm, Randal, Phil wrote: > Installing Mail::ClamAV 0.14 fails on Fedora Core 1 too. Haven't the > time to look at it right now, alas: > > Running make test > PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" > "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t > t/Mail-ClamAV....ok 5/13# Failed test (t/Mail-ClamAV.t at line 82) > t/Mail-ClamAV....NOK 6# Failed test (t/Mail-ClamAV.t at line 84) > t/Mail-ClamAV....NOK 7# Failed test (t/Mail-ClamAV.t at line 87) > t/Mail-ClamAV....NOK 8# Failed test (t/Mail-ClamAV.t at line 90) > t/Mail-ClamAV....ok 10/13# Failed test (t/Mail-ClamAV.t at line 100) > t/Mail-ClamAV....NOK 11# Failed test (t/Mail-ClamAV.t at line 101) > t/Mail-ClamAV....NOK 12# Failed test (t/Mail-ClamAV.t at line 102) > t/Mail-ClamAV....NOK 13# Looks like you failed 7 tests of 13. > t/Mail-ClamAV....dubious > Test returned status 7 (wstat 1792, 0x700) > Scalar found where operator expected at (eval 152) line 1, near "'int' > $__val" > (Missing operator before $__val?) > DIED. FAILED tests 6-9, 11-13 > Failed 7/13 tests, 46.15% okay > Failed Test Stat Wstat Total Fail Failed List of Failed > ------------------------------------------------------------------------ > ------- > t/Mail-ClamAV.t 7 1792 13 7 53.85% 6-9 11-13 > Failed 1/1 test scripts, 0.00% okay. 7/13 subtests failed, 46.15% okay. > make: *** [test_dynamic] Error 2 > /usr/bin/make test -- NOT OK > Running make install > make test had returned bad status, won't install without force > > Cheers, > > Phil Had EXACTLY the same problems on a Debian box yesterday. Decided to just force it and it works fine. I'm guessing the tests are borked somehow. Cheers, James -- "What's another word for Thesaurus?" -- Steven Wright ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/PGP-SIGNATURE 196bytes. ] [ Unable to print this part. ] From pete at ENITECH.COM.AU Fri Mar 4 12:03:34 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:28:49 2006 Subject: SAVI-Perl/Sophos on RedHat Enterprise 4 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Exactly how do you force it? Pete James Gray wrote: > On Fri, 4 Mar 2005 10:39 pm, Randal, Phil wrote: > >>Installing Mail::ClamAV 0.14 fails on Fedora Core 1 too. Haven't the >>time to look at it right now, alas: >> >>Running make test >>PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" >>"test_harness(0, 'blib/lib', 'blib/arch')" t/*.t >>t/Mail-ClamAV....ok 5/13# Failed test (t/Mail-ClamAV.t at line 82) >>t/Mail-ClamAV....NOK 6# Failed test (t/Mail-ClamAV.t at line 84) >>t/Mail-ClamAV....NOK 7# Failed test (t/Mail-ClamAV.t at line 87) >>t/Mail-ClamAV....NOK 8# Failed test (t/Mail-ClamAV.t at line 90) >>t/Mail-ClamAV....ok 10/13# Failed test (t/Mail-ClamAV.t at line 100) >>t/Mail-ClamAV....NOK 11# Failed test (t/Mail-ClamAV.t at line 101) >>t/Mail-ClamAV....NOK 12# Failed test (t/Mail-ClamAV.t at line 102) >>t/Mail-ClamAV....NOK 13# Looks like you failed 7 tests of 13. >>t/Mail-ClamAV....dubious >> Test returned status 7 (wstat 1792, 0x700) >>Scalar found where operator expected at (eval 152) line 1, near "'int' >>$__val" >> (Missing operator before $__val?) >>DIED. FAILED tests 6-9, 11-13 >> Failed 7/13 tests, 46.15% okay >>Failed Test Stat Wstat Total Fail Failed List of Failed >>------------------------------------------------------------------------ >>------- >>t/Mail-ClamAV.t 7 1792 13 7 53.85% 6-9 11-13 >>Failed 1/1 test scripts, 0.00% okay. 7/13 subtests failed, 46.15% okay. >>make: *** [test_dynamic] Error 2 >> /usr/bin/make test -- NOT OK >>Running make install >> make test had returned bad status, won't install without force >> >>Cheers, >> >>Phil > > > Had EXACTLY the same problems on a Debian box yesterday. Decided to just > force it and it works fine. I'm guessing the tests are borked somehow. > > Cheers, > > James ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From james at grayonline.id.au Fri Mar 4 12:19:22 2005 From: james at grayonline.id.au (James Gray) Date: Thu Jan 12 21:28:49 2006 Subject: SAVI-Perl/Sophos on RedHat Enterprise 4 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Fri, 4 Mar 2005 11:03 pm, Pete Russell wrote: ** SNIPPED ** >> Had EXACTLY the same problems on a Debian box yesterday. Decided to >> just force it and it works fine. I'm guessing the tests are borked >> somehow. >> >> Cheers, >> >> James <<< top posting fixed >>> > Exactly how do you force it? > > Pete [Please don't top-post :) ] Inside the CPAN shell just do - force install Mail::ClamAV It's obvious once you've seen it :P I had to ask someone the first time too :) Cheers, James -- "Adopted kids are such a pain -- you have to teach them how to look like you ..." -- Gilda Radner ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Fri Mar 4 12:28:16 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:28:49 2006 Subject: SAVI-Perl/Sophos on RedHat Enterprise 4 Message-ID: I saw the same thing yesterday with Mail::ClamAV 0.14 on Solaris 9. No way would I install a perl module that can't pass its own tests. I had to revert to clamav instead of clamavmodule in MailScanner.conf as a result, due to my symlink issues posted yesterday. Jeff Earickson Colby College On Fri, 4 Mar 2005, [ISO-8859-2] Marcin Ro?ek wrote: > Date: Fri, 4 Mar 2005 12:49:37 +0100 > From: "[ISO-8859-2] Marcin Ro?ek" > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: SAVI-Perl/Sophos on RedHat Enterprise 4 > > Randal, Phil napisa?(a): >> Installing Mail::ClamAV 0.14 fails on Fedora Core 1 too. Haven't the >> time to look at it right now, alas: >> >> Running make test >> PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" >> "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t >> t/Mail-ClamAV....ok 5/13# Failed test (t/Mail-ClamAV.t at line 82) >> t/Mail-ClamAV....NOK 6# Failed test (t/Mail-ClamAV.t at line 84) >> t/Mail-ClamAV....NOK 7# Failed test (t/Mail-ClamAV.t at line 87) >> t/Mail-ClamAV....NOK 8# Failed test (t/Mail-ClamAV.t at line 90) >> t/Mail-ClamAV....ok 10/13# Failed test (t/Mail-ClamAV.t at line 100) >> t/Mail-ClamAV....NOK 11# Failed test (t/Mail-ClamAV.t at line 101) >> t/Mail-ClamAV....NOK 12# Failed test (t/Mail-ClamAV.t at line 102) >> t/Mail-ClamAV....NOK 13# Looks like you failed 7 tests of 13. >> t/Mail-ClamAV....dubious >> Test returned status 7 (wstat 1792, 0x700) >> Scalar found where operator expected at (eval 152) line 1, near "'int' >> $__val" >> (Missing operator before $__val?) >> DIED. FAILED tests 6-9, 11-13 >> Failed 7/13 tests, 46.15% okay >> Failed Test Stat Wstat Total Fail Failed List of Failed >> ------------------------------------------------------------------------ >> ------- >> t/Mail-ClamAV.t 7 1792 13 7 53.85% 6-9 11-13 >> Failed 1/1 test scripts, 0.00% okay. 7/13 subtests failed, 46.15% okay. >> make: *** [test_dynamic] Error 2 >> /usr/bin/make test -- NOT OK >> Running make install >> make test had returned bad status, won't install without force > I reported this to author. The answer is that it is *safe* to ignore that > tests and install (works fine for me). However, author will release new > version with fixed tests soon. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Fri Mar 4 13:17:35 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:28:49 2006 Subject: SAVI-Perl/Sophos on RedHat Enterprise 4 Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Jeff A. Earickson > Sent: Friday, March 04, 2005 7:28 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: SAVI-Perl/Sophos on RedHat Enterprise 4 > > > I saw the same thing yesterday with Mail::ClamAV 0.14 on Solaris 9. > No way would I install a perl module that can't pass its own tests. > I had to revert to clamav instead of clamavmodule in MailScanner.conf > as a result, due to my symlink issues posted yesterday. > > Jeff Earickson > Colby College > [...] If you look at the test file he has forgotten to add CL_SCAN_ARCHIVE() to his scan requests so it's not unpacking anything, and the scanbuff function is depreciated and the clamav authors have asked that no one use it anymore, and will remove it entirely in release 0.90. I modified the test file to include the CL_SCAN_ARCHIVE(), and everything except the scanbuff tests return ok (and they are not used in MS anyway), and just to make sure I turned on verbose tests and everything was as it should be. I forced it because it works when it is called correctly (as it is in MailScanner). Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jase at SENSIS.COM Fri Mar 4 14:09:06 2005 From: jase at SENSIS.COM (Desai, Jason) Date: Thu Jan 12 21:28:49 2006 Subject: Installing Mailscanner on Debian-testing - with exim 4 and clamAV Message-ID: Richard, Nice write-up. One thing though - I don't think you need to enable or restart spamassassin. MailScanner does not use spamd. It uses the perl libraries directly. So leaving spamassassin's ENABLED=0 is probably what you want. Jase Wechsler wrote: > I've modified the article a little and added some conditions of > copying. Subject to these, feel free to use it as you will. > (http://www.phase.org/journal/byjid/8550) > > Note that I'm unlikely to be able to wikify it myself, for a while at > least. > > Richard ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Peter.Bates at LSHTM.AC.UK Fri Mar 4 15:09:44 2005 From: Peter.Bates at LSHTM.AC.UK (Peter Bates) Date: Thu Jan 12 21:28:49 2006 Subject: SAVI-Perl/Sophos on RedHat Enterprise 4 Message-ID: Hello all... I was interested in following this (as I started the thread, and am now moving onto Clamav+module after doing Sophos on RHEL 4...) I don't seem to have any errors? # make test PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t t/Mail-ClamAV....ok All tests successful. Files=1, Tests=13, 0 wallclock secs ( 0.51 cusr + 0.10 csys = 0.61 CPU) I installed Clamav 0.83 (rebuilt from Oliver Falk's RPM packages), then Parse::RecDescent(1.94) and Inline(0.44), rebuilding from the SRPMs in Julian's 'install-Clam-SA' package. Doing the usual 'perl Makefile.PL; make; make test' worked fine, which makes me wonder what I have, and what others are missing... ---------------------------------------------------------------------------------------------------> Peter Bates, Systems Support Officer, IT Services. London School of Hygiene & Tropical Medicine. Telephone:0207-958 8353 / Fax: 0207- 636 9838 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Peter.Bates at LSHTM.AC.UK Fri Mar 4 15:32:25 2005 From: Peter.Bates at LSHTM.AC.UK (Peter Bates) Date: Thu Jan 12 21:28:49 2006 Subject: SAVI-Perl/Sophos on RedHat Enterprise 4 Message-ID: Whoops... answering my own question :( >Doing the usual 'perl Makefile.PL; make; make test' worked fine, which >makes me wonder what I have, and what others are missing... I've just realized, while trying to build an RPM of Mail-ClamAV-0.14, that 'make test' seems to work fine for me in the actual build directory, but fails when I'm building the RPM, and also clearly works for people trying to install via CPAN. It seems maybe like some bad paths somewhere or other... so either try installing/building out of CPAN or wait for Mr Beck's new version! :) ---------------------------------------------------------------------------------------------------> Peter Bates, Systems Support Officer, IT Services. London School of Hygiene & Tropical Medicine. Telephone:0207-958 8353 / Fax: 0207- 636 9838 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From brent.bolin at gmail.com Fri Mar 4 16:43:44 2005 From: brent.bolin at gmail.com (BB) Date: Thu Jan 12 21:28:49 2006 Subject: Why am I seeing these errors in /var/log/maillog Message-ID: Cannot open ruleset file /usr/local/etc/MailScanner/rules = no, No such file or directory FreeBSD 5.3 MS 4.38.10 The default install puts this into that directory spam.whitelist.rules ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bob.jones at USG.EDU Fri Mar 4 17:00:34 2005 From: bob.jones at USG.EDU (Bob Jones) Date: Thu Jan 12 21:28:49 2006 Subject: Entity.pm error message when debugging mailscanner & spamassassin Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hey all, I've just recently implemented spamassassin with MailScanner and when running both in debug mode I get the following error message: Can't call method "print" on an undefined value at /usr/perl5/site_perl/5.6.1/MIME/Entity.pm line 1803. I'm running version 4.39.5 on Solaris 9 with SA 3.0.2. It doesn't seem to be causing any problems, I'd just like to make the message go away. Any ideas? Thanks, Bob Jones bob.jones@usg.edu ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Mar 4 17:06:58 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:49 2006 Subject: Entity.pm error message when debugging mailscanner & spamassassin Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Download 4.39.6 and you should the problem is fixed. No new config file changes or anything like that, just this bug fixed. Bob Jones wrote: > Hey all, > > I've just recently implemented spamassassin with MailScanner > and when > running both in debug mode I get the following error message: > > Can't call method "print" on an undefined value at > /usr/perl5/site_perl/5.6.1/MIME/Entity.pm line 1803. > > I'm running version 4.39.5 on Solaris 9 with SA 3.0.2. It doesn't seem > to be causing any problems, I'd just like to make the message go away. > > Any ideas? > > Thanks, > Bob Jones > bob.jones@usg.edu > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Fri Mar 4 17:08:20 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:50 2006 Subject: OT-INFO: sbl blocks big freemailer - delisted? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] At 06:36 AM 3/4/2005, Dörfler Andreas wrote: >http://www.spamhaus.org/sbl/sbl.lasso?query=SBL21142 >take a look to your spammails for blocked >web.de mails, that sbl block is wrong Apparently they noticed and fixed it... "The reference SBL21142 is not in the SBL database. This may be because the issue has been resolved and removed from the SBL. " and doing an IP lookup on the website: "217.72.192.242 is not listed in the SBL 217.72.192.242 is not listed in the XBL" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From t.d.lee at DURHAM.AC.UK Fri Mar 4 17:08:10 2005 From: t.d.lee at DURHAM.AC.UK (David Lee) Date: Thu Jan 12 21:28:50 2006 Subject: Mail::ClamAV [was: Re: SAVI-Perl/Sophos on RedHat Enterprise 4] Message-ID: On Fri, 4 Mar 2005, Randal, Phil wrote: > Installing Mail::ClamAV 0.14 fails on Fedora Core 1 too. Haven't the > time to look at it right now, alas: > > Running make test > PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" > "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t > t/Mail-ClamAV....ok 5/13# Failed test (t/Mail-ClamAV.t at line 82) > t/Mail-ClamAV....NOK 6# Failed test (t/Mail-ClamAV.t at line 84) > t/Mail-ClamAV....NOK 7# Failed test (t/Mail-ClamAV.t at line 87) > t/Mail-ClamAV....NOK 8# Failed test (t/Mail-ClamAV.t at line 90) > t/Mail-ClamAV....ok 10/13# Failed test (t/Mail-ClamAV.t at line 100) > t/Mail-ClamAV....NOK 11# Failed test (t/Mail-ClamAV.t at line 101) > t/Mail-ClamAV....NOK 12# Failed test (t/Mail-ClamAV.t at line 102) > t/Mail-ClamAV....NOK 13# Looks like you failed 7 tests of 13. > t/Mail-ClamAV....dubious > Test returned status 7 (wstat 1792, 0x700) > [...] We too have this problem (FC3, also ancient RH 7.3). Rick Cooper has found that this seems to be an error within its tests (i.e. Mail::ClamAV itself is OK). From an amended version of its "t/Mail-ClamAV.t" that he gave me, I derived the following patch. All the hard work was done by Rick, not me. So any credit should go to him. I intend to report this to the author of Mail::ClamAV. But could folk here (MailScanner community) who have encountered the problem quickly check that the patch fixes it? If building from CPAN, probably something like: cd .cpan/build/Mail-ClamAV-0.14 make test ### should fail as above make test ### should succeed The main purpose of the patch is to add the "|CL_SCAN_ARCHIVE()". There is a separate aspect: the reduction from 13 tests to 11, because of removing the "scanbuff" tests near the end, as "scanbuff" is apparently now deprecated . ====================== snip ===================== --- t/Mail-ClamAV.t.orig 2005-02-25 19:00:15.000000000 +0000 +++ t/Mail-ClamAV.t 2005-03-04 16:06:36.293652780 +0000 @@ -4,7 +4,7 @@ ######################### -use Test::More tests => 13; +use Test::More tests => 11; use strict; BEGIN { use_ok('Mail::ClamAV') }; @@ -78,26 +78,20 @@ ok(($c->maxfilesize == (1024 * 1028 * 20)), 'Set/Get maxfilesize'); my $f = "t/virus.eml"; -my $status = $c->scan($f, CL_SCAN_MAIL()); +my $status = $c->scan($f, CL_SCAN_MAIL()|CL_SCAN_ARCHIVE()); ok("$status" eq "Eicar-Test-Signature", 'Scan File'); open my $fh, "<", $f; -ok($c->scan($fh, CL_SCAN_MAIL())->virus, 'Scan FileHandle'); +ok($c->scan($fh, CL_SCAN_MAIL()|CL_SCAN_ARCHIVE())->virus, 'Scan FileHandle'); -$status = $c->scan($f, CL_SCAN_MAIL()); +$status = $c->scan($f, CL_SCAN_MAIL()|CL_SCAN_ARCHIVE()); ok("$status" eq "Eicar-Test-Signature", 'Scan File overload'); seek $fh, 0, 0; -$status = $c->scan($fh, CL_SCAN_MAIL()); +$status = $c->scan($fh, CL_SCAN_MAIL()|CL_SCAN_ARCHIVE()); ok("$status" eq "Eicar-Test-Signature", 'Scan FileHandle overload'); -eval { $status = $c->scan($f.substr($0, 0, 0), CL_SCAN_MAIL()) }; +eval { $status = $c->scan($f.substr($0, 0, 0), +CL_SCAN_MAIL()|CL_SCAN_ARCHIVE()) }; ok($@ and $@ =~ /tainted/, 'Scan tainted croaks'); - -open $fh, "<", "t/eicarcom2.zip"; -my $msg = do { local $/; <$fh> }; -$msg = $1 if $msg =~ /(.*)/s; -$status = $c->scanbuff($msg); -ok("$status" eq "Eicar-Test-Signature", 'Scan Buffer'); -ok($status->virus == 1, "Scan Buffer virus status"); ok((0 + $status) == 1, "Overload status"); ====================== snip ===================== -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : University of Durham : : http://www.dur.ac.uk/t.d.lee/ South Road : : Durham : : Phone: +44 191 334 2752 U.K. : ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcel-ml at IRC-ADDICTS.DE Fri Mar 4 17:08:03 2005 From: marcel-ml at IRC-ADDICTS.DE (Marcel Blenkers) Date: Thu Jan 12 21:28:50 2006 Subject: Question regarding IPBlock Message-ID: Hi there and sorry for the late answer.. On Thu, 24 Feb 2005, Kai Schaetzl wrote: > Marcel Blenkers wrote on Thu, 24 Feb 2005 14:36:33 +0100: > > > use the > > access-file with makemap to create the access.db? > > > > makemap is what gets used for creating access.db. If you want to run it > yourself, just do. > guess you got me wrong here ;) The Script IPBlock written by Julian and usable as extra script just adds the ips, which should be blocked, into the access.db-file. Means, there is no way to see the blocked ips within the access-file. So my question was really, if the script could be changed, to insert the blocked ips into the access-file, and then use makemap to generate the access.db itself. So every admin could check the access-file itself, delete the ip if needed, generate the new access.db with makemap and so those ips which are blocked, could be unblocked the easy way.. =) Currently the admin only gets the chance to see which ips are blocked, as he (or shee) is looking into the mail-og and searches for the String blocked by Mailscanner. I hope someone could make sense out of my sentences.. ;) Greetings Marcel ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Mar 4 17:19:16 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:50 2006 Subject: Question regarding IPBlock Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Marcel Blenkers wrote: >Hi there and sorry for the late answer.. > >On Thu, 24 Feb 2005, Kai Schaetzl wrote: > > > >>Marcel Blenkers wrote on Thu, 24 Feb 2005 14:36:33 +0100: >> >> >> >>>use the >>>access-file with makemap to create the access.db? >>> >>> >>> >>makemap is what gets used for creating access.db. If you want to run it >>yourself, just do. >> >> >> >guess you got me wrong here ;) > >The Script IPBlock written by Julian and usable as extra script just adds >the ips, which should be blocked, into the access.db-file. >Means, there is no way to see the blocked ips within the access-file. > > Yes there is. makemap -u hash access >So my question was really, if the script could be changed, to insert the >blocked ips into the access-file, and then use makemap to generate the >access.db itself. > >So every admin could check the access-file itself, delete the ip if >needed, generate the new access.db with makemap and so those ips which are >blocked, could be unblocked the easy way.. =) > >Currently the admin only gets the chance to see which ips are blocked, as >he (or shee) is looking into the mail-og and searches for the String >blocked by Mailscanner. > > The reason I wrote it the way I did is because you need to be able to (once an hour) remove all the IP addresses that were added by MailScanner, but leave all the entries that you put in the access map by hand. The easiest way to do that is to leave the text version alone, and add temporary IPs to the db file. Then hourly you simply rebuild the db file from the text file. If you can come up with a better system for doing this easily and efficiently (or better than mine) then please suggest it. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dnsadmin at 1BIGTHINK.COM Fri Mar 4 17:26:37 2005 From: dnsadmin at 1BIGTHINK.COM (DNSAdmin) Date: Thu Jan 12 21:28:50 2006 Subject: Question regarding IPBlock Message-ID: At 12:31 PM 2/24/2005, you wrote: >Marcel Blenkers wrote on Thu, 24 Feb 2005 14:36:33 +0100: > > > use the > > access-file with makemap to create the access.db? > > > >makemap is what gets used for creating access.db. If you want to run it >yourself, just do. > >Kai I just caught the tail-end of this conversation and was curious about the script. I had not heard of it. Where is it? I would like to investigate using it. Thank You! Glenn -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. http://www.sng.ecs.soton.ac.uk/mailscanner/ Configuration by Glenn Parsons dnsadmin-at-1bigthink.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rzewnickie at RFA.ORG Fri Mar 4 17:39:08 2005 From: rzewnickie at RFA.ORG (Eric Dantan Rzewnicki) Date: Thu Jan 12 21:28:50 2006 Subject: mcafee extra.dat Message-ID: If I want the mcafee autoupdate script to pull extra.dat, do I need to run it separately with the -e switch rather than via update_virus_scanners.cron? MailScanner-4.37.7 uvscan engine v4.3.20 -- Eric Dantan Rzewnicki | Systems Administrator Technical Operations Division | Radio Free Asia 2025 M Street, NW | Washington, DC 20036 | 202-530-4900 CONFIDENTIAL COMMUNICATION This e-mail message is intended only for the use of the addressee and may contain information that is privileged and confidential. Any unauthorized dissemination, distribution, or copying is strictly prohibited. If you receive this transmission in error, please contact network@rfa.org. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcel-ml at IRC-ADDICTS.DE Fri Mar 4 17:46:08 2005 From: marcel-ml at IRC-ADDICTS.DE (Marcel Blenkers) Date: Thu Jan 12 21:28:50 2006 Subject: Question regarding IPBlock Message-ID: Hi there, > > I just caught the tail-end of this conversation and was curious about the > script. I had not heard of it. Where is it? I would like to investigate > using it. > check ouz: /usr/lib/MailScanner/MailScanner and there the File: CustomConfig.pm search for IPBlock. Remember, if you like to use this function not to forget the ipclean-script as cronjob which could be found at the end of this file.. Greetings Marcel ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Fri Mar 4 18:12:18 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:50 2006 Subject: mcafee extra.dat Message-ID: The -e option to mcafee-autoupdate seem to be ... non-functional, you'll prolly need get it manually (we usually only implement extra.dats we receive from them in response to submissions... unless there's something really critical that the other scanners don't find). The logic behind them seem to be to fix (temporarily) problems while preparing the next set of DATs... And with McAfee going to daily updates I'm guessing the need for automated getting of extra.dat (aside from what is already there ... mcafee-autoupdate does look for it in the tar-file) will be less... But using extra.dat files... Just plop the extra.dat into /usr/loca/uvscan/datfiles/current directory to use it. The next update (via update_virus_scanners) will "move on", so no "extra" worries:-). (BTW, You should update your engine to 4400:) -- Glenn > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Eric Dantan Rzewnicki > Sent: den 4 mars 2005 18:39 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: mcafee extra.dat > > > If I want the mcafee autoupdate script to pull extra.dat, do I need to > run it separately with the -e switch rather than via > update_virus_scanners.cron? > > MailScanner-4.37.7 > uvscan engine v4.3.20 > -- > Eric Dantan Rzewnicki | Systems Administrator > Technical Operations Division | Radio Free Asia > 2025 M Street, NW | Washington, DC 20036 | 202-530-4900 > CONFIDENTIAL COMMUNICATION > This e-mail message is intended only for the use of the addressee and > may contain information that is privileged and confidential. Any > unauthorized dissemination, distribution, or copying is strictly > prohibited. If you receive this transmission in error, please contact > network@rfa.org. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ard at PERGAMENTUM.COM Fri Mar 4 18:29:38 2005 From: ard at PERGAMENTUM.COM (Alisdair Davey) Date: Thu Jan 12 21:28:50 2006 Subject: [Slightly OT] Phishing detection Message-ID: A quick question for people. The IT depeartment of the univesrity I used to work out just sent out a note about its virus scanner Macafee detecting a phishing attack. I use Clamav and F-Prot onmy mail gateways and see plenty of detections of phshing attacks from clamav, but none from fprot. If you use a different virus scanner can you let me know if it detects phishing attacks. Feel free to email me personally and I'll summarize to the list. Thanks Alisdair -- Dr Alisdair Davey ard@pergamentum.com Pergamentum Solutions Tel: 1-303-981-9838 2066 Dailey Lane Superior, CO 80027 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Fri Mar 4 18:30:33 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:50 2006 Subject: Virus being missed. (assumed) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I think I have a virus that is being missed by mailscanner/clamav. Mailscanner tags it as spam: X-SBSD-MailScanner-SpamCheck: spam, SpamAssassin (score=7.065, required 3.75, BAYES_60 0.37, DCC_CHECK 2.17, HTML_90_100 0.02, HTML_MESSAGE 0.00, HTML_SHORT_LENGTH 0.39, MIME_HTML_ONLY 0.18, MISSING_SUBJECT 1.23, MSGID_SPAM_LETTERS 2.71) The attachment has a rar file seams to be a randomly generated number with a file dddd.exe in it. Just an fyi. This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Fri Mar 4 18:41:10 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:50 2006 Subject: [Slightly OT] Phishing detection Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Alisdair Davey > Sent: den 4 mars 2005 19:30 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: [Slightly OT] Phishing detection > > > A quick question for people. The IT depeartment of the > univesrity I used to > work out just sent out a note about its virus scanner Macafee > detecting a > phishing attack. I use Clamav and F-Prot onmy mail gateways > and see plenty > of detections of phshing attacks from clamav, but none from > fprot. If you > use a different virus scanner can you let me know if it > detects phishing > attacks. Feel free to email me personally and I'll summarize > to the list. I use mcafee, clamav and bitdefender. Both mcafee and clamav detect phishing, with clamav being the one catching the most. Bitdefender does not do phishing, so... fprot isn't alone in this... and not entirely wrong either. Phishing is after all not really a virus type of thing. But having the click-happy users I do, I do appreciate that both clam and mcafee do detect/remove most:-). I've never seen a phish that clamav missed but mcafee caught. And if one wants to eb sure any phishing is real obvious, why not use MS phishing net? -- Glenn > Thanks > Alisdair > > -- > Dr Alisdair Davey ard@pergamentum.com > Pergamentum Solutions Tel: 1-303-981-9838 > 2066 Dailey Lane > Superior, CO 80027 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Fri Mar 4 18:42:22 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:50 2006 Subject: Virus being missed. (assumed) Message-ID: Try it at jotti.org and see what other scanners think. -- Glenn -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of David Curtis Sent: den 4 mars 2005 19:31 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Virus being missed. (assumed) I think I have a virus that is being missed by mailscanner/clamav. Mailscanner tags it as spam: X-SBSD-MailScanner-SpamCheck: spam, SpamAssassin (score=7.065, required 3.75, BAYES_60 0.37, DCC_CHECK 2.17, HTML_90_100 0.02, HTML_MESSAGE 0.00, HTML_SHORT_LENGTH 0.39, MIME_HTML_ONLY 0.18, MISSING_SUBJECT 1.23, MSGID_SPAM_LETTERS 2.71) The attachment has a rar file seams to be a randomly generated number with a file dddd.exe in it. Just an fyi. This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ^@ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Fri Mar 4 19:02:03 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:50 2006 Subject: Virus being missed. (assumed) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I guess it is time to look at using BitDefender. Someone want to point me to some help docs to get it setup with mailscanner and clamav?? Thanks for the info. It did find it: Service load: | 0% 100% File: 54543.rar Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) Packers detected: None AntiVir No viruses found (0.47 seconds taken) Avast No viruses found (1.50 seconds taken) AVG Antivirus No viruses found (0.48 seconds taken) BitDefender Win32.Bagle.BG@mm (0.51 seconds taken) ClamAV No viruses found (0.59 seconds taken) Dr.Web Win32.HLLM.Beagle.34304 (0.89 seconds taken) F-Prot Antivirus No viruses found (0.22 seconds taken) Fortinet W32/Bagle.BL-mm (0.41 seconds taken) Kaspersky Anti-Virus Email-Worm.Win32.Bagle.pac (0.99 seconds taken) mks_vir Worm.Beagle.AV (0.25 seconds taken) NOD32 Win32/Bagle.BA (0.50 seconds taken) Norman Virus Control No viruses found (0.19 seconds taken) Statistics Last piece of malware found was Win32/Bagle.BA in Entire_Message.eml, detected by: Scanner Malware name Time taken AntiVir X 0.48 seconds Avast X 1.53 seconds AVG Antivirus X 0.45 seconds BitDefender Win32.Bagle.BG@mm 0.68 seconds ClamAV X 1.80 seconds Dr.Web Win32.HLLM.Beagle.34304 0.91 seconds F-Prot Antivirus X 0.23 seconds Fortinet W32/Bagle.BL-mm 0.41 seconds Kaspersky Anti-Virus Email-Worm.Win32.Bagle.pac 1.01 seconds mks_vir Worm.Beagle.AV 0.26 seconds NOD32 Win32/Bagle.BA 0.50 seconds Norman Virus Control X 0.21 seconds >>> Glenn.Steen@AP1.SE 03/04 1:42 PM >>> Try it at jotti.org and see what other scanners think. -- Glenn -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of David Curtis Sent: den 4 mars 2005 19:31 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Virus being missed. (assumed) I think I have a virus that is being missed by mailscanner/clamav. Mailscanner tags it as spam: X-SBSD-MailScanner-SpamCheck: spam, SpamAssassin (score=7.065, required 3.75, BAYES_60 0.37, DCC_CHECK 2.17, HTML_90_100 0.02, HTML_MESSAGE 0.00, HTML_SHORT_LENGTH 0.39, MIME_HTML_ONLY 0.18, MISSING_SUBJECT 1.23, MSGID_SPAM_LETTERS 2.71) The attachment has a rar file seams to be a randomly generated number with a file dddd.exe in it. Just an fyi. This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Fri Mar 4 19:33:03 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:50 2006 Subject: Virus being missed. (assumed) Message-ID: At 01:30 PM 3/4/2005, David Curtis wrote: >I think I have a virus that is being missed by mailscanner/clamav. >Mailscanner tags it as spam: X-SBSD-MailScanner-SpamCheck: spam, >SpamAssassin (score=7.065, required 3.75, > BAYES_60 0.37, DCC_CHECK 2.17, HTML_90_100 0.02, HTML_MESSAGE 0.00, > HTML_SHORT_LENGTH 0.39, MIME_HTML_ONLY 0.18, MISSING_SUBJECT 1.23, > MSGID_SPAM_LETTERS 2.71) > >The attachment has a rar file seams to be a randomly generated number with >a file dddd.exe in it. Do you have the external unrar utility installed? (note: the latest version of rar costs, but there is a freeware command-line unrar for *nix) See: http://www.rarlab.com/rar_add.htm ClamAV's built-in rar support doesn't support the newer rar3 format, so you need to install the external unrar utility and then edit /usr/lib/MailScanner/clamav-wrapper to enable the --unrar parameter. You can use this site to send a rared eicar file.. It wasn't caught by clamav until I added external unrar support. http://www.info-techs.com/eicar.shtml ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Fri Mar 4 19:45:31 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:50 2006 Subject: Which Bayes files? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dhawal Doshy wrote: > Peter Russell wrote: > >> When i first build a mailscanner machine i make >> /etc/mail/spamassassin/local.cf a symlink to >> /etc/MailScanner/spam.assassin.prefs to avoid all these type of hassles. > > As pointed out by someone sometime back, this MIGHT be a bad idea as SA > will use both /etc/mail/spamassassin/local.cf & > /etc/MailScanner/spam.assassin.prefs thereby using more resources.. I > maybe wrong though. > > Can anyone clarify? It will parse them twice since it's looking for both and gets the same file but that's nothing to worry about. It only reads those files every time a MailScanner child is restarted which by default is every four hours. If it takes an extra millisecond to parse I don't care because it saves me a lot more time and trouble every time I want to use spamassassin and sa-learn from the command line. -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Fri Mar 4 19:51:25 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:28:50 2006 Subject: Virus being missed. (assumed) Message-ID: Hi! > I guess it is time to look at using BitDefender. Someone want to point > me to some help docs to get it setup with mailscanner and clamav?? Take the RPM and alter the MS config.... not that hard ;) Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Fri Mar 4 19:48:38 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:28:50 2006 Subject: Virus being missed. (assumed) Message-ID: Hi! > The attachment has a rar file seams to be a randomly generated number > with a file dddd.exe in it. > > Just an fyi. Thats for sure another Bagle, we allready submitted it to several vendors, some allready pick it up. Please test your file at virustotal.com The rar has made up numbers and inside there is dddd.exe, same pattern we noticed. Thanks for the heads up however. Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Fri Mar 4 20:07:15 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:50 2006 Subject: Virus being missed. (assumed) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I piped it through an online scanner and it caught it. Clam does not catch it yet. >>> mkettler@EVI-INC.COM 03/04 2:33 PM >>> At 01:30 PM 3/4/2005, David Curtis wrote: >I think I have a virus that is being missed by mailscanner/clamav. >Mailscanner tags it as spam: X-SBSD-MailScanner-SpamCheck: spam, >SpamAssassin (score=7.065, required 3.75, > BAYES_60 0.37, DCC_CHECK 2.17, HTML_90_100 0.02, HTML_MESSAGE 0.00, > HTML_SHORT_LENGTH 0.39, MIME_HTML_ONLY 0.18, MISSING_SUBJECT 1.23, > MSGID_SPAM_LETTERS 2.71) > >The attachment has a rar file seams to be a randomly generated number with >a file dddd.exe in it. Do you have the external unrar utility installed? (note: the latest version of rar costs, but there is a freeware command-line unrar for *nix) See: http://www.rarlab.com/rar_add.htm ClamAV's built-in rar support doesn't support the newer rar3 format, so you need to install the external unrar utility and then edit /usr/lib/MailScanner/clamav-wrapper to enable the --unrar parameter. You can use this site to send a rared eicar file.. It wasn't caught by clamav until I added external unrar support. http://www.info-techs.com/eicar.shtml ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Fri Mar 4 20:10:51 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:50 2006 Subject: Virus being missed. (assumed) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] What file? I downloaded and installed BitDefender-Console-Antivirus-7.0.1-3.linux-gcc3x.i586.rpm. when I run any commands i.e bdc --update I get errors: BDC/Linux-Console v7.0 (build 2490) (i386) (Dec 10 2003 16:11:35) Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. Error: core initialization failed: Libfn initialization failed I did an online chat with BitDefender but no Linux admins were available to help...sorry try back later... >>> raymond@PROLOCATION.NET 03/04 2:51 PM >>> Hi! > I guess it is time to look at using BitDefender. Someone want to point > me to some help docs to get it setup with mailscanner and clamav?? Take the RPM and alter the MS config.... not that hard ;) Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Fri Mar 4 20:16:11 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:28:50 2006 Subject: Virus being missed. (assumed) Message-ID: Hi! > What file? I downloaded and installed > BitDefender-Console-Antivirus-7.0.1-3.linux-gcc3x.i586.rpm. when I run > any commands i.e bdc --update I get errors: BDC/Linux-Console v7.0 > (build 2490) (i386) (Dec 10 2003 16:11:35) > Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. > > Error: core initialization failed: Libfn initialization failed > > I did an online chat with BitDefender but no Linux admins were > available to help...sorry try back later... > Take the RPM and alter the MS config.... not that hard ;) What about letting MailScanner update it? /usr/lib/MailScanner/bitdefender-autoupdate Finds them just fine: vmx02/current:Mar 4 21:05:49 vmx02 MailScanner[15570]: /var/spool/MailScanner/incoming/15570/./1D7J2h-00043J-ME/345556.rar=>dddd.exe infected: Win32.Bagle.BG@mm vmx02/current:Mar 4 21:07:04 vmx02 MailScanner[15532]: /var/spool/MailScanner/incoming/15532/./1D7J4V-00048r-9A/075466.rar=>dddd.exe infected: Win32.Bagle.BG@mm Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Fri Mar 4 20:19:38 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:50 2006 Subject: Virus being missed. (assumed) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Same type of error /usr/lib/MailScanner/bitdefender-autoupdate BDC/Linux-Console v7.0 (build 2490) (i386) (Dec 10 2003 16:11:35) Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. Error: can't find update dll >>> raymond@PROLOCATION.NET 03/04 3:16 PM >>> Hi! > What file? I downloaded and installed > BitDefender-Console-Antivirus-7.0.1-3.linux-gcc3x.i586.rpm. when I run > any commands i.e bdc --update I get errors: BDC/Linux-Console v7.0 > (build 2490) (i386) (Dec 10 2003 16:11:35) > Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. > > Error: core initialization failed: Libfn initialization failed > > I did an online chat with BitDefender but no Linux admins were > available to help...sorry try back later... > Take the RPM and alter the MS config.... not that hard ;) What about letting MailScanner update it? /usr/lib/MailScanner/bitdefender-autoupdate Finds them just fine: vmx02/current:Mar 4 21:05:49 vmx02 MailScanner[15570]: /var/spool/MailScanner/incoming/15570/./1D7J2h-00043J-ME/345556.rar=>dddd.exe infected: Win32.Bagle.BG@mm vmx02/current:Mar 4 21:07:04 vmx02 MailScanner[15532]: /var/spool/MailScanner/incoming/15532/./1D7J4V-00048r-9A/075466.rar=>dddd.exe infected: Win32.Bagle.BG@mm Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From zen23003 at ZEN.CO.UK Fri Mar 4 20:20:57 2005 From: zen23003 at ZEN.CO.UK (Paul Welsh) Date: Thu Jan 12 21:28:50 2006 Subject: Panda not working Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Steen, Glenn > Sent: 04 March 2005 09:47 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Panda not working > > > I've tried the command: > > > > /usr/lib/MailScanner/panda-wrapper /usr/bin/pavcl /tmp > Try > /usr/lib/MailScanner/panda-wrapper /usr /tmp > since the lines > $pavcl = shift; > $pavcl .= '/bin/pavcl'; > would first set $pavcl to /usr, then concatenate /bin/pavcl onto > that, making $pavcl (which is used further down) be /usr/bin/pavcl > > If that doesn't work, try it while standing in the /tmp directory. > Looking at it, it seems like the wrapper ignores any path, but > will preserve scanner options. Thanks, Glenn, but I still get "Virus: 0" whether I run the panda-wrapper command from /tmp or not. Anyone have any other ideas? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Fri Mar 4 20:23:40 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:28:50 2006 Subject: Virus being missed. (assumed) Message-ID: Hi! > BDC/Linux-Console v7.0 (build 2490) (i386) (Dec 10 2003 16:11:35) > Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. > > Error: can't find update dll >> any commands i.e bdc --update I get errors: BDC/Linux-Console v7.0 >> (build 2490) (i386) (Dec 10 2003 16:11:35) >> Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. You could try with the other one thats on their site, the 2.x gcc one? Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Fri Mar 4 20:28:32 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:50 2006 Subject: Virus being missed. (assumed) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I will give that a try...thanks. >>> raymond@PROLOCATION.NET 03/04 3:23 PM >>> Hi! > BDC/Linux-Console v7.0 (build 2490) (i386) (Dec 10 2003 16:11:35) > Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. > > Error: can't find update dll >> any commands i.e bdc --update I get errors: BDC/Linux-Console v7.0 >> (build 2490) (i386) (Dec 10 2003 16:11:35) >> Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. You could try with the other one thats on their site, the 2.x gcc one? Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Fri Mar 4 20:30:23 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:28:50 2006 Subject: Virus being missed. (assumed) Message-ID: Hi! > I will give that a try...thanks. >>> any commands i.e bdc --update I get errors: BDC/Linux-Console v7.0 >>> (build 2490) (i386) (Dec 10 2003 16:11:35) >>> Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. > > You could try with the other one thats on their site, the 2.x gcc one? Or manually forec a clamav update, it seems its added there also now: ClamAVModule::INFECTED:: Worm.Bagle.BA-RAR:: ./1D7JOx-0001hp-HY/345556.rar Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rzewnickie at RFA.ORG Fri Mar 4 20:31:13 2005 From: rzewnickie at RFA.ORG (Eric Dantan Rzewnicki) Date: Thu Jan 12 21:28:50 2006 Subject: mcafee extra.dat Message-ID: On Fri, Mar 04, 2005 at 07:12:18PM +0100, Steen, Glenn wrote: > The -e option to mcafee-autoupdate seem to be ... non-functional, That's what I thought from reading the script, but thought I must've been missing something. > you'll prolly need get it manually (we usually only implement > extra.dats we receive from them in response to submissions... unless > there's something really critical that the other scanners don't find). Ok. That's what happened here today. > The logic behind them seem to be to fix (temporarily) problems while > preparing the next set of DATs... And with McAfee going to daily updates > I'm guessing the need for automated getting of extra.dat (aside from > what is already there ... mcafee-autoupdate does look for it in the > tar-file) will be less... Ok. > But using extra.dat files... Just plop the extra.dat into > /usr/loca/uvscan/datfiles/current directory to use it. The next update > (via update_virus_scanners) will "move on", so no "extra" worries:-). Yup. I had that bit figured out. > (BTW, You should update your engine to 4400:) Ah. didn't know there had been a new engine released. Thanks. > > -----Original Message----- > > From: MailScanner mailing list > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Eric Dantan Rzewnicki > > Sent: den 4 mars 2005 18:39 > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: mcafee extra.dat > > > > > > If I want the mcafee autoupdate script to pull extra.dat, do I need to > > run it separately with the -e switch rather than via > > update_virus_scanners.cron? > > > > MailScanner-4.37.7 > > uvscan engine v4.3.20 -- Eric Dantan Rzewnicki | Systems Administrator Technical Operations Division | Radio Free Asia 2025 M Street, NW | Washington, DC 20036 | 202-530-4900 CONFIDENTIAL COMMUNICATION This e-mail message is intended only for the use of the addressee and may contain information that is privileged and confidential. Any unauthorized dissemination, distribution, or copying is strictly prohibited. If you receive this transmission in error, please contact network@rfa.org. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Fri Mar 4 20:38:38 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:50 2006 Subject: Virus being missed. (assumed) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have been impressed with clam but I am now hoping to run both. >>> raymond@PROLOCATION.NET 03/04 3:30 PM >>> Hi! > I will give that a try...thanks. >>> any commands i.e bdc --update I get errors: BDC/Linux-Console v7.0 >>> (build 2490) (i386) (Dec 10 2003 16:11:35) >>> Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. > > You could try with the other one thats on their site, the 2.x gcc one? Or manually forec a clamav update, it seems its added there also now: ClamAVModule::INFECTED:: Worm.Bagle.BA-RAR:: ./1D7JOx-0001hp-HY/345556.rar Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Fri Mar 4 21:58:46 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:28:50 2006 Subject: Virus being missed. (assumed) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On redhat4 or fc3 you need to the compat-libstc++ lib installed to get bitdefender working. http://kb.bitdefender.com/site/viewArticle/en/123/BitDefender_doesn't_install_on_Fedora_Core_3.html David Curtis wrote: > I have been impressed with clam but I am now hoping to run both. > > >>> raymond@PROLOCATION.NET 03/04 3:30 PM >>> > Hi! > > > I will give that a try...thanks. > > >>> any commands i.e bdc --update I get errors: BDC/Linux-Console v7.0 > >>> (build 2490) (i386) (Dec 10 2003 16:11:35) > >>> Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. > > > > You could try with the other one thats on their site, the 2.x gcc one? > > Or manually forec a clamav update, it seems its added there also now: > > ClamAVModule::INFECTED:: Worm.Bagle.BA-RAR:: ./1D7JOx-0001hp-HY/345556.rar > > Bye, > Raymond. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Fri Mar 4 21:58:17 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:50 2006 Subject: Virus being missed. (assumed) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks. I had been instructed to do that off list. I will. >>> pete@ENITECH.COM.AU 03/04 4:55 PM >>> Install compat libstdc++5 David Curtis wrote: > What file? I downloaded and installed > BitDefender-Console-Antivirus-7.0.1-3.linux-gcc3x.i586.rpm >. > when I run any commands i.e bdc --update I get errors: BDC/Linux-Console > v7.0 (build 2490) (i386) (Dec 10 2003 16:11:35) > Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. > > Error: core initialization failed: Libfn initialization failed > I did an online chat with BitDefender but no Linux admins were available > to help...sorry try back later... > > >>> raymond@PROLOCATION.NET 03/04 2:51 PM >>> > Hi! > > > I guess it is time to look at using BitDefender. Someone want to point > > me to some help docs to get it setup with mailscanner and clamav?? > > Take the RPM and alter the MS config.... not that hard ;) > > Bye, > Raymond. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Fri Mar 4 21:55:13 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:28:50 2006 Subject: Virus being missed. (assumed) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Install compat libstdc++5 David Curtis wrote: > What file? I downloaded and installed > BitDefender-Console-Antivirus-7.0.1-3.linux-gcc3x.i586.rpm > . > when I run any commands i.e bdc --update I get errors: BDC/Linux-Console > v7.0 (build 2490) (i386) (Dec 10 2003 16:11:35) > Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. > > Error: core initialization failed: Libfn initialization failed > I did an online chat with BitDefender but no Linux admins were available > to help...sorry try back later... > > >>> raymond@PROLOCATION.NET 03/04 2:51 PM >>> > Hi! > > > I guess it is time to look at using BitDefender. Someone want to point > > me to some help docs to get it setup with mailscanner and clamav?? > > Take the RPM and alter the MS config.... not that hard ;) > > Bye, > Raymond. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dcurtis at SBSCHOOLS.NET Fri Mar 4 23:31:55 2005 From: dcurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:50 2006 Subject: Virus being missed. (assumed) Message-ID: Thanks to all. I installed the compat-libstc++nd it works now. Now the big question. What do I need to do to get mailscanner to use both bitdefender and clam and update both??? Thanks, David Curtis dcurtis@sbschools.net (802) 652-7254 South Burlington School District 550 Dorset Street South Burlington, Vt 05403 >>> pete@ENITECH.COM.AU 03/04/05 4:58 PM >>> On redhat4 or fc3 you need to the compat-libstc++ lib installed to get bitdefender working. http://kb.bitdefender.com/site/viewArticle/en/123/BitDefender_doesn't_install_on_Fedora_Core_3.html David Curtis wrote: > I have been impressed with clam but I am now hoping to run both. > > >>> raymond@PROLOCATION.NET 03/04 3:30 PM >>> > Hi! > > > I will give that a try...thanks. > > >>> any commands i.e bdc --update I get errors: BDC/Linux-Console v7.0 > >>> (build 2490) (i386) (Dec 10 2003 16:11:35) > >>> Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. > > > > You could try with the other one thats on their site, the 2.x gcc one? > > Or manually forec a clamav update, it seems its added there also now: > > ClamAVModule::INFECTED:: Worm.Bagle.BA-RAR:: ./1D7JOx-0001hp-HY/345556.rar > > Bye, > Raymond. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Sat Mar 5 00:03:38 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:28:50 2006 Subject: Virus being missed. (assumed) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] You will need to read MailScanner.conf David Curtis wrote: > Thanks to all. I installed the compat-libstc++nd it works now. Now the > big question. What do I need to do to get mailscanner to use both > bitdefender and clam and update both??? > > Thanks, > David Curtis > dcurtis@sbschools.net > (802) 652-7254 > South Burlington School District > 550 Dorset Street > South Burlington, Vt 05403 > >>>>pete@ENITECH.COM.AU 03/04/05 4:58 PM >>> > > On redhat4 or fc3 you need to the compat-libstc++ lib installed to get > bitdefender working. > > http://kb.bitdefender.com/site/viewArticle/en/123/BitDefender_doesn't_install_on_Fedora_Core_3.html > > > > > David Curtis wrote: > >>I have been impressed with clam but I am now hoping to run both. >> >> >>> raymond@PROLOCATION.NET 03/04 3:30 PM >>> >>Hi! >> >> > I will give that a try...thanks. >> >> >>> any commands i.e bdc --update I get errors: BDC/Linux-Console > > v7.0 > >> >>> (build 2490) (i386) (Dec 10 2003 16:11:35) >> >>> Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. >> > >> > You could try with the other one thats on their site, the 2.x gcc > > one? > >>Or manually forec a clamav update, it seems its added there also now: >> >>ClamAVModule::INFECTED:: Worm.Bagle.BA-RAR:: > > ./1D7JOx-0001hp-HY/345556.rar > >>Bye, >>Raymond. >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> >> >> >> >> >>This email may contain information protected under the Family >>Educational Rights and Privacy Act (FERPA) or the Health Insurance >>Portability and Accountability Act (HIPAA). If this email contains >>confidential and/or privileged health or student information and you >>are not entitled to access such information under FERPA or HIPAA, >>federal regulations require that you destroy this email without >>reviewing it and you may not forward it to anyone. >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) >>and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>*Support MailScanner development - buy the book off the website!* > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Sat Mar 5 00:05:12 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:28:50 2006 Subject: Virus being missed. (oops) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] You will need to read MailScanner.conf - it has clear instructions for adding all of your virus scanners. No need to do anything about updating them, MailScanner takes care of this for you. David Curtis wrote: > Thanks to all. I installed the compat-libstc++nd it works now. Now the > big question. What do I need to do to get mailscanner to use both > bitdefender and clam and update both??? > > Thanks, > David Curtis > dcurtis@sbschools.net > (802) 652-7254 > South Burlington School District > 550 Dorset Street > South Burlington, Vt 05403 > >>>>pete@ENITECH.COM.AU 03/04/05 4:58 PM >>> > > On redhat4 or fc3 you need to the compat-libstc++ lib installed to get > bitdefender working. > > http://kb.bitdefender.com/site/viewArticle/en/123/BitDefender_doesn't_install_on_Fedora_Core_3.html > > > > > David Curtis wrote: > >>I have been impressed with clam but I am now hoping to run both. >> >> >>> raymond@PROLOCATION.NET 03/04 3:30 PM >>> >>Hi! >> >> > I will give that a try...thanks. >> >> >>> any commands i.e bdc --update I get errors: BDC/Linux-Console > > v7.0 > >> >>> (build 2490) (i386) (Dec 10 2003 16:11:35) >> >>> Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. >> > >> > You could try with the other one thats on their site, the 2.x gcc > > one? > >>Or manually forec a clamav update, it seems its added there also now: >> >>ClamAVModule::INFECTED:: Worm.Bagle.BA-RAR:: > > ./1D7JOx-0001hp-HY/345556.rar > >>Bye, >>Raymond. >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> >> >> >> >> >>This email may contain information protected under the Family >>Educational Rights and Privacy Act (FERPA) or the Health Insurance >>Portability and Accountability Act (HIPAA). If this email contains >>confidential and/or privileged health or student information and you >>are not entitled to access such information under FERPA or HIPAA, >>federal regulations require that you destroy this email without >>reviewing it and you may not forward it to anyone. >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) >>and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>*Support MailScanner development - buy the book off the website!* > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Sat Mar 5 00:14:49 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:28:50 2006 Subject: Virus being missed. (assumed) Message-ID: Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of David Curtis > Sent: Friday, March 04, 2005 6:32 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Virus being missed. (assumed) > > Thanks to all. I installed the compat-libstc++nd it works now. Now the > big question. What do I need to do to get mailscanner to use both > bitdefender and clam and update both??? > Couldn't be easier, in MailScanner.conf: Virus Scanners = clamav bitdefender Or better, if you've installed the perl Module Mail::ClamAV Virus Scanners = clamavmodule bitdefender As soon as you installed BitDefender, MailScanner found it and started updating it. Julian (correctly) believes that if a Virus Scanner is installed, it should be updated so that if and when you decide to use it, the definition files will be up to date :) Hope this helps, Steve Swaney President Fortress Systems Ltd. www.fsl.com steve.swaney@fsl.com > Thanks, > David Curtis > dcurtis@sbschools.net > (802) 652-7254 > South Burlington School District > 550 Dorset Street > South Burlington, Vt 05403 > >>> pete@ENITECH.COM.AU 03/04/05 4:58 PM >>> > On redhat4 or fc3 you need to the compat-libstc++ lib installed to get > bitdefender working. > > http://kb.bitdefender.com/site/viewArticle/en/123/BitDefender_doesn't_inst > all_on_Fedora_Core_3.html > > > > > David Curtis wrote: > > I have been impressed with clam but I am now hoping to run both. > > > > >>> raymond@PROLOCATION.NET 03/04 3:30 PM >>> > > Hi! > > > > > I will give that a try...thanks. > > > > >>> any commands i.e bdc --update I get errors: BDC/Linux-Console > v7.0 > > >>> (build 2490) (i386) (Dec 10 2003 16:11:35) > > >>> Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. > > > > > > You could try with the other one thats on their site, the 2.x gcc > one? > > > > Or manually forec a clamav update, it seems its added there also now: > > > > ClamAVModule::INFECTED:: Worm.Bagle.BA-RAR:: > ./1D7JOx-0001hp-HY/345556.rar > > > > Bye, > > Raymond. > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > > > > > > > > This email may contain information protected under the Family > > Educational Rights and Privacy Act (FERPA) or the Health Insurance > > Portability and Accountability Act (HIPAA). If this email contains > > confidential and/or privileged health or student information and you > > are not entitled to access such information under FERPA or HIPAA, > > federal regulations require that you destroy this email without > > reviewing it and you may not forward it to anyone. > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > *Support MailScanner development - buy the book off the website!* > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dcurtis at SBSCHOOLS.NET Sat Mar 5 03:07:02 2005 From: dcurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:50 2006 Subject: Virus being missed. (assumed) Message-ID: It does help. And thanks to all. This list is very informative and has great quick responce. Thanks, David Curtis dcurtis@sbschools.net (802) 652-7254 South Burlington School District 550 Dorset Street South Burlington, Vt 05403 >>> steve.swaney@FSL.COM 03/04/05 7:14 PM >>> Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of David Curtis > Sent: Friday, March 04, 2005 6:32 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Virus being missed. (assumed) > > Thanks to all. I installed the compat-libstc++nd it works now. Now the > big question. What do I need to do to get mailscanner to use both > bitdefender and clam and update both??? > Couldn't be easier, in MailScanner.conf: Virus Scanners = clamav bitdefender Or better, if you've installed the perl Module Mail::ClamAV Virus Scanners = clamavmodule bitdefender As soon as you installed BitDefender, MailScanner found it and started updating it. Julian (correctly) believes that if a Virus Scanner is installed, it should be updated so that if and when you decide to use it, the definition files will be up to date :) Hope this helps, Steve Swaney President Fortress Systems Ltd. www.fsl.com steve.swaney@fsl.com > Thanks, > David Curtis > dcurtis@sbschools.net > (802) 652-7254 > South Burlington School District > 550 Dorset Street > South Burlington, Vt 05403 > >>> pete@ENITECH.COM.AU 03/04/05 4:58 PM >>> > On redhat4 or fc3 you need to the compat-libstc++ lib installed to get > bitdefender working. > > http://kb.bitdefender.com/site/viewArticle/en/123/BitDefender_doesn't_inst > all_on_Fedora_Core_3.html > > > > > David Curtis wrote: > > I have been impressed with clam but I am now hoping to run both. > > > > >>> raymond@PROLOCATION.NET 03/04 3:30 PM >>> > > Hi! > > > > > I will give that a try...thanks. > > > > >>> any commands i.e bdc --update I get errors: BDC/Linux-Console > v7.0 > > >>> (build 2490) (i386) (Dec 10 2003 16:11:35) > > >>> Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. > > > > > > You could try with the other one thats on their site, the 2.x gcc > one? > > > > Or manually forec a clamav update, it seems its added there also now: > > > > ClamAVModule::INFECTED:: Worm.Bagle.BA-RAR:: > ./1D7JOx-0001hp-HY/345556.rar > > > > Bye, > > Raymond. > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > > > > > > > > This email may contain information protected under the Family > > Educational Rights and Privacy Act (FERPA) or the Health Insurance > > Portability and Accountability Act (HIPAA). If this email contains > > confidential and/or privileged health or student information and you > > are not entitled to access such information under FERPA or HIPAA, > > federal regulations require that you destroy this email without > > reviewing it and you may not forward it to anyone. > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > *Support MailScanner development - buy the book off the website!* > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Sat Mar 5 03:53:56 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:28:50 2006 Subject: OT postfix question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi i have postfix machines here and i have installed and config them the sam eway i always have. But for some reason all messages to root are sent to root@thehostname.thedomainname instead of just root Then instead of mail just goiing to the root account it ends getting stuck in a routing loop. Because i have no local mail delivery and use transport maps to route mail to another machine for the thedomainname. How do i force all system logging to just go to root, instead of root@thehostname.thedomainname Thanks Pete ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Sat Mar 5 09:12:35 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:28:50 2006 Subject: OT postfix question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Pete Russell wrote: > Hi i have postfix machines here and i have installed and config them the > sam eway i always have. But for some reason all messages to root are > sent to > root@thehostname.thedomainname > instead of just > root > > Then instead of mail just goiing to the root account it ends getting > stuck in a routing loop. Because i have no local mail delivery and use > transport maps to route mail to another machine for the thedomainname. > > How do i force all system logging to just go to root, instead of > root@thehostname.thedomainname Pete Couple of places to check, first your aliases file. Where are you aliasing root to? Secondly, check you main.cf under Sending mail have you set that all main from this host should be sent from $myhostname or $mydomain? HTH Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Sat Mar 5 09:42:13 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:28:50 2006 Subject: OT postfix question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] NOthing specified in Sending sectionof main.cf Root wasnt aliased at all, just let root mail fill up. I have tried to create root: root@localhost but it doesnt help. I think this is because that once it is sent as root@thehostname,thedomain name it is routed as though it its anything@thedomainname its no longer relevnat that its root? Its starting to drive me nuts. Drew Marshall wrote: > Pete Russell wrote: > >> Hi i have postfix machines here and i have installed and config them the >> sam eway i always have. But for some reason all messages to root are >> sent to >> root@thehostname.thedomainname >> instead of just >> root >> >> Then instead of mail just goiing to the root account it ends getting >> stuck in a routing loop. Because i have no local mail delivery and use >> transport maps to route mail to another machine for the thedomainname. >> >> How do i force all system logging to just go to root, instead of >> root@thehostname.thedomainname > > > Pete > > Couple of places to check, first your aliases file. Where are you > aliasing root to? > > Secondly, check you main.cf under Sending mail have you set that all > main from this host should be sent from $myhostname or $mydomain? > > HTH > > Drew > > -- > In line with our policy, this message has > been scanned for viruses and dangerous > content by MailScanner, and is believed to be clean. > www.themarshalls.co.uk/policy > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Sat Mar 5 09:47:03 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:28:50 2006 Subject: OT postfix question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Pete Russell wrote: > NOthing specified in Sending sectionof main.cf Try specifying 'myorigin = $mydomain' (Without the quotes!), reload Postfix and see what you get. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcel-ml at IRC-ADDICTS.DE Sat Mar 5 15:07:06 2005 From: marcel-ml at IRC-ADDICTS.DE (Marcel Blenkers) Date: Thu Jan 12 21:28:50 2006 Subject: antivir update Message-ID: Hi there, just a quck question... am i the only one, or does it seems to me, that the command antivir --update is not working?? seems to be that their server is down.. Anyone experiencing the same? Greetings Marcel ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Mar 5 16:00:07 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:50 2006 Subject: 4.40.1 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have just released the first beta of the next release which will appear in stable form at the start of April (jokes notwithstanding!). The only fix should be to correct the handling of viruses that are listed in the "Silent Viruses" list (or which are covered by "All-Viruses" there) while also being listed in the "Non-Forging Viruses" list. The symptom of the fault was that the body of the email message referred you to an Attachment-Warning.txt which wasn't actually present. This symptom has now gone. It may seem a trivial fix, but it is always the apparently trivial changes that have the greatest side-effect! So if you could test this release for me, it would be much appreciated. Thanks folks! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dh at UPTIME.AT Sat Mar 5 16:53:38 2005 From: dh at UPTIME.AT (David H.) Date: Thu Jan 12 21:28:50 2006 Subject: 4.40.1 Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Julian Field wrote: | I have just released the first beta of the next release which will | appear in stable form at the start of April (jokes notwithstanding!). | Runs Ok on my test system which is low volume though - -d -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (Darwin) iD8DBQFCKeQSPMoaMn4kKR4RA05AAJ9uyV8q39nJA1cNQqbGNVOL6n18TgCfVM6O G4Vbf/WXsEyzF9haxaYEjoQ= =+qsg -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ldg at TLS.NET Sat Mar 5 17:10:24 2005 From: ldg at TLS.NET (Dave Goodrich) Date: Thu Jan 12 21:28:50 2006 Subject: Vicious Circle Message-ID: I really hate spammers, no really, I hate them. The world does not need these people. I have two mailscanner machines listening on the outside, both use mailertable to route to my mail toasters running qmail/vpopmail. I had been getting buried with dictionary attacks so I installed chkuser to my qmail-smtp daemons. Excellent, now my qmail queue is dropping, load is coming down, no more deliveries to non-existant users. Unfortunately now my MailScanner machines queues are filling up with these insidious undeliverable bounces. Arrrrgggggg!!!!!!!!!!!!!!!!!!!! I have MailScanner reset so it can process the additional messages, increased my number of processes to 5 per cpu (10) and MailScanner is pushing them right on through. Good. I've set Sendmail's Double_Bounce_Address to an emtpy string which should drop double bounces. But my outgoing queue continues to grow with bounces becuase I can't deliver the "No User Here" bounces from my toasters. I am at a loss, the root of the issue is I have 100k messages a day, some just *might* be legitimate address misspellings, I can't drop all bounces. But the vast majority are trash. Whats a sysadmin to do? DAve -- Dave Goodrich Systems Administrator http://www.tls.net Get rid of Unwanted Emails...get TLS Spam Blocker! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Mar 5 19:14:14 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:50 2006 Subject: Vicious Circle Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Do all the bounces contain a consistent subject line? Add a rule in sendmail to reject messages whose subject lines match some words? Dave Goodrich wrote: > I really hate spammers, no really, I hate them. The world does not need > these people. > > I have two mailscanner machines listening on the outside, both use > mailertable to route to my mail toasters running qmail/vpopmail. I had > been getting buried with dictionary attacks so I installed chkuser to my > qmail-smtp daemons. Excellent, now my qmail queue is dropping, load is > coming down, no more deliveries to non-existant users. > > Unfortunately now my MailScanner machines queues are filling up with > these insidious undeliverable bounces. Arrrrgggggg!!!!!!!!!!!!!!!!!!!! > I have MailScanner reset so it can process the additional messages, > increased my number of processes to 5 per cpu (10) and MailScanner is > pushing them right on through. Good. I've set Sendmail's > Double_Bounce_Address to an emtpy string which should drop double > bounces. > > But my outgoing queue continues to grow with bounces becuase I can't > deliver the "No User Here" bounces from my toasters. > > I am at a loss, the root of the issue is I have 100k messages a day, > some just *might* be legitimate address misspellings, I can't drop all > bounces. But the vast majority are trash. > > Whats a sysadmin to do? > > DAve > > -- > Dave Goodrich > Systems Administrator > http://www.tls.net > Get rid of Unwanted Emails...get TLS Spam Blocker! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dh at UPTIME.AT Sat Mar 5 19:50:22 2005 From: dh at UPTIME.AT (David H.) Date: Thu Jan 12 21:28:50 2006 Subject: Vicious Circle Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Dave Goodrich wrote: | | Whats a sysadmin to do? | Sorry for being blunt, but you should read this list more carefully :) milter-ahead or milter-sender are your friend. If they are not to your liking you may implement your own milter using the Perl Milter API. Using those three techniques or LDAP based routing/lookups for sendmail you can easily avoid the bounces :) - -d | Get rid of Unwanted Emails...get TLS Spam Blocker! ~ ^^^^^^^^^^^^^^^^^^^^ What's a TLS Spam blocker ? :) - -d -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (Darwin) iD8DBQFCKg19PMoaMn4kKR4RA8W8AJsFelO8j4pe2XQ+pXhk7ceARSt0tQCfRV20 mmo12qxEC3gl7314sCjgttc= =t5Uf -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Mar 5 20:02:05 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:50 2006 Subject: 4.40.2 -- RAR 3 support Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] With credit for doing the hard work going to Rick Cooper: I have just released 4.40.2. This includes external RAR unpacking for clamavmodule. It also uses the unrar command to look inside RAR archives to check for blocked filenames and filetypes, and also to see if the RAR archive is password-protected. There are 2 new configuration options, "Unrar Command" and "Unrar Timeout". Both of these will of course be added by upgrade_MailScanner_conf. Please let me know what you think. Download from www.mailscanner.info as usual. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vlad at MAZEK.COM Sat Mar 5 21:46:00 2005 From: vlad at MAZEK.COM (Vlad Mazek) Date: Thu Jan 12 21:28:50 2006 Subject: Vicious Circle Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] David H. wrote: > > milter-ahead or milter-sender are your friend. If they are not to your > liking > you may implement your own milter using the Perl Milter API. Using > those three > techniques or LDAP based routing/lookups for sendmail you can easily > avoid the > bounces :) > I sincerely apologize for my ignorance ahead of time, this is really not meant to start a flame war: Is maintaining a list of valid recipients on a gateway really that big of a problem that you have to run around your systems compiling and configuring various milters? We have thousands of clients that run everything from pif to Exchange and the subject of verifying recipients has not come up once in over five years - just add them to the gateway when you make their mailbox. -Vlad ExchangeDefender.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Mar 5 21:51:48 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:50 2006 Subject: Vicious Circle Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Vlad Mazek wrote: > David H. wrote: > >> >> milter-ahead or milter-sender are your friend. If they are not to your >> liking >> you may implement your own milter using the Perl Milter API. Using >> those three >> techniques or LDAP based routing/lookups for sendmail you can easily >> avoid the >> bounces :) >> > I sincerely apologize for my ignorance ahead of time, this is really not > meant to start a flame war: We don't do flame wars here :-) > Is maintaining a list of valid recipients on a gateway really that big > of a problem that you have to run around your systems compiling and > configuring various milters? We have thousands of clients that run > everything from pif to Exchange and the subject of verifying recipients > has not come up once in over five years - just add them to the gateway > when you make their mailbox. You only need to install the milters on your MX's, so it's not that big a job. It comes down to the difference between a little bit of maintenance (keeping the gateway lists up to date and accurate) and no maintenance at all (using a milter). > > -Vlad > ExchangeDefender.com > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vlad at MAZEK.COM Sat Mar 5 21:57:24 2005 From: vlad at MAZEK.COM (Vlad Mazek) Date: Thu Jan 12 21:28:50 2006 Subject: Vicious Circle Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > You only need to install the milters on your MX's, so it's not that big > a job. It comes down to the difference between a little bit of > maintenance (keeping the gateway lists up to date and accurate) and no > maintenance at all (using a milter). To me it seems like having to support yet another piece of software that can fail, that needs to be planned and re-deployed during an upgrade. I guess it just comes down to personal preference of where and when you'd like to do the work. I have personally been burned by milters in the past and prefer to defer their functionality to more stable code whenever possible. -Vlad ExchangeDefender ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Sat Mar 5 22:10:37 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:28:50 2006 Subject: Vicious Circle Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Does qmail have a recipient map/mailertable type text list of users in a "user OK/REJECT" type format? If so then there are scripts, in the MAQ, that you can cron that will ldap query your exchange/ldap server address book for the lists of recipients and build the lists for you. We run them hourly. Its not a big deal, just ahve a look at all the different methods - and triple test before you deploy so you dont end up rejecting mail to the boss during testing :) Vlad Mazek wrote: >> You only need to install the milters on your MX's, so it's not that big >> a job. It comes down to the difference between a little bit of >> maintenance (keeping the gateway lists up to date and accurate) and no >> maintenance at all (using a milter). > > > > To me it seems like having to support yet another piece of software that > can fail, that needs to be planned and re-deployed during an upgrade. I > guess it just comes down to personal preference of where and when you'd > like to do the work. I have personally been burned by milters in the > past and prefer to defer their functionality to more stable code > whenever possible. > > -Vlad > ExchangeDefender > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jrudd at UCSC.EDU Sat Mar 5 22:37:02 2005 From: jrudd at UCSC.EDU (John Rudd) Date: Thu Jan 12 21:28:50 2006 Subject: Vicious Circle Message-ID: On Mar 5, 2005, at 9:10 AM, Dave Goodrich wrote: > > I am at a loss, the root of the issue is I have 100k messages a day, > some just *might* be legitimate address misspellings, I can't drop all > bounces. But the vast majority are trash. > > Whats a sysadmin to do? > (while everyone else is telling you what you should have done to prevent this, I'll answer this part: what you can do while it's happening ... though, you're probably already through the bulk of it) I have two scripts I run, qstat and qflush. You're going to probably want to run them (as root) like: # qstat mqueue # qflush mqueue relay.domain.tld (where relay.domain.tld is something you pull out of the results of qstat) You may get some errors from qflush about the files not being there. That just means sendmail got rid of them before you could (or mailscanner finished scanning them, if you're running against mqueue.in, before you got to cleaning them out). 1) qstat - identify the relays of the messages in your queue (I assume that they're in mqueue now, and not mqueue.in, but it's just a slight substitution if they're in mqueue.in: I use this technique to filter out mail bombs that are clogging up mqueue.in): #!/bin/sh if [ "$#" -ne "1" ]; then echo "usage: qstat queue" echo " queue = mqueue | mqueue.in" fi cd /var/spool/$1 # this next blob is all one line, but my mail program might wrap it wrong /bin/ls | /bin/grep "^qf" | /bin/xargs -I file grep "^._" file | /bin/sed -e "s/ ^._//" | /bin/sort | /bin/uniq -c | /bin/sort -n | /bin/tail -5 # end This will tell you who the top 5 relays are. If you got a mail bomb or dictionary attack from a single source, it will be REALLY obvious who is dominating your mail queue from this. 2) qflush - flush the bad relay out of your queue: #!/bin/sh if [ "$#" -lt "2" ]; then echo "usage: qflush queue pattern" echo " queue = mqueue.in | mqueue" echo " pattern = hostname in qf:\$_" fi if [ "$#" -ge "3" ]; then echo "usage: qflush queue pattern" echo " queue = mqueue.in | mqueue" echo " pattern = hostname in qf:\$_" fi cd /var/spool/$1 # this next blob is all one line, but my mail program might wrap it wrong /bin/ls | /bin/grep "^qf" | /bin/xargs -I file /bin/grep -l "^._$2" file | /bin/grep -vi "no such file" | /bin/sed -e "s/^qf/rm \?\?/" -e "s/:.*//" > /tmp/qflush.$$ /bin/sh /tmp/qflush.$$ /bin/rm /tmp/qflush.$$ # end ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jrudd at UCSC.EDU Sat Mar 5 22:40:01 2005 From: jrudd at UCSC.EDU (John Rudd) Date: Thu Jan 12 21:28:50 2006 Subject: Vicious Circle Message-ID: Hrm. I just realized that what I just sent probably wont be that helpful afterall, because they're all going to be from localhost (daemon bounces). I should have thought of that. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ldg at TLS.NET Sun Mar 6 05:04:10 2005 From: ldg at TLS.NET (Dave Goodrich) Date: Thu Jan 12 21:28:50 2006 Subject: Vicious Circle Message-ID: David H. wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: RIPEMD160 > > Dave Goodrich wrote: > > | > | Whats a sysadmin to do? > | > Sorry for being blunt, but you should read this list more carefully :) It's one I read every message from, every day. > > milter-ahead or milter-sender are your friend. If they are not to your > liking > you may implement your own milter using the Perl Milter API. Using those > three > techniques or LDAP based routing/lookups for sendmail you can easily > avoid the > bounces :) It's not the bounces I want to stop. It's the fact that I have bounces to mailservers that don't exist, won't accept connections, are not where the message originated from. The mechanics of the mail process I can deal with, it's the deceptive practices of spammers. I don't know if a bounce is valid until I try to send it. Either the bounce message is accepted or not. If accepted, chances are it was a valid bounce. If not, then it is to late, I've already processed the message. If I understand what you and most others are suggesting, I should move my user validation from the toasters to the MailScanners. I thought of this, and I think it could be done since my vpopmail is using MySQL auth. However that would not stop the bounces. Unless I totally misunderstand. > > - -d > > | Get rid of Unwanted Emails...get TLS Spam Blocker! > ~ ^^^^^^^^^^^^^^^^^^^^ > What's a TLS Spam blocker ? :) > Marketing Speak for SpamAssassin + custom rules + MTA blocking + SquirrelMail SA preferences. DAve -- Dave Goodrich Systems Administrator http://www.tls.net Get rid of Unwanted Emails...get TLS Spam Blocker! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ldg at TLS.NET Sun Mar 6 05:10:13 2005 From: ldg at TLS.NET (Dave Goodrich) Date: Thu Jan 12 21:28:50 2006 Subject: Vicious Circle Message-ID: John Rudd wrote: > On Mar 5, 2005, at 9:10 AM, Dave Goodrich wrote: > >> >> I am at a loss, the root of the issue is I have 100k messages a day, >> some just *might* be legitimate address misspellings, I can't drop all >> bounces. But the vast majority are trash. >> >> Whats a sysadmin to do? >> > > (while everyone else is telling you what you should have done to > prevent this, I'll answer this part: what you can do while it's > happening ... though, you're probably already through the bulk of it) Yep, dropping double bounces has helped. > > I have two scripts I run, qstat and qflush. You're going to probably > want to run them (as root) like: Ahh, those will help to clean out the cruft without waiting for the changes to take place. Thanks, DAve > > # qstat mqueue > # qflush mqueue relay.domain.tld > (where relay.domain.tld is something you pull out of the results of > qstat) > > You may get some errors from qflush about the files not being there. > That just means sendmail got rid of them before you could (or > mailscanner finished scanning them, if you're running against > mqueue.in, before you got to cleaning them out). > > > 1) qstat - identify the relays of the messages in your queue (I assume > that they're in mqueue now, and not mqueue.in, but it's just a slight > substitution if they're in mqueue.in: I use this technique to filter > out mail bombs that are clogging up mqueue.in): > > #!/bin/sh > > if [ "$#" -ne "1" ]; then > echo "usage: qstat queue" > echo " queue = mqueue | mqueue.in" > fi > > cd /var/spool/$1 > > # this next blob is all one line, but my mail program might wrap it > wrong > /bin/ls | /bin/grep "^qf" | /bin/xargs -I file grep "^._" file | > /bin/sed -e "s/ > ^._//" | /bin/sort | /bin/uniq -c | /bin/sort -n | /bin/tail -5 > > # end > > > This will tell you who the top 5 relays are. If you got a mail bomb or > dictionary attack from a single source, it will be REALLY obvious who > is dominating your mail queue from this. > > > 2) qflush - flush the bad relay out of your queue: > > #!/bin/sh > > if [ "$#" -lt "2" ]; then > echo "usage: qflush queue pattern" > echo " queue = mqueue.in | mqueue" > echo " pattern = hostname in qf:\$_" > fi > > if [ "$#" -ge "3" ]; then > echo "usage: qflush queue pattern" > echo " queue = mqueue.in | mqueue" > echo " pattern = hostname in qf:\$_" > fi > > cd /var/spool/$1 > > # this next blob is all one line, but my mail program might wrap it > wrong > /bin/ls | /bin/grep "^qf" | /bin/xargs -I file /bin/grep -l "^._$2" > file | /bin/grep -vi "no such file" | /bin/sed -e "s/^qf/rm \?\?/" -e > "s/:.*//" > /tmp/qflush.$$ > > /bin/sh /tmp/qflush.$$ > > /bin/rm /tmp/qflush.$$ > # end > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Dave Goodrich Systems Administrator http://www.tls.net Get rid of Unwanted Emails...get TLS Spam Blocker! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ldg at TLS.NET Sun Mar 6 05:12:28 2005 From: ldg at TLS.NET (Dave Goodrich) Date: Thu Jan 12 21:28:50 2006 Subject: Vicious Circle Message-ID: Julian Field wrote: > Do all the bounces contain a consistent subject line? Add a rule in > sendmail to reject messages whose subject lines match some words? I could but I don't want to reject any valid messages. While the chance that one rejection in one thousand ( I'm being very generous here ) really is a valid message with a misspelled address, I want to handle it properly. I'm still watching the queue and the growth has slowed down. I have set Double_Bounce_Address to an empty string in both my sendmail.cf and my submit.cf, changed my queue lifetime to 24 hours from 48. All double bounces are now being dropped and messages are being removed from the queue faster. Thanks, DAve > > Dave Goodrich wrote: > >> I really hate spammers, no really, I hate them. The world does not need >> these people. >> >> I have two mailscanner machines listening on the outside, both use >> mailertable to route to my mail toasters running qmail/vpopmail. I had >> been getting buried with dictionary attacks so I installed chkuser to my >> qmail-smtp daemons. Excellent, now my qmail queue is dropping, load is >> coming down, no more deliveries to non-existant users. >> >> Unfortunately now my MailScanner machines queues are filling up with >> these insidious undeliverable bounces. Arrrrgggggg!!!!!!!!!!!!!!!!!!!! >> I have MailScanner reset so it can process the additional messages, >> increased my number of processes to 5 per cpu (10) and MailScanner is >> pushing them right on through. Good. I've set Sendmail's >> Double_Bounce_Address to an emtpy string which should drop double >> bounces. >> >> But my outgoing queue continues to grow with bounces becuase I can't >> deliver the "No User Here" bounces from my toasters. >> >> I am at a loss, the root of the issue is I have 100k messages a day, >> some just *might* be legitimate address misspellings, I can't drop all >> bounces. But the vast majority are trash. >> >> Whats a sysadmin to do? >> >> DAve -- Dave Goodrich Systems Administrator http://www.tls.net Get rid of Unwanted Emails...get TLS Spam Blocker! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun Mar 6 16:41:47 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:50 2006 Subject: Outstanding feature/fix requests? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Other than a minor cosmetic one I can't reproduce, I don't think I have any outstanding requests for fixes. Does anyone know of any fixes or features they would like to see, that I haven't yet done? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dh at UPTIME.AT Sun Mar 6 16:51:14 2005 From: dh at UPTIME.AT (David H.) Date: Thu Jan 12 21:28:50 2006 Subject: RFC: CRM114 intergration something that some would use? Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Greetings. Finally I think I have found a way to contribute back to the MailScanner community. I believe that bayes does a reasonable job, but looking at recent writing and http://crm114.sourceforge.net/ I do feel that it would be a good enhancement to MailScanner. There is a milter based solution for Sendmail users which is based on Sendmail::Milter. As a sendmail user this is a solution I would prefer, since it is quite easy to add custom rules to Spamassassin to watch for the CRM114 header. However I feel that this is something that would limit its use and I wonder how this could be implemented with MailScanner directly. The question is whether this should run as a custom function or be more tightly integrated into MailScanner. I would like to have a way to influence MailScanner scoring based on the values returned by CRM114. Either by adding appropriate rule sets to Spamassassin (which implies the CRM114 check has to run before Spamassassin) or by somehow modifying the total score at the end of the run. I consider this a serious project, based on your input I would either implement it only for my systems or try to come up with a solution and contribute the patches. Thank you. - -d -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (Darwin) iD8DBQFCKzUCPMoaMn4kKR4RA07jAKCNE1oDcxHWrt00tSFcuuGb2ABLjQCfVb/G bbQJvroILodPOAxRoiRpU9Q= =fIpT -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mgt at STELLARCORE.NET Sun Mar 6 17:38:19 2005 From: mgt at STELLARCORE.NET (Mike Tremaine) Date: Thu Jan 12 21:28:50 2006 Subject: Outstanding feature/fix requests? Message-ID: On Sun, 2005-03-06 at 08:41, Julian Field wrote: > Other than a minor cosmetic one I can't reproduce, I don't think I have > any outstanding requests for fixes. > > Does anyone know of any fixes or features they would like to see, that I > haven't yet done? Not sure how hard this would be [or if it is still an issue] but since you asked.. "Allow Password-Protected Archives" as a ruleset when using clamavmodule virus scanner ... -- Mike Tremaine mgt@stellarcore.net http://www.stellarcore.net ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Felix.Schwarz at WEB.DE Sun Mar 6 17:37:51 2005 From: Felix.Schwarz at WEB.DE (Felix Schwarz) Date: Thu Jan 12 21:28:50 2006 Subject: RFC: CRM114 intergration something that some would use? Message-ID: Hi all, David H. wrote: > Finally I think I have found a way to contribute back to the MailScanner > community. I believe that bayes does a reasonable job, but looking at recent > writing and http://crm114.sourceforge.net/ I do feel that it would be a good > enhancement to MailScanner. > I consider this a serious project, based on your input I would either > implement it only for my systems or try to come up with a solution and > contribute the patches. I would be very interested in the possibility using other spam filters besides SpamAssin with MailScanner. CRM114 integration would be nice thing if it could lead to a general spam filter interface - ideally with some plugin functionality. And CRM114 seems to be a good choice for using it within MailScanner. One thing is that Bayes filters are working best if they are trained by their users so you should consider adding some get-the-username layer which may cause some problems as mailscanner sees no real users but only email addresses. Therefore a mapping for email -> user name (for resolving aliases etc) would be nice. This could be separated from the spam filter. Using CRM114 from SpamAssassin is possible but not that nice because afaik there is no possibility for a SpamAssassin-Plugin return a score such as 10%,20%,... (only true or false seems to be possible) and it is not easily possible modifying mail header from a plugin. I would be interested in helping with developing a CRM114 plugin for MailScanner as it may help (me/others) writing a DSPAM plugin. :-) -- Felix ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MHewryk at SYMCOR.COM Sun Mar 6 17:38:09 2005 From: MHewryk at SYMCOR.COM (Magda Hewryk) Date: Thu Jan 12 21:28:50 2006 Subject: Fw: Spam - Internet gaming industry, Gaming Transac Message-ID: Hi, All the untagged spam emails we've got on the weekend were about the " Internet gaming industry, Gaming Transactions Inc." The SPAM showed up with different Subject line but all were refering to " Internet gaming industry, Gaming Transactions Inc." Not spam, SpamAssassin (score=2.867, required 4.9, BAYES_50 0.00, J_CHICKENPOX_42 0.60, J_CHICKENPOX_61 0.60, SARE_RECV_IP_218078 1.67)" Thanks, Magda Hewryk -------------------------------- ----- Forwarded by Magdalena Hewryk/TOR/SYM on 03/06/2005 11:20 AM ----- "sherman aschenbrener" cc 03/06/2005 07:44 AM Subject XxgfY Are you an early bird in finding best investment? Please respond to "sherman aschenbrener" If you are interested in this great stock of Gaming Transactions Inc., just check its performance and type in stock code of GGTS.PK. If you want to find a better stock to invest on, it might be the right choice for you. As one leading supplier in Internet gaming industry, Gaming Transactions Inc. is a great choice for investors. Gaming Transactions Inc., as one leading provider in Internet gaming industry, has launched the new game portal(k e n o . c o m). The company also implements one integrated marketing plan with more extensive coverage. The Company manages the game portal and provides games like Keno, bingo, poker, blackjack, slots and video games online. Invest in us and witness the rapid growth of both the online entertainment industry and our stock price! The portal provides secure and private environment to players online. The user-friendly web design, secure service maintenance and precise data handling help players enjoy all the fun for games. Log onto our site and experience the popular games. Make up your mind soon to invest in us! Mannings quarterbacking brilliancewas neutralized as usual by Bill Belichicks punishing defense and the Colts Super Bowl aspirations It was an excellent run, a fine year, Manningsaid. But when you finish with a loss in the playoffs, you cant be happy about it. Eventually, Manning is now07 in Foxboro. Brady is 70 in the postseason.For the defending champions, one more win in vlcm.xbmupxykg4kkuqihbfmm.djcnliaspjqxsv1dnsopewehdemm.nnunssvennugvvh ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Sun Mar 6 17:40:00 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:50 2006 Subject: Vicious Circle Message-ID: [ The following text is in the "iso-8859-15" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > I really hate spammers, no really, I hate them. The world does not need > these people. > > I have two mailscanner machines listening on the outside, both use > mailertable to route to my mail toasters running qmail/vpopmail. I had > been getting buried with dictionary attacks so I installed chkuser to my > qmail-smtp daemons. Excellent, now my qmail queue is dropping, load is > coming down, no more deliveries to non-existant users. > > Unfortunately now my MailScanner machines queues are filling up with > these insidious undeliverable bounces. Arrrrgggggg!!!!!!!!!!!!!!!!!!!! > I have MailScanner reset so it can process the additional messages, > increased my number of processes to 5 per cpu (10) and MailScanner is > pushing them right on through. Good. I've set Sendmail's > Double_Bounce_Address to an emtpy string which should drop double bounces. > > But my outgoing queue continues to grow with bounces becuase I can't > deliver the "No User Here" bounces from my toasters. > > I am at a loss, the root of the issue is I have 100k messages a day, > some just *might* be legitimate address misspellings, I can't drop all > bounces. But the vast majority are trash. > > Whats a sysadmin to do? > > DAve > > -- > Dave Goodrich Dave As others have said doing the check user on the inbound MailScanner queue so you can reject with 550 no such user message is prob the best way. I guess it's quite difficult to maintain this list but you might be able to do a live check on the valid users using LDAP or something I drop about 66% of inbound email this way. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Sun Mar 6 18:25:37 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:28:50 2006 Subject: Fw: Spam - Internet gaming industry, Gaming Transac Message-ID: Hi! > All the untagged spam emails we've got on the weekend were about the " > Internet gaming industry, Gaming Transactions Inc." > > The SPAM showed up with different Subject line but all were refering to " > Internet gaming industry, Gaming Transactions Inc." > > Not spam, SpamAssassin (score=2.867, required 4.9, BAYES_50 0.00, > J_CHICKENPOX_42 0.60, J_CHICKENPOX_61 0.60, SARE_RECV_IP_218078 1.67)" Please do not forward spams to the list. Thanks, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michael at NOMENNESCIO.NET Sun Mar 6 18:42:02 2005 From: michael at NOMENNESCIO.NET (Mike) Date: Thu Jan 12 21:28:50 2006 Subject: Outstanding feature/fix requests? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >Behalf Of Julian Field > >Does anyone know of any fixes or features they would like to see, that I >haven't yet done? Your work load isn't high enough??? ;-) Very well, I've been thinking of some features the last couple of weeks, so here's a list (I've /no/ idea if it's difficult to implement or even if there are more people who like these features): - Stop Spam checks (Spam Assassin) as soon as High Score is reached (e.g. if number of Spam Lists is larger than "Spam Lists To Reach High Score"). This is a fine tune of "Check SpamAssassin If On Spam List". - Stop Virus checks when at least X number of virus scanners say message contains a virus - No virus checks if High Score is reached and High Score Action = delete (and does not contain "store"), since virus checks seem to be executed /after/ the spam checks. - Archive only mail that is not Spam (either High and/or Low) and/or does not contain viruses and/or does not contain Bad Content - %spool% variable, so Incoming Queue Dir, Outgoing Queue Dir, Incoming Work Dir and Quarantine Dir can be rewritten as "%spool%/mqueue.in", etc. - All possible variables available in reports ($from, $to, $date, $subject, etc.). I seem to recall that not all variables are available in the reports. This has been a while since I last checked this, so maybe this is no longer the case. That's it for now, if anything else comes to mind, I'll post it here. >Julian Field Mike. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dot at DOTAT.AT Sun Mar 6 18:45:53 2005 From: dot at DOTAT.AT (Tony Finch) Date: Thu Jan 12 21:28:50 2006 Subject: mcafee extra.dat Message-ID: "Steen, Glenn" wrote: >The -e option to mcafee-autoupdate seem to be ... non-functional, Yes. I'm surprised it's still there. I never worked out how to automatically find out if there is an extra.dat and if so what its filename is. I would not recommend using McAfee by itself if you want really prompt automatic signature updates. Tony. -- f.a.n.finch http://dotat.at/ ROCKALL: BAILEY NORTHWEST 5 TO 7, OCCASIONALLY GALE 8 AT FIRST. SHOWERS. GOOD. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun Mar 6 18:58:50 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:50 2006 Subject: Outstanding feature/fix requests? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Mike Tremaine wrote: >On Sun, 2005-03-06 at 08:41, Julian Field wrote: > > >>Other than a minor cosmetic one I can't reproduce, I don't think I have >>any outstanding requests for fixes. >> >>Does anyone know of any fixes or features they would like to see, that I >>haven't yet done? >> >> > >Not sure how hard this would be [or if it is still an issue] but since >you asked.. > >"Allow Password-Protected Archives" as a ruleset when using clamavmodule >virus scanner ... > > Done. Easier than I expected, which is always good. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun Mar 6 19:09:59 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:50 2006 Subject: Outstanding feature/fix requests? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Mike wrote: >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>Behalf Of Julian Field >> >>Does anyone know of any fixes or features they would like to see, that I >>haven't yet done? >> >> > >Your work load isn't high enough??? ;-) > >Very well, I've been thinking of some features the last couple of weeks, so here's a list (I've /no/ idea if it's difficult to implement or even if there are more people who like these features): > >- Stop Spam checks (Spam Assassin) as soon as High Score is reached (e.g. if number of Spam Lists is larger than "Spam Lists To Reach High Score"). This is a fine tune of "Check SpamAssassin If On Spam List". > > Possible. Don't do SpamAsassin if spam lists >= spam lists to reach high score. Check SpamAssassin If Spam Lists Cause High Score. These configuration options keep getting longer and longer names :( Do other people want this one? >- Stop Virus checks when at least X number of virus scanners say message contains a virus > > Not possible. An entire batch is scanned at once, there is no way of only scanning some messages some of the time. All you can do is throw away the results of the scan, which is pretty pointless for what you want to achieve. >- No virus checks if High Score is reached and High Score Action = delete (and does not contain "store"), since virus checks seem to be executed /after/ the spam checks. > > I suspect it does this already. The impact of scanning 1 extra message in a batch is pretty small, so this may not help you much anyway. And, as I said, it might already do this. >- Archive only mail that is not Spam (either High and/or Low) and/or does not contain viruses and/or does not contain Bad Content > > Archive Clean Non-Spam Mail. Possible but messy. >- %spool% variable, so Incoming Queue Dir, Outgoing Queue Dir, Incoming Work Dir and Quarantine Dir can be rewritten as "%spool%/mqueue.in", etc. > > You can do that already. You can define whatever %variables% you like, mine are just a few example ones. I will add %spool-dir% for you as another example in the conf file I ship. >- All possible variables available in reports ($from, $to, $date, $subject, etc.). I seem to recall that not all variables are available in the reports. This has been a while since I last checked this, so maybe this is no longer the case. > > There are still some limits here, I will add them on request. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Sun Mar 6 19:17:37 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:28:50 2006 Subject: Outstanding feature/fix requests? Message-ID: Hi Julian, >> - Stop Spam checks (Spam Assassin) as soon as High Score is reached (e.g. >> if number of Spam Lists is larger than "Spam Lists To Reach High Score"). >> This is a fine tune of "Check SpamAssassin If On Spam List". > Possible. Don't do SpamAsassin if spam lists >= spam lists to reach high > score. Check SpamAssassin If Spam Lists Cause High Score. These > configuration options keep getting longer and longer names :( About virus scanning: But, can you make virus scanning as a option? This is what many iof our customers asked. I know its why you actually made MailScanner, but when running it for a copuple of thousand domains there are always a couple that dont want virus scanning. But do want spam checks... Its ok if you scan them all, but just throw away the results ;) Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun Mar 6 19:28:50 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:50 2006 Subject: Outstanding feature/fix requests? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Raymond Dijkxhoorn wrote: > Hi Julian, > >>> - Stop Spam checks (Spam Assassin) as soon as High Score is reached >>> (e.g. >>> if number of Spam Lists is larger than "Spam Lists To Reach High >>> Score"). >>> This is a fine tune of "Check SpamAssassin If On Spam List". >> > >> Possible. Don't do SpamAsassin if spam lists >= spam lists to reach high >> score. Check SpamAssassin If Spam Lists Cause High Score. These >> configuration options keep getting longer and longer names :( > > > About virus scanning: > > But, can you make virus scanning as a option? This is what many iof our > customers asked. I know its why you actually made MailScanner, but when > running it for a copuple of thousand domains there are always a couple > that dont want virus scanning. But do want spam checks... > > Its ok if you scan them all, but just throw away the results ;) > The problem is handling a message with more than 1 recipient. If any of them want it to be scanned, it gets scanned. The results are attached to the message, not the recipient. So throwing away the results gives you a message where no-one got it scanned. Putting a ruleset on "Virus Scanning =" will do as much of a good job of it as possible. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Sun Mar 6 19:32:07 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:28:50 2006 Subject: Outstanding feature/fix requests? Message-ID: Hi! >> Its ok if you scan them all, but just throw away the results ;) > The problem is handling a message with more than 1 recipient. If any of > them want it to be scanned, it gets scanned. The results are attached to > the message, not the recipient. So throwing away the results gives you a > message where no-one got it scanned. > > Putting a ruleset on "Virus Scanning =" will do as much of a good job of > it as possible. Thats the same with tagging the subject on spams, and i can think of a couple more. Thats the way it works, so thats nothing new ;) Thats why we use rcpt splitting, one mail per rcpt, to make those options available per user. So that we can live with i guess ;) Possible to put it in like a regular ruleset? Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun Mar 6 19:40:51 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:50 2006 Subject: Outstanding feature/fix requests? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Raymond Dijkxhoorn wrote: > Hi! > >>> Its ok if you scan them all, but just throw away the results ;) >> > >> The problem is handling a message with more than 1 recipient. If any of >> them want it to be scanned, it gets scanned. The results are attached to >> the message, not the recipient. So throwing away the results gives you a >> message where no-one got it scanned. >> >> Putting a ruleset on "Virus Scanning =" will do as much of a good job of >> it as possible. > > > Thats the same with tagging the subject on spams, and i can think of a > couple more. Thats the way it works, so thats nothing new ;) Thats why we > use rcpt splitting, one mail per rcpt, to make those options available > per > user. So that we can live with i guess ;) Sorry about that, it's a fundamental design principle in MailScanner. You can argue whether it's a correct one or not, of course... You've got all the source code, feel free to re-implement it if you have a spare afternoon or two :-) > Possible to put it in like a regular ruleset? Yes, it just takes a normal ruleset. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From zen23003 at ZEN.CO.UK Sun Mar 6 20:28:28 2005 From: zen23003 at ZEN.CO.UK (Paul Welsh) Date: Thu Jan 12 21:28:50 2006 Subject: Does anyone have Panda working? Message-ID: Following my post regarding problems getting Panda working, does *anyone* here have it working? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Sun Mar 6 20:51:19 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:28:51 2006 Subject: Outstanding feature/fix requests? Message-ID: Hi! >> Thats the same with tagging the subject on spams, and i can think of a >> couple more. Thats the way it works, so thats nothing new ;) Thats why we >> use rcpt splitting, one mail per rcpt, to make those options available >> per user. So that we can live with i guess ;) > Sorry about that, it's a fundamental design principle in MailScanner. > You can argue whether it's a correct one or not, of course... > You've got all the source code, feel free to re-implement it if you have > a spare afternoon or two :-) No no, i can live perfectly with that ;) >> Possible to put it in like a regular ruleset? > Yes, it just takes a normal ruleset. Just perfect. If you have time to pack up a new beta, lemme know then i'll start testing... Thanks, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Sun Mar 6 21:36:15 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:28:51 2006 Subject: Outstanding feature/fix requests? Message-ID: Julian, I have an emergency good paying job. If you are up and interested plaeas give me a call. Thanks, Steve Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Julian Field > Sent: Sunday, March 06, 2005 2:29 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Outstanding feature/fix requests? > > Raymond Dijkxhoorn wrote: > > > Hi Julian, > > > >>> - Stop Spam checks (Spam Assassin) as soon as High Score is reached > >>> (e.g. > >>> if number of Spam Lists is larger than "Spam Lists To Reach High > >>> Score"). > >>> This is a fine tune of "Check SpamAssassin If On Spam List". > >> > > > >> Possible. Don't do SpamAsassin if spam lists >= spam lists to reach > high > >> score. Check SpamAssassin If Spam Lists Cause High Score. These > >> configuration options keep getting longer and longer names :( > > > > > > About virus scanning: > > > > But, can you make virus scanning as a option? This is what many iof our > > customers asked. I know its why you actually made MailScanner, but when > > running it for a copuple of thousand domains there are always a couple > > that dont want virus scanning. But do want spam checks... > > > > Its ok if you scan them all, but just throw away the results ;) > > > The problem is handling a message with more than 1 recipient. If any of > them want it to be scanned, it gets scanned. The results are attached to > the message, not the recipient. So throwing away the results gives you a > message where no-one got it scanned. > > Putting a ruleset on "Virus Scanning =" will do as much of a good job of > it as possible. > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Sun Mar 6 21:51:02 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:28:51 2006 Subject: Off topic - Emergency Exim support requested. Message-ID: Sorry I meant the message below to go out to the list. I have just received a call from a friend who has thousands of messages that were routed to a single Exim mailbox on a C-panel server. He badly needs an Exim expert to resend these messages to the intended recipients, hopefully by morning tomorrow morning Pacific Coast Time - GMT-8. He is willing to pay consulting fees for assistance. Please contact me off list if you can help him. Thanks in advance, Steve Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Stephen Swaney > Sent: Sunday, March 06, 2005 4:36 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Outstanding feature/fix requests? > > Julian, > > I have an emergency good paying job. If you are up and interested plaeas > give me a call. > > Thanks, > > Steve > > Steve Swaney > President > Fortress Systems Ltd. > Phone: 202 338-1670 > Cell: 202 352-3262 > www.fsl.com > steve.swaney@fsl.com > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Sun Mar 6 21:53:24 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:51 2006 Subject: Panda not working Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hm. Will have to have another look tomorrow... I did try the pavcl but after some like trouble _and_ discovering that the "free" version was "free less any signature updates"... Well, suffice it to say that I don't use it:). Will have another look though. -- Glenn -----Original Message----- From: MailScanner mailing list on behalf of Paul Welsh Sent: Fri 3/4/2005 9:20 PM To: MAILSCANNER@JISCMAIL.AC.UK Cc: Subject: Re: Panda not working > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Steen, Glenn > Sent: 04 March 2005 09:47 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Panda not working > > > I've tried the command: > > > > /usr/lib/MailScanner/panda-wrapper /usr/bin/pavcl /tmp > Try > /usr/lib/MailScanner/panda-wrapper /usr /tmp > since the lines > $pavcl = shift; > $pavcl .= '/bin/pavcl'; > would first set $pavcl to /usr, then concatenate /bin/pavcl onto > that, making $pavcl (which is used further down) be /usr/bin/pavcl > > If that doesn't work, try it while standing in the /tmp directory. > Looking at it, it seems like the wrapper ignores any path, but > will preserve scanner options. Thanks, Glenn, but I still get "Virus: 0" whether I run the panda-wrapper command from /tmp or not. Anyone have any other ideas? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Sun Mar 6 22:01:58 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:51 2006 Subject: mcafee extra.dat Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Oh no, never mcafee by itself... That's be as bad as the GSE (.... word starting with a"c" and ending on a "p") situation we used to have. We use clamav (primary), mcafee and bitdefender. So far, they've not let anything through:). And, phishing aside, each has had their moment of glory (being the sole scanner to detect some virus). -- Glenn -----Original Message----- From: MailScanner mailing list on behalf of Tony Finch Sent: Sun 3/6/2005 7:45 PM To: MAILSCANNER@JISCMAIL.AC.UK Cc: Subject: Re: mcafee extra.dat "Steen, Glenn" wrote: >The -e option to mcafee-autoupdate seem to be ... non-functional, Yes. I'm surprised it's still there. I never worked out how to automatically find out if there is an extra.dat and if so what its filename is. I would not recommend using McAfee by itself if you want really prompt automatic signature updates. Tony. -- f.a.n.finch http://dotat.at/ ROCKALL: BAILEY NORTHWEST 5 TO 7, OCCASIONALLY GALE 8 AT FIRST. SHOWERS. GOOD. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dh at UPTIME.AT Sun Mar 6 22:24:49 2005 From: dh at UPTIME.AT (David H.) Date: Thu Jan 12 21:28:51 2006 Subject: RFC: CRM114 intergration something that some would use? Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Felix Schwarz wrote: | Hi all, | | David H. wrote: | |>Finally I think I have found a way to contribute back to the MailScanner |>community. I believe that bayes does a reasonable job, but looking at recent |>writing and http://crm114.sourceforge.net/ I do feel that it would be a good |>enhancement to MailScanner. | | |>I consider this a serious project, based on your input I would either |>implement it only for my systems or try to come up with a solution and |>contribute the patches. | | | I would be very interested in the possibility using other spam filters | besides SpamAssin with MailScanner. CRM114 integration would be nice | thing if it could lead to a general spam filter interface - ideally | with some plugin functionality. | | And CRM114 seems to be a good choice for using it within MailScanner. | One thing is that Bayes filters are working best if they are trained | by their users so you should consider adding some get-the-username | layer which may cause some problems as mailscanner sees no real users | but only email addresses. | Therefore a mapping for email -> user name (for resolving aliases etc) | would be nice. This could be separated from the spam filter. | This is something I am trying to avoid. I do not think that it makes sense to build such a plugin infrastructure. CRM114 is a unique spam battling technique (turing complete token discrimenator) which is not used by Spamassassin as a technique to find spam. That is why I am interested in such functionality. | I would be interested in helping with developing a CRM114 plugin for | MailScanner as it may help (me/others) writing a DSPAM plugin. :-) | As I said. I would not go into that direction. I see no benefits in using DSPAM over Spamassassin or vice versa. I would simply like to see CRM114 support directly in MailScanner. However, I am glad that you are interested in it. Maybe we could sync ideas? - -d -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (Darwin) iD8DBQFCK4MxPMoaMn4kKR4RA/zjAJ92/eDcfR1cj073M5kEprdy6XLbdACfYrAo aBmbxEDrKSJE0xmgY31Q4yM= =wzyn -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From spamtrap71892316634 at ANIME.NET Sun Mar 6 22:31:10 2005 From: spamtrap71892316634 at ANIME.NET (Dan Hollis) Date: Thu Jan 12 21:28:51 2006 Subject: Outstanding feature/fix requests? Message-ID: On Sun, 6 Mar 2005, Julian Field wrote: > Other than a minor cosmetic one I can't reproduce, I don't think I have > any outstanding requests for fixes. > Does anyone know of any fixes or features they would like to see, that I > haven't yet done? Per-user mailscanner settings, adjustable by individual users? Right now we have a webpage interface which allows users to individually set stuff, and it writes the settings to the global mailscanner config file as root, which is kind of hairy. It's also a huge mess to maintain. Would be nice if you could specify something like Virus Scanning = $HOME/.mailscanner/virus-scanning-rules Allow Password-Protected Archives = $HOME/.mailscanner/zip-scanning-rules This would allow per-user overrides, but only for specific mailscanner settings. And it would let us do it in a more secure fashion than having to have CGIs write to files as root. One other thing, does mailscanner have to be restarted every time an included ruleset changes? -Dan ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Sun Mar 6 22:37:04 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:28:51 2006 Subject: Outstanding feature/fix requests? Message-ID: Hi! > Would be nice if you could specify something like > > Virus Scanning = $HOME/.mailscanner/virus-scanning-rules > Allow Password-Protected Archives = $HOME/.mailscanner/zip-scanning-rules > > This would allow per-user overrides, but only for specific mailscanner > settings. And it would let us do it in a more secure fashion than having > to have CGIs write to files as root. Setups like that will only work when MS is running at the same server. At most of our setups it isnt. Its just a GW most of the time i guess. > One other thing, does mailscanner have to be restarted every time an > included ruleset changes? service MailScanner reload That should do the trick. Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Sun Mar 6 22:38:45 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:51 2006 Subject: Outstanding feature/fix requests? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dan Hollis wrote: > Virus Scanning = $HOME/.mailscanner/virus-scanning-rules > Allow Password-Protected Archives = $HOME/.mailscanner/zip-scanning-rules That means you would have to have all users on the MS box, in my case I have several clients with more than 10000 mailboxes in Exchange and my MS boxes have around 10 system accounts, I don't want to maintain all those users on my boxes. > One other thing, does mailscanner have to be restarted every time an > included ruleset changes? Normally a reload should do the job. -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From spamtrap71892316634 at ANIME.NET Sun Mar 6 23:09:25 2005 From: spamtrap71892316634 at ANIME.NET (Dan Hollis) Date: Thu Jan 12 21:28:51 2006 Subject: Outstanding feature/fix requests? Message-ID: On Sun, 6 Mar 2005, Peter Bonivart wrote: > Dan Hollis wrote: > > Virus Scanning = $HOME/.mailscanner/virus-scanning-rules > > Allow Password-Protected Archives = $HOME/.mailscanner/zip-scanning-rules > That means you would have to have all users on the MS box, in my case I > have several clients with more than 10000 mailboxes in Exchange and my > MS boxes have around 10 system accounts, I don't want to maintain all > those users on my boxes. Yes, all our users are on the MS box. So you're saying it shouldn't be an option even for those MS installations which do have all accounts on the box? Because everyone doesn't have exactly the same setup, nobody should have the option? -Dan ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Sun Mar 6 23:08:53 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:28:51 2006 Subject: SMgateway Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Installed a fresh RHEL3, installed SMgateway, logged in to the url from another machine on same subnet and i get Warning: mysql_connect(): Access denied for user: 'fsmg@localhost' (Using password: YES) in /opt/Fortress/web/include/db.php on line 1 Warning: mysql_select_db(): supplied argument is not a valid MySQL-Link resource in /opt/Fortress/web/include/db.php on line 1 I did a service mysqld start and this makes no difference. I rebooted and retried the webpage and go Warning: mysql_connect(): Access denied for user: 'fsmg@localhost' (Using password: YES) in /opt/Fortress/web/include/db.php on line 1 Warning: mysql_select_db(): supplied argument is not a valid MySQL-Link resource in /opt/Fortress/web/include/db.php on line 1 Warning: mysql_query(): supplied argument is not a valid MySQL-Link resource in /opt/Fortress/web/include/auth_lib.php on line 1 Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /opt/Fortress/web/include/auth_lib.php on line 1 Warning: mysql_query(): supplied argument is not a valid MySQL-Link resource in /opt/Fortress/web/include/auth_lib.php on line 1 I will start playing with it trying to work out myself, BUT i thought you might like to know this happens on a defualt installation, using the guide. Pete ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Sun Mar 6 23:24:53 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:51 2006 Subject: Outstanding feature/fix requests? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dan Hollis wrote: > Yes, all our users are on the MS box. So you're saying it shouldn't be an > option even for those MS installations which do have all accounts on the > box? Because everyone doesn't have exactly the same setup, nobody should > have the option? I'm not in a position to either grant or deny you anything but I do think you belong to a minority to have a setup like that. -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Sun Mar 6 23:29:37 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:51 2006 Subject: SMgateway Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Peter Russell wrote: > Installed a fresh RHEL3, installed SMgateway, logged in to the url from > another machine on same subnet and i get > > Warning: mysql_connect(): Access denied for user: 'fsmg@localhost' > (Using password: YES) in /opt/Fortress/web/include/db.php on line 1 Looks like the user fsmg is not set up properly in MySQL or db.php tries with an incorrect password. Did you get any documentation so you can verify/correct it manually? Will those commercial products be supported on this list as well? -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Sun Mar 6 23:30:58 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:28:51 2006 Subject: Outstanding feature/fix requests? Message-ID: Hi! >>> Virus Scanning = $HOME/.mailscanner/virus-scanning-rules >>> Allow Password-Protected Archives = $HOME/.mailscanner/zip-scanning-rules >> That means you would have to have all users on the MS box, in my case I >> have several clients with more than 10000 mailboxes in Exchange and my >> MS boxes have around 10 system accounts, I don't want to maintain all >> those users on my boxes. > Yes, all our users are on the MS box. So you're saying it shouldn't be an > option even for those MS installations which do have all accounts on the > box? Because everyone doesn't have exactly the same setup, nobody should > have the option? If you parse all those homedirs ANY user can put in foney data cant they? I would not want to break my install with that... Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Sun Mar 6 23:32:20 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:28:51 2006 Subject: SMgateway Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I am happy to look into fixin it myself later when i have some time (i only wanted to ahve a play with smgateway), but moreover i wanted to let the guys know this occured 'out of the box' Pete Peter Bonivart wrote: > Peter Russell wrote: > >> Installed a fresh RHEL3, installed SMgateway, logged in to the url from >> another machine on same subnet and i get >> >> Warning: mysql_connect(): Access denied for user: 'fsmg@localhost' >> (Using password: YES) in /opt/Fortress/web/include/db.php on line 1 > > > Looks like the user fsmg is not set up properly in MySQL or db.php tries > with an incorrect password. Did you get any documentation so you can > verify/correct it manually? > > Will those commercial products be supported on this list as well? > > -- > /Peter Bonivart > > --Unix lovers do it in the Sun > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Sun Mar 6 23:41:38 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:28:51 2006 Subject: SMgateway Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Peter Russell > Sent: Sunday, March 06, 2005 6:32 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: SMgateway > > I am happy to look into fixin it myself later when i have some time (i > only wanted to ahve a play with smgateway), but moreover i wanted to let > the guys know this occured 'out of the box' > > Pete > > Peter Bonivart wrote: > > Peter Russell wrote: > > > >> Installed a fresh RHEL3, installed SMgateway, logged in to the url from > >> another machine on same subnet and i get > >> > >> Warning: mysql_connect(): Access denied for user: 'fsmg@localhost' > >> (Using password: YES) in /opt/Fortress/web/include/db.php on line 1 > > > > Looks like the user fsmg is not set up properly in MySQL or db.php tries > > with an incorrect password. Did you get any documentation so you can > > verify/correct it manually? > > We haven't seen this before. I'll try to respond and add the answer to the Knowledge Base. > > Will those commercial products be supported on this list as well? > > We'll shortly have a separate list for the commercial products. In the meantime bugs can be reported to: http://www.fsl.com/feedback/feedback.php Whenever possible we'll try to respond to questions and bugs personally and also add them to the SMGateway Knowledge Base. The Knowledge Base is available at: http://support.fsl.com/cgi-bin/kb.cgi Registration at this site is limited to Paid Support customers. If you have Sales or Marketing questions please write me directly. Thanks, Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com > > -- > > /Peter Bonivart > > > > --Unix lovers do it in the Sun > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From spamtrap71892316634 at ANIME.NET Sun Mar 6 23:55:56 2005 From: spamtrap71892316634 at ANIME.NET (Dan Hollis) Date: Thu Jan 12 21:28:51 2006 Subject: Outstanding feature/fix requests? Message-ID: On Mon, 7 Mar 2005, Raymond Dijkxhoorn wrote: > > Yes, all our users are on the MS box. So you're saying it shouldn't be an > > option even for those MS installations which do have all accounts on the > > box? Because everyone doesn't have exactly the same setup, nobody should > > have the option? > If you parse all those homedirs ANY user can put in foney data cant they? > I would not want to break my install with that... Presumably it would only apply to deliveries to that user. But since mailscanner can't determine who a mail is being delivered to I guess it's a moot point. Sadly this is a place where mailscanner shows its weakness vs other mail filtering systems. Per-user end user configurable settings is still somewhat messy to implement with mailscanner. -Dan ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Mon Mar 7 00:18:53 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:28:51 2006 Subject: Outstanding feature/fix requests? Message-ID: Hi! > Presumably it would only apply to deliveries to that user. But since > mailscanner can't determine who a mail is being delivered to I guess it's > a moot point. > > Sadly this is a place where mailscanner shows its weakness vs other mail > filtering systems. Per-user end user configurable settings is still > somewhat messy to implement with mailscanner. Have a look at the commercial package i would say. Thats all you need. Most larger installs allready made own frontends to do this, we also did, and its really scalable also. ... Out of the box MS needs a admin to configure it, but it can be what you tell it to be ;) Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Mon Mar 7 00:26:14 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:28:51 2006 Subject: SMgateway Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Stephen Swaney > Sent: Sunday, March 06, 2005 6:42 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: SMgateway > > > -----Original Message----- > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > > Behalf Of Peter Russell > > Sent: Sunday, March 06, 2005 6:32 PM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: SMgateway > > > > I am happy to look into fixin it myself later when i have some time (i > > only wanted to ahve a play with smgateway), but moreover i wanted to let > > the guys know this occured 'out of the box' > > > > Pete > > > > Peter Bonivart wrote: > > > Peter Russell wrote: > > > > > >> Installed a fresh RHEL3, installed SMgateway, logged in to the url > from > > >> another machine on same subnet and i get > > >> > > >> Warning: mysql_connect(): Access denied for user: 'fsmg@localhost' > > >> (Using password: YES) in /opt/Fortress/web/include/db.php on line 1 > > > > > > Looks like the user fsmg is not set up properly in MySQL or db.php > tries > > > with an incorrect password. Did you get any documentation so you can > > > verify/correct it manually? > > > > It looks like the default data in mysql is not correct; echo "DROP DATABASE fsmg;" | /usr/bin/mysql /usr/bin/mysql < /opt/Fortress/defaults/fsmg.sql will reload the defaults. If that doesn't solve the problem, Please let me know. Regards, Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Mon Mar 7 01:01:29 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:51 2006 Subject: Outstanding feature/fix requests? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dan Hollis wrote: > Sadly this is a place where mailscanner shows its weakness vs other mail > filtering systems. Per-user end user configurable settings is still > somewhat messy to implement with mailscanner. What settings do you want the users to be able to change themselves? Almost everything in MS can be per-user but it's not easy to to let the users change it themselves. -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From spamtrap71892316634 at ANIME.NET Mon Mar 7 01:18:54 2005 From: spamtrap71892316634 at ANIME.NET (Dan Hollis) Date: Thu Jan 12 21:28:51 2006 Subject: Outstanding feature/fix requests? Message-ID: On Mon, 7 Mar 2005, Peter Bonivart wrote: > Dan Hollis wrote: > > Sadly this is a place where mailscanner shows its weakness vs other mail > > filtering systems. Per-user end user configurable settings is still > > somewhat messy to implement with mailscanner. > What settings do you want the users to be able to change themselves? Some of them don't want specific kinds of attachment filtering. > Almost everything in MS can be per-user but it's not easy to to let the > users change it themselves. I know this -- that's the point I was trying to make! We made a web interface to let our users change per-user filtering but it's kinda gross internally, it is not easy to integrate this into mailscanner. It works but it's really ugly. -Dan ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Mon Mar 7 01:20:01 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:28:51 2006 Subject: SMgateway Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] [root@localhost fsmg-1.5]# echo "DROP DATABASE fsmg;" | /usr/bin/mysql ERROR 2002: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) [root@localhost fsmg-1.5]# service mysqld start Starting MySQL: [ OK ] [root@localhost fsmg-1.5]# echo "DROP DATABASE fsmg;" | /usr/bin/mysql ERROR 1008 at line 1: Can't drop database 'fsmg'. Database doesn't exist [root@localhost fsmg-1.5]# /usr/bin/mysql < /opt/Fortress/defaults/fsmg.sql [root@localhost fsmg-1.5]# Have a look at that - the machine was sitting there after i had installed RHEL3update4, installed fsmg and found the error in the browser, then applied your 2 commands - seems the DB wasnt installed? Anyway you were right, and it fixed it. Off to play and impress my colleagues :) Pete >> > It looks like the default data in mysql is not correct; > > echo "DROP DATABASE fsmg;" | /usr/bin/mysql > > /usr/bin/mysql < /opt/Fortress/defaults/fsmg.sql > > will reload the defaults. If that doesn't solve the problem, Please let me > know. > > Regards, > > Steve Swaney > President > Fortress Systems Ltd. > Phone: 202 338-1670 > Cell: 202 352-3262 > www.fsl.com > steve.swaney@fsl.com > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Mon Mar 7 02:12:29 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:28:51 2006 Subject: SMgateway - thanks Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have it all setup and working, active directory auth doesnt work (but i think i need to add some additional software before i try?) but imap worked fine. I can see that you can specify some basic settings per user. But would like to be able to see all messages trapped for me, review and delete/release etc? Maybe fit in with an email usage policy of keeping the old stuff for 3 months, all users having access after that it is cleaned... ? Maybe a per user option to mark as spam and deliver or hold on the server quarantine and let me wade through them later? Also if you are going to have multiple admins, in the future would it be possible for the 'master' admin to view a change log of all changes made by all adnmins, or even all users? Kinda like ikonboard does? Where i work i would have to let 4 guys have access and they would certainly play with it and claim they did nothing, having a log as proof would be advantagous :) Over all its SUPER groovy! and i am guessing it will be the new standard in AV gateways - some one will build an ISO-gateway distro for you and then i guess world domination is only a few lines of perl code ? :) (can you control WOMD with perl?) I am going to install it in front on one of my gateways and set all event to have no action, just logging to see if i can learn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Mon Mar 7 02:23:09 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:28:51 2006 Subject: SMgateway - thanks Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Peter Russell > Sent: Sunday, March 06, 2005 9:12 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: SMgateway - thanks > > I have it all setup and working, active directory auth doesnt work (but > i think i need to add some additional software before i try?) but imap > worked fine. Glad it's working. > > I can see that you can specify some basic settings per user. But would > like to be able to see all messages trapped for me, review and > delete/release etc? Maybe fit in with an email usage policy of keeping > the old stuff for 3 months, all users having access after that it is > cleaned... ? Look at the filters you can add / save and load in MailWatch. They are very flexible. > > Maybe a per user option to mark as spam and deliver or hold on the > server quarantine and let me wade through them later? > Interesting idea and we are always open to good ideas. This should be possible with our next iteration of MailWatch. > Also if you are going to have multiple admins, in the future would it be > possible for the 'master' admin to view a change log of all changes made > by all adnmins, or even all users? Kinda like ikonboard does? > Great idea - Adding MailWatch users and audit reports has already been implemented on our test systems. > Where i work i would have to let 4 guys have access and they would > certainly play with it and claim they did nothing, having a log as proof > would be advantagous :) > Done and will be in the updates. > Over all its SUPER groovy! and i am guessing it will be the new standard > in AV gateways - some one will build an ISO-gateway distro for you and > then i guess world domination is only a few lines of perl code ? :) (can > you control WOMD with perl?) > Thanks. Julian rules :) > I am going to install it in front on one of my gateways and set all > event to have no action, just logging to see if i can learn Good idea and let us know how we can help. Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at IALEX.NET Mon Mar 7 02:51:09 2005 From: alex at IALEX.NET (Alex Short) Date: Thu Jan 12 21:28:51 2006 Subject: Outstanding feature/fix requests? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I don't think its been tackled as yet, kick me if it has. When winmail.dat files are generated by Outlook and emailed, have mailscanner extract, scan and reattach as a regular attachment. Amazing product! ----- Original Message ----- From: "Julian Field" To: Sent: Sunday, March 06, 2005 11:41 AM Subject: Outstanding feature/fix requests? > Other than a minor cosmetic one I can't reproduce, I don't think I have > any outstanding requests for fixes. > > Does anyone know of any fixes or features they would like to see, that I > haven't yet done? > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rakesh at NETCORE.CO.IN Sat Mar 5 06:28:51 2005 From: rakesh at NETCORE.CO.IN (Rakesh) Date: Thu Jan 12 21:28:51 2006 Subject: Beta release 4.39.4 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rick, Have you tried this with Clamav versions > 0.82 ?. I tried to do the same thing and tried to pass some extra parameters from the clamav-wrapper of MailScanner. But it seems that the recent releases of clamav like to be instructed only from the conf file and it started showing warings in the maillog. Also Clamav seems to be using the unrarlib library (http://www.unrarlib.org/faq.html) for its support to RAR archives. But the website of its library claims that support for RAR3 is not currently scheduled (it doesnt seem to be under any active development anymore) and is hoping for some one to contribute the support. Also currently there is not Perl module that is based on unrarlib. The only available I came across was Archive::Rar and that too needs the unrar command to be installed on your system. I am looking at building RAR archive support in MailScanner, but that definitely involves a lot of work, like first building RAR3 support in unrarlib, then creating a Perl module from unrarlib and then build the support in MailScanner itself. Rakesh Rick Cooper wrote: >It's important to note that ClamAV only supports RAR v2, so the answer is: > > Uncomment the ScanRar line in the config file > >but pass the --unrar[=FULLPATH] option (and of course have the latest unrar) >if you really want to handle rar files because v2 is quite old and not >likely to be used much anymore. If you are using clamavmodule then you >cannot use the external unrar (which is why I patch my MS versions with >specific unrar code/function every release). > > -- regards, Rakesh B. Pal, Project Leader, Emergic CleanMail Team. Netcore Solutions Pvt. Ltd. ================================================== I came, I saw, I conquered ================================================== ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rakesh at NETCORE.CO.IN Mon Mar 7 05:16:02 2005 From: rakesh at NETCORE.CO.IN (Rakesh) Date: Thu Jan 12 21:28:51 2006 Subject: 4.40.2 -- RAR 3 support Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I am very close to finishing my Unrar Perl Module using the unrarlib (c library to open Rar archives). This doesn't needs the unrar command to be installed on your system and can simply give a list of files in the archive or extract the archives to a working directory specified in the argument to the function. However the version of unrarlib (www.unrarlib.org) that I found doesn't have support for Rar 3 compression. If anyone has made unrarlib to support Rar 3 compression please pass it on to me. I am writing this Perl interface for Unrar especially with MailScanner in mind. It helps you determine the filenames and the number of files in the rar archive without extracting it. This may be needed incase you want to do filename checks but avoid virus scanning on them. Also you can extract the files to a working directory and do virus scanning on it. I will give more detailed feature specification of it on this list once I complete it. Rakesh. Julian Field wrote: > With credit for doing the hard work going to Rick Cooper: > > I have just released 4.40.2. This includes external RAR unpacking for > clamavmodule. > It also uses the unrar command to look inside RAR archives to check for > blocked filenames and filetypes, and also to see if the RAR archive is > password-protected. > > There are 2 new configuration options, "Unrar Command" and "Unrar > Timeout". Both of these will of course be added by > upgrade_MailScanner_conf. > > Please let me know what you think. > > Download from www.mailscanner.info as usual. -- Regards, Rakesh B. Pal Emergic CleanMail Team. Netcore Solutions Pvt. Ltd. ======================================================================== It doesn't matter who you are, it's what you do that takes you far ======================================================================== ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Uwe.Krause at FEP.FRAUNHOFER.DE Mon Mar 7 06:26:27 2005 From: Uwe.Krause at FEP.FRAUNHOFER.DE (Uwe.Krause@FEP.FRAUNHOFER.DE) Date: Thu Jan 12 21:28:51 2006 Subject: antivir update Message-ID: Hello, > antivir --update is not working?? > seems to be that their server is down.. This command works but it seems that all servers for the freeware version are down :-(. Uwe ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Mon Mar 7 07:39:26 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:51 2006 Subject: Outstanding feature/fix requests? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dan Hollis wrote: > Some of them don't want specific kinds of attachment filtering. I guess many of my users would like to circumvent filtering for executables for example but that would weaken the company policy. If they were to modify the above themselves I would only want them to be able to add filtering, not remove any. The same goes for spam and it can be solved in their client by using the "sss..." header, those who want to (re)move spam with a lower score than our default can do so with their own local rule. -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Mon Mar 7 07:49:53 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:28:51 2006 Subject: antivir update Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] There sia freeware version? Which one is it? Pete Uwe.Krause@FEP.FRAUNHOFER.DE wrote: > Hello, > > >>antivir --update is not working?? >>seems to be that their server is down.. > > > This command works but it seems that all servers for the freeware > version are down :-(. > > Uwe > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Uwe.Krause at FEP.FRAUNHOFER.DE Mon Mar 7 08:10:16 2005 From: Uwe.Krause at FEP.FRAUNHOFER.DE (Uwe.Krause@FEP.FRAUNHOFER.DE) Date: Thu Jan 12 21:28:51 2006 Subject: antivir update Message-ID: Please look here : http://www.antivir.de/en/support/unix_privatregistrierung/index.html "The private, non-commercial use of AntiVir Linux Workstation so as AntiVir MailGate can be used free of charge and requires a registration. With this service H+BEDV Datentechnik supports the numerous private users of the Linux community and does consequently contribute for more security.!" --- Uwe ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Mar 7 09:04:59 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:51 2006 Subject: RFC: CRM114 intergration something that some would use? Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] David H. wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: RIPEMD160 > > Felix Schwarz wrote: > | Hi all, > | > | David H. wrote: > | > |>Finally I think I have found a way to contribute back to the > MailScanner > |>community. I believe that bayes does a reasonable job, but looking > at recent > |>writing and http://crm114.sourceforge.net/ I do feel that it would > be a good > |>enhancement to MailScanner. > | > | > |>I consider this a serious project, based on your input I would either > |>implement it only for my systems or try to come up with a solution and > |>contribute the patches. > | > | > | I would be very interested in the possibility using other spam filters > | besides SpamAssin with MailScanner. CRM114 integration would be nice > | thing if it could lead to a general spam filter interface - ideally > | with some plugin functionality. > | > | And CRM114 seems to be a good choice for using it within MailScanner. > | One thing is that Bayes filters are working best if they are trained > | by their users so you should consider adding some get-the-username > | layer which may cause some problems as mailscanner sees no real users > | but only email addresses. > | Therefore a mapping for email -> user name (for resolving aliases etc) > | would be nice. This could be separated from the spam filter. > | > This is something I am trying to avoid. I do not think that it makes > sense to > build such a plugin infrastructure. CRM114 is a unique spam battling > technique > (turing complete token discrimenator) which is not used by > Spamassassin as a > technique to find spam. That is why I am interested in such > functionality. > > > | I would be interested in helping with developing a CRM114 plugin for > | MailScanner as it may help (me/others) writing a DSPAM plugin. :-) > | > As I said. I would not go into that direction. I see no benefits in using > DSPAM over Spamassassin or vice versa. I would simply like to see CRM114 > support directly in MailScanner. However, I am glad that you are > interested in > it. Maybe we could sync ideas? How about a SpamAssassin plugin for CRM114? They already have the architecture in place, and it would create far less work for me! -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kte at NEXIS.BE Mon Mar 7 09:04:15 2005 From: kte at NEXIS.BE (Koen Teugels) Date: Thu Jan 12 21:28:51 2006 Subject: Sizing machine for mailscanner Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] If I get about 10000 mails /day in about 8 hours. What kind of machine do I need I i turn mailscanner + spamassassin + 3 antivirus programs? Thanks Koen ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Mar 7 09:08:59 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:51 2006 Subject: Outstanding feature/fix requests? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dan Hollis wrote: >On Mon, 7 Mar 2005, Raymond Dijkxhoorn wrote: > > >>>Yes, all our users are on the MS box. So you're saying it shouldn't be an >>>option even for those MS installations which do have all accounts on the >>>box? Because everyone doesn't have exactly the same setup, nobody should >>>have the option? >>> >>> >>If you parse all those homedirs ANY user can put in foney data cant they? >>I would not want to break my install with that... >> >> > >Presumably it would only apply to deliveries to that user. But since >mailscanner can't determine who a mail is being delivered to I guess it's >a moot point. > >Sadly this is a place where mailscanner shows its weakness vs other mail >filtering systems. Per-user end user configurable settings is still >somewhat messy to implement with mailscanner. > > This is exactly what the commercial product SMGateway gives you. I strongly advise that you try out SMGateway as you will find its web interface does what you need. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dh at UPTIME.AT Mon Mar 7 09:08:42 2005 From: dh at UPTIME.AT ([UTF-8] David Höhn) Date: Thu Jan 12 21:28:51 2006 Subject: RFC: CRM114 intergration something that some would use? Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Julian Field wrote: | | | How about a SpamAssassin plugin for CRM114? They already have the | architecture in place, and it would create far less work for me! | ~From my point of view I do not care where it interfaces with MailScanner. on the Spamassassin or ther mailScanner level. it really depends how well that plugin architecture is done, I have never needed to look at it. I will now. Thank you - -d - -- nee anata wo mitsukete soshite nidoto wasurezu ~ donna ni munega itakutemo soba ni iru no ~ zutto...zutto...zutto Key fingerprint = FD77 F0B7 5C65 F546 EB08 A4EC 3CCA 1A32 7E24 291E -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (Darwin) iD8DBQFCLBoaPMoaMn4kKR4RA4HiAJ4vOtiTSJrDiOqnUCgzOyOTXST++ACgnave qD4vLTH0ApCQCqBbm3fgrcU= =/o9f -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Mar 7 09:12:14 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:51 2006 Subject: Sizing machine for mailscanner Message-ID: Keon depends on size as well as volume. But running FreeBSD 4.10 on my scanner with softupdates (sort of journaling) on the filesystem and no other optimisation (ie no ram disk for the MS work areas etc) I top out around 5000 mesgs an hour with a 2.8GHz PIV, 1.5GB DDR and 80GB SATA drive. I'm using two virus scanners, SA with lots of the SARE extra rules, two RBL's and all the URI-RBLs. YMMV! -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Koen Teugels wrote: > If I get about 10000 mails /day in about 8 hours. What kind of machine > do I need I i turn mailscanner + spamassassin + 3 antivirus programs? > > Thanks Koen > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website!
**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Mon Mar 7 09:21:28 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:51 2006 Subject: OT postfix question Message-ID: Isn't this due to the (sometimes unfortunate) append_at_myorigin and perhaps append_dot_mydomain? Look at "man 5 postconf" Pete... These can have some real fun implications, especially in a situation where you have no local delivery at all (as I assume this to be). -- Glenn > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Drew Marshall > Sent: den 5 mars 2005 10:47 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: OT postfix question > > > Pete Russell wrote: > > > NOthing specified in Sending sectionof main.cf > > Try specifying 'myorigin = $mydomain' (Without the quotes!), reload > Postfix and see what you get. > > Drew > > -- > In line with our policy, this message has > been scanned for viruses and dangerous > content by MailScanner, and is believed to be clean. > www.themarshalls.co.uk/policy > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Mar 7 09:29:27 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:51 2006 Subject: clamav and RAR..(update and feature request) Message-ID: Julian, Is there anyway of running the ClamAV command-line with the --unrar option set correctly if the new UNRAR option is set in MailScanner.conf? An update for all those running Clam and following the RAR thread. I caught two RAR viruses over the w/end, Sophos also picked them up. But I am running clam with the wrapper modified to include the rar support for the command line scanner...which may or may not have made a difference. edit /opt/MailScanner/lib/clamav-wrapper and make sure the following is set.. ScanOptions="--unrar=/usr/local/bin/unrar" Obviously you'll need to adjust paths where needed Here's what I caught.. Report: ClamAV: 075466.rar contains Worm.Bagle.BA-RAR SophosSAVI: 075466.rar was infected by Troj/BagleDl-M So make sure you're AV packages can handle RAR types. My ClamAV is 0.83 and my Sophos is 3.91.0. Right off to try the 4.40.2 Julian put out over the w/end... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300
**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From David.While at UCE.AC.UK Mon Mar 7 09:30:04 2005 From: David.While at UCE.AC.UK (David While) Date: Thu Jan 12 21:28:51 2006 Subject: Outstanding feature/fix requests? Message-ID: How about the problem of multiple subject lines in the headers? -------------------------------------------- David While BSc CEng MBCS CITP Department of Computing & Information University of Central England Tel: 0121 331 6211 -------------------------------------------- -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: 06 March 2005 16:42 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Outstanding feature/fix requests? Other than a minor cosmetic one I can't reproduce, I don't think I have any outstanding requests for fixes. Does anyone know of any fixes or features they would like to see, that I haven't yet done? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Mon Mar 7 09:34:03 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:28:51 2006 Subject: Sizing machine for mailscanner Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] IDEAL: Heaps of RAM and 2 CPUs and scssi disk. R LESS IDEAL: I did twice this volume on a 2.4ghz PC for the past 2weeks, using sa, ms and postfix and 2 virus scanners. But if we had any increase in load, like a big virus outbreak then we would ahve been in BIG trouble. If you have easy access to budget then always spec for worst case scenario, so when you get the big outbreak you are totally covered. Koen Teugels wrote: > If I get about 10000 mails /day in about 8 hours. What kind of machine > do I need I i turn mailscanner + spamassassin + 3 antivirus programs? > > Thanks Koen > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > . > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Mar 7 09:36:29 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:51 2006 Subject: Outstanding feature/fix requests? Message-ID: David good one.. I guess MS would have to scan for first (or last!!) Subject: header with non-whitespace content in it... rather than looking for 'blank' subjects??? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 David While wrote: > How about the problem of multiple subject lines in the headers? > -------------------------------------------- > David While BSc CEng MBCS CITP > Department of Computing & Information > University of Central England > Tel: 0121 331 6211 > -------------------------------------------- > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Julian Field > Sent: 06 March 2005 16:42 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Outstanding feature/fix requests? > > Other than a minor cosmetic one I can't reproduce, I don't think I have > any outstanding requests for fixes. > > Does anyone know of any fixes or features they would like to see, that I > haven't yet done? > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website!
**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From sylvain.phaneuf at IMSU.OXFORD.AC.UK Mon Mar 7 09:42:17 2005 From: sylvain.phaneuf at IMSU.OXFORD.AC.UK (Sylvain Phaneuf) Date: Thu Jan 12 21:28:51 2006 Subject: Sizing machine for mailscanner Message-ID: I will start with what I have learned from this maillist when I asked the same question about 4 months ago. I will leave the more subtle details to the real experts on this list. Two slightly smaller boxes instead of a biggist one to do load shaing and have a failover system if problems occur. Great to for upgrades, etc. Mail flow continues on the 2nd box when you take the 1st off line. Round robin DNS is great. We have two identical boxes, getting a load average rarely >1 with approx 40k mesages a day in total (probably 30k in 8 hours in day time) with MS, SA and 2 anti-virus: P4, 2.8 GHz 1 GB RAM 32GB HD Nothing beefy, but does the job very well. Sylvain =========================================================== Sylvain Phaneuf --- Systems Manager | phone : +44 (0)1865 221323 Clinical School Information Management Services Unit (IMSU) Medical Sciences Division University of Oxford | email : sylvain.phaneuf@imsu.ox.ac.uk Room 3A25B John Radcliffe Hospital | fax : +44 (0) 1865 221322 Oxford OX3 9DU England =========================================================== >>> kte@NEXIS.BE 07/03/2005 09:04:15 >>> If I get about 10000 mails /day in about 8 hours. What kind of machine do I need I i turn mailscanner + spamassassin + 3 antivirus programs? Thanks Koen ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Mar 7 09:47:32 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:51 2006 Subject: clamav and RAR..(update and feature request) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Yes, it is quite possible for me to extract the path of the unrar program if it is set. But it will take several commands to do it each time in the clamav-wrapper. Which is going to be slow. The last thing I want to do is make the clamav-wrapper self-modifying :-) I could set the unrar command path by default in the MailScanner.conf. Then MailScanner would spit out warnings about not being able to find it and they would then have to either install it separately or disable the setting in MailScanner.conf. But I don't like the idea of a setup that warns about things by default. It is very untidy. I don't *think* I do this now. Martin Hepworth wrote: > Julian, > > Is there anyway of running the ClamAV command-line with the --unrar > option set correctly if the new UNRAR option is set in MailScanner.conf? > > > > An update for all those running Clam and following the RAR thread. > > I caught two RAR viruses over the w/end, Sophos also picked them up. But > I am running clam with the wrapper modified to include the rar support > for the command line scanner...which may or may not have made a > difference. > > edit /opt/MailScanner/lib/clamav-wrapper and make sure the following is > set.. > > ScanOptions="--unrar=/usr/local/bin/unrar" > > Obviously you'll need to adjust paths where needed > > Here's what I caught.. > > Report: ClamAV: 075466.rar contains Worm.Bagle.BA-RAR > SophosSAVI: 075466.rar was infected by Troj/BagleDl-M > > > So make sure you're AV packages can handle RAR types. My ClamAV is 0.83 > and my Sophos is 3.91.0. > > Right off to try the 4.40.2 Julian put out over the w/end... > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > >
/>********************************************************************** >
>
This email and any files transmitted with it are confidential and >
intended solely for the use of the individual or entity to whom > they >
are addressed. If you have received this email in error please > notify >
the system manager. >
>
This footnote confirms that this email message has been swept >
for the presence of computer viruses and is believed to be clean. >
>
/>********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Mar 7 09:52:36 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:51 2006 Subject: Outstanding feature/fix requests? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Good point. The only problem with that is that it is an MTA-dependent feature, so I've got to change all the relevant functions for each MTA separately :-( And also, what should be returned from the test to see if a header starts with a given value, when one of the subject lines has the text and the other one doesn't? David While wrote: >How about the problem of multiple subject lines in the headers? >-------------------------------------------- >David While BSc CEng MBCS CITP >Department of Computing & Information >University of Central England >Tel: 0121 331 6211 >-------------------------------------------- > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >Behalf Of Julian Field >Sent: 06 March 2005 16:42 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Outstanding feature/fix requests? > >Other than a minor cosmetic one I can't reproduce, I don't think I have >any outstanding requests for fixes. > >Does anyone know of any fixes or features they would like to see, that I >haven't yet done? > >-- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Felix.Schwarz at WEB.DE Mon Mar 7 09:48:16 2005 From: Felix.Schwarz at WEB.DE (Felix Schwarz) Date: Thu Jan 12 21:28:51 2006 Subject: RFC: CRM114 intergration something that some would use? Message-ID: Hi all, Julian Field wrote: > How about a SpamAssassin plugin for CRM114? They already have the > architecture in place, and it would create far less work for me! I looked into this and found a sample CRM114 plugin for SpamAssassin (written by Eugene Morozov). But I'm seeing three issues with pluging CRM114 into SpamAssassin: 1. AFAIK it is not possible to return multiple scores based on the CRM114 rating (such as 10% SPAM, .., 40% SPAM). CRM114 has its own threshold and can't be influenced by the command line. 2. You cannot modify the mail headers from a SpamAssassin plugin (okay, it works but it is _very_ scary). 3. You can't get rid of SpamAssassin - and I like getting rid of it because it uses much RAM and DSPAM (and partly CRM114) are faster and more accurate after some training. -- Felix ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Mon Mar 7 09:56:52 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:28:51 2006 Subject: Sizing machine for mailscanner Message-ID: The point Sylvain makes about having multiple mail relays to provide reliability through redundancy cannot be emphasised enough. The load sharing and failover is simply done using equal value DNS MX records and round-robin. You do even better if the machines can be distrbuted around different buildings. And of course this architecture allows you to take down one machine to update OS/applications without impacting the service. You should also use RAID 1 (mirroring) on your disks; again this provides reliability through redundancy. The cost of the extra disk(s) is almost marginal. If you can have dual SCSI controllers then so much the better. Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." >-----Original Message----- >From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Sylvain Phaneuf >Sent: 07 March 2005 09:42 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Sizing machine for mailscanner > >I will start with what I have learned from this maillist when I asked >the same question about 4 months ago. I will leave the more subtle >details to the real experts on this list. > >Two slightly smaller boxes instead of a biggist one to do load shaing >and have a failover system if problems occur. Great to for upgrades, >etc. Mail flow continues on the 2nd box when you take the 1st off line. >Round robin DNS is great. > >We have two identical boxes, getting a load average rarely >1 with >approx 40k mesages a day in total (probably 30k in 8 hours in day time) >with MS, SA and 2 anti-virus: > >P4, 2.8 GHz >1 GB RAM >32GB HD > >Nothing beefy, but does the job very well. > >Sylvain > > >=========================================================== >Sylvain Phaneuf --- Systems Manager | phone : +44 (0)1865 221323 >Clinical School Information Management Services Unit (IMSU) >Medical Sciences Division >University of Oxford | email : >sylvain.phaneuf@imsu.ox.ac.uk >Room 3A25B John Radcliffe Hospital | fax : +44 (0) 1865 221322 >Oxford OX3 9DU England >=========================================================== > >>>> kte@NEXIS.BE 07/03/2005 09:04:15 >>> >If I get about 10000 mails /day in about 8 hours. What kind of machine >do I need I i turn mailscanner + spamassassin + 3 antivirus programs? > >Thanks Koen > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Mar 7 10:03:47 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:51 2006 Subject: clamav and RAR..(update and feature request) Message-ID: Julian Perhaps a comment in the MailScanner.conf at the same place at new unrar option could be useful as a first shot? Or are the two options mutually exclusive - ie if you put in in one place you don't need the other? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Julian Field wrote: > Yes, it is quite possible for me to extract the path of the unrar > program if it is set. But it will take several commands to do it each > time in the clamav-wrapper. Which is going to be slow. The last thing I > want to do is make the clamav-wrapper self-modifying :-) > > I could set the unrar command path by default in the MailScanner.conf. > Then MailScanner would spit out warnings about not being able to find it > and they would then have to either install it separately or disable the > setting in MailScanner.conf. > > But I don't like the idea of a setup that warns about things by default. > It is very untidy. I don't *think* I do this now. > > Martin Hepworth wrote: > >> Julian, >> >> Is there anyway of running the ClamAV command-line with the --unrar >> option set correctly if the new UNRAR option is set in MailScanner.conf? >> >> >> >> An update for all those running Clam and following the RAR thread. >> >> I caught two RAR viruses over the w/end, Sophos also picked them up. But >> I am running clam with the wrapper modified to include the rar support >> for the command line scanner...which may or may not have made a >> difference. >> >> edit /opt/MailScanner/lib/clamav-wrapper and make sure the following is >> set.. >> >> ScanOptions="--unrar=/usr/local/bin/unrar" >> >> Obviously you'll need to adjust paths where needed >> >> Here's what I caught.. >> >> Report: ClamAV: 075466.rar contains Worm.Bagle.BA-RAR >> SophosSAVI: 075466.rar was infected by Troj/BagleDl-M >> >> >> So make sure you're AV packages can handle RAR types. My ClamAV is 0.83 >> and my Sophos is 3.91.0. >> >> Right off to try the 4.40.2 Julian put out over the w/end... >> >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >>
> />********************************************************************** >>
>>
This email and any files transmitted with it are confidential and >>
intended solely for the use of the individual or entity to whom >> they >>
are addressed. If you have received this email in error please >> notify >>
the system manager. >>
>>
This footnote confirms that this email message has been swept >>
for the presence of computer viruses and is believed to be clean. >>
>>
> />********************************************************************** >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website!
**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Mon Mar 7 10:04:36 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:51 2006 Subject: Vicious Circle Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Dave Goodrich > Sent: den 5 mars 2005 18:10 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Vicious Circle > (snip) > > I am at a loss, the root of the issue is I have 100k messages a day, > some just *might* be legitimate address misspellings, I can't drop all > bounces. But the vast majority are trash. I think you have a "fault" in your reasoning here. The responsibility (and thus requirement to produce bounces) for a message is not yours until after you've accepted the message. So if you do, as many here have already recommended, reject (with a 550) any unknown recipients/domains, then the resposibility to generate a NDN/NDR would still be _the sending MTAs problem, not yours_. So there really is no reason for you to avoid this strategy, there is little -> no risk that "valid but misspelled" messages would disapear... Anyway... That would be THEIR problem, not yours;). Spammers don't seem to use real MTAs so this strategy is pretty effective in reducing spam volume, and it effectively removes the risk that you would be used for generating "backwash" or NDN-spamming. -- Glenn > > Whats a sysadmin to do? > > DAve > > -- > Dave Goodrich > Systems Administrator > http://www.tls.net > Get rid of Unwanted Emails...get TLS Spam Blocker! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Mon Mar 7 10:13:05 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:28:51 2006 Subject: OT postfix question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ahhhhhh this is exactly the issue. I have added this parm to my main.cf and all is well. Previously i added MAILTO="" to the top fo the crontab file to stop cron sending mails, but nice to ahve it actually fixed. Thanks Pete Steen, Glenn wrote: > Isn't this due to the (sometimes unfortunate) append_at_myorigin > and perhaps append_dot_mydomain? > Look at "man 5 postconf" Pete... > > These can have some real fun implications, especially in a situation > where you have no local delivery at all (as I assume this to be). > > -- Glenn > > >>-----Original Message----- >>From: MailScanner mailing list >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Drew Marshall >>Sent: den 5 mars 2005 10:47 >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: OT postfix question >> >> >>Pete Russell wrote: >> >> >>>NOthing specified in Sending sectionof main.cf >> >>Try specifying 'myorigin = $mydomain' (Without the quotes!), reload >>Postfix and see what you get. >> >>Drew >> >>-- >>In line with our policy, this message has >>been scanned for viruses and dangerous >>content by MailScanner, and is believed to be clean. >>www.themarshalls.co.uk/policy >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Mon Mar 7 10:36:53 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:51 2006 Subject: clamav and RAR..(update and feature request) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Martin Hepworth wrote: > edit /opt/MailScanner/lib/clamav-wrapper and make sure the following is > set.. > > ScanOptions="--unrar=/usr/local/bin/unrar" Isn't it better to use one of these lines instead? #ExtraScanOptions="$ExtraScanOptions --unrar" #ExtraScanOptions="$ExtraScanOptions --unrar=/path/to/unrar" -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Mon Mar 7 10:34:24 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:51 2006 Subject: Outstanding feature/fix requests? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > And also, what should be returned from the test to see if a header > starts with a given value, when one of the subject lines has the text > and the other one doesn't? > > David While wrote: > >> How about the problem of multiple subject lines in the headers? Isn't it safest to just modify all subject lines found? Who knows which one different MUA:s will show? So far I have only seen two subject lines, never more and they have the same content but only one of them is modified by MS. -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Mar 7 10:41:10 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:51 2006 Subject: clamav and RAR..(update and feature request) Message-ID: Peter could well be - I'll make the change and try it.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Peter Bonivart wrote: > Martin Hepworth wrote: > >> edit /opt/MailScanner/lib/clamav-wrapper and make sure the following is >> set.. >> >> ScanOptions="--unrar=/usr/local/bin/unrar" > > > Isn't it better to use one of these lines instead? > > #ExtraScanOptions="$ExtraScanOptions --unrar" > #ExtraScanOptions="$ExtraScanOptions --unrar=/path/to/unrar" > > -- > /Peter Bonivart > > --Unix lovers do it in the Sun > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website!
**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Mon Mar 7 10:44:50 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:28:51 2006 Subject: Beta release 4.39.4 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Rakesh > Sent: Saturday, March 05, 2005 1:29 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Beta release 4.39.4 > > > Rick, > > Have you tried this with Clamav versions > 0.82 ?. I tried to do the > same thing and tried to pass some extra parameters from the > clamav-wrapper of MailScanner. But it seems that the recent releases of > clamav like to be instructed only from the conf file and it started > showing warings in the maillog. As I recall clamscan will attempt to use it's internal unrar first and (if --unrar= is set) if it fails it uses the one passed to it. I just tried that with 0.83 and that is just what it does. Note the first line after the clamscan command. [rcooper@srv2 tmp]$ clamscan --unrar=/usr/bin/unrar Test.rar /tmp/Test.rar: RAR module failure RAR 3.41 Copyright (c) 1993-2004 Alexander Roshal 2 Nov 2004 Registered to Rick Cooper Extracting from /tmp/Test.rar Extracting FreeBSD.html OK Extracting docs.html OK Extracting index.html OK Extracting index.new.html OK Extracting phishing.html OK Extracting presentations.html OK Extracting press.html OK Extracting pressreleases.html OK Extracting reject.html OK Extracting sobig.html OK Extracting support.html OK All OK > > Also Clamav seems to be using the unrarlib library > (http://www.unrarlib.org/faq.html) for its support to RAR archives. But > the website of its library claims that support for RAR3 is not currently > scheduled (it doesnt seem to be under any active development anymore) > and is hoping for some one to contribute the support. Also currently > there is not Perl module that is based on unrarlib. The only available I > came across was Archive::Rar and that too needs the unrar command to be > installed on your system. There is no RAR3 library because of some licensing issue. ClamAV could use the 3+ version but there is some language within the library that would cause issue. The ClamAV maintainers have said (say in every version of the docs and api) they will never include 3.+ support. This would be the reason, I would think, that Archive::Rar would need the external rar. The "RAR module failure" error from clam is specifically the result of 3.+ Rars (from looking at the source) which is why that error has been won't show up in the MailScanner log anymore. Rick > > I am looking at building RAR archive support in MailScanner, but that > definitely involves a lot of work, like first building RAR3 support in > unrarlib, then creating a Perl module from unrarlib and then build the > support in MailScanner itself. > > Rakesh > > Rick Cooper wrote: > > >It's important to note that ClamAV only supports RAR v2, so the > answer is: > > > > Uncomment the ScanRar line in the config file > > > >but pass the --unrar[=FULLPATH] option (and of course have the > latest unrar) > >if you really want to handle rar files because v2 is quite old and not > >likely to be used much anymore. If you are using clamavmodule then you > >cannot use the external unrar (which is why I patch my MS versions with > >specific unrar code/function every release). > > > > > > > -- > > regards, > Rakesh B. Pal, > Project Leader, > Emergic CleanMail Team. > Netcore Solutions Pvt. Ltd. > > ================================================== > I came, I saw, I conquered > ================================================== > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Mon Mar 7 11:05:41 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:51 2006 Subject: clamav and RAR..(update and feature request) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Martin Hepworth wrote: > Peter > > could well be - I'll make the change and try it.. Just to clarify, I didn't mean better as in function but as in form. They should do the same thing but Kevin added those lines so we easily could enable needed functions. -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From t.d.lee at DURHAM.AC.UK Mon Mar 7 11:08:51 2005 From: t.d.lee at DURHAM.AC.UK (David Lee) Date: Thu Jan 12 21:28:51 2006 Subject: Mail::ClamAV [was: Re: SAVI-Perl/Sophos on RedHat Enterprise 4] Message-ID: On Fri, 4 Mar 2005, David Lee wrote: > [...] > We too have this problem (FC3, also ancient RH 7.3). Rick Cooper has > found that this seems to be an error within its tests (i.e. Mail::ClamAV > itself is OK). From an amended version of its "t/Mail-ClamAV.t" that he > gave me, I derived the following patch. > [...] On Friday, I emailed the author (Scott Beck) of Mail::ClamAV about these issues, and he has released version 0.16 over the weekend. This seems to have fixed most of the failures in the test suite, but it a separate set of residual failures at the end, related to the "scanbuff" interface onto ClamAV itself. I understand from the "clamav-devel" list that this interface is deprecated (scheduled for removal at ClamAV 0.90). From james at GRAYONLINE.ID.AU Mon Mar 7 11:05:37 2005 From: james at GRAYONLINE.ID.AU (James Gray) Date: Thu Jan 12 21:28:51 2006 Subject: Sizing machine for mailscanner Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Mon, 7 Mar 2005 08:04 pm, Koen Teugels wrote: > If I get about 10000 mails /day in about 8 hours. What kind of machine > do I need I i turn mailscanner + spamassassin + 3 antivirus programs? > > Thanks Koen I set up a charity organisation recently with Linux (Debian Woody), MailScanner, SpamAssassin 3.0.2 and ClamAV 0.83 on a Celeron 400 with 512MB RAM and a single 40GB ATA66 drive[1]. They are handling a similar load to what you describe at a rate of about 4sec/message. System load hovers around 0.4-0.6 when a steady stream of mail arrives. TO squeeze some speed out of this box, I set up a caching-only name server on the same network and the MailScanner work directory is a RAM drive (128MB). Other stuff I did to tweak things a little was compile a customised kernel (for i686) and pretty much ripped out every service and package not essential for a mail server - it's even running ssh via inetd (slow to connect but fine once you're on). Additional virus scanners don't seem to slow things down much in MailScanner (I increased the mail gateway at work from McAfee only to McAfee+ClamAV+Sophos+BitDefender and the increase in load and message processing time was zero); the bottleneck is all the RBL's in SA3 and the handling of large messages in SA3 - hence the caching name server. MailScanner and the virus scanners are pretty quick. The charity's mail gateway is running MailScanner with only 2 children too as that's about all I could spare with the RAM drive. 3 children went awfully close to filling physical RAM and I didn't want the box to start paging with only a single (ATA - bleh) drive. Paging kills performance. Obviously this set up is a corner case and wont scale but it shows what can be achieved with very "old" technology with some sensible selections and lean configuration. HTH, James [1] It was the box with the most grunt available - even then I pilfered RAM from a desktop machine or two :P ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Mar 7 11:12:40 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:51 2006 Subject: Outstanding feature/fix requests? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Done. It will keep the 1st Subject: header and discard all following ones. Choosing which to keep is an arbitrary decision, and keeping the 1st was easier to implement :-) Julian Field wrote: > Good point. The only problem with that is that it is an MTA-dependent > feature, so I've got to change all the relevant functions for each MTA > separately :-( > > And also, what should be returned from the test to see if a header > starts with a given value, when one of the subject lines has the text > and the other one doesn't? > > David While wrote: > >> How about the problem of multiple subject lines in the headers? >> -------------------------------------------- >> David While BSc CEng MBCS CITP >> Department of Computing & Information >> University of Central England >> Tel: 0121 331 6211 >> -------------------------------------------- >> >> -----Original Message----- >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >> Behalf Of Julian Field >> Sent: 06 March 2005 16:42 >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Outstanding feature/fix requests? >> >> Other than a minor cosmetic one I can't reproduce, I don't think I have >> any outstanding requests for fixes. >> >> Does anyone know of any fixes or features they would like to see, that I >> haven't yet done? >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> >> > > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Mon Mar 7 11:21:51 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:28:51 2006 Subject: clamav and RAR..(update and feature request) Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Julian Field > Sent: Monday, March 07, 2005 4:48 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: clamav and RAR..(update and feature request) > > > Yes, it is quite possible for me to extract the path of the unrar > program if it is set. But it will take several commands to do it each > time in the clamav-wrapper. Which is going to be slow. The last thing I > want to do is make the clamav-wrapper self-modifying :-) > > I could set the unrar command path by default in the MailScanner.conf. > Then MailScanner would spit out warnings about not being able to find it > and they would then have to either install it separately or disable the > setting in MailScanner.conf. > > But I don't like the idea of a setup that warns about things by default. > It is very untidy. I don't *think* I do this now. How about something like: # # Virus scanner definitions table # my $ClamOptions = '-r --disable-summary --stdout'; $ClamOptions = '-r --unrar='.MailScanner::Config::Value('unrarcommand').' --disable-summary --stdout' if MailScanner::Config::Value('unrarcommand') && (-e MailScanner::Config::Value('unrarcommand')); then "clamav" => { Name => 'ClamAV', Lock => 'ClamAVBusy.lock', CommonOptions => $ClamOptions, DisinfectOptions => '', ScanOptions => '', InitParser => \&InitClamAVParser, ProcessOutput => \&ProcessClamAVOutput, SupportScanning => $S_SUPPORTED, SupportDisinfect => $S_NONE, }, Would this not get the external rar into the clamav wrapper, only if they have declared the path to unrar and the file actually exists? Rick > > Martin Hepworth wrote: > > > Julian, > > > > Is there anyway of running the ClamAV command-line with the --unrar > > option set correctly if the new UNRAR option is set in MailScanner.conf? > > > > > > > > An update for all those running Clam and following the RAR thread. > > > > I caught two RAR viruses over the w/end, Sophos also picked them up. But > > I am running clam with the wrapper modified to include the rar support > > for the command line scanner...which may or may not have made a > > difference. > > > > edit /opt/MailScanner/lib/clamav-wrapper and make sure the following is > > set.. > > > > ScanOptions="--unrar=/usr/local/bin/unrar" > > > > Obviously you'll need to adjust paths where needed > > > > Here's what I caught.. > > > > Report: ClamAV: 075466.rar contains Worm.Bagle.BA-RAR > > SophosSAVI: 075466.rar was infected by Troj/BagleDl-M > > > > > > So make sure you're AV packages can handle RAR types. My ClamAV is 0.83 > > and my Sophos is 3.91.0. > > > > Right off to try the 4.40.2 Julian put out over the w/end... > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > >
> />********************************************************************** > >
> >
This email and any files transmitted with it are confidential and > >
intended solely for the use of the individual or entity to whom > > they > >
are addressed. If you have received this email in error please > > notify > >
the system manager. > >
> >
This footnote confirms that this email message has been swept > >
for the presence of computer viruses and is believed to be clean. > >
> >
> />********************************************************************** > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Mar 7 11:48:19 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:51 2006 Subject: clamav and RAR..(update and feature request) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rick Cooper wrote: >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >>Behalf Of Julian Field >>Sent: Monday, March 07, 2005 4:48 AM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: clamav and RAR..(update and feature request) >> >> >>Yes, it is quite possible for me to extract the path of the unrar >>program if it is set. But it will take several commands to do it each >>time in the clamav-wrapper. Which is going to be slow. The last thing I >>want to do is make the clamav-wrapper self-modifying :-) >> >>I could set the unrar command path by default in the MailScanner.conf. >>Then MailScanner would spit out warnings about not being able to find it >>and they would then have to either install it separately or disable the >>setting in MailScanner.conf. >> >>But I don't like the idea of a setup that warns about things by default. >>It is very untidy. I don't *think* I do this now. >> >> > >How about something like: > ># ># Virus scanner definitions table ># >my $ClamOptions = '-r --disable-summary --stdout'; >$ClamOptions = >'-r --unrar='.MailScanner::Config::Value('unrarcommand').' --disable-summary > --stdout' > if MailScanner::Config::Value('unrarcommand') && (-e >MailScanner::Config::Value('unrarcommand')); > >then > > "clamav" => { > Name => 'ClamAV', > Lock => 'ClamAVBusy.lock', > CommonOptions => $ClamOptions, > DisinfectOptions => '', > ScanOptions => '', > InitParser => \&InitClamAVParser, > ProcessOutput => \&ProcessClamAVOutput, > SupportScanning => $S_SUPPORTED, > SupportDisinfect => $S_NONE, > }, > >Would this not get the external rar into the clamav wrapper, only if they >have declared the path to unrar and the file actually exists? > > Unfortunately the hash is set up at "use" time, before any code is executed. So I can't call Config::Value in there. I will need to insert in at run-time. Should be fairly easy to do. >Rick > > > >>Martin Hepworth wrote: >> >> >> >>>Julian, >>> >>>Is there anyway of running the ClamAV command-line with the --unrar >>>option set correctly if the new UNRAR option is set in MailScanner.conf? >>> >>> >>> >>>An update for all those running Clam and following the RAR thread. >>> >>>I caught two RAR viruses over the w/end, Sophos also picked them up. But >>>I am running clam with the wrapper modified to include the rar support >>>for the command line scanner...which may or may not have made a >>>difference. >>> >>>edit /opt/MailScanner/lib/clamav-wrapper and make sure the following is >>>set.. >>> >>>ScanOptions="--unrar=/usr/local/bin/unrar" >>> >>>Obviously you'll need to adjust paths where needed >>> >>>Here's what I caught.. >>> >>>Report: ClamAV: 075466.rar contains Worm.Bagle.BA-RAR >>> SophosSAVI: 075466.rar was infected by Troj/BagleDl-M >>> >>> >>>So make sure you're AV packages can handle RAR types. My ClamAV is 0.83 >>>and my Sophos is 3.91.0. >>> >>>Right off to try the 4.40.2 Julian put out over the w/end... >>> >>>-- >>>Martin Hepworth >>>Snr Systems Administrator >>>Solid State Logic >>>Tel: +44 (0)1865 842300 >>> >>>
>>/>********************************************************************** >>>
>>>
This email and any files transmitted with it are confidential and >>>
intended solely for the use of the individual or entity to whom >>>they >>>
are addressed. If you have received this email in error please >>>notify >>>
the system manager. >>>
>>>
This footnote confirms that this email message has been swept >>>
for the presence of computer viruses and is believed to be clean. >>>
>>>
>>/>********************************************************************** >>> >>>------------------------ MailScanner list ------------------------ >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>'leave mailscanner' in the body of the email. >>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>Support MailScanner development - buy the book off the website! >>> >>> >>> >>-- >>Julian Field >>www.MailScanner.info >>MailScanner thanks transtec Computers for their support >>Buy the MailScanner book at www.MailScanner.info/store >> >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >>-- >>This message has been scanned for viruses and >>dangerous content by MailScanner, and is >>believed to be clean. >> >> >> >> >> > > >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Mar 7 11:58:18 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:51 2006 Subject: clamav and RAR..(update and feature request) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Done. If the unrar command exists and the "unrar command" option is set to point to it correctly, it will automatically be used by the "clamav" scanner. Julian Field wrote: > Rick Cooper wrote: > >>> -----Original Message----- >>> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >>> Behalf Of Julian Field >>> Sent: Monday, March 07, 2005 4:48 AM >>> To: MAILSCANNER@JISCMAIL.AC.UK >>> Subject: Re: clamav and RAR..(update and feature request) >>> >>> >>> Yes, it is quite possible for me to extract the path of the unrar >>> program if it is set. But it will take several commands to do it each >>> time in the clamav-wrapper. Which is going to be slow. The last thing I >>> want to do is make the clamav-wrapper self-modifying :-) >>> >>> I could set the unrar command path by default in the MailScanner.conf. >>> Then MailScanner would spit out warnings about not being able to >>> find it >>> and they would then have to either install it separately or disable the >>> setting in MailScanner.conf. >>> >>> But I don't like the idea of a setup that warns about things by >>> default. >>> It is very untidy. I don't *think* I do this now. >>> >>> >> >> How about something like: >> >> # >> # Virus scanner definitions table >> # >> my $ClamOptions = '-r --disable-summary --stdout'; >> $ClamOptions = >> '-r --unrar='.MailScanner::Config::Value('unrarcommand').' >> --disable-summary >> --stdout' >> if MailScanner::Config::Value('unrarcommand') && (-e >> MailScanner::Config::Value('unrarcommand')); >> >> then >> >> "clamav" => { >> Name => 'ClamAV', >> Lock => 'ClamAVBusy.lock', >> CommonOptions => $ClamOptions, >> DisinfectOptions => '', >> ScanOptions => '', >> InitParser => \&InitClamAVParser, >> ProcessOutput => \&ProcessClamAVOutput, >> SupportScanning => $S_SUPPORTED, >> SupportDisinfect => $S_NONE, >> }, >> >> Would this not get the external rar into the clamav wrapper, only if >> they >> have declared the path to unrar and the file actually exists? >> >> > Unfortunately the hash is set up at "use" time, before any code is > executed. So I can't call Config::Value in there. > I will need to insert in at run-time. Should be fairly easy to do. > >> Rick >> >> >> >>> Martin Hepworth wrote: >>> >>> >>> >>>> Julian, >>>> >>>> Is there anyway of running the ClamAV command-line with the --unrar >>>> option set correctly if the new UNRAR option is set in >>>> MailScanner.conf? >>>> >>>> >>>> >>>> An update for all those running Clam and following the RAR thread. >>>> >>>> I caught two RAR viruses over the w/end, Sophos also picked them >>>> up. But >>>> I am running clam with the wrapper modified to include the rar support >>>> for the command line scanner...which may or may not have made a >>>> difference. >>>> >>>> edit /opt/MailScanner/lib/clamav-wrapper and make sure the >>>> following is >>>> set.. >>>> >>>> ScanOptions="--unrar=/usr/local/bin/unrar" >>>> >>>> Obviously you'll need to adjust paths where needed >>>> >>>> Here's what I caught.. >>>> >>>> Report: ClamAV: 075466.rar contains Worm.Bagle.BA-RAR >>>> SophosSAVI: 075466.rar was infected by Troj/BagleDl-M >>>> >>>> >>>> So make sure you're AV packages can handle RAR types. My ClamAV is >>>> 0.83 >>>> and my Sophos is 3.91.0. >>>> >>>> Right off to try the 4.40.2 Julian put out over the w/end... >>>> >>>> -- >>>> Martin Hepworth >>>> Snr Systems Administrator >>>> Solid State Logic >>>> Tel: +44 (0)1865 842300 >>>> >>>>
>>> />********************************************************************** >>>> >>>>
>>>>
This email and any files transmitted with it are confidential >>>> and >>>>
intended solely for the use of the individual or entity to whom >>>> they >>>>
are addressed. If you have received this email in error please >>>> notify >>>>
the system manager. >>>>
>>>>
This footnote confirms that this email message has been swept >>>>
for the presence of computer viruses and is believed to be >>>> clean. >>>>
>>>>
>>> />********************************************************************** >>>> >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>>> >>> -- >>> Julian Field >>> www.MailScanner.info >>> MailScanner thanks transtec Computers for their support >>> Buy the MailScanner book at www.MailScanner.info/store >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> >>> >>> >>> >>> >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> >> > > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Patrick.Zerbin at SYLVANIA-LIGHTING.COM Mon Mar 7 11:54:47 2005 From: Patrick.Zerbin at SYLVANIA-LIGHTING.COM (Patrick Zerbin) Date: Thu Jan 12 21:28:51 2006 Subject: Outstanding feature/fix requests? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Julian Field > Sent: Sunday, March 06, 2005 5:42 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Outstanding feature/fix requests? > > > Other than a minor cosmetic one I can't reproduce, I don't think I have > any outstanding requests for fixes. > > Does anyone know of any fixes or features they would like to see, that I > haven't yet done? > Hi! A feature like exclude file extensions when the are zipped i.e. strip all .exe files if they are attached directly but let them pass if they are in a .zip, .rar etc. I would prefer a allow rule where you have to set all allowed file extensions and if nothing is configured than the normal behavior should match. Optionally: It would be really nice if you can set this up per sender or/and receiver email address. Patrick. -- Patrick Zerbin ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Mon Mar 7 11:59:10 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:28:52 2006 Subject: Mail::ClamAV [was: Re: SAVI-Perl/Sophos on RedHat Enterprise 4] Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Mine still fails at make on RHEL4 Checking if your kit is complete... Looks good Writing Makefile for Mail::ClamAV /usr/bin/perl -Mblib -MInline=NOISY,_INSTALL_ -MMail::ClamAV -e1 0.16 blib/arch Can't open blib/lib/Mail/ClamAV.pm: No such file or directory. Can't locate Mail/ClamAV.pm in @INC (@INC contains: /root/.cpan/build/Mail-ClamAV-0.16/blib/arch /root/.cpan/build/Mail-ClamAV-0.16/blib/lib /usr/lib/perl5/5.8.5/i386-linux-thread-multi /usr/lib/perl5/5.8.5 /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.4/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.2/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.1/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.5 /usr/lib/perl5/site_perl/5.8.4 /usr/lib/perl5/site_perl/5.8.3 /usr/lib/perl5/site_perl/5.8.2 /usr/lib/perl5/site_perl/5.8.1 /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.4/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.2/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.1/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.5 /usr/lib/perl5/vendor_perl/5.8.4 /usr/lib/perl5/vendor_perl/5.8.3 /usr/lib/perl5/vendor_perl/5.8.2 /usr/lib/perl5/vendor_perl/5.8.1 /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl .). BEGIN failed--compilation aborted. make: *** [ClamAV.inl] Error 2 make: *** Waiting for unfinished jobs.... cp ClamAV.pm blib/lib/Mail/ClamAV.pm /usr/bin/make -j3 -- NOT OK Running make test Can't test without successful make Running make install make had returned bad status, install seems impossible Rick Cooper wrote: >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >>Behalf Of David Lee >>Sent: Monday, March 07, 2005 6:09 AM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: Mail::ClamAV [was: Re: SAVI-Perl/Sophos on RedHat >>Enterprise 4] >> >> >>On Fri, 4 Mar 2005, David Lee wrote: >> >> >>>[...] >>>We too have this problem (FC3, also ancient RH 7.3). Rick Cooper has >>>found that this seems to be an error within its tests (i.e. Mail::ClamAV >>>itself is OK). From an amended version of its "t/Mail-ClamAV.t" that he >>>gave me, I derived the following patch. >>>[...] >> >>On Friday, I emailed the author (Scott Beck) of Mail::ClamAV about these >>issues, and he has released version 0.16 over the weekend. This seems to >>have fixed most of the failures in the test suite, but it a separate set >>of residual failures at the end, related to the "scanbuff" interface onto >>ClamAV itself. I understand from the "clamav-devel" list that this >>interface is deprecated (scheduled for removal at ClamAV 0.90). >> >>From the MailScanner perspective, I think the experience of people on this >>list with Mail::ClamAV 0.14 is that none of these failures in that >>module's test suite is important. I've just installed 0.16 and that, too, >>seems fine. >> >>I've also written to the author again suggesting that he might simply >>remove his "scanbuff" tests. > > > What is truly funny about this is the fact that the author's own docs > suggest you not use the scanbuff interface, and quotes the maintainers as to > why > > I also noted that he fixed (he just added CL_SCAN_STDOPT to cover the bases) > everything except the scanbuff. But looking at the change log I also note > that other tests passed on his system "for some reason". If you look at his > test code it is doomed to failure anyway because the API docs clearly state > the buffer must be unpacked, de-mimed, completely processed before passing > it to cl_scanbuiff and he is passing it a .zip file... so I really wonder > how it passes on his system? > > Rick > > > >>-- >> >>: David Lee I.T. Service : >>: Senior Systems Programmer Computer Centre : >>: University of Durham : >>: http://www.dur.ac.uk/t.d.lee/ South Road : >>: Durham : >>: Phone: +44 191 334 2752 U.K. : >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >>-- >>This message has been scanned for viruses and >>dangerous content by MailScanner, and is >>believed to be clean. >> >> >> > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Mon Mar 7 12:26:09 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:28:52 2006 Subject: Outstanding feature/fix requests? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Would it be possible to have a feature where we can block mail base don the number of recipients? We use an MS server to filter all outbound mail and we have a lot of public users, i noticed one today send an email with a Subject of Autopost4 to 150 odd recipients. The boss says he would like to limit this, if it were possible? Pete Patrick Zerbin wrote: >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >>Behalf Of Julian Field >>Sent: Sunday, March 06, 2005 5:42 PM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Outstanding feature/fix requests? >> >> >>Other than a minor cosmetic one I can't reproduce, I don't think I have >>any outstanding requests for fixes. >> >>Does anyone know of any fixes or features they would like to see, that I >>haven't yet done? >> > > Hi! > > A feature like exclude file extensions when the are zipped i.e. strip all > .exe > files if they are attached directly but let them pass if they are in a .zip, > .rar etc. > I would prefer a allow rule where you have to set all allowed file > extensions and > if nothing is configured than the normal behavior should match. > Optionally: > It would be really nice if you can set this up per sender or/and receiver > email address. > > Patrick. > > -- > Patrick Zerbin > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dh at UPTIME.AT Mon Mar 7 12:28:27 2005 From: dh at UPTIME.AT ([ISO-8859-1] David Höhn) Date: Thu Jan 12 21:28:52 2006 Subject: Outstanding feature/fix requests? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Pete Russell wrote: | Would it be possible to have a feature where we can block mail base don | the number of recipients? | Your MTA will/should be able to do this. - -d - -- nee anata wo mitsukete soshite nidoto wasurezu ~ donna ni munega itakutemo soba ni iru no ~ zutto...zutto...zutto Key fingerprint = FD77 F0B7 5C65 F546 EB08 A4EC 3CCA 1A32 7E24 291E -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (Darwin) iD8DBQFCLEjrPMoaMn4kKR4RA7eoAJwMcUc1sXf/M79YNo1z0uBqzpB6FwCdEbBT dP7YqYRfVwPUZlUt1bhwrxw= =WfE5 -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Mon Mar 7 12:48:00 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:28:52 2006 Subject: Outstanding feature/fix requests? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Pete Russell > Sent: Monday, March 07, 2005 7:26 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Outstanding feature/fix requests? > > > Would it be possible to have a feature where we can block mail base don > the number of recipients? > > We use an MS server to filter all outbound mail and we have a lot of > public users, i noticed one today send an email with a Subject of > Autopost4 to 150 odd recipients. The boss says he would like to limit > this, if it were possible? > > Pete I do that at the MTA level now, I log at 10 or more and log/block above 20. Now there is an exception list for BDC personell that send certain reminders and other customer related information to customer lists that have requested it from the dealerships or from Ford Mo. Now that is using Exim, but I would assume any MTA could do it. Rick > > Patrick Zerbin wrote: > >>-----Original Message----- > >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > >>Behalf Of Julian Field > >>Sent: Sunday, March 06, 2005 5:42 PM > >>To: MAILSCANNER@JISCMAIL.AC.UK > >>Subject: Outstanding feature/fix requests? > >> > >> > >>Other than a minor cosmetic one I can't reproduce, I don't think I have > >>any outstanding requests for fixes. > >> > >>Does anyone know of any fixes or features they would like to see, that I > >>haven't yet done? > >> > > > > Hi! > > > > A feature like exclude file extensions when the are zipped i.e. > strip all > > .exe > > files if they are attached directly but let them pass if they > are in a .zip, > > .rar etc. > > I would prefer a allow rule where you have to set all allowed file > > extensions and > > if nothing is configured than the normal behavior should match. > > Optionally: > > It would be really nice if you can set this up per sender > or/and receiver > > email address. > > > > Patrick. > > > > -- > > Patrick Zerbin > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Mon Mar 7 12:43:29 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:28:52 2006 Subject: Outstanding feature/fix requests? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Patrick Zerbin > Sent: Monday, March 07, 2005 6:55 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Outstanding feature/fix requests? > > > > -----Original Message----- > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > > Behalf Of Julian Field > > Sent: Sunday, March 06, 2005 5:42 PM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Outstanding feature/fix requests? > > > > > > Other than a minor cosmetic one I can't reproduce, I don't think I have > > any outstanding requests for fixes. > > > > Does anyone know of any fixes or features they would like to see, that I > > haven't yet done? > > > Hi! > > A feature like exclude file extensions when the are zipped i.e. strip all > .exe > files if they are attached directly but let them pass if they are > in a .zip, > .rar etc. > I would prefer a allow rule where you have to set all allowed file > extensions and > if nothing is configured than the normal behavior should match. > Optionally: > It would be really nice if you can set this up per sender or/and receiver > email address. > > I can post a couple of patches that allow this, uses a second config option, and a second value/rule set for the filename and type rules. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From t.d.lee at DURHAM.AC.UK Mon Mar 7 12:59:38 2005 From: t.d.lee at DURHAM.AC.UK (David Lee) Date: Thu Jan 12 21:28:52 2006 Subject: Mail::ClamAV [was: Re: SAVI-Perl/Sophos on RedHat Enterprise 4] Message-ID: On Mon, 7 Mar 2005, Pete Russell wrote: > Mine still fails at make on RHEL4 > > Checking if your kit is complete... > Looks good > Writing Makefile for Mail::ClamAV > /usr/bin/perl -Mblib -MInline=NOISY,_INSTALL_ -MMail::ClamAV -e1 0.16 > blib/arch > Can't open blib/lib/Mail/ClamAV.pm: No such file or directory. > Can't locate Mail/ClamAV.pm in @INC (@INC contains: > /root/.cpan/build/Mail-ClamAV-0.16/blib/arch > /root/.cpan/build/Mail-ClamAV-0.16/blib/lib > /usr/lib/perl5/5.8.5/i386-linux-thread-multi /usr/lib/perl5/5.8.5 > /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5.8.4/i386-linux-thread-multi > [...] Whereas the earlier parts of this thread were about Mail::ClamAV failing the "make test" stage (i.e. relatively late), this problem is way before it gets that far. Some of what follows might be obvious, but I'm including it "just in case". The Mail::ClamAV module is simply a thin wrapper onto your existing "clamav" software. The build procedure for this module probably cannot find your installation of it. Quick test: Do something like "clamav-config --cflags" which, on a working system, would echo back the "CFLAGS" necessary for things that want to interface with the clamav software. It's my guess that on your system you'll get "Command not found" or similar. Find out where the clamav software is located on your particular system. Set the PATH to include that location's bin directory. Verify that "clamav-config --cflags" now does work, returning typical CFLAGS-like things. Now, with that PATH set up, re-try the build. This should work (although may later fail at the "make test" stage) as discussed previously on this thread. To see the gory details, cd to its build directory (if from CPAN, probably something like ".cpan/build/Mail-ClamAV-0.16"). Do "make clean", to get a clean start, then "perl Makefile.PL" then "make". Et cetera. (If you peek inside "Makefile.PL", you'll see stuff relating to the "clamav-config --cflags" discussed above.) -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : University of Durham : : http://www.dur.ac.uk/t.d.lee/ South Road : : Durham : : Phone: +44 191 334 2752 U.K. : ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From waldner at WALDNER.PRIV.AT Mon Mar 7 12:50:35 2005 From: waldner at WALDNER.PRIV.AT (Robert Waldner) Date: Thu Jan 12 21:28:52 2006 Subject: Problem with MailScanner, postfix and corrupt mails Message-ID: Hi! On two boxen, I constantly have mails which are, apparingly, damaged by MailScanner so that postfix, after picking them up again, quarantines them into its "corrupt"-folder. When I `postcat` such a damaged mail, I invariably see the same pattern, which I think is best explained by an example: .-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-. message_size: 9158 317 2 0 message_arrival_time: Mon Nov 15 22:28:40 2004 sender: sender@domain named_attribute: client_name=mail.gmx.de named_attribute: client_address=213.165.64.20 named_attribute: message_origin=mail.gmx.de[213.165.64.20] named_attribute: helo_name=mail.gmx.net named_attribute: protocol_name=SMTP warning_message_time: Tue Nov 16 02:28:40 2004 original_recipient: user@domain recipient: user@domain *** MESSAGE CONTENTS 4C80A7375E *** Received: from mail.gmx.net (mail.gmx.de [213.165.64.20]) ... message_size: 0 0 0 0 message_arrival_time: Mon Nov 15 22:28:40 2004 sender: sender@domain named_attribute: client_name=mail.gmx.de named_attribute: client_address=213.165.64.20 named_attribute: message_origin=mail.gmx.de[213.165.64.20] original_recipient: user@domain recipient: user@domain *** MESSAGE CONTENTS 4C80A7375E *** Received: from mail.gmx.net (mail.gmx.de [213.165.64.20]) ... X-host-MailScanner: Did not find any virus X-host-MailScanner-SpamCheck: not spam, SpamAssassin (Wertung=0.108, benoetigt 5, AWL 0.00...) X-MailScanner-From: sender@domain .-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-. So, the pattern is postfix-headers *** MESSAGE CONTENTS queue-id *** normal mail-headers postfix-headers *** MESSAGE CONTENTS queue-id *** normail mail-headers mail content MailScanner-headers mail-contents again Both boxen are i386 and run Debian Sarge, MailScanner 4.38.10-1/ postfix 2.1.5-6 on one, 4.35.3-1/2.1.5-0 on the other. I don't see this happening on another box, which runs 4.37.7-1/2.1.5-5, but on sun4u instead of i386. Any hints? The only thing I could google up was filesystem corruption, which I'm pretty sure I can rule out here. Judging from the position of the MailScanner headers, I'd guess it's MailScanner screwing up somehow, but since I don't know, I ask ;) cheers+TIA, &rw -- -- A sendmail / by any other name -- Would still / HELO just.as.swe.et -- - Greg ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/PGP-SIGNATURE 196bytes. ] [ Unable to print this part. ] From Glenn.Steen at AP1.SE Mon Mar 7 13:01:02 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:52 2006 Subject: clamav and RAR..(update and feature request) Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth > Sent: den 7 mars 2005 10:29 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: clamav and RAR..(update and feature request) > (snip) > I caught two RAR viruses over the w/end, Sophos also picked > them up. But (snip) > Report: ClamAV: 075466.rar contains Worm.Bagle.BA-RAR > SophosSAVI: 075466.rar was infected by Troj/BagleDl-M Isn't that just a ClamAV signature for the entire RAR file? We saw a few more than 2, the first couple or so found by mcafee and bitdefender, and after a while by that exact clam sig. I don't use any version 3 capable unrar, except what bdc and uvscan might be able to do (If any slip through, the second level filename checks get them... And those were quiet:). -- Glenn (who will need look into using the new unrar features:) (snip) > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > >
/>************************************************************ > ********** >
>
This email and any files transmitted with it are > confidential and >
intended solely for the use of the individual or entity > to whom they >
are addressed. If you have received this email in error > please notify >
the system manager. >
>
This footnote confirms that this email message has been swept >
for the presence of computer viruses and is believed to > be clean. >
>
/>************************************************************ > ********** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Mon Mar 7 13:13:23 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:52 2006 Subject: Problem with MailScanner, postfix and corrupt mails Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Robert Waldner > Sent: den 7 mars 2005 13:51 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Problem with MailScanner, postfix and corrupt mails > > > > Hi! > > On two boxen, I constantly have mails which are, apparingly, > damaged by > MailScanner so that postfix, after picking them up again, quarantines > them into its "corrupt"-folder. > > When I `postcat` such a damaged mail, I invariably see the same > pattern, which I think is best explained by an example: > > .-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-. > message_size: 9158 317 2 > 0 > message_arrival_time: Mon Nov 15 22:28:40 2004 > sender: sender@domain > named_attribute: client_name=mail.gmx.de > named_attribute: client_address=213.165.64.20 > named_attribute: message_origin=mail.gmx.de[213.165.64.20] > named_attribute: helo_name=mail.gmx.net > named_attribute: protocol_name=SMTP > warning_message_time: Tue Nov 16 02:28:40 2004 > original_recipient: user@domain > recipient: user@domain > *** MESSAGE CONTENTS 4C80A7375E *** > Received: from mail.gmx.net (mail.gmx.de [213.165.64.20]) > ... > > > message_size: 0 0 0 > 0 > message_arrival_time: Mon Nov 15 22:28:40 2004 > sender: sender@domain > named_attribute: client_name=mail.gmx.de > named_attribute: client_address=213.165.64.20 > named_attribute: message_origin=mail.gmx.de[213.165.64.20] > original_recipient: user@domain > recipient: user@domain > *** MESSAGE CONTENTS 4C80A7375E *** > Received: from mail.gmx.net (mail.gmx.de [213.165.64.20]) > ... > time> > > X-host-MailScanner: Did not find any virus > X-host-MailScanner-SpamCheck: not spam, > SpamAssassin (Wertung=0.108, benoetigt 5, AWL 0.00...) > X-MailScanner-From: sender@domain > > > .-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-. > > So, the pattern is > postfix-headers > *** MESSAGE CONTENTS queue-id *** > normal mail-headers > postfix-headers > *** MESSAGE CONTENTS queue-id *** > normail mail-headers > mail content > MailScanner-headers > mail-contents again > > Both boxen are i386 and run Debian Sarge, MailScanner 4.38.10-1/ > postfix 2.1.5-6 on one, 4.35.3-1/2.1.5-0 on the other. I don't see > this happening on another box, which runs 4.37.7-1/2.1.5-5, but on > sun4u instead of i386. > > Any hints? The only thing I could google up was filesystem corruption, > which I'm pretty sure I can rule out here. Judging from the position > of the MailScanner headers, I'd guess it's MailScanner screwing up > somehow, but since I don't know, I ask ;) Hm, the only time I've seen corrupt messages is when I've experienced machine failures (had a "bad kernel" situation a while back that made those ... frequent:-)... Until today, when I had one "unforced". Didn't analyze it more than to see that it was a spam, so unfortunately I deleted it. Will be sure to look more closely on this. Could you determine anything more these corrupt queue files have in common? Oh and BTW, you do run a one queue setup, right? -- Glenn > > cheers+TIA, > &rw > -- > -- A sendmail / by any other name > -- Would still / HELO just.as.swe.et > -- - Greg > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ldg at TLS.NET Mon Mar 7 13:28:07 2005 From: ldg at TLS.NET (Dave Goodrich) Date: Thu Jan 12 21:28:52 2006 Subject: Vicious Circle Message-ID: Steen, Glenn wrote: >>-----Original Message----- >>From: MailScanner mailing list >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Dave Goodrich >>Sent: den 5 mars 2005 18:10 >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Vicious Circle >> > > (snip) > >>I am at a loss, the root of the issue is I have 100k messages a day, >>some just *might* be legitimate address misspellings, I can't drop all >>bounces. But the vast majority are trash. > > > I think you have a "fault" in your reasoning here. The responsibility > (and thus requirement to produce bounces) for a message is not yours > until after you've accepted the message. So if you do, as many here have > already recommended, reject (with a 550) any unknown recipients/domains, > then the resposibility to generate a NDN/NDR would still be _the sending > MTAs problem, not yours_. Ahh, I understand now, but if I reject with a 550, won't that cause my MailScanner box to then generate the bounce back to the original server? Foreign Server -> TLS-MailScanner -> TLS-Toaster How are others Using MailScanner in front of pop toasters handling this issue? It is looking as if moving the "User Check" to the MailScanner machine _is_ my one good option. Thanks, DAve > So there really is no reason for you to avoid this strategy, there is > little -> no risk that "valid but misspelled" messages would disapear... > Anyway... That would be THEIR problem, not yours;). > > Spammers don't seem to use real MTAs so this strategy is pretty > effective in reducing spam volume, and it effectively removes the > risk that you would be used for generating "backwash" or NDN-spamming. > -- Dave Goodrich Systems Administrator http://www.tls.net Get rid of Unwanted Emails...get TLS Spam Blocker! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Mar 7 13:41:49 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:52 2006 Subject: Vicious Circle Message-ID: Dave Goodrich wrote: > Steen, Glenn wrote: > >>> -----Original Message----- >>> From: MailScanner mailing list >>> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Dave Goodrich >>> Sent: den 5 mars 2005 18:10 >>> To: MAILSCANNER@JISCMAIL.AC.UK >>> Subject: Vicious Circle >>> >> >> (snip) >> >>> I am at a loss, the root of the issue is I have 100k messages a day, >>> some just *might* be legitimate address misspellings, I can't drop all >>> bounces. But the vast majority are trash. >> >> >> >> I think you have a "fault" in your reasoning here. The responsibility >> (and thus requirement to produce bounces) for a message is not yours >> until after you've accepted the message. So if you do, as many here have >> already recommended, reject (with a 550) any unknown recipients/domains, >> then the resposibility to generate a NDN/NDR would still be _the sending >> MTAs problem, not yours_. > > > Ahh, I understand now, but if I reject with a 550, won't that cause my > MailScanner box to then generate the bounce back to the original server? > > Foreign Server -> TLS-MailScanner -> TLS-Toaster > > How are others Using MailScanner in front of pop toasters handling this > issue? It is looking as if moving the "User Check" to the MailScanner > machine _is_ my one good option. > > Thanks, > > DAve > Dave not if you 550 reject on the inbound MTA. It never goes anywhere near MS, it simply drops the inbound connection with a "550 no such address". Any mistyped email address from a real user will get that message, ie they get a proper bounce message from their MTA. Any spam attempts from automated/trojaned machines will just ignore it and carry on to the next victim. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From waldner at WALDNER.PRIV.AT Mon Mar 7 13:31:39 2005 From: waldner at WALDNER.PRIV.AT (Robert Waldner) Date: Thu Jan 12 21:28:52 2006 Subject: Problem with MailScanner, postfix and corrupt mails Message-ID: On Mon, 07 Mar 2005 14:13:23 +0100, "Steen, Glenn" writes: >Hm, the only time I've seen corrupt messages is when I've experienced >machine failures (had a "bad kernel" situation a while back that made >those ... frequent:-)... Until today, when I had one "unforced". Didn't >analyze it more than to see that it was a spam, so unfortunately I >deleted it. Will be sure to look more closely on this. I could believe filesystem trouble on one machine, but on two, running off HW RAID-1? Unlikely, especially since I probably would've seen other problems then, too. >Could you determine anything more these corrupt queue files have in >common? Other than the "structure" of the corruption, I couldn't find any similarities, happens to newsletters, locally originated stuff, personal mails from all over the world, spam. It hits 1-2 mails/day/ machine (which do about 10k/day each). >Oh and BTW, you do run a one queue setup, right? How do you mean "one queue setup"? I have postfix stuff the mails into postfix/hold, where MailScanner picks them up and then requeues them into postfix/incoming: Incoming Queue Dir = /var/spool/postfix/hold Outgoing Queue Dir = /var/spool/postfix/incoming Both directories reside on the same local partition. cheers, &rw -- -- Honestly, security experts don't pick on Microsoft because we have -- some fundamental dislike for the company. Indeed, Microsoft's poor -- products are one of the reasons we're in business. -- - Bruce Schneier ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/PGP-SIGNATURE 196bytes. ] [ Unable to print this part. ] From MailScanner at ecs.soton.ac.uk Mon Mar 7 13:55:45 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:52 2006 Subject: Problem with MailScanner, postfix and corrupt mails Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have seen this once before on a client's system. I have never been able to reliably reproduce the problem, which makes it pretty much impossible to fix. Even exactly the same message would behave properly most of the time, but occasionally not. How big are your mail batches (as picked up by MailScanner)? What version of MailScanner are you running? ("MailScanner -v" please) Robert Waldner wrote: >Hi! > >On two boxen, I constantly have mails which are, apparingly, damaged by > MailScanner so that postfix, after picking them up again, quarantines > them into its "corrupt"-folder. > >When I `postcat` such a damaged mail, I invariably see the same > pattern, which I think is best explained by an example: > >.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-. >message_size: 9158 317 2 0 >message_arrival_time: Mon Nov 15 22:28:40 2004 >sender: sender@domain >named_attribute: client_name=mail.gmx.de >named_attribute: client_address=213.165.64.20 >named_attribute: message_origin=mail.gmx.de[213.165.64.20] >named_attribute: helo_name=mail.gmx.net >named_attribute: protocol_name=SMTP >warning_message_time: Tue Nov 16 02:28:40 2004 >original_recipient: user@domain >recipient: user@domain >*** MESSAGE CONTENTS 4C80A7375E *** >Received: from mail.gmx.net (mail.gmx.de [213.165.64.20]) >... > > >message_size: 0 0 0 0 >message_arrival_time: Mon Nov 15 22:28:40 2004 >sender: sender@domain >named_attribute: client_name=mail.gmx.de >named_attribute: client_address=213.165.64.20 >named_attribute: message_origin=mail.gmx.de[213.165.64.20] >original_recipient: user@domain >recipient: user@domain >*** MESSAGE CONTENTS 4C80A7375E *** >Received: from mail.gmx.net (mail.gmx.de [213.165.64.20]) >... > time> > >X-host-MailScanner: Did not find any virus >X-host-MailScanner-SpamCheck: not spam, > SpamAssassin (Wertung=0.108, benoetigt 5, AWL 0.00...) >X-MailScanner-From: sender@domain > > >.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-. > >So, the pattern is > postfix-headers > *** MESSAGE CONTENTS queue-id *** > normal mail-headers > postfix-headers > *** MESSAGE CONTENTS queue-id *** > normail mail-headers > mail content > MailScanner-headers > mail-contents again > >Both boxen are i386 and run Debian Sarge, MailScanner 4.38.10-1/ > postfix 2.1.5-6 on one, 4.35.3-1/2.1.5-0 on the other. I don't see > this happening on another box, which runs 4.37.7-1/2.1.5-5, but on > sun4u instead of i386. > >Any hints? The only thing I could google up was filesystem corruption, > which I'm pretty sure I can rule out here. Judging from the position > of the MailScanner headers, I'd guess it's MailScanner screwing up > somehow, but since I don't know, I ask ;) > >cheers+TIA, >&rw >-- >-- A sendmail / by any other name >-- Would still / HELO just.as.swe.et >-- - Greg > > > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ak at HOVMARK.DK Mon Mar 7 13:48:17 2005 From: ak at HOVMARK.DK (Anders Kongsted) Date: Thu Jan 12 21:28:52 2006 Subject: Problem with MailScanner and score Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, I have a problem. I set "score bayes_99" to 3.00 points. But it's not enought. I want to raise the score to 4 or maybe a bit more, but when I modify the config file, and restart MailScanner, nothing happens. I had tried some difrent score, but MailScanner countiues using 3.00 as the score for "bayes_99"... :-( Any idears? Looking forward to hear some solutions! :-) Anders ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Mon Mar 7 13:54:34 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:52 2006 Subject: Vicious Circle Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth > Sent: den 7 mars 2005 14:42 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Vicious Circle > > > Dave Goodrich wrote: > > Steen, Glenn wrote: > > > >>> -----Original Message----- > >>> From: MailScanner mailing list > >>> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Dave Goodrich > >>> Sent: den 5 mars 2005 18:10 > >>> To: MAILSCANNER@JISCMAIL.AC.UK > >>> Subject: Vicious Circle > >>> > >> > >> (snip) > >> > >>> I am at a loss, the root of the issue is I have 100k > messages a day, > >>> some just *might* be legitimate address misspellings, I > can't drop all > >>> bounces. But the vast majority are trash. > >> > >> > >> > >> I think you have a "fault" in your reasoning here. The > responsibility > >> (and thus requirement to produce bounces) for a message is > not yours > >> until after you've accepted the message. So if you do, as > many here have > >> already recommended, reject (with a 550) any unknown > recipients/domains, > >> then the resposibility to generate a NDN/NDR would still > be _the sending > >> MTAs problem, not yours_. > > > > > > Ahh, I understand now, but if I reject with a 550, won't > that cause my > > MailScanner box to then generate the bounce back to the > original server? > > > > Foreign Server -> TLS-MailScanner -> TLS-Toaster > > > > How are others Using MailScanner in front of pop toasters > handling this > > issue? It is looking as if moving the "User Check" to the > MailScanner > > machine _is_ my one good option. > > > > Thanks, > > > > DAve > > > > Dave > > not if you 550 reject on the inbound MTA. It never goes anywhere near > MS, it simply drops the inbound connection with a "550 no > such address". > > Any mistyped email address from a real user will get that message, ie > they get a proper bounce message from their MTA. > > Any spam attempts from automated/trojaned machines will just ignore it > and carry on to the next victim. Thanks Martin. Good, clear explanation. Adressing your question about "How to protect pop toasters"... Well, this is pretty much the same as protecting your M-Sexchange or Lotus or ... any-mail ... setup. And dropping false adresses at the MTA level on the ailScanner side is exactly what most do. Have a fun time with the FAQ (this has been covered extensively on the list to, so you might look through the archives), and setting things up. Someone please correct me if I'm wrong, but you should be pretty close... If I understand you correctly, you already reject unknown addresses on the toasters, so then you'd just need milter-ahead on the MS boxes. ... Or roll your own solution:-). -- Glenn > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Mon Mar 7 14:02:45 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:28:52 2006 Subject: clamav and RAR..(update and feature request) Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Steen, Glenn > Sent: Monday, March 07, 2005 8:01 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: clamav and RAR..(update and feature request) > > > > -----Original Message----- > > From: MailScanner mailing list > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth > > Sent: den 7 mars 2005 10:29 > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: clamav and RAR..(update and feature request) > > > (snip) > > I caught two RAR viruses over the w/end, Sophos also picked > > them up. But > (snip) > > Report: ClamAV: 075466.rar contains Worm.Bagle.BA-RAR > > SophosSAVI: 075466.rar was infected by Troj/BagleDl-M > Isn't that just a ClamAV signature for the entire RAR file? > We saw a few more than 2, the first couple or so found by mcafee and > bitdefender, and after a while by that exact clam sig. > > I don't use any version 3 capable unrar, except what bdc and uvscan > might be able to do (If any slip through, the second level filename > checks get them... And those were quiet:). > > -- Glenn (who will need look into using the new unrar features:) > I use f-prot, clamavmodule and bdc. We recieved 11 of these before any of those vendors were catching them, but I happend to get a notice from another list and added a check for ^[0-9]{6,}\.exe in my Archived FileName Rules file(s) and they were picked up. However without UnPackRar function your file name checks would have been quiet because MS would not have been able to unpack the file to do the tests, unless you just block all .rar files. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From smilga at MIKROTIK.COM Mon Mar 7 14:03:00 2005 From: smilga at MIKROTIK.COM (Martins Smilga) Date: Thu Jan 12 21:28:52 2006 Subject: Problem Spamassassin - Mailscanner Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, I have problem with spamassassin and mailscanner it detect no spam mail as spam though spam score is less than 5. What could be wrong? I am using Debian with latest updates. MailScanner-SpamCheck: spam, SBL+XBL, SORBS-SPAM, SORBS-DNSBL, SpamAssassin (score=1.853, required 5, DEAR_SOMETHING 0.80, RCVD_IN_SBL 1.05) Best Regards Martins Smilga ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Mar 7 14:01:30 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:52 2006 Subject: Problem with MailScanner and score Message-ID: Anders which config file? I presume you mean, spam.assassin.prefs.conf in the same directory as MailScanner.conf? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Anders Kongsted wrote: > Hi, > > I have a problem. I set "score bayes_99" to 3.00 points. But it's not > enought. I want to raise the score to 4 or maybe a bit more, but when I > modify the config file, and restart MailScanner, nothing happens. I had > tried some difrent score, but MailScanner countiues using 3.00 as the > score for "bayes_99"... :-( > > Any idears? > Looking forward to hear some solutions! :-) > > Anders > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Mon Mar 7 14:00:33 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:52 2006 Subject: Problem with MailScanner, postfix and corrupt mails Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Robert Waldner > Sent: den 7 mars 2005 14:32 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Problem with MailScanner, postfix and corrupt mails > > (snip) > How do you mean "one queue setup"? I have postfix stuff the mails into > postfix/hold, where MailScanner picks them up and then requeues them > into postfix/incoming: > > Incoming Queue Dir = /var/spool/postfix/hold > Outgoing Queue Dir = /var/spool/postfix/incoming Exactly that. Used to be that you had two instances of Postfix and "deferred" everything on the incoming one... Potetial corruption there due to MS and the qmgr fighting over things:). The hold thing is much safer. As said, I'll have to keep my eyes on this too. -- Glenn > > Both directories reside on the same local partition. > > cheers, > &rw > -- > -- Honestly, security experts don't pick on Microsoft because we have > -- some fundamental dislike for the company. Indeed, Microsoft's poor > -- products are one of the reasons we're in business. > -- - Bruce Schneier > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Mon Mar 7 14:02:27 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:52 2006 Subject: Problem with MailScanner, postfix and corrupt mails Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field > Sent: den 7 mars 2005 14:56 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Problem with MailScanner, postfix and corrupt mails > > > I have seen this once before on a client's system. I have never been > able to reliably reproduce the problem, which makes it pretty much > impossible to fix. Even exactly the same message would behave properly > most of the time, but occasionally not. > > How big are your mail batches (as picked up by MailScanner)? > What version of MailScanner are you running? ("MailScanner -v" please) I know this might be silly, but ... could it be an "inter-MailScanner locking issue"? -- Glenn > > Robert Waldner wrote: > > >Hi! > > > >On two boxen, I constantly have mails which are, apparingly, > damaged by > > MailScanner so that postfix, after picking them up again, > quarantines > > them into its "corrupt"-folder. > > > >When I `postcat` such a damaged mail, I invariably see the same > > pattern, which I think is best explained by an example: > > > >.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-. > >message_size: 9158 317 > 2 0 > >message_arrival_time: Mon Nov 15 22:28:40 2004 > >sender: sender@domain > >named_attribute: client_name=mail.gmx.de > >named_attribute: client_address=213.165.64.20 > >named_attribute: message_origin=mail.gmx.de[213.165.64.20] > >named_attribute: helo_name=mail.gmx.net > >named_attribute: protocol_name=SMTP > >warning_message_time: Tue Nov 16 02:28:40 2004 > >original_recipient: user@domain > >recipient: user@domain > >*** MESSAGE CONTENTS 4C80A7375E *** > >Received: from mail.gmx.net (mail.gmx.de [213.165.64.20]) > >... > > > > > >message_size: 0 0 > 0 0 > >message_arrival_time: Mon Nov 15 22:28:40 2004 > >sender: sender@domain > >named_attribute: client_name=mail.gmx.de > >named_attribute: client_address=213.165.64.20 > >named_attribute: message_origin=mail.gmx.de[213.165.64.20] > >original_recipient: user@domain > >recipient: user@domain > >*** MESSAGE CONTENTS 4C80A7375E *** > >Received: from mail.gmx.net (mail.gmx.de [213.165.64.20]) > >... > > > time> > > > >X-host-MailScanner: Did not find any virus > >X-host-MailScanner-SpamCheck: not spam, > > SpamAssassin (Wertung=0.108, benoetigt 5, AWL 0.00...) > >X-MailScanner-From: sender@domain > > > > > >.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-. > > > >So, the pattern is > > postfix-headers > > *** MESSAGE CONTENTS queue-id *** > > normal mail-headers > > postfix-headers > > *** MESSAGE CONTENTS queue-id *** > > normail mail-headers > > mail content > > MailScanner-headers > > mail-contents again > > > >Both boxen are i386 and run Debian Sarge, MailScanner 4.38.10-1/ > > postfix 2.1.5-6 on one, 4.35.3-1/2.1.5-0 on the other. I don't see > > this happening on another box, which runs 4.37.7-1/2.1.5-5, but on > > sun4u instead of i386. > > > >Any hints? The only thing I could google up was filesystem > corruption, > > which I'm pretty sure I can rule out here. Judging from the position > > of the MailScanner headers, I'd guess it's MailScanner screwing up > > somehow, but since I don't know, I ask ;) > > > >cheers+TIA, > >&rw > >-- > >-- A sendmail / by any other name > >-- Would still / HELO just.as.swe.et > >-- - Greg > > > > > > > >------------------------ MailScanner list ------------------------ > >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >'leave mailscanner' in the body of the email. > >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > >Support MailScanner development - buy the book off the website! > > > > > > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Mon Mar 7 14:08:39 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:52 2006 Subject: clamav and RAR..(update and feature request) Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Rick Cooper > Sent: den 7 mars 2005 15:03 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: clamav and RAR..(update and feature request) > > > > -----Original Message----- > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > > Behalf Of Steen, Glenn > > Sent: Monday, March 07, 2005 8:01 AM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: clamav and RAR..(update and feature request) > > > > > > > -----Original Message----- > > > From: MailScanner mailing list > > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth > > > Sent: den 7 mars 2005 10:29 > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > Subject: clamav and RAR..(update and feature request) > > > > > (snip) > > > I caught two RAR viruses over the w/end, Sophos also picked > > > them up. But > > (snip) > > > Report: ClamAV: 075466.rar contains Worm.Bagle.BA-RAR > > > SophosSAVI: 075466.rar was infected by Troj/BagleDl-M > > Isn't that just a ClamAV signature for the entire RAR file? > > We saw a few more than 2, the first couple or so found by mcafee and > > bitdefender, and after a while by that exact clam sig. > > > > I don't use any version 3 capable unrar, except what bdc and uvscan > > might be able to do (If any slip through, the second level filename > > checks get them... And those were quiet:). > > > > -- Glenn (who will need look into using the new unrar features:) > > > > I use f-prot, clamavmodule and bdc. We recieved 11 of these > before any of > those vendors were catching them, but I happend to get a > notice from another > list and added a check for ^[0-9]{6,}\.exe in my Archived > FileName Rules > file(s) and they were picked up. However without UnPackRar > function your > file name checks would have been quiet because MS would not > have been able > to unpack the file to do the tests, unless you just block all > .rar files. > > Rick Thanks for the info Rick, but you missread me... We don't allow RAR files at all and block them in the mailstore, not in MS (well, there too, but..:) -- Glenn > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Mon Mar 7 14:12:38 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:28:52 2006 Subject: Mail::ClamAV [was: Re: SAVI-Perl/Sophos on RedHat Enterprise 4] Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Pete Russell > Sent: Monday, March 07, 2005 8:17 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Mail::ClamAV [was: Re: SAVI-Perl/Sophos on RedHat > Enterprise 4] > > > Thank you for that thouhgtful response. > > [root@car-mbus-sw2 ~]# clamav-config --cflags > -I/usr/local/include -g -O2 > > > David Lee wrote: > > On Mon, 7 Mar 2005, Pete Russell wrote: > > > >> Mine still fails at make on RHEL4 > >> > >> Checking if your kit is complete... > >> Looks good > >> Writing Makefile for Mail::ClamAV > >> /usr/bin/perl -Mblib -MInline=NOISY,_INSTALL_ -MMail::ClamAV -e1 0.16 > >> blib/arch > >> Can't open blib/lib/Mail/ClamAV.pm: No such file or directory. > >> Can't locate Mail/ClamAV.pm in @INC (@INC contains: > >> /root/.cpan/build/Mail-ClamAV-0.16/blib/arch > >> /root/.cpan/build/Mail-ClamAV-0.16/blib/lib > >> /usr/lib/perl5/5.8.5/i386-linux-thread-multi /usr/lib/perl5/5.8.5 > >> /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi > >> /usr/lib/perl5/site_perl/5.8.4/i386-linux-thread-multi > >> [...] > > when you do the install from cpan, and it fails, do a "look Mail::ClamAV" which should put you in the correct directory Mail-ClamAV-0.16. Now do make clean && make and see what your output is. From the above it appears it's not finding the basic ClamAV.pm file that should be in .cpan/build/Mail-ClamAV-0.16/blib/lib/Mail. Since I cannot imagine how your bundle wouldn't have that it would seem there must be some kind of permissions problem or the error message is just plain wrong. Rick > > > > Whereas the earlier parts of this thread were about Mail::ClamAV failing > > the "make test" stage (i.e. relatively late), this problem is way before > > it gets that far. > > > > Some of what follows might be obvious, but I'm including it "just in > > case". > > > > The Mail::ClamAV module is simply a thin wrapper onto your existing > > "clamav" software. The build procedure for this module probably cannot > > find your installation of it. > > > > Quick test: Do something like "clamav-config --cflags" which, on a > > working system, would echo back the "CFLAGS" necessary for things that > > want to interface with the clamav software. It's my guess that on your > > system you'll get "Command not found" or similar. > > > > Find out where the clamav software is located on your particular system. > > > > Set the PATH to include that location's bin directory. > > > > Verify that "clamav-config --cflags" now does work, returning typical > > CFLAGS-like things. > > > > Now, with that PATH set up, re-try the build. This should work > (although > > may later fail at the "make test" stage) as discussed previously on this > > thread. > > > > To see the gory details, cd to its build directory (if from > CPAN, probably > > something like ".cpan/build/Mail-ClamAV-0.16"). Do "make > clean", to get a > > clean start, then "perl Makefile.PL" then "make". Et cetera. > > > > (If you peek inside "Makefile.PL", you'll see stuff relating to the > > "clamav-config --cflags" discussed above.) > > > > > > -- > > > > : David Lee I.T. Service : > > : Senior Systems Programmer Computer Centre : > > : University of Durham : > > : http://www.dur.ac.uk/t.d.lee/ South Road : > > : Durham : > > : Phone: +44 191 334 2752 U.K. : > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Mon Mar 7 13:16:46 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:28:52 2006 Subject: Mail::ClamAV [was: Re: SAVI-Perl/Sophos on RedHat Enterprise 4] Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thank you for that thouhgtful response. [root@car-mbus-sw2 ~]# clamav-config --cflags -I/usr/local/include -g -O2 David Lee wrote: > On Mon, 7 Mar 2005, Pete Russell wrote: > >> Mine still fails at make on RHEL4 >> >> Checking if your kit is complete... >> Looks good >> Writing Makefile for Mail::ClamAV >> /usr/bin/perl -Mblib -MInline=NOISY,_INSTALL_ -MMail::ClamAV -e1 0.16 >> blib/arch >> Can't open blib/lib/Mail/ClamAV.pm: No such file or directory. >> Can't locate Mail/ClamAV.pm in @INC (@INC contains: >> /root/.cpan/build/Mail-ClamAV-0.16/blib/arch >> /root/.cpan/build/Mail-ClamAV-0.16/blib/lib >> /usr/lib/perl5/5.8.5/i386-linux-thread-multi /usr/lib/perl5/5.8.5 >> /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi >> /usr/lib/perl5/site_perl/5.8.4/i386-linux-thread-multi >> [...] > > > Whereas the earlier parts of this thread were about Mail::ClamAV failing > the "make test" stage (i.e. relatively late), this problem is way before > it gets that far. > > Some of what follows might be obvious, but I'm including it "just in > case". > > The Mail::ClamAV module is simply a thin wrapper onto your existing > "clamav" software. The build procedure for this module probably cannot > find your installation of it. > > Quick test: Do something like "clamav-config --cflags" which, on a > working system, would echo back the "CFLAGS" necessary for things that > want to interface with the clamav software. It's my guess that on your > system you'll get "Command not found" or similar. > > Find out where the clamav software is located on your particular system. > > Set the PATH to include that location's bin directory. > > Verify that "clamav-config --cflags" now does work, returning typical > CFLAGS-like things. > > Now, with that PATH set up, re-try the build. This should work (although > may later fail at the "make test" stage) as discussed previously on this > thread. > > To see the gory details, cd to its build directory (if from CPAN, probably > something like ".cpan/build/Mail-ClamAV-0.16"). Do "make clean", to get a > clean start, then "perl Makefile.PL" then "make". Et cetera. > > (If you peek inside "Makefile.PL", you'll see stuff relating to the > "clamav-config --cflags" discussed above.) > > > -- > > : David Lee I.T. Service : > : Senior Systems Programmer Computer Centre : > : University of Durham : > : http://www.dur.ac.uk/t.d.lee/ South Road : > : Durham : > : Phone: +44 191 334 2752 U.K. : > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Mon Mar 7 10:57:20 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:28:52 2006 Subject: 4.40.2 -- RAR 3 support Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Rakesh > Sent: Monday, March 07, 2005 12:16 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: 4.40.2 -- RAR 3 support > > > I am very close to finishing my Unrar Perl Module using the unrarlib (c > library to open Rar archives). This doesn't needs the unrar command to > be installed on your system and can simply give a list of files in the > archive or extract the archives to a working directory specified in the > argument to the function. However the version of unrarlib > (www.unrarlib.org) that I found doesn't have support for Rar 3 > compression. If anyone has made unrarlib to support Rar 3 compression > please pass it on to me. No one is going to produce a library for Rar 3 unless the author changes the license. It's the reason ClamAV does use the latest libs. > > I am writing this Perl interface for Unrar especially with MailScanner > in mind. It helps you determine the filenames and the number of files > in the rar archive without extracting it. This may be needed incase you > want to do filename checks but avoid virus scanning on them. Also you > can extract the files to a working directory and do virus scanning on > it. I will give more detailed feature specification of it on this list > once I complete it. > > Rakesh. The current code functions the same as the UnPackZIp function, allows encrypted detection, file name checks, file type checks, if a file is encrypted it will create a 0 length file for the file name checks, etc. In any even, unless you support version 3 Rar files you are going to hit a wall using the 2.0 libraries. Anything that expects to be useful is simply going to have to support the external unrar command line. Rick > > Julian Field wrote: > > > With credit for doing the hard work going to Rick Cooper: > > > > I have just released 4.40.2. This includes external RAR unpacking for > > clamavmodule. > > It also uses the unrar command to look inside RAR archives to check for > > blocked filenames and filetypes, and also to see if the RAR archive is > > password-protected. > > > > There are 2 new configuration options, "Unrar Command" and "Unrar > > Timeout". Both of these will of course be added by > > upgrade_MailScanner_conf. > > > > Please let me know what you think. > > > > Download from www.mailscanner.info as usual. > > > > -- > Regards, > Rakesh B. Pal > Emergic CleanMail Team. > Netcore Solutions Pvt. Ltd. > > ======================================================================== > It doesn't matter who you are, it's what you do that takes you far > ======================================================================== > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From waldner at WALDNER.PRIV.AT Mon Mar 7 14:08:36 2005 From: waldner at WALDNER.PRIV.AT (Robert Waldner) Date: Thu Jan 12 21:28:52 2006 Subject: Problem with MailScanner, postfix and corrupt mails Message-ID: On Mon, 07 Mar 2005 13:55:45 GMT, Julian Field writes: >>On two boxen, I constantly have mails which are, apparingly, damaged by >> MailScanner so that postfix, after picking them up again, quarantines >> them into its "corrupt"-folder. >I have seen this once before on a client's system. I have never been >able to reliably reproduce the problem, which makes it pretty much >impossible to fix. Even exactly the same message would behave properly >most of the time, but occasionally not. > >How big are your mail batches (as picked up by MailScanner)? Is this what you mean? Max Unscanned Messages Per Scan = 30 Max Unsafe Messages Per Scan = 30 >What version of MailScanner are you running? ("MailScanner -v" please) troi:~# MailScanner -v Running on Linux troi 2.4.19 #1 SMP Wed Nov 27 10:07:22 CET 2002 i686 unknown This is Perl version 5.008004 (5.8.4) This is MailScanner version 4.38.10 Module versions are: 1.00 AnyDBM_File 1.14 Archive::Zip 1.02 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.72 File::Basename 2.07 File::Copy 2.01 FileHandle 1.06 File::Path 0.14 File::Temp 1.29 HTML::Entities 3.45 HTML::Parser 2.30 HTML::TokeParser 1.21 IO 1.10 IO::File 1.123 IO::Pipe 3.04 MIME::Base64 5.417 MIME::Decoder 5.417 MIME::Decoder::UU 5.417 MIME::Head 5.417 MIME::Parser 3.03 MIME::QuotedPrint 5.417 MIME::Tools 0.09 Net::CIDR 1.08 POSIX 1.77 Socket 0.05 Sys::Syslog 1.02 Time::localtime Optional module versions are: 1.808 DB_File 1.06 Digest 1.01 Digest::HMAC 2.33 Digest::MD5 2.10 Digest::SHA1 missing Inline missing Mail::ClamAV 2.64 Mail::SpamAssassin missing Mail::SPF::Query missing Net::CIDR::Lite 0.19 Net::DNS missing Net::LDAP missing Parse::RecDescent missing SAVI missing Sys::Hostname::Long 2.40 Test::Harness 0.47 Test::Simple 1.95 Text::Balanced 1.30 URI guinan:~# MailScanner -v Running on Linux guinan 2.4.19 #1 SMP Wed Nov 27 10:07:22 CET 2002 i686 GNU/Linux This is Perl version 5.008004 (5.8.4) This is MailScanner version 4.35.2 Module versions are: 1.00 AnyDBM_File 1.14 Archive::Zip 1.02 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.72 File::Basename 2.07 File::Copy 2.01 FileHandle 1.06 File::Path 0.14 File::Temp 1.27 HTML::Entities 3.36 HTML::Parser 2.28 HTML::TokeParser 1.21 IO 1.10 IO::File 1.123 IO::Pipe 3.04 MIME::Base64 5.415 MIME::Decoder 5.415 MIME::Decoder::UU 5.415 MIME::Head 5.415 MIME::Parser 3.03 MIME::QuotedPrint 5.415 MIME::Tools 0.10 Net::CIDR 1.08 POSIX 1.77 Socket 0.05 Sys::Syslog 1.02 Time::localtime Optional module versions are: 1.808 DB_File 1.06 Digest 1.01 Digest::HMAC 2.33 Digest::MD5 2.10 Digest::SHA1 missing Inline missing Mail::ClamAV 2.64 Mail::SpamAssassin missing Mail::SPF::Query missing Net::CIDR::Lite 0.48 Net::DNS missing Net::LDAP missing Parse::RecDescent missing SAVI missing Sys::Hostname::Long 2.40 Test::Harness 0.47 Test::Simple 1.95 Text::Balanced 1.30 URI cheers, &rw -- -- Prof: So the American government went to IBM to come up with -- a data encryption standard and they came up with ... -- Student: EBCDIC! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/PGP-SIGNATURE 196bytes. ] [ Unable to print this part. ] From rcooper at DWFORD.COM Mon Mar 7 11:34:15 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:28:52 2006 Subject: Mail::ClamAV [was: Re: SAVI-Perl/Sophos on RedHat Enterprise 4] Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of David Lee > Sent: Monday, March 07, 2005 6:09 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Mail::ClamAV [was: Re: SAVI-Perl/Sophos on RedHat > Enterprise 4] > > > On Fri, 4 Mar 2005, David Lee wrote: > > > [...] > > We too have this problem (FC3, also ancient RH 7.3). Rick Cooper has > > found that this seems to be an error within its tests (i.e. Mail::ClamAV > > itself is OK). From an amended version of its "t/Mail-ClamAV.t" that he > > gave me, I derived the following patch. > > [...] > > On Friday, I emailed the author (Scott Beck) of Mail::ClamAV about these > issues, and he has released version 0.16 over the weekend. This seems to > have fixed most of the failures in the test suite, but it a separate set > of residual failures at the end, related to the "scanbuff" interface onto > ClamAV itself. I understand from the "clamav-devel" list that this > interface is deprecated (scheduled for removal at ClamAV 0.90). > > From the MailScanner perspective, I think the experience of people on this > list with Mail::ClamAV 0.14 is that none of these failures in that > module's test suite is important. I've just installed 0.16 and that, too, > seems fine. > > I've also written to the author again suggesting that he might simply > remove his "scanbuff" tests. What is truly funny about this is the fact that the author's own docs suggest you not use the scanbuff interface, and quotes the maintainers as to why I also noted that he fixed (he just added CL_SCAN_STDOPT to cover the bases) everything except the scanbuff. But looking at the change log I also note that other tests passed on his system "for some reason". If you look at his test code it is doomed to failure anyway because the API docs clearly state the buffer must be unpacked, de-mimed, completely processed before passing it to cl_scanbuiff and he is passing it a .zip file... so I really wonder how it passes on his system? Rick > > -- > > : David Lee I.T. Service : > : Senior Systems Programmer Computer Centre : > : University of Durham : > : http://www.dur.ac.uk/t.d.lee/ South Road : > : Durham : > : Phone: +44 191 334 2752 U.K. : > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Mon Mar 7 11:38:20 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:52 2006 Subject: Sizing machine for mailscanner Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] James Gray wrote: > Obviously this set up is a corner case and wont scale but it shows what can be > achieved with very "old" technology with some sensible selections and lean > configuration. Best answer yet! -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From smilga at MIKROTIK.COM Mon Mar 7 14:29:30 2005 From: smilga at MIKROTIK.COM (Martins Smilga) Date: Thu Jan 12 21:28:52 2006 Subject: Problem Spamassassin - Mailscanner Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, Thank you for quick answer. I am using Debian "testing" with MailScanner version 4.38.10 and SpamAssassin version 3.0.2. Now I understand situation and know then that is more or less correct. May be you have some suggestion. Best Regards, Martins Smilga ----- Original Message ----- From: "Martin Hepworth" To: Sent: Monday, March 07, 2005 4:09 PM Subject: Re: Problem Spamassassin - Mailscanner > Hi > > This *is* being detected as spam as you have the RBL's (SBL+XBL etc) > running via MailScanner, not from SpamAssassin. If you do the the RBL > checks this way the RBL's are treated as a blacklist. If you move the > checks into spamassassin you'll get higher scores and not complete > blocks. > > Also what version of MailScanner and Spamassassin are you using? Using > Debian's release cycle you could be very behind if using 'stable' rather > than 'testing' or 'unstable'. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Martins Smilga wrote: >> Hello, >> >> I have problem with spamassassin and mailscanner it detect no spam mail >> as >> spam though spam score is less than 5. >> What could be wrong? I am using Debian with latest updates. >> >> MailScanner-SpamCheck: spam, SBL+XBL, SORBS-SPAM, >> SORBS-DNSBL, SpamAssassin (score=1.853, required 5, >> DEAR_SOMETHING 0.80, RCVD_IN_SBL 1.05) >> >> >> Best Regards >> Martins Smilga >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From brad at BECKENHAUER.COM Mon Mar 7 14:33:27 2005 From: brad at BECKENHAUER.COM (Brad Beckenhauer) Date: Thu Jan 12 21:28:52 2006 Subject: Sizing machine for mailscanner Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Koen, ^×- For comparision purposes only ^×- Just to show you what a lower end system can do. Mind you, I'm not suggesting building a low end production box, this is strictly for comparision purposes. Running two domains. One domain has pop3/squirrelmail, the other is "relayed" via postfix. MailScanner v4.38.9 Intel PIII / 500Mhz with 256MB RAM. Running SA 3.02+ clamav 0.83 M/S processes between 6,000 - 10,000 email/day, That does not include the spam sites being blocked at the iptables firewall. Average Daily System load is under 2% with occasional CPU spikes to 3%. Running a customized Linux O/S with a i686 optimized kernel. System does become sluggish occasionally, especially noticable when someone send a larger ( 20MB+ attachment) and it's getting scanned. Suggestions: Lots of RAM, good scsi drives and a P4. Good luck. >>> Koen Teugels 3/7/2005 3:04:15 AM >>> If I get about 10000 mails /day in about 8 hours. What kind of machine do I need I i turn mailscanner + spamassassin + 3 antivirus programs? Thanks Koen ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Mar 7 14:38:05 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:52 2006 Subject: Problem Spamassassin - Mailscanner Message-ID: Martins OK edit MailScanner.conf and change Spam List option so it equals nothing.. Spam List = edit spam.assassin.prefs.conf and make sure the skip_rbls_check option is commented out.. # skip_rbl_checks 1 now addin zero scores to spam.assassin.prefs.conf for the RBL's you don't want to run.. score __RCVD_IN_NJABL 0.0 score RCVD_IN_NJABL_DUL 0.0 score RCVD_IN_NJABL_MULTI 0.0 score RCVD_IN_NJABL_PROXY 0.0 score RCVD_IN_NJABL_RELAY 0.0 score RCVD_IN_NJABL_SPAM 0.0 score RCVD_IN_NJABL_CGI 0.0 #score __RCVD_IN_SORBS 0.0 score RCVD_IN_SORBS_HTTP 0.0 score RCVD_IN_SORBS_MISC 0.0 score RCVD_IN_SORBS_SMTP 0.0 score RCVD_IN_SORBS_SOCKS 0.0 score RCVD_IN_SORBS_WEB 0.0 score RCVD_IN_SORBS_BLOCK 0.0 score RCVD_IN_SORBS_ZOMBIE 0.0 #score RCVD_IN_SORBS_DUL 0.0 score __RFC_IGNORANT_ENVFROM 0.0 score DNS_FROM_RFC_DSN 0.0 score DNS_FROM_RFC_POST 0.0 score DNS_FROM_RFC_ABUSE 0.0 score DNS_FROM_RFC_WHOIS 0.0 score DNS_FROM_RFC_BOGUSMX 0.0 score RCVD_IN_DSBL 0.0 score DNS_FROM_AHBL_RHSBL 0.0 score HABEAS_INFRINGER 0.0 score HABEAS_USER 0.0 score RCVD_IN_BSP_TRUSTED 0.0 score RCVD_IN_BSP_OTHER 0.0 score __SENDERBASE 0.0 score SB_NEW_BULK 0.0 score SB_NSP_VOLUME_SPIKE 0.0 score RCVD_IN_RSL 0.0 score RCVD_IN_MAPS_RBL 0.0 score RCVD_IN_MAPS_DUL 0.0 score RCVD_IN_MAPS_RSS 0.0 score RCVD_IN_MAPS_NML 0.0 stop and restart MailScanner and that will help. Also make sure you're Net::DNS perl module is the latest version too (0.48) or the RBL checks won't run. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Martins Smilga wrote: > Hello, > > Thank you for quick answer. > > I am using Debian "testing" with MailScanner version 4.38.10 and > SpamAssassin version 3.0.2. > > Now I understand situation and know then that is more or less correct. > > May be you have some suggestion. > > > Best Regards, > Martins Smilga > > ----- Original Message ----- > From: "Martin Hepworth" > To: > Sent: Monday, March 07, 2005 4:09 PM > Subject: Re: Problem Spamassassin - Mailscanner > > >> Hi >> >> This *is* being detected as spam as you have the RBL's (SBL+XBL etc) >> running via MailScanner, not from SpamAssassin. If you do the the RBL >> checks this way the RBL's are treated as a blacklist. If you move the >> checks into spamassassin you'll get higher scores and not complete >> blocks. >> >> Also what version of MailScanner and Spamassassin are you using? Using >> Debian's release cycle you could be very behind if using 'stable' rather >> than 'testing' or 'unstable'. >> >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >> >> Martins Smilga wrote: >> >>> Hello, >>> >>> I have problem with spamassassin and mailscanner it detect no spam mail >>> as >>> spam though spam score is less than 5. >>> What could be wrong? I am using Debian with latest updates. >>> >>> MailScanner-SpamCheck: spam, SBL+XBL, SORBS-SPAM, >>> SORBS-DNSBL, SpamAssassin (score=1.853, required 5, >>> DEAR_SOMETHING 0.80, RCVD_IN_SBL 1.05) >>> >>> >>> Best Regards >>> Martins Smilga >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >> >> >> ********************************************************************** >> >> This email and any files transmitted with it are confidential and >> intended solely for the use of the individual or entity to whom they >> are addressed. If you have received this email in error please notify >> the system manager. >> >> This footnote confirms that this email message has been swept >> for the presence of computer viruses and is believed to be clean. >> >> ********************************************************************** >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Mar 7 14:31:24 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:52 2006 Subject: Problem with MailScanner, postfix and corrupt mails Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Robert Waldner wrote: >On Mon, 07 Mar 2005 13:55:45 GMT, Julian Field writes: > > >>>On two boxen, I constantly have mails which are, apparingly, damaged by >>>MailScanner so that postfix, after picking them up again, quarantines >>>them into its "corrupt"-folder. >>> >>> > > > >>I have seen this once before on a client's system. I have never been >>able to reliably reproduce the problem, which makes it pretty much >>impossible to fix. Even exactly the same message would behave properly >>most of the time, but occasionally not. >> >>How big are your mail batches (as picked up by MailScanner)? >> >> > >Is this what you mean? > >Max Unscanned Messages Per Scan = 30 >Max Unsafe Messages Per Scan = 30 > > No I meant how big are they in practice? Grep your maillog for "New" and send me a rough approximation of the figures in there. >>What version of MailScanner are you running? ("MailScanner -v" please) >> >> > >troi:~# MailScanner -v >Running on >Linux troi 2.4.19 #1 SMP Wed Nov 27 10:07:22 CET 2002 i686 unknown >This is Perl version 5.008004 (5.8.4) > >This is MailScanner version 4.38.10 >Module versions are: >1.00 AnyDBM_File >1.14 Archive::Zip >1.02 Carp >1.119 Convert::BinHex >1.00 DirHandle >1.05 Fcntl >2.72 File::Basename >2.07 File::Copy >2.01 FileHandle >1.06 File::Path >0.14 File::Temp >1.29 HTML::Entities >3.45 HTML::Parser >2.30 HTML::TokeParser >1.21 IO >1.10 IO::File >1.123 IO::Pipe >3.04 MIME::Base64 >5.417 MIME::Decoder >5.417 MIME::Decoder::UU >5.417 MIME::Head >5.417 MIME::Parser >3.03 MIME::QuotedPrint >5.417 MIME::Tools >0.09 Net::CIDR >1.08 POSIX >1.77 Socket >0.05 Sys::Syslog >1.02 Time::localtime > >Optional module versions are: >1.808 DB_File >1.06 Digest >1.01 Digest::HMAC >2.33 Digest::MD5 >2.10 Digest::SHA1 >missing Inline >missing Mail::ClamAV >2.64 Mail::SpamAssassin >missing Mail::SPF::Query >missing Net::CIDR::Lite >0.19 Net::DNS >missing Net::LDAP >missing Parse::RecDescent >missing SAVI >missing Sys::Hostname::Long >2.40 Test::Harness >0.47 Test::Simple >1.95 Text::Balanced >1.30 URI > >guinan:~# MailScanner -v >Running on >Linux guinan 2.4.19 #1 SMP Wed Nov 27 10:07:22 CET 2002 i686 GNU/Linux >This is Perl version 5.008004 (5.8.4) > >This is MailScanner version 4.35.2 >Module versions are: >1.00 AnyDBM_File >1.14 Archive::Zip >1.02 Carp >1.119 Convert::BinHex >1.00 DirHandle >1.05 Fcntl >2.72 File::Basename >2.07 File::Copy >2.01 FileHandle >1.06 File::Path >0.14 File::Temp >1.27 HTML::Entities >3.36 HTML::Parser >2.28 HTML::TokeParser >1.21 IO >1.10 IO::File >1.123 IO::Pipe >3.04 MIME::Base64 >5.415 MIME::Decoder >5.415 MIME::Decoder::UU >5.415 MIME::Head >5.415 MIME::Parser >3.03 MIME::QuotedPrint >5.415 MIME::Tools >0.10 Net::CIDR >1.08 POSIX >1.77 Socket >0.05 Sys::Syslog >1.02 Time::localtime > >Optional module versions are: >1.808 DB_File >1.06 Digest >1.01 Digest::HMAC >2.33 Digest::MD5 >2.10 Digest::SHA1 >missing Inline >missing Mail::ClamAV >2.64 Mail::SpamAssassin >missing Mail::SPF::Query >missing Net::CIDR::Lite >0.48 Net::DNS >missing Net::LDAP >missing Parse::RecDescent >missing SAVI >missing Sys::Hostname::Long >2.40 Test::Harness >0.47 Test::Simple >1.95 Text::Balanced >1.30 URI > > > Any difference in the behaviour of the two machines? Is the problem exactly the same on both? -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Mar 7 14:09:48 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:52 2006 Subject: Problem Spamassassin - Mailscanner Message-ID: Hi This *is* being detected as spam as you have the RBL's (SBL+XBL etc) running via MailScanner, not from SpamAssassin. If you do the the RBL checks this way the RBL's are treated as a blacklist. If you move the checks into spamassassin you'll get higher scores and not complete blocks. Also what version of MailScanner and Spamassassin are you using? Using Debian's release cycle you could be very behind if using 'stable' rather than 'testing' or 'unstable'. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Martins Smilga wrote: > Hello, > > I have problem with spamassassin and mailscanner it detect no spam mail as > spam though spam score is less than 5. > What could be wrong? I am using Debian with latest updates. > > MailScanner-SpamCheck: spam, SBL+XBL, SORBS-SPAM, > SORBS-DNSBL, SpamAssassin (score=1.853, required 5, > DEAR_SOMETHING 0.80, RCVD_IN_SBL 1.05) > > > Best Regards > Martins Smilga > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcel-ml at IRC-ADDICTS.DE Mon Mar 7 14:42:10 2005 From: marcel-ml at IRC-ADDICTS.DE (Marcel Blenkers) Date: Thu Jan 12 21:28:52 2006 Subject: Outstanding feature/fix requests? Message-ID: Hi there, maybe the option the select how to store spam and/or viruses. As The QuarantineReport-Script need the Mails to be stored as one file, but i would like to store virus-tagged mails as queue-files.. Currently only the option workes for spam and virus-mails Thanks Greetings Marcel ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ldg at TLS.NET Mon Mar 7 14:51:02 2005 From: ldg at TLS.NET (Dave Goodrich) Date: Thu Jan 12 21:28:52 2006 Subject: Vicious Circle Message-ID: Steen, Glenn wrote: >>-----Original Message----- >>From: MailScanner mailing list >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth >>Sent: den 7 mars 2005 14:42 >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: Vicious Circle >> >> >>Dave Goodrich wrote: >> >>>Steen, Glenn wrote: >>> >>> >>>>>-----Original Message----- >>>>>From: MailScanner mailing list >>>>>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Dave Goodrich >>>>>Sent: den 5 mars 2005 18:10 >>>>>To: MAILSCANNER@JISCMAIL.AC.UK >>>>>Subject: Vicious Circle >>>>> >>>> >>>>(snip) >>>> >>>> >>>>>I am at a loss, the root of the issue is I have 100k >> >>messages a day, >> >>>>>some just *might* be legitimate address misspellings, I >> >>can't drop all >> >>>>>bounces. But the vast majority are trash. >>>> >>>> >>>> >>>>I think you have a "fault" in your reasoning here. The >> >>responsibility >> >>>>(and thus requirement to produce bounces) for a message is >> >>not yours >> >>>>until after you've accepted the message. So if you do, as >> >>many here have >> >>>>already recommended, reject (with a 550) any unknown >> >>recipients/domains, >> >>>>then the resposibility to generate a NDN/NDR would still >> >>be _the sending >> >>>>MTAs problem, not yours_. >>> >>> >>>Ahh, I understand now, but if I reject with a 550, won't >> >>that cause my >> >>>MailScanner box to then generate the bounce back to the >> >>original server? >> >>>Foreign Server -> TLS-MailScanner -> TLS-Toaster >>> >>>How are others Using MailScanner in front of pop toasters >> >>handling this >> >>>issue? It is looking as if moving the "User Check" to the >> >>MailScanner >> >>>machine _is_ my one good option. >>> >>>Thanks, >>> >>>DAve >>> >> >>Dave >> >>not if you 550 reject on the inbound MTA. It never goes anywhere near >>MS, it simply drops the inbound connection with a "550 no >>such address". >> >>Any mistyped email address from a real user will get that message, ie >>they get a proper bounce message from their MTA. >> >>Any spam attempts from automated/trojaned machines will just ignore it >>and carry on to the next victim. > > Thanks Martin. Good, clear explanation. > > Adressing your question about "How to protect pop toasters"... Well, > this is pretty much the same as protecting your M-Sexchange or Lotus > or ... any-mail ... setup. And dropping false adresses at the MTA level > on the ailScanner side is exactly what most do. > > Have a fun time with the FAQ (this has been covered extensively on the > list to, so you might look through the archives), and setting things up. > > Someone please correct me if I'm wrong, but you should be pretty > close... > If I understand you correctly, you already reject unknown addresses on > the toasters, so then you'd just need milter-ahead on the MS boxes. > ... Or roll your own solution:-). > > -- Glenn > > Thanks everyone, lots of good info. DAve -- Dave Goodrich Systems Administrator http://www.tls.net Get rid of Unwanted Emails...get TLS Spam Blocker! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From waldner at WALDNER.PRIV.AT Mon Mar 7 14:44:11 2005 From: waldner at WALDNER.PRIV.AT (Robert Waldner) Date: Thu Jan 12 21:28:52 2006 Subject: Problem with MailScanner, postfix and corrupt mails Message-ID: On Mon, 07 Mar 2005 14:31:24 GMT, Julian Field writes: >No I meant how big are they in practice? Grep your maillog for "New" and >send me a rough approximation of the figures in there. 90 % of the time it scans only one message, which is 7-10kB. Max. for today were 3 messages, 350kB. >Any difference in the behaviour of the two machines? Is the problem >exactly the same on both? The behaviour is exactly the same (I upgraded one machine to see if it'd make the problem go away, or different at least). cheers, &rw -- -- He who joyfully marches to music in rank and file has already earned my -- contempt. He has been given a large brain by mistake, since for him the -- spinal cord would fully suffice. -- Einstein ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/PGP-SIGNATURE 196bytes. ] [ Unable to print this part. ] From peter at UCGBOOK.COM Mon Mar 7 15:12:18 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:52 2006 Subject: Outstanding feature/fix requests? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > Other than a minor cosmetic one I can't reproduce, I don't think I have > any outstanding requests for fixes. > > Does anyone know of any fixes or features they would like to see, that I > haven't yet done? Maybe it's time to change: Spam List = ORDB-RBL SBL+XBL # MAPS-RBL+ costs money (except .ac.uk) into a blank as default just like the virus scanners. There's many beginners that end up with the below and don't understand why it got classified as spam even though SA score below the threshold: MailScanner-SpamCheck: spam, SBL+XBL, SORBS-SPAM, SORBS-DNSBL, SpamAssassin (score=1.853, required 5, DEAR_SOMETHING 0.80, RCVD_IN_SBL 1.05) Since most use SA anyway it's confusing that both are on if you're not aware of it. -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From carinus.carelse at MRC.AC.ZA Mon Mar 7 15:21:56 2005 From: carinus.carelse at MRC.AC.ZA (Carinus Carelse) Date: Thu Jan 12 21:28:52 2006 Subject: Filename whitelist virus problem Message-ID: I have setup a whitelist to allow .zip and .com messages through to only one user. My understanding is that it should still scan for viruses but when I send the eicar test zip file with the .com zipped inside it just sends it through and doesn't scan it for viruses. Can anyone maybe help me? Carinus ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jkf at ecs.soton.ac.uk Mon Mar 7 15:31:59 2005 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:52 2006 Subject: Outstanding feature/fix requests? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Sorry, I do not understand you. Marcel Blenkers wrote: >Hi there, > >maybe the option the select how to store spam and/or viruses. > >As The QuarantineReport-Script need the Mails to be stored as one file, >but i would like to store virus-tagged mails as queue-files.. > >Currently only the option workes for spam and virus-mails > > -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Mar 7 15:34:14 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:52 2006 Subject: Filename whitelist virus problem Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] What is your "Virus Scanners =" setting, and have you made *any* changes to the -wrapper scripts at all. Scanning the contents of zip files is left to the virus scanners, so your scanner is not unpacking it. Have you checked that any virus scanning to this particular user is working? Carinus Carelse wrote: >I have setup a whitelist to allow .zip and .com messages through to only >one user. My understanding is that it should still scan for viruses but >when I send the eicar test zip file with the .com zipped inside it just >sends it through and doesn't scan it for viruses. > >Can anyone maybe help me? > >Carinus > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From stef at L5NET.NET Mon Mar 7 15:38:32 2005 From: stef at L5NET.NET (Stef Morrell) Date: Thu Jan 12 21:28:52 2006 Subject: Problem with MailScanner, postfix and corrupt mails Message-ID: Now I come to look at this, I've had a few corrupt emails too. If I run postcat, they are in exactly the same layout as Robert describes. I'm also on Linux, with Postfix. Not Redhat though, essentially it's a "Linux From Scratch", but tweaked. Again, as with Robert, the system sports a RAID-1 filesystem. I too am using the hold queue method. Below is a repeat from my machine of the info Julian was asking for from Robert. Many differences in all areas: root@cyril:/var/spool/postfix/corrupt# /opt/MailScanner/bin/MailScanner -v Running on Linux cyril 2.6.10-Tromix #1 SMP Fri Jan 28 11:23:23 GMT 2005 i686 pentium3 i386 GNU/Linux This is Perl version 5.008006 (5.8.6) This is MailScanner version 4.38.9 Module versions are: 1.00 AnyDBM_File 1.14 Archive::Zip 1.03 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.14 File::Temp 1.29 HTML::Entities 3.45 HTML::Parser 2.30 HTML::TokeParser 1.21 IO 1.10 IO::File 1.123 IO::Pipe 3.05 MIME::Base64 5.417 MIME::Decoder 5.417 MIME::Decoder::UU 5.417 MIME::Head 5.417 MIME::Parser 3.03 MIME::QuotedPrint 5.417 MIME::Tools 0.10 Net::CIDR 1.08 POSIX 1.77 Socket 0.05 Sys::Syslog 1.02 Time::localtime Optional module versions are: 1.810 DB_File 1.08 Digest 1.01 Digest::HMAC 2.33 Digest::MD5 2.10 Digest::SHA1 0.44 Inline 0.13 Mail::ClamAV 3.000002 Mail::SpamAssassin 1.997 Mail::SPF::Query 0.15 Net::CIDR::Lite 0.48 Net::DNS missing Net::LDAP 1.94 Parse::RecDescent 0.15 SAVI 1.2 Sys::Hostname::Long 2.42 Test::Harness 0.47 Test::Simple 1.95 Text::Balanced 1.35 URI Most of the time it's scanning 1-5 messages. When the server is busy, 10-12. Hope this helps. Stef ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From carinus.carelse at MRC.AC.ZA Mon Mar 7 15:40:23 2005 From: carinus.carelse at MRC.AC.ZA (Carinus Carelse) Date: Thu Jan 12 21:28:52 2006 Subject: Filename whitelist virus problem Message-ID: It is set to mcafee and i have not changed the wrapper scripts no. I usually use th eicar virus test to check. I always understood that if you whitelist a filename or filetype the virus scanner still scans for viruses. Carinus Julian Field wrote: > What is your "Virus Scanners =" setting, and have you made *any* changes > to the -wrapper scripts at all. Scanning the contents of zip files is > left to the virus scanners, so your scanner is not unpacking it. > > Have you checked that any virus scanning to this particular user is working? > > Carinus Carelse wrote: > > >I have setup a whitelist to allow .zip and .com messages through to only > >one user. My understanding is that it should still scan for viruses but > >when I send the eicar test zip file with the .com zipped inside it just > >sends it through and doesn't scan it for viruses. > > > >Can anyone maybe help me? > > > >Carinus > > > >------------------------ MailScanner list ------------------------ > >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >'leave mailscanner' in the body of the email. > >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > >Support MailScanner development - buy the book off the website! > > > > > > > > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ak at HOVMARK.DK Mon Mar 7 15:55:51 2005 From: ak at HOVMARK.DK (Anders Kongsted) Date: Thu Jan 12 21:28:52 2006 Subject: SV: Problem with MailScanner and score Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Martin, Yes, it's correct. Isn't possible to use that file??? Anders -----Oprindelig meddelelse----- Fra: MailScanner mailing list [mailto:MAILSCANNER@jiscmail.ac.uk] På vegne af Martin Hepworth Sendt: 7. marts 2005 15:02 Til: MAILSCANNER@jiscmail.ac.uk Emne: Re: Problem with MailScanner and score Anders which config file? I presume you mean, spam.assassin.prefs.conf in the same directory as MailScanner.conf? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Anders Kongsted wrote: > Hi, > > I have a problem. I set "score bayes_99" to 3.00 points. But it's not > enought. I want to raise the score to 4 or maybe a bit more, but when I > modify the config file, and restart MailScanner, nothing happens. I had > tried some difrent score, but MailScanner countiues using 3.00 as the > score for "bayes_99"... :-( > > Any idears? > Looking forward to hear some solutions! :-) > > Anders > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Mon Mar 7 15:57:12 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:52 2006 Subject: Panda not working Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Steen, Glenn > Sent: den 6 mars 2005 22:53 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Panda not working > > > Hm. Will have to have another look tomorrow... > I did try the pavcl but after some like trouble _and_ discovering > that the "free" version was "free less any signature updates"... > Well, suffice it to say that I don't use it:). > Will have another look though. > > -- Glenn This would've been simpler if the person writing the script had been "partial" to a language I know... Spanish or Portugese or Brasilian is not my forte, but... I think I understand what makes it not work, at least. It's rather simple.... The pavcl command errors out each time it's called (a syntax error, so it prints the equivalent "pavcl --help") This is due to the use of '$archive', where pavcl barfs on the signle quotes. Probably put there to "protect" against filenames with spaces in 'em, but since it doesn't work... And to add to this, the logic behind the directory traversal seem to be .... not that well thought through (meaning it results in ridiculous commandlines like "/usr/bin/pavcl 'message/message' -CMP" where there is no "message" subdirectory, just the rfc822 message file (I don't quarantine queue files)). So that needs amending too. Next problem is that they present you with a longish "license agreement" type of thing... every time! Sigh. And use curses for it. Double-sigh. So it seems to get "stuck" waiting for you to press a couple of time. Not good. could perhaps be solved in an ... expect-ish manner, but .... Really crappy. Might be different if you've bought a license perhaps? And this answers your other question "Does anyone have panda working" ... Seems to be "no":-):-). Or have there been significant improvements recently to the panda wrapper? I'm lagging a bit, so I'll have to compare with a more recent version perhaps... Hm, nope, 4.39.6 is as bad. I'll see what I can do. -- Glenn > > > -----Original Message----- > From: MailScanner mailing list on behalf of Paul Welsh > Sent: Fri 3/4/2005 9:20 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Cc: > Subject: Re: Panda not working > > -----Original Message----- > > From: MailScanner mailing list > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Steen, Glenn > > Sent: 04 March 2005 09:47 > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: Panda not working > > > > > I've tried the command: > > > > > > /usr/lib/MailScanner/panda-wrapper /usr/bin/pavcl /tmp > > Try > > /usr/lib/MailScanner/panda-wrapper /usr /tmp > > since the lines > > $pavcl = shift; > > $pavcl .= '/bin/pavcl'; > > would first set $pavcl to /usr, then concatenate /bin/pavcl onto > > that, making $pavcl (which is used further down) be /usr/bin/pavcl > > > > If that doesn't work, try it while standing in the /tmp directory. > > Looking at it, it seems like the wrapper ignores any path, but > > will preserve scanner options. > > Thanks, Glenn, but I still get "Virus: 0" whether I run the > panda-wrapper > command from /tmp or not. > > Anyone have any other ideas? > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Mon Mar 7 15:59:30 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:52 2006 Subject: Problem with MailScanner and score Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Might it be that "score bayes_99" != "score BAYES_99"? It'd probably help if you cut'n'pasted what you do have in spam.assassin.prefs.conf -- Glenn > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Anders Kongsted > Sent: den 7 mars 2005 16:56 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: SV: Problem with MailScanner and score > > > Hi Martin, > > Yes, it's correct. Isn't possible to use that file??? > > Anders > > -----Oprindelig meddelelse----- > Fra: MailScanner mailing list > [mailto:MAILSCANNER@jiscmail.ac.uk] På vegne > af Martin Hepworth > Sendt: 7. marts 2005 15:02 > Til: MAILSCANNER@jiscmail.ac.uk > Emne: Re: Problem with MailScanner and score > > Anders > > which config file? > > I presume you mean, spam.assassin.prefs.conf in the same directory as > MailScanner.conf? > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Anders Kongsted wrote: > > Hi, > > > > I have a problem. I set "score bayes_99" to 3.00 points. > But it's not > > enought. I want to raise the score to 4 or maybe a bit > more, but when I > > modify the config file, and restart MailScanner, nothing > happens. I had > > tried some difrent score, but MailScanner countiues using > 3.00 as the > > score for "bayes_99"... :-( > > > > Any idears? > > Looking forward to hear some solutions! :-) > > > > Anders > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Mar 7 15:59:31 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:52 2006 Subject: SV: Problem with MailScanner and score Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Anders My setting is like this.. score BAYES_99 0 0 5.400 5.400 which basically replicates the scores for SA 2.6x Did you reload or stop and start MS? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Anders Kongsted wrote: > Hi Martin, > > Yes, it's correct. Isn't possible to use that file??? > > Anders > > -----Oprindelig meddelelse----- > Fra: MailScanner mailing list [mailto:MAILSCANNER@jiscmail.ac.uk] På vegne > af Martin Hepworth > Sendt: 7. marts 2005 15:02 > Til: MAILSCANNER@jiscmail.ac.uk > Emne: Re: Problem with MailScanner and score > > Anders > > which config file? > > I presume you mean, spam.assassin.prefs.conf in the same directory as > MailScanner.conf? > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Anders Kongsted wrote: > >>Hi, >> >>I have a problem. I set "score bayes_99" to 3.00 points. But it's not >>enought. I want to raise the score to 4 or maybe a bit more, but when I >>modify the config file, and restart MailScanner, nothing happens. I had >>tried some difrent score, but MailScanner countiues using 3.00 as the >>score for "bayes_99"... :-( >> >>Any idears? >>Looking forward to hear some solutions! :-) >> >>Anders >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ak at HOVMARK.DK Mon Mar 7 16:20:03 2005 From: ak at HOVMARK.DK (Anders Kongsted) Date: Thu Jan 12 21:28:52 2006 Subject: SV: SV: Problem with MailScanner and score Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, It working now... THANKS! :-) I now use the following line: score BAYES_99 0 0 5.400 5.400 Can anyone explane to me what the numbers meens (0 & 0 & 5.4 & 5.4)? Before I only used "score BAYES_99 4".... Anders -----Oprindelig meddelelse----- Fra: MailScanner mailing list [mailto:MAILSCANNER@jiscmail.ac.uk] På vegne af Martin Hepworth Sendt: 7. marts 2005 17:00 Til: MAILSCANNER@jiscmail.ac.uk Emne: Re: SV: Problem with MailScanner and score Anders My setting is like this.. score BAYES_99 0 0 5.400 5.400 which basically replicates the scores for SA 2.6x Did you reload or stop and start MS? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Anders Kongsted wrote: > Hi Martin, > > Yes, it's correct. Isn't possible to use that file??? > > Anders > > -----Oprindelig meddelelse----- > Fra: MailScanner mailing list [mailto:MAILSCANNER@jiscmail.ac.uk] På vegne > af Martin Hepworth > Sendt: 7. marts 2005 15:02 > Til: MAILSCANNER@jiscmail.ac.uk > Emne: Re: Problem with MailScanner and score > > Anders > > which config file? > > I presume you mean, spam.assassin.prefs.conf in the same directory as > MailScanner.conf? > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Anders Kongsted wrote: > >>Hi, >> >>I have a problem. I set "score bayes_99" to 3.00 points. But it's not >>enought. I want to raise the score to 4 or maybe a bit more, but when I >>modify the config file, and restart MailScanner, nothing happens. I had >>tried some difrent score, but MailScanner countiues using 3.00 as the >>score for "bayes_99"... :-( >> >>Any idears? >>Looking forward to hear some solutions! :-) >> >>Anders >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Mon Mar 7 16:21:11 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:28:52 2006 Subject: SV: SV: Problem with MailScanner and score Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] local, net, with bayes, with bayes + net Anders Kongsted wrote: >Hi, > >It working now... THANKS! :-) > >I now use the following line: >score BAYES_99 0 0 5.400 5.400 > >Can anyone explane to me what the numbers meens (0 & 0 & 5.4 & 5.4)? Before >I only used "score BAYES_99 4".... > >Anders > >-----Oprindelig meddelelse----- >Fra: MailScanner mailing list [mailto:MAILSCANNER@jiscmail.ac.uk] På vegne >af Martin Hepworth >Sendt: 7. marts 2005 17:00 >Til: MAILSCANNER@jiscmail.ac.uk >Emne: Re: SV: Problem with MailScanner and score > >Anders > >My setting is like this.. > >score BAYES_99 0 0 5.400 5.400 > >which basically replicates the scores for SA 2.6x > >Did you reload or stop and start MS? > >-- >Martin Hepworth >Snr Systems Administrator >Solid State Logic >Tel: +44 (0)1865 842300 > > >Anders Kongsted wrote: > > >>Hi Martin, >> >>Yes, it's correct. Isn't possible to use that file??? >> >>Anders >> >>-----Oprindelig meddelelse----- >>Fra: MailScanner mailing list [mailto:MAILSCANNER@jiscmail.ac.uk] På vegne >>af Martin Hepworth >>Sendt: 7. marts 2005 15:02 >>Til: MAILSCANNER@jiscmail.ac.uk >>Emne: Re: Problem with MailScanner and score >> >>Anders >> >>which config file? >> >>I presume you mean, spam.assassin.prefs.conf in the same directory as >>MailScanner.conf? >> >>-- >>Martin Hepworth >>Snr Systems Administrator >>Solid State Logic >>Tel: +44 (0)1865 842300 >> >> >>Anders Kongsted wrote: >> >> >> >>>Hi, >>> >>>I have a problem. I set "score bayes_99" to 3.00 points. But it's not >>>enought. I want to raise the score to 4 or maybe a bit more, but when I >>>modify the config file, and restart MailScanner, nothing happens. I had >>>tried some difrent score, but MailScanner countiues using 3.00 as the >>>score for "bayes_99"... :-( >>> >>>Any idears? >>>Looking forward to hear some solutions! :-) >>> >>>Anders >>> >>>------------------------ MailScanner list ------------------------ >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>'leave mailscanner' in the body of the email. >>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>Support MailScanner development - buy the book off the website! >>> >>> >>********************************************************************** >> >>This email and any files transmitted with it are confidential and >>intended solely for the use of the individual or entity to whom they >>are addressed. If you have received this email in error please notify >>the system manager. >> >>This footnote confirms that this email message has been swept >>for the presence of computer viruses and is believed to be clean. >> >>********************************************************************** >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> > >********************************************************************** > >This email and any files transmitted with it are confidential and >intended solely for the use of the individual or entity to whom they >are addressed. If you have received this email in error please notify >the system manager. > >This footnote confirms that this email message has been swept >for the presence of computer viruses and is believed to be clean. > >********************************************************************** > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Mar 7 16:46:50 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:52 2006 Subject: Problem with MailScanner, postfix and corrupt mails Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] In PFDiskStore.pm, around line 271, there is a chunk of code that looks like this: # We have to tell the caller what the child's pid is in order to # reap it. Although IO::Pipe does this for us when it is told to # fork and exec, it unfortunately doesn't have a neat hook for us # to tell it the pid when we do the fork. Bah. $pipe->close(); $Tf->flush(); # JKF 20050307 waitpid $pid, 0; } else { # Child $pipe->writer(); $entity->print_body($pipe) or MailScanner::Log::WarnLog("WriteMIMEBody to %s possibly failed, %s", $tfile, $!); $pipe->close(); $Tf->flush(); Move one line in it (the flush call), so it says this instead: # We have to tell the caller what the child's pid is in order to # reap it. Although IO::Pipe does this for us when it is told to # fork and exec, it unfortunately doesn't have a neat hook for us # to tell it the pid when we do the fork. Bah. $pipe->close(); $Tf->flush(); # JKF 20050307 < ----- NEW LINE waitpid $pid, 0; } else { # Child $pipe->writer(); $entity->print_body($pipe) or MailScanner::Log::WarnLog("WriteMIMEBody to %s possibly failed, %s", $tfile, $!); $pipe->close(); #$Tf->flush(); # JKF 20050307 <----- COMMENT OUT THIS Let me know if this makes any difference. I am pretty sure it is a perl problem, as what is happening is that a variable called $predata is being written twice, regardless of the fact that there is only one print($predata) call. Also, does this only happen to messages where MailScanner has changed the body of the message, or only ones where it hasn't, or both? Julian Field wrote: > I have seen this once before on a client's system. I have never been > able to reliably reproduce the problem, which makes it pretty much > impossible to fix. Even exactly the same message would behave properly > most of the time, but occasionally not. > > How big are your mail batches (as picked up by MailScanner)? > What version of MailScanner are you running? ("MailScanner -v" please) > > Robert Waldner wrote: > >> Hi! >> >> On two boxen, I constantly have mails which are, apparingly, damaged by >> MailScanner so that postfix, after picking them up again, quarantines >> them into its "corrupt"-folder. >> >> When I `postcat` such a damaged mail, I invariably see the same >> pattern, which I think is best explained by an example: >> >> .-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-. >> message_size: 9158 317 >> 2 0 >> message_arrival_time: Mon Nov 15 22:28:40 2004 >> sender: sender@domain >> named_attribute: client_name=mail.gmx.de >> named_attribute: client_address=213.165.64.20 >> named_attribute: message_origin=mail.gmx.de[213.165.64.20] >> named_attribute: helo_name=mail.gmx.net >> named_attribute: protocol_name=SMTP >> warning_message_time: Tue Nov 16 02:28:40 2004 >> original_recipient: user@domain >> recipient: user@domain >> *** MESSAGE CONTENTS 4C80A7375E *** >> Received: from mail.gmx.net (mail.gmx.de [213.165.64.20]) >> ... >> >> >> message_size: 0 0 >> 0 0 >> message_arrival_time: Mon Nov 15 22:28:40 2004 >> sender: sender@domain >> named_attribute: client_name=mail.gmx.de >> named_attribute: client_address=213.165.64.20 >> named_attribute: message_origin=mail.gmx.de[213.165.64.20] >> original_recipient: user@domain >> recipient: user@domain >> *** MESSAGE CONTENTS 4C80A7375E *** >> Received: from mail.gmx.net (mail.gmx.de [213.165.64.20]) >> ... >> > time> >> >> X-host-MailScanner: Did not find any virus >> X-host-MailScanner-SpamCheck: not spam, >> SpamAssassin (Wertung=0.108, benoetigt 5, AWL 0.00...) >> X-MailScanner-From: sender@domain >> >> >> .-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-. >> >> So, the pattern is >> postfix-headers >> *** MESSAGE CONTENTS queue-id *** >> normal mail-headers >> postfix-headers >> *** MESSAGE CONTENTS queue-id *** >> normail mail-headers >> mail content >> MailScanner-headers >> mail-contents again >> >> Both boxen are i386 and run Debian Sarge, MailScanner 4.38.10-1/ >> postfix 2.1.5-6 on one, 4.35.3-1/2.1.5-0 on the other. I don't see >> this happening on another box, which runs 4.37.7-1/2.1.5-5, but on >> sun4u instead of i386. >> >> Any hints? The only thing I could google up was filesystem corruption, >> which I'm pretty sure I can rule out here. Judging from the position >> of the MailScanner headers, I'd guess it's MailScanner screwing up >> somehow, but since I don't know, I ask ;) >> >> cheers+TIA, >> &rw >> -- >> -- A sendmail / by any other name >> -- Would still / HELO just.as.swe.et >> -- - Greg >> >> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> > > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From waldner at WALDNER.PRIV.AT Mon Mar 7 17:04:06 2005 From: waldner at WALDNER.PRIV.AT (Robert Waldner) Date: Thu Jan 12 21:28:52 2006 Subject: Problem with MailScanner, postfix and corrupt mails Message-ID: On Mon, 07 Mar 2005 16:46:50 GMT, Julian Field writes: >In PFDiskStore.pm, around line 271, there is a chunk of code that looks >like this: Ok, done. >Let me know if this makes any difference. I am pretty sure it is a perl >problem, as what is happening is that a variable called $predata is >being written twice, regardless of the fact that there is only one >print($predata) call. I'll know in a couple days and will report. >Also, does this only happen to messages where MailScanner has changed >the body of the message, or only ones where it hasn't, or both? I've not seen the problem in any mails where it has altered the body (as opposed to merely adding headers), but those are few, percentage-wise, so this may mean nothing. Thanks for the quick help! cheers, &rw -- -- A friend in needs a friend indeed, A friend with weed is better, -- A friend with breast and all the rest, A friend who's dressed in leather -- - Placebo, Pure Morning ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/PGP-SIGNATURE 196bytes. ] [ Unable to print this part. ] From stef at L5NET.NET Mon Mar 7 17:21:05 2005 From: stef at L5NET.NET (Stef Morrell) Date: Thu Jan 12 21:28:52 2006 Subject: Problem with MailScanner, postfix and corrupt mails Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field > Sent: 07 March 2005 16:47 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Problem with MailScanner, postfix and corrupt mails > > In PFDiskStore.pm, around line 271, there is a chunk of code > that looks like this: I'll let you know if that makes a difference. > Also, does this only happen to messages where MailScanner has > changed the body of the message, or only ones where it > hasn't, or both? Not sure what you mean. If you mean as in (for example) phishing protection where it inlines changes to HTML, then none of my samples have that style of change. On the other hand, if you mean adding in a "This email scanned by blah etc" type footer, then yes - but all messages get the same footer. I can say it seems to happen only on scanned messages and not on those which are delivered unscanned - ie, only have MS "I didn't scan this" additional headers and therefore no body changes. I've examples both in plain text and html and all (so far) are spam. Having said that, MS didn't catch one out as spam, so that may or may not help narrow it down. As a point of interest, I'd be intrigued to know how many of these Robert gets. I'm only getting perhaps 1 in 30,000 email. Stef ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Mon Mar 7 17:34:39 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:52 2006 Subject: Panda not working Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Steen, Glenn > Sent: den 7 mars 2005 16:57 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Panda not working > > > > -----Original Message----- > > From: MailScanner mailing list > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Steen, Glenn > > Sent: den 6 mars 2005 22:53 > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: Panda not working > > > > > > Hm. Will have to have another look tomorrow... > > I did try the pavcl but after some like trouble _and_ discovering > > that the "free" version was "free less any signature updates"... > > Well, suffice it to say that I don't use it:). > > Will have another look though. > > > > -- Glenn > > This would've been simpler if the person writing the script had been > "partial" to a language I know... Spanish or Portugese or Brasilian > is not my forte, but... I think I understand what makes it not work, > at least. > > It's rather simple.... The pavcl command errors out each time it's > called (a syntax error, so it prints the equivalent "pavcl --help") > This is due to the use of '$archive', where pavcl barfs on the signle > quotes. Probably put there to "protect" against filenames with spaces > in 'em, but since it doesn't work... > > And to add to this, the logic behind the directory traversal seem to > be .... not that well thought through (meaning it results in > ridiculous commandlines like "/usr/bin/pavcl 'message/message' -CMP" > where there is no "message" subdirectory, just the rfc822 message > file (I don't quarantine queue files)). So that needs amending too. > > Next problem is that they present you with a longish "license > agreement" type of thing... every time! Sigh. And use curses for it. > Double-sigh. So it seems to get "stuck" waiting for you to press > a couple of time. Not good. could perhaps be solved in an ... > expect-ish manner, but .... Really crappy. Might be different if > you've bought a license perhaps? > > And this answers your other question "Does anyone have panda working" > ... Seems to be "no":-):-). > > Or have there been significant improvements recently to the panda > wrapper? I'm lagging a bit, so I'll have to compare with a more > recent version perhaps... Hm, nope, 4.39.6 is as bad. > I'll see what I can do. > > -- Glenn Ok, this one has pimples the size of Everest, but could you just try it out Paul? To run it as MailScanner does call it like: /usr/lib/MailScanner/panda-wrapper /usr -aut -aex -heu -nso -cmp -esp /tmp -- Glenn > > > > > > -----Original Message----- > > From: MailScanner mailing list on behalf of Paul Welsh > > Sent: Fri 3/4/2005 9:20 PM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Cc: > > Subject: Re: Panda not working > > > -----Original Message----- > > > From: MailScanner mailing list > > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Steen, Glenn > > > Sent: 04 March 2005 09:47 > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > Subject: Re: Panda not working > > > > > > > I've tried the command: > > > > > > > > /usr/lib/MailScanner/panda-wrapper /usr/bin/pavcl /tmp > > > Try > > > /usr/lib/MailScanner/panda-wrapper /usr /tmp > > > since the lines > > > $pavcl = shift; > > > $pavcl .= '/bin/pavcl'; > > > would first set $pavcl to /usr, then concatenate /bin/pavcl onto > > > that, making $pavcl (which is used further down) be /usr/bin/pavcl > > > > > > If that doesn't work, try it while standing in the /tmp directory. > > > Looking at it, it seems like the wrapper ignores any path, but > > > will preserve scanner options. > > > > Thanks, Glenn, but I still get "Virus: 0" whether I run the > > panda-wrapper > > command from /tmp or not. > > > > Anyone have any other ideas? > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "panda-wrapper" Application/OCTET-STREAM (Name: ] [ "panda-wrapper") 1.9KB. ] [ Unable to print this part. ] From ard at PERGAMENTUM.COM Mon Mar 7 17:38:48 2005 From: ard at PERGAMENTUM.COM (Alisdair Davey) Date: Thu Jan 12 21:28:52 2006 Subject: [Slightly OT] Phishing detection Message-ID: > > A quick question for people. The IT depeartment of the > > univesrity I used to > > work out just sent out a note about its virus scanner Macafee > > detecting a > > phishing attack. I use Clamav and F-Prot onmy mail gateways > > and see plenty > > of detections of phshing attacks from clamav, but none from > > fprot. If you > > use a different virus scanner can you let me know if it > > detects phishing > > attacks. Feel free to email me personally and I'll summarize > > to the list. > I use mcafee, clamav and bitdefender. Both mcafee and clamav detect > phishing, with clamav being the one catching the most. Bitdefender > does not do phishing, so... fprot isn't alone in this... and not > entirely wrong either. Phishing is after all not really a virus type > of thing. But having the click-happy users I do, I do appreciate that > both clam and mcafee do detect/remove most:-). > > I've never seen a phish that clamav missed but mcafee caught. > > And if one wants to eb sure any phishing is real obvious, why not use > MS phishing net? Very true - may I take it from the lack of other responses that clamav / mcafee are the only two virus scanners to detect phishing attempts as viruses? Cheers Alisdair -- Dr Alisdair Davey ard@pergamentum.com Pergamentum Solutions Tel: 1-303-981-9838 2066 Dailey Lane Superior, CO 80027 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Mar 7 17:51:04 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:52 2006 Subject: [Slightly OT] Phishing detection Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Alisdair Davey wrote: >>>A quick question for people. The IT depeartment of the >>>univesrity I used to >>>work out just sent out a note about its virus scanner Macafee >>>detecting a >>>phishing attack. I use Clamav and F-Prot onmy mail gateways >>>and see plenty >>>of detections of phshing attacks from clamav, but none from >>>fprot. If you >>>use a different virus scanner can you let me know if it >>>detects phishing >>>attacks. Feel free to email me personally and I'll summarize >>>to the list. >>> >>> >>I use mcafee, clamav and bitdefender. Both mcafee and clamav detect >>phishing, with clamav being the one catching the most. Bitdefender >>does not do phishing, so... fprot isn't alone in this... and not >>entirely wrong either. Phishing is after all not really a virus type >>of thing. But having the click-happy users I do, I do appreciate that >>both clam and mcafee do detect/remove most:-). >> >>I've never seen a phish that clamav missed but mcafee caught. >> >>And if one wants to eb sure any phishing is real obvious, why not use >>MS phishing net? >> >> > >Very true - may I take it from the lack of other responses that clamav / >mcafee are the only two virus scanners to detect phishing attempts as viruses? > As far as I am aware, yes. Of course I only use MailScanner's phishing net :-) -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From andy at TIRESWING.NET Mon Mar 7 17:54:25 2005 From: andy at TIRESWING.NET (Andy Norris) Date: Thu Jan 12 21:28:52 2006 Subject: Whitelist FromOrTo: Message-ID: Hi again, MailScanners. I'm having a problem with my whitelisting directives, apparently. I'm trying to whitelist all mail from mydomain.com. In the file spam.whitelist.rules, if I have the following: FromOrTo: mydomain.com yes it works! But if I have: From: mydomain.com yes it doesn't... I've tried: From: *@mydomain.com yes and that doesn't work, either. What gives? Thanks for any insight, Andy Norris ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From waldner at WALDNER.PRIV.AT Mon Mar 7 17:55:35 2005 From: waldner at WALDNER.PRIV.AT (Robert Waldner) Date: Thu Jan 12 21:28:52 2006 Subject: Problem with MailScanner, postfix and corrupt mails Message-ID: On Mon, 07 Mar 2005 17:21:05 GMT, Stef Morrell writes: >As a point of interest, I'd be intrigued to know how many of these >Robert gets. I'm only getting perhaps 1 in 30,000 email. As I said previously, 1-2/day/box, each of which does ~10k/day. cheers, &rw -- -- Quite cool failure mode, too. Everything just suddenly wasn't -- there, as all available bandwidth was consumed by OSPF. -- Ingvar ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/PGP-SIGNATURE 196bytes. ] [ Unable to print this part. ] From martinh at SOLID-STATE-LOGIC.COM Mon Mar 7 18:05:50 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:52 2006 Subject: Whitelist FromOrTo: Message-ID: Andy MS will put in an extra header X-Mailscanner-From: that will who the actual From is, so you can debug stuff like rules easier. Check this header against your rules. Also doing a per domain on the spam.whitelist is prob idea as the spammers like to "from: you", "to: you" in order to get around spam filters. Best to use ip-addresses if possible. Also what version of MS. Ok so having asked for all that, I'm off home (via the gym), but I'm sure the other people on the list will help too ;-) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Andy Norris wrote: > Hi again, MailScanners. > > I'm having a problem with my whitelisting directives, apparently. > > I'm trying to whitelist all mail from mydomain.com. > > In the file spam.whitelist.rules, if I have the following: > > FromOrTo: mydomain.com yes > > it works! > > But if I have: > > From: mydomain.com yes > > it doesn't... > > I've tried: > > From: *@mydomain.com yes > > and that doesn't work, either. > > What gives? > > Thanks for any insight, > > Andy Norris ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Mon Mar 7 18:07:24 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:28:52 2006 Subject: Question regarding IPBlock Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > Marcel Blenkers wrote: > >> Hi there and sorry for the late answer.. >> >> On Thu, 24 Feb 2005, Kai Schaetzl wrote: >> >> >> >>> Marcel Blenkers wrote on Thu, 24 Feb 2005 14:36:33 +0100: >>> >>> >>> >>>> use the >>>> access-file with makemap to create the access.db? >>>> >>>> >>>> >>> makemap is what gets used for creating access.db. If you want to run it >>> yourself, just do. >>> >>> >>> >> guess you got me wrong here ;) >> >> The Script IPBlock written by Julian and usable as extra script just adds >> the ips, which should be blocked, into the access.db-file. >> Means, there is no way to see the blocked ips within the access-file. >> >> > Yes there is. > makemap -u hash access > >> So my question was really, if the script could be changed, to insert the >> blocked ips into the access-file, and then use makemap to generate the >> access.db itself. >> >> So every admin could check the access-file itself, delete the ip if >> needed, generate the new access.db with makemap and so those ips which >> are >> blocked, could be unblocked the easy way.. =) >> >> Currently the admin only gets the chance to see which ips are blocked, as >> he (or shee) is looking into the mail-og and searches for the String >> blocked by Mailscanner. >> >> > The reason I wrote it the way I did is because you need to be able to > (once an hour) remove all the IP addresses that were added by > MailScanner, but leave all the entries that you put in the access map by > hand. The easiest way to do that is to leave the text version alone, and > add temporary IPs to the db file. Then hourly you simply rebuild the db > file from the text file. > > If you can come up with a better system for doing this easily and > efficiently (or better than mine) then please suggest it. Could you maybe make another txt file say mailscanner_access and cat mailscanner_access and access and then makemap from that? My bash skills are atrocious -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From andy at TIRESWING.NET Mon Mar 7 18:29:40 2005 From: andy at TIRESWING.NET (Andy Norris) Date: Thu Jan 12 21:28:53 2006 Subject: Whitelist FromOrTo: Message-ID: Thanks Martin, I'm running MS 4.36.4. It's working now. However, one more weird thing... I DO have the IPs for our sites in there, as well... and they don't seem to work. Oh well. Baby steps. Baby steps. Thanks very much, and hope your workout was everything you'd ever dreamed it could be. I hope you can prove to be inspiration for me to get off my butt and away from this damned computer and get myself to the gym that takes my money whether I'm there or not! Andy Norris At 12:05 pm 2005-03-07, you wrote: >Andy > >MS will put in an extra header > >X-Mailscanner-From: > >that will who the actual From is, so you can debug stuff like rules >easier. Check this header against your rules. > >Also doing a per domain on the spam.whitelist is prob idea as the >spammers like to "from: you", "to: you" in order to get around spam >filters. Best to use ip-addresses if possible. > >Also what version of MS. > >Ok so having asked for all that, I'm off home (via the gym), but I'm >sure the other people on the list will help too ;-) > >-- >Martin Hepworth >Snr Systems Administrator >Solid State Logic >Tel: +44 (0)1865 842300 > > >Andy Norris wrote: >>Hi again, MailScanners. >> >>I'm having a problem with my whitelisting directives, apparently. >> >>I'm trying to whitelist all mail from mydomain.com. >> >>In the file spam.whitelist.rules, if I have the following: >> >>FromOrTo: mydomain.com yes >> >>it works! >> >>But if I have: >> >>From: mydomain.com yes >> >>it doesn't... >> >>I've tried: >> >>From: *@mydomain.com yes >> >>and that doesn't work, either. >> >>What gives? >> >>Thanks for any insight, >> >>Andy Norris > >********************************************************************** > >This email and any files transmitted with it are confidential and >intended solely for the use of the individual or entity to whom they >are addressed. If you have received this email in error please notify >the system manager. > >This footnote confirms that this email message has been swept >for the presence of computer viruses and is believed to be clean. > >********************************************************************** > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Mon Mar 7 19:15:52 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:28:53 2006 Subject: [Slightly OT] Phishing detection Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Alisdair Davey wrote: >>>A quick question for people. The IT depeartment of the >>>univesrity I used to >>>work out just sent out a note about its virus scanner Macafee >>>detecting a >>>phishing attack. I use Clamav and F-Prot onmy mail gateways >>>and see plenty >>>of detections of phshing attacks from clamav, but none from >>>fprot. If you >>>use a different virus scanner can you let me know if it >>>detects phishing >>>attacks. Feel free to email me personally and I'll summarize >>>to the list. >> >>I use mcafee, clamav and bitdefender. Both mcafee and clamav detect >>phishing, with clamav being the one catching the most. Bitdefender >>does not do phishing, so... fprot isn't alone in this... and not >>entirely wrong either. Phishing is after all not really a virus type >>of thing. But having the click-happy users I do, I do appreciate that >>both clam and mcafee do detect/remove most:-). >> >>I've never seen a phish that clamav missed but mcafee caught. >> >>And if one wants to eb sure any phishing is real obvious, why not use >>MS phishing net? > > > Very true - may I take it from the lack of other responses that clamav / > mcafee are the only two virus scanners to detect phishing attempts as viruses? > Cheers > Alisdair And McAfee has only been catching them recently, sometime around the first of the year. Maybe others will follow, maybe not. -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Mon Mar 7 19:18:02 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:28:53 2006 Subject: Virus being missed. (assumed) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] David Curtis wrote: > I guess it is time to look at using BitDefender. Someone want to point > me to some help docs to get it setup with mailscanner and clamav?? > > Docs are not needed. Install BitDefender. add it to the list of used virus scanners in MailScanner.conf. -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Mon Mar 7 19:40:55 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:28:53 2006 Subject: Mail::ClamAV [was: Re: SAVI-Perl/Sophos on RedHat Enterprise 4] Message-ID: All, With 0.16 on Solaris 9, the tests failed like so: PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t t/Mail-ClamAV....NOK 11# Failed test (t/Mail-ClamAV.t at line 115) t/Mail-ClamAV....NOK 12# Failed test (t/Mail-ClamAV.t at line 116) t/Mail-ClamAV....NOK 13# Failed test (t/Mail-ClamAV.t at line 117) # Looks like you failed 3 tests of 13. t/Mail-ClamAV....dubious Test returned status 3 (wstat 768, 0x300) DIED. FAILED tests 11-13 Failed 3/13 tests, 76.92% okay Failed Test Stat Wstat Total Fail Failed List of Failed ------------------------------------------------------------------------------- t/Mail-ClamAV.t 3 768 13 3 23.08% 11-13 Failed 1/1 test scripts, 0.00% okay. 3/13 subtests failed, 76.92% okay. Per the discussion here, I edited t/Mail-ClamAV.t and commented out the one line using scanbuff. After that the tests all passed. Don't know if this is the right thing to do or not... Jeff Earickson Colby College On Mon, 7 Mar 2005, David Lee wrote: > Date: Mon, 7 Mar 2005 11:08:51 +0000 > From: David Lee > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Mail::ClamAV [was: Re: SAVI-Perl/Sophos on RedHat Enterprise 4] > > On Fri, 4 Mar 2005, David Lee wrote: > >> [...] >> We too have this problem (FC3, also ancient RH 7.3). Rick Cooper has >> found that this seems to be an error within its tests (i.e. Mail::ClamAV >> itself is OK). From an amended version of its "t/Mail-ClamAV.t" that he >> gave me, I derived the following patch. >> [...] > > On Friday, I emailed the author (Scott Beck) of Mail::ClamAV about these > issues, and he has released version 0.16 over the weekend. This seems to > have fixed most of the failures in the test suite, but it a separate set > of residual failures at the end, related to the "scanbuff" interface onto > ClamAV itself. I understand from the "clamav-devel" list that this > interface is deprecated (scheduled for removal at ClamAV 0.90). > >> From the MailScanner perspective, I think the experience of people on this > list with Mail::ClamAV 0.14 is that none of these failures in that > module's test suite is important. I've just installed 0.16 and that, too, > seems fine. > > I've also written to the author again suggesting that he might simply > remove his "scanbuff" tests. > > -- > > : David Lee I.T. Service : > : Senior Systems Programmer Computer Centre : > : University of Durham : > : http://www.dur.ac.uk/t.d.lee/ South Road : > : Durham : > : Phone: +44 191 334 2752 U.K. : > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From huddlesj at otc.edu Mon Mar 7 19:42:58 2005 From: huddlesj at otc.edu (Jason Huddleston) Date: Thu Jan 12 21:28:53 2006 Subject: Hostname Message-ID: I am trying to change the Hostname variable to include the server name with out hard coding the name in the string. I have tried “Hostname = the %org-name% (%HOSTNAME%) MailScanner” and “Hostname = the %org-name% ($HOSTNAME) MailScanner” with no luck. Is their a variable that I am overlooking that will pick up the server name???? Thanks, -- Jason Huddleston, CCSA Assistant Coordinator Internet Services and Security Ozarks Technical Community College huddlesj@otc.edu 417-447-7532 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Mon Mar 7 19:26:58 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:28:53 2006 Subject: Virus being missed. (assumed) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Matt Kettler wrote: > At 01:30 PM 3/4/2005, David Curtis wrote: > >> I think I have a virus that is being missed by mailscanner/clamav. >> Mailscanner tags it as spam: X-SBSD-MailScanner-SpamCheck: spam, >> SpamAssassin (score=7.065, required 3.75, >> BAYES_60 0.37, DCC_CHECK 2.17, HTML_90_100 0.02, HTML_MESSAGE 0.00, >> HTML_SHORT_LENGTH 0.39, MIME_HTML_ONLY 0.18, MISSING_SUBJECT 1.23, >> MSGID_SPAM_LETTERS 2.71) >> >> The attachment has a rar file seams to be a randomly generated number >> with >> a file dddd.exe in it. > > > Do you have the external unrar utility installed? (note: the latest version > of rar costs, but there is a freeware command-line unrar for *nix) > > See: > http://www.rarlab.com/rar_add.htm > > > ClamAV's built-in rar support doesn't support the newer rar3 format, so you > need to install the external unrar utility and then > edit /usr/lib/MailScanner/clamav-wrapper to enable the --unrar parameter. > > You can use this site to send a rared eicar file.. It wasn't caught by > clamav until I added external unrar support. > > http://www.info-techs.com/eicar.shtml > I guess this is another plug for having multiple virus scanners installed. The above test from info-techs gets stopped by McAfee and BitDefender. -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Mar 7 19:49:50 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:53 2006 Subject: Hostname Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] You can define whatever %variables% you want. %hostname% = your-host-here and then use it as Hostname = the %org-name% (%hostname%) MailScanner later in MailScanner.conf. Jason Huddleston wrote: > I am trying to change the Hostname variable to include the server name > with out hard coding the name in the string. I have tried ^ÓHostname = > the %org-name% (%HOSTNAME%) MailScanner^Ô and ^ÓHostname = the > %org-name% ($HOSTNAME) MailScanner^Ô with no luck. Is their a variable > that I am overlooking that will pick up the server name???? > > Thanks, > > -- > > Jason Huddleston, CCSA > > Assistant Coordinator Internet Services and Security > > Ozarks Technical Community College > > huddlesj@otc.edu > > 417-447-7532 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From itdept at REDRED.COM Mon Mar 7 19:53:15 2005 From: itdept at REDRED.COM (RedRed!com IT Department) Date: Thu Jan 12 21:28:53 2006 Subject: Hostname Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian, I think he's looking more for something like: %hostname% = gethostbyname() But I'm not sure that would work. Sean Julian Field wrote: > You can define whatever %variables% you want. > %hostname% = your-host-here > > and then use it as > Hostname = the %org-name% (%hostname%) MailScanner > later in MailScanner.conf. > > Jason Huddleston wrote: > >> I am trying to change the Hostname variable to include the server >> name with out hard coding the name in the string. I have tried >> ^ÓHostname = the %org-name% (%HOSTNAME%) MailScanner^Ô and ^ÓHostname = >> the %org-name% ($HOSTNAME) MailScanner^Ô with no luck. Is their a >> variable that I am overlooking that will pick up the server name???? >> >> Thanks, >> >> -- >> >> Jason Huddleston, CCSA >> >> Assistant Coordinator Internet Services and Security >> >> Ozarks Technical Community College >> >> huddlesj@otc.edu >> >> 417-447-7532 >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) >> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> *Support MailScanner development - buy the book off the website!* > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From huddlesj at otc.edu Mon Mar 7 19:57:59 2005 From: huddlesj at otc.edu (Jason Huddleston) Date: Thu Jan 12 21:28:53 2006 Subject: Hostname Message-ID: Thanks Julian for your prompt reply. I am trying to use a common config across three mx servers and I was hoping there would be a way that the software could pick up the name of the server with out hard coding it in the config. -- Jason Huddleston, CCSA Assistant Coordinator Internet Services and Security Ozarks Technical Community College huddlesj@otc.edu 417-447-7532 -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Monday, March 07, 2005 1:50 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Hostname You can define whatever %variables% you want. %hostname% = your-host-here and then use it as Hostname = the %org-name% (%hostname%) MailScanner later in MailScanner.conf. Jason Huddleston wrote: > I am trying to change the Hostname variable to include the server name > with out hard coding the name in the string. I have tried "Hostname = > the %org-name% (%HOSTNAME%) MailScanner" and "Hostname = the > %org-name% ($HOSTNAME) MailScanner" with no luck. Is their a variable > that I am overlooking that will pick up the server name???? > > Thanks, > > -- > > Jason Huddleston, CCSA > > Assistant Coordinator Internet Services and Security > > Ozarks Technical Community College > > huddlesj@otc.edu > > 417-447-7532 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From KShortt at AZERTY.COM Mon Mar 7 19:59:33 2005 From: KShortt at AZERTY.COM (Shortt, Kevin) Date: Thu Jan 12 21:28:53 2006 Subject: Hostname Message-ID: In Redhat EL 3.0 there is $HOSTNAME set. Unsure how MS would pull an Environment variable. I believe perl pulls them like such. $ENV{HOSTNAME}; So yours might look like... Hostname = the %org-name% ($ENV{'hostname'}) MailScanner later in This is untested. Give it a try.. -k ----Original Message---- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of RedRed!com IT Department Sent: Monday, March 07, 2005 2:53 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Hostname > Julian, > > I think he's looking more for something like: > > %hostname% = gethostbyname() > > But I'm not sure that would work. > > Sean > > Julian Field wrote: > >> You can define whatever %variables% you want. >> %hostname% = your-host-here >> >> and then use it as >> Hostname = the %org-name% (%hostname%) MailScanner later in >> MailScanner.conf. >> >> Jason Huddleston wrote: >> >>> I am trying to change the Hostname variable to include the server >>> name with out hard coding the name in the string. I have tried >>> "Hostname = the %org-name% (%HOSTNAME%) MailScanner" and "Hostname = >>> the %org-name% ($HOSTNAME) MailScanner" with no luck. Is their a >>> variable that I am overlooking that will pick up the server name???? >>> >>> Thanks, >>> >>> -- >>> >>> Jason Huddleston, CCSA >>> >>> Assistant Coordinator Internet Services and Security >>> >>> Ozarks Technical Community College >>> >>> huddlesj@otc.edu >>> >>> 417-447-7532 >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> *Support MailScanner development - buy the book off the website!* >> >> >> > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Mon Mar 7 20:29:30 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:53 2006 Subject: Virus being missed. (assumed) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Did that over the weekend. I had to install another library because I am running Fedora Core 3. Thanks. >>> ssilva@SGVWATER.COM 03/07 2:18 PM >>> David Curtis wrote: > I guess it is time to look at using BitDefender. Someone want to point > me to some help docs to get it setup with mailscanner and clamav?? > > Docs are not needed. Install BitDefender. add it to the list of used virus scanners in MailScanner.conf. -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From huddlesj at otc.edu Mon Mar 7 20:46:16 2005 From: huddlesj at otc.edu (Jason Huddleston) Date: Thu Jan 12 21:28:53 2006 Subject: Hostname Message-ID: Evedentally MailScanner does picks up everything as a string and does not execute any code that is put in the config file. When I set the following: Hostname = the %org-name% ($ENV{'hostname'}) MailScanner MailScanner returns the template as: Note to Help Desk: Look on the OTC ($ENV{'hostname'}) MailScanner in /var/spool/MailScanner/quarantine/20050307 (message j27KTWVi016814). -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Shortt, Kevin Sent: Monday, March 07, 2005 2:00 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Hostname In Redhat EL 3.0 there is $HOSTNAME set. Unsure how MS would pull an Environment variable. I believe perl pulls them like such. $ENV{HOSTNAME}; So yours might look like... Hostname = the %org-name% ($ENV{'hostname'}) MailScanner later in This is untested. Give it a try.. -k ----Original Message---- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of RedRed!com IT Department Sent: Monday, March 07, 2005 2:53 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Hostname > Julian, > > I think he's looking more for something like: > > %hostname% = gethostbyname() > > But I'm not sure that would work. > > Sean > > Julian Field wrote: > >> You can define whatever %variables% you want. >> %hostname% = your-host-here >> >> and then use it as >> Hostname = the %org-name% (%hostname%) MailScanner later in >> MailScanner.conf. >> >> Jason Huddleston wrote: >> >>> I am trying to change the Hostname variable to include the server >>> name with out hard coding the name in the string. I have tried >>> "Hostname = the %org-name% (%HOSTNAME%) MailScanner" and "Hostname = >>> the %org-name% ($HOSTNAME) MailScanner" with no luck. Is their a >>> variable that I am overlooking that will pick up the server name???? >>> >>> Thanks, >>> >>> -- >>> >>> Jason Huddleston, CCSA >>> >>> Assistant Coordinator Internet Services and Security >>> >>> Ozarks Technical Community College >>> >>> huddlesj@otc.edu >>> >>> 417-447-7532 >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> *Support MailScanner development - buy the book off the website!* >> >> >> > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Mar 7 20:52:27 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:53 2006 Subject: Hostname Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Right, I understand you now. From the next release, you will be able to put in, for example, $HOSTNAME or ${HOSTNAME} and it will be looked up in the shell environment variables and replaced as necessary. This applies to the main conf files. It cannot apply to the reports as I already use "$" variables there for other things. You can even use them in %variable% definitions, so you can do SpamAssassin Local Rules Dir = $HOME/.spamassassin or %sa-local-dir% = $HOME/.spamassassin SpamAssassin Local Rules Dir = %sa-local-dir% Anyone want me to put out a new beta so you can try all this stuff? Jason Huddleston wrote: >Thanks Julian for your prompt reply. I am trying to use a common config >across three mx servers and I was hoping there would be a way that the >software could pick up the name of the server with out hard coding it in the >config. > >-- >Jason Huddleston, CCSA >Assistant Coordinator Internet Services and Security >Ozarks Technical Community College >huddlesj@otc.edu >417-447-7532 > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf >Of Julian Field >Sent: Monday, March 07, 2005 1:50 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Hostname > >You can define whatever %variables% you want. >%hostname% = your-host-here > >and then use it as >Hostname = the %org-name% (%hostname%) MailScanner >later in MailScanner.conf. > >Jason Huddleston wrote: > > > >>I am trying to change the Hostname variable to include the server name >>with out hard coding the name in the string. I have tried "Hostname = >>the %org-name% (%HOSTNAME%) MailScanner" and "Hostname = the >>%org-name% ($HOSTNAME) MailScanner" with no luck. Is their a variable >>that I am overlooking that will pick up the server name???? >> >>Thanks, >> >>-- >> >>Jason Huddleston, CCSA >> >>Assistant Coordinator Internet Services and Security >> >>Ozarks Technical Community College >> >>huddlesj@otc.edu >> >>417-447-7532 >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) >>and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>*Support MailScanner development - buy the book off the website!* >> >> > > >-- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dwinkler at ALGORITHMICS.COM Mon Mar 7 20:57:28 2005 From: dwinkler at ALGORITHMICS.COM (Derek Winkler) Date: Thu Jan 12 21:28:53 2006 Subject: Hostname Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] From MailScanner at ecs.soton.ac.uk Mon Mar 7 21:10:05 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:53 2006 Subject: Hostname Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] My addition just now supercedes this, and enables you to use any shell environment variable anywhere in any definition. But many thanks to Tony for providing this in the mean time :-) Derek Winkler wrote: >From CustomConfig.pm > >########################################################################### ># ># Handy little feature to let you use the same MailScanner.conf file on ># lots of different hosts, where the only difference is the hostname. ># Just uncomment the "use Sys::Hostname" line and then set ># Hostname = &Hostname ># in your MailScanner.conf to use this. ># ># Many thanks to Tony Finch for this. ># >########################################################################### > >Works in reports as well. > > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf >Of Jason Huddleston >Sent: Monday, March 07, 2005 2:43 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Hostname > > >I am trying to change the Hostname variable to include the server name with >out hard coding the name in the string. I have tried "Hostname = the >%org-name% (%HOSTNAME%) MailScanner" and "Hostname = the %org-name% >($HOSTNAME) MailScanner" with no luck. Is their a variable that I am >overlooking that will pick up the server name???? > > >This email and any files transmitted with it are confidential and >proprietary to Algorithmics Incorporated and its affiliates >("Algorithmics"). If received in error, use is prohibited. Please destroy, >and notify sender. Sender does not waive confidentiality or privilege. >Internet communications cannot be guaranteed to be timely, secure, error or >virus-free. Algorithmics does not accept liability for any errors or >omissions. Any commitment intended to bind Algorithmics must be reduced to >writing and signed by an authorized signatory. > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Mon Mar 7 21:17:05 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:28:53 2006 Subject: [Slightly OT] Phishing detection Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] How do you turn off phishing detection in clamav? Does anyone know how accurate it is? Pete Julian Field wrote: > Alisdair Davey wrote: > >>>> A quick question for people. The IT depeartment of the >>>> univesrity I used to >>>> work out just sent out a note about its virus scanner Macafee >>>> detecting a >>>> phishing attack. I use Clamav and F-Prot onmy mail gateways >>>> and see plenty >>>> of detections of phshing attacks from clamav, but none from >>>> fprot. If you >>>> use a different virus scanner can you let me know if it >>>> detects phishing >>>> attacks. Feel free to email me personally and I'll summarize >>>> to the list. >>>> >>>> >>> I use mcafee, clamav and bitdefender. Both mcafee and clamav detect >>> phishing, with clamav being the one catching the most. Bitdefender >>> does not do phishing, so... fprot isn't alone in this... and not >>> entirely wrong either. Phishing is after all not really a virus type >>> of thing. But having the click-happy users I do, I do appreciate that >>> both clam and mcafee do detect/remove most:-). >>> >>> I've never seen a phish that clamav missed but mcafee caught. >>> >>> And if one wants to eb sure any phishing is real obvious, why not use >>> MS phishing net? >>> >>> >> >> Very true - may I take it from the lack of other responses that clamav / >> mcafee are the only two virus scanners to detect phishing attempts as >> viruses? >> > As far as I am aware, yes. > Of course I only use MailScanner's phishing net :-) > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pparsons at COLUMBIAFUELS.COM Mon Mar 7 22:04:49 2005 From: pparsons at COLUMBIAFUELS.COM (Philip Parsons) Date: Thu Jan 12 21:28:53 2006 Subject: New version MailScanner stable release 4.39.5 Message-ID: I have not seen any comments about this version yet has anyone installed it yet ???? Thank you. Philip Parsons Team Leader, IT Columbia Fuels Inc. 2669 Wilfert Rd., Victoria BC, V9B 5Z3 Phone: (250) 391-3638 Cell: (250) 883-5972 http://www.columbiafuels.com http://www.columbiaenergy.com http://www.columbiaice.com pparsons@columbiafuels.com E-mail protection by Mailscanner/SA Virus protection by Bitdefender/ClamAv ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Mon Mar 7 22:09:56 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:28:53 2006 Subject: New version MailScanner stable release 4.39.5 Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Philip Parsons > Sent: Monday, March 07, 2005 5:05 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: New version MailScanner stable release 4.39.5 > > I have not seen any comments about this version yet has anyone installed > it yet ???? > > > Thank you. > Philip Parsons > Team Leader, IT > Current version is 4.39.6-1. We've installed this on many systems without any problems. Steve Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Mar 7 22:12:28 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:53 2006 Subject: New version MailScanner stable release 4.39.5 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] It has been downloaded 1,250 times so far, so someone must be using it :-) Philip Parsons wrote: > I have not seen any comments about this version yet has anyone > installed it yet ???? > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pparsons at COLUMBIAFUELS.COM Mon Mar 7 22:15:38 2005 From: pparsons at COLUMBIAFUELS.COM (Philip Parsons) Date: Thu Jan 12 21:28:53 2006 Subject: New version MailScanner stable release 4.39.5 Message-ID: Great I did not realize we were already past it. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Monday, March 07, 2005 2:12 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: New version MailScanner stable release 4.39.5 It has been downloaded 1,250 times so far, so someone must be using it :-) Philip Parsons wrote: > I have not seen any comments about this version yet has anyone > installed it yet ???? > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Mar 7 22:17:23 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:53 2006 Subject: New version MailScanner stable release 4.39.5 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Stephen Swaney wrote: >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>Behalf Of Philip Parsons >>Sent: Monday, March 07, 2005 5:05 PM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: New version MailScanner stable release 4.39.5 >> >>I have not seen any comments about this version yet has anyone installed >>it yet ???? >> >> >Current version is 4.39.6-1. We've installed this on many systems without >any problems. > And that one has been downloaded thousands of times. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Mon Mar 7 22:18:27 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:53 2006 Subject: Virus being missed. (assumed) Message-ID: At 02:26 PM 3/7/2005, Scott Silva wrote: > > You can use this site to send a rared eicar file.. It wasn't caught by > > clamav until I added external unrar support. > > > > http://www.info-techs.com/eicar.shtml > > > >I guess this is another plug for having multiple virus scanners installed. >The above test from info-techs gets stopped by McAfee and BitDefender. I agree 100%. It's also a plug to add as many compression extensions to ClamAV as possible. ClamAV will catch it just fine if you have unrar added, but will miss it entirely if you don't. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcel-ml at IRC-ADDICTS.DE Mon Mar 7 22:19:13 2005 From: marcel-ml at IRC-ADDICTS.DE (Marcel Blenkers) Date: Thu Jan 12 21:28:53 2006 Subject: Outstanding feature/fix requests? Message-ID: Hi there, sorry for not making myself clear: On Mon, 7 Mar 2005, Julian Field wrote: > Sorry, I do not understand you. > there is the following option: # When you quarantine an entire message, do you want to store it as # raw mail queue files (so you can easily send them onto users) or # as human-readable files (header then body in 1 file)? Quarantine Whole Messages As Queue Files = no This option works for Mails detected as spam and for Mails detected with viruses.. I had to set it to no, due to the fact that the Script Quarantine-Report needs the spam-Mails not to be 2 queue-files but one Mail. So, everyone on my system receives the Daily Report and is able to get the Spam-Mail if needed. But, if there is a virus mail, and the user wish to receive this mail, i could use the command: sendmail -toi user@domain < messagefile Problem with that is the following: The Mail gets received by sendmail-in, checked with MailScanner again, and again it is stated as vrus infected. If i could set the option Quarantine whole message as queue for spam and virus seperatly, the user could get the daily report again, due to the fact that these spam-mails are saved as one file, and, if needed, i could post the 2 queue-files with the virus infected mail into the sendmail-queue, so the virus infected mail get mailed without scanned again. As i could change the not to scan option int localhost, but as i do send mails from shell, i would like to get mails scanned if i do send them from shell as ordinary user. I hope i made myself understood now :) Greetings Marcel ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Mar 7 22:35:40 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:53 2006 Subject: Outstanding feature/fix requests? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Do other people need this as well? It will mean yet another 2 configuration variables (one for spam, one for mcp) and a change to the current option covering this. Marcel Blenkers wrote: >Hi there, > >sorry for not making myself clear: > >On Mon, 7 Mar 2005, Julian Field wrote: > > > >>Sorry, I do not understand you. >> >> >> >there is the following option: > ># When you quarantine an entire message, do you want to store it as ># raw mail queue files (so you can easily send them onto users) or ># as human-readable files (header then body in 1 file)? >Quarantine Whole Messages As Queue Files = no > > >This option works for Mails detected as spam and for Mails detected with >viruses.. > >I had to set it to no, due to the fact that the Script Quarantine-Report >needs the spam-Mails not to be 2 queue-files but one Mail. > >So, everyone on my system receives the Daily Report and is able to get the >Spam-Mail if needed. > >But, if there is a virus mail, and the user wish to receive this mail, i >could use the command: > >sendmail -toi user@domain < messagefile > >Problem with that is the following: > >The Mail gets received by sendmail-in, checked with MailScanner again, and >again it is stated as vrus infected. > >If i could set the option >Quarantine whole message as queue > >for spam and virus seperatly, the user could get the daily report again, >due to the fact that these spam-mails are saved as one file, and, if >needed, i could post the 2 queue-files with the virus infected mail into >the sendmail-queue, so the virus infected mail get mailed without scanned >again. > >As i could change the not to scan option int localhost, but as i do send >mails from shell, i would like to get mails scanned if i do send them from >shell as ordinary user. > >I hope i made myself understood now :) > >Greetings > >Marcel > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From zen23003 at ZEN.CO.UK Mon Mar 7 23:37:25 2005 From: zen23003 at ZEN.CO.UK (Paul Welsh) Date: Thu Jan 12 21:28:53 2006 Subject: Panda not working Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Steen, Glenn > Sent: 07 March 2005 17:35 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Panda not working > > Ok, this one has pimples the size of Everest, but could you > just try it > out Paul? To run it as MailScanner does call it like: > /usr/lib/MailScanner/panda-wrapper /usr -aut -aex -heu -nso -cmp -esp > /tmp > Hi Glenn OK, this worked. Thanks very much. The output is messy when you use the -AEX option on a whole directory, but I guess this command: /usr/lib/MailScanner/panda-wrapper /usr -aut -aex -heu -nso -cmp -esp /tmp/eicar.com would be more similar to the way MailScanner will use it and this gets the output: Virus: 1##Base: /tmp/eicar.com##1: '' => Eicar## I'm a bit puzzled why you included the -ESP switch because that changes the output to Spanish. Now I'll let MS run for a while with the eval version and then I'll install the free version and see if the free version is capable of using the latest update file; Panda support suggested not. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ak at HOVMARK.DK Tue Mar 8 07:18:53 2005 From: ak at HOVMARK.DK (Anders Kongsted) Date: Thu Jan 12 21:28:53 2006 Subject: Virus being missed. (assumed) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] How do I install the external RAR support? I also tested eicar.lzh - with the same result! :-( Anders Matt Kettler wrote: > At 02:26 PM 3/7/2005, Scott Silva wrote: > >> > You can use this site to send a rared eicar file.. It wasn't caught by >> > clamav until I added external unrar support. >> > >> > http://www.info-techs.com/eicar.shtml >> > >> >> I guess this is another plug for having multiple virus scanners >> installed. >> The above test from info-techs gets stopped by McAfee and BitDefender. > > > I agree 100%. > > It's also a plug to add as many compression extensions to ClamAV as > possible. > > ClamAV will catch it just fine if you have unrar added, but will miss it > entirely if you don't. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- Med venlig hilsen Anders Kongsted Hovmark Data Krogsgårdsvej 56 6731 Tjæreborg Tlf.: 76 12 59 00 Email: ak@hovmark.dk Skype: akhovmark ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From john at OMEGADATA.NO Tue Mar 8 08:04:39 2005 From: john at OMEGADATA.NO (John Berntsen) Date: Thu Jan 12 21:28:53 2006 Subject: New version MailScanner stable release 4.39.5 Message-ID: Yes, I have installed it, and it runs just perfect. Using bidefender,clamav and spamassassin - no problems. Med vennlig hilsen / Regards John Berntsen -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: 7. mars 2005 23:12 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: New version MailScanner stable release 4.39.5 It has been downloaded 1,250 times so far, so someone must be using it :-) Philip Parsons wrote: > I have not seen any comments about this version yet has anyone > installed it yet ???? > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Andreas.Doerfler at KEMPTEN.DE Tue Mar 8 08:19:57 2005 From: Andreas.Doerfler at KEMPTEN.DE ([iso-8859-1] Dörfler Andreas) Date: Thu Jan 12 21:28:53 2006 Subject: link blacklist Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] hi there, (hope im not to blind to see it in mailscanner.conf) is there a way to block mails with a special url inside ? today i recieved 100+ mails from different senders with different content but the same link inside. it would be a fast and easy way to react on spambombings, block mails with a special link or string inside. greetings andy --free your mind, use open source http://www.mono-project.com ASCII ribbon campaign ( ) - against HTML email X & vCards / \ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Tue Mar 8 08:21:17 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:28:53 2006 Subject: link blacklist Message-ID: Hi! > (hope im not to blind to see it in mailscanner.conf) > is there a way to block mails with a special url inside ? > > today i recieved 100+ mails from different senders with > different content but the same link inside. > it would be a fast and easy way to react on spambombings, > block mails with a special link or string inside. If you start using SpamAssassin 3.x inside MailScanner this will be done with SURBL. Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Andreas.Doerfler at KEMPTEN.DE Tue Mar 8 08:36:52 2005 From: Andreas.Doerfler at KEMPTEN.DE ([iso-8859-1] Dörfler Andreas) Date: Thu Jan 12 21:28:53 2006 Subject: link blacklist Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] SURBL is serverbased, think the multible reportings wont be fast enough to block the flood of incoming spam (100+ in 30 minutes) or im wrong ? > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Raymond Dijkxhoorn > > If you start using SpamAssassin 3.x inside MailScanner this > will be done > with SURBL. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Mar 8 08:41:56 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:53 2006 Subject: Virus being missed. (assumed) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] The new version will use it automatically if you set "Unrar Command" to point to it in MailScanner.conf. Anders Kongsted wrote: > How do I install the external RAR support? I also tested eicar.lzh - > with the same result! :-( > > Anders > > Matt Kettler wrote: > >> At 02:26 PM 3/7/2005, Scott Silva wrote: >> >>> > You can use this site to send a rared eicar file.. It wasn't >>> caught by >>> > clamav until I added external unrar support. >>> > >>> > http://www.info-techs.com/eicar.shtml >>> > >>> >>> I guess this is another plug for having multiple virus scanners >>> installed. >>> The above test from info-techs gets stopped by McAfee and BitDefender. >> >> >> >> I agree 100%. >> >> It's also a plug to add as many compression extensions to ClamAV as >> possible. >> >> ClamAV will catch it just fine if you have unrar added, but will miss it >> entirely if you don't. >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jkf at ecs.soton.ac.uk Tue Mar 8 08:59:54 2005 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:53 2006 Subject: DNS wildcards used in new phishing attacks Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] As highlighted here on Slashdot: http://slashdot.org/articles/05/03/08/0052235.shtml which links to the full Netcraft article at http://news.netcraft.com/archives/2005/03/07/phishers_use_wildcard_dns_to_build_convincing_bait_urls.html I have just tested the examples given by Netcraft, and the current phishing net already traps these phishing attacks and needs no changes or improvements in this case. If you are running an old version of the phishing net, I strongly advise you to upgrade. You should at least test the 3 URLs given by Netcraft and ensure that you can catch them. Use an HTML segment like this: Barclays bank wildcard DNS attack here: barclays.co.uk barclays.co.uk barclays.co.uk Beware that the above paragraph should have 4 lines in it, in case my mail client messes with it. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Mar 8 09:06:03 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:53 2006 Subject: Whitelist FromOrTo: Message-ID: Andy glad you got it working. what have you got in whitelist with regards ip-addresses? (if you want to hide the actual ip-addresses that's fine). From memory you need NET::CIDR for this to work properly, but that should be installed with MS, but it's worth checking. As for the workout - was quite tired so didn't do as much as normal. What kicked my but was 1) having two small kids and getting out of breath chasing them around in the garden etc. and 2) friend of mine from university literally dropping dead at work from heart disease (ag 38 same as me). -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Andy Norris wrote: > Thanks Martin, > > I'm running MS 4.36.4. > > It's working now. > > However, one more weird thing... I DO have the IPs for our sites in there, > as well... and they don't seem to work. > > Oh well. Baby steps. Baby steps. > > Thanks very much, and hope your workout was everything you'd ever dreamed > it could be. I hope you can prove to be inspiration for me to get off my > butt and away from this damned computer and get myself to the gym that > takes my money whether I'm there or not! > > Andy Norris > > > > At 12:05 pm 2005-03-07, you wrote: > >> Andy >> >> MS will put in an extra header >> >> X-Mailscanner-From: >> >> that will who the actual From is, so you can debug stuff like rules >> easier. Check this header against your rules. >> >> Also doing a per domain on the spam.whitelist is prob idea as the >> spammers like to "from: you", "to: you" in order to get around spam >> filters. Best to use ip-addresses if possible. >> >> Also what version of MS. >> >> Ok so having asked for all that, I'm off home (via the gym), but I'm >> sure the other people on the list will help too ;-) >> >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >> >> Andy Norris wrote: >> >>> Hi again, MailScanners. >>> >>> I'm having a problem with my whitelisting directives, apparently. >>> >>> I'm trying to whitelist all mail from mydomain.com. >>> >>> In the file spam.whitelist.rules, if I have the following: >>> >>> FromOrTo: mydomain.com yes >>> >>> it works! >>> >>> But if I have: >>> >>> From: mydomain.com yes >>> >>> it doesn't... >>> >>> I've tried: >>> >>> From: *@mydomain.com yes >>> >>> and that doesn't work, either. >>> >>> What gives? >>> >>> Thanks for any insight, >>> >>> Andy Norris >> >> >> ********************************************************************** >> >> This email and any files transmitted with it are confidential and >> intended solely for the use of the individual or entity to whom they >> are addressed. If you have received this email in error please notify >> the system manager. >> >> This footnote confirms that this email message has been swept >> for the presence of computer viruses and is believed to be clean. >> >> ********************************************************************** >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Mar 8 09:17:12 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:53 2006 Subject: [Slightly OT] Phishing detection Message-ID: Pete it just treats is as a virus so not sure you can switch this off from a ClamAV point of view. BUT MS might be able to do something with the Silent Viruses option, but there are so many of them (Phishing.Bank is up to at least 107). From what I'm seeing it's picking up a fair few every day(around 30% of my virus's are these phishing things). -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Peter Russell wrote: > How do you turn off phishing detection in clamav? > > Does anyone know how accurate it is? > > Pete > > Julian Field wrote: > >> Alisdair Davey wrote: >> >>>>> A quick question for people. The IT depeartment of the >>>>> univesrity I used to >>>>> work out just sent out a note about its virus scanner Macafee >>>>> detecting a >>>>> phishing attack. I use Clamav and F-Prot onmy mail gateways >>>>> and see plenty >>>>> of detections of phshing attacks from clamav, but none from >>>>> fprot. If you >>>>> use a different virus scanner can you let me know if it >>>>> detects phishing >>>>> attacks. Feel free to email me personally and I'll summarize >>>>> to the list. >>>>> >>>>> >>>> I use mcafee, clamav and bitdefender. Both mcafee and clamav detect >>>> phishing, with clamav being the one catching the most. Bitdefender >>>> does not do phishing, so... fprot isn't alone in this... and not >>>> entirely wrong either. Phishing is after all not really a virus type >>>> of thing. But having the click-happy users I do, I do appreciate that >>>> both clam and mcafee do detect/remove most:-). >>>> >>>> I've never seen a phish that clamav missed but mcafee caught. >>>> >>>> And if one wants to eb sure any phishing is real obvious, why not use >>>> MS phishing net? >>>> >>>> >>> >>> Very true - may I take it from the lack of other responses that clamav / >>> mcafee are the only two virus scanners to detect phishing attempts as >>> viruses? >>> >> As far as I am aware, yes. >> Of course I only use MailScanner's phishing net :-) >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Mar 8 09:24:35 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:53 2006 Subject: [Slightly OT] Phishing detection Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Martin Hepworth wrote: > Pete > > it just treats is as a virus so not sure you can switch this off from a > ClamAV point of view. BUT MS might be able to do something with the > Silent Viruses option, but there are so many of them (Phishing.Bank is > up to at least 107). A simple Silent Viruses = phishing will do the job. > > From what I'm seeing it's picking up a fair few every day(around 30% of > my virus's are these phishing things). > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Peter Russell wrote: > >> How do you turn off phishing detection in clamav? >> >> Does anyone know how accurate it is? >> >> Pete >> >> Julian Field wrote: >> >>> Alisdair Davey wrote: >>> >>>>>> A quick question for people. The IT depeartment of the >>>>>> univesrity I used to >>>>>> work out just sent out a note about its virus scanner Macafee >>>>>> detecting a >>>>>> phishing attack. I use Clamav and F-Prot onmy mail gateways >>>>>> and see plenty >>>>>> of detections of phshing attacks from clamav, but none from >>>>>> fprot. If you >>>>>> use a different virus scanner can you let me know if it >>>>>> detects phishing >>>>>> attacks. Feel free to email me personally and I'll summarize >>>>>> to the list. >>>>>> >>>>>> >>>>> I use mcafee, clamav and bitdefender. Both mcafee and clamav detect >>>>> phishing, with clamav being the one catching the most. Bitdefender >>>>> does not do phishing, so... fprot isn't alone in this... and not >>>>> entirely wrong either. Phishing is after all not really a virus type >>>>> of thing. But having the click-happy users I do, I do appreciate that >>>>> both clam and mcafee do detect/remove most:-). >>>>> >>>>> I've never seen a phish that clamav missed but mcafee caught. >>>>> >>>>> And if one wants to eb sure any phishing is real obvious, why not use >>>>> MS phishing net? >>>>> >>>>> >>>> >>>> Very true - may I take it from the lack of other responses that >>>> clamav / >>>> mcafee are the only two virus scanners to detect phishing attempts as >>>> viruses? >>>> >>> As far as I am aware, yes. >>> Of course I only use MailScanner's phishing net :-) >> -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Tue Mar 8 09:44:45 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:53 2006 Subject: Outstanding feature/fix requests? Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field > Sent: den 7 mars 2005 23:36 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Outstanding feature/fix requests? > > > Do other people need this as well? It will mean yet another 2 > configuration variables (one for spam, one for mcp) and a > change to the > current option covering this. Can't one solve it with something like a From: 127.0.0.1 and From: root no FormOrTo: default yes ruleset on Virus Scanning? -- Glenn > > Marcel Blenkers wrote: > > >Hi there, > > > >sorry for not making myself clear: > > > >On Mon, 7 Mar 2005, Julian Field wrote: > > > > > > > >>Sorry, I do not understand you. > >> > >> > >> > >there is the following option: > > > ># When you quarantine an entire message, do you want to store it as > ># raw mail queue files (so you can easily send them onto users) or > ># as human-readable files (header then body in 1 file)? > >Quarantine Whole Messages As Queue Files = no > > > > > >This option works for Mails detected as spam and for Mails > detected with > >viruses.. > > > >I had to set it to no, due to the fact that the Script > Quarantine-Report > >needs the spam-Mails not to be 2 queue-files but one Mail. > > > >So, everyone on my system receives the Daily Report and is > able to get the > >Spam-Mail if needed. > > > >But, if there is a virus mail, and the user wish to receive > this mail, i > >could use the command: > > > >sendmail -toi user@domain < messagefile > > > >Problem with that is the following: > > > >The Mail gets received by sendmail-in, checked with > MailScanner again, and > >again it is stated as vrus infected. > > > >If i could set the option > >Quarantine whole message as queue > > > >for spam and virus seperatly, the user could get the daily > report again, > >due to the fact that these spam-mails are saved as one file, and, if > >needed, i could post the 2 queue-files with the virus > infected mail into > >the sendmail-queue, so the virus infected mail get mailed > without scanned > >again. > > > >As i could change the not to scan option int localhost, but > as i do send > >mails from shell, i would like to get mails scanned if i do > send them from > >shell as ordinary user. > > > >I hope i made myself understood now :) > > > >Greetings > > > >Marcel > > > >------------------------ MailScanner list ------------------------ > >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >'leave mailscanner' in the body of the email. > >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > >Support MailScanner development - buy the book off the website! > > > > > > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Tue Mar 8 09:51:20 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:28:53 2006 Subject: New version MailScanner stable release 4.39.5 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I'm at 40.40.2-1 in production since yesterday, with mcafee, clamav, bitdefender and spamassassin. Runs fine... ----- Original Message ----- From: "John Berntsen" To: Sent: Tuesday, March 08, 2005 5:04 AM Subject: Re: New version MailScanner stable release 4.39.5 > Yes, I have installed it, and it runs just perfect. > Using bidefender,clamav and spamassassin - no problems. > > > Med vennlig hilsen / Regards > John Berntsen > > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf > Of Julian Field > Sent: 7. mars 2005 23:12 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: New version MailScanner stable release 4.39.5 > > It has been downloaded 1,250 times so far, so someone must be using it :-) > > Philip Parsons wrote: > > > I have not seen any comments about this version yet has anyone > > installed it yet ???? > > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From satya at BAINSDIGITAL.COM Tue Mar 8 10:29:52 2005 From: satya at BAINSDIGITAL.COM (SatyaDev Sharma) Date: Thu Jan 12 21:28:53 2006 Subject: Want to add a product in 3rd party product list. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, I want to add a product in list of 3rd party product at http://www.mailscanner.biz/3rdparty.html Where and how I can put a request for that. -Satya ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dcurtis at SBSCHOOLS.NET Tue Mar 8 11:01:46 2005 From: dcurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:53 2006 Subject: vnames.pl Message-ID: Any one have the vnames.pl working to get virus information for BitDefender? Sorry if it has been already discussed. Thanks. Thanks, David Curtis dcurtis@sbschools.net (802) 652-7254 South Burlington School District 550 Dorset Street South Burlington, Vt 05403 This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dannyh at aac-services.co.uk Tue Mar 8 11:16:08 2005 From: dannyh at aac-services.co.uk (Dan Harris) Date: Thu Jan 12 21:28:53 2006 Subject: MAILSCANNER Digest - 6 Mar 2005 to 7 Mar 2005 - Special issue (#2005-69) Message-ID: Don't know if anyone else has seen this, but for some reason our MailScanner (4.37.7) has picked up the above digest as having "Other Bad Content Detected", citing "Too many attachments in message" as the reason? We have the default 200 set in MailScanner.conf. A quick browse of the archive shows somewhere around 180 postings since the previous digest, so I guess the other graphics must have tipped it over the 200 limit. I guess that there's a bit of tweaking needed on the number of posts before a "Special Issue" digest is created? Thanks for the great product, Dan Harris. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ramprasad at NETCORE.CO.IN Tue Mar 8 11:00:35 2005 From: ramprasad at NETCORE.CO.IN (Ramprasad A Padmanabhan) Date: Thu Jan 12 21:28:53 2006 Subject: User-wise content parsing from rulesets in a database Message-ID: Hi all, I want to take some specific actions on mail arrival at smtp server , like sending SMS , depending on the user defined rules. These rules will be stored in a database ( postgres or Mysql ) Is there any mailscanner addon I can directly use. Thanks Ram ---------------------------------------------------------- Netcore Solutions Pvt. Ltd. Website: http://www.netcore.co.in Spamtraps: http://cleanmail.netcore.co.in/directory.html ---------------------------------------------------------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Mar 8 11:29:30 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:53 2006 Subject: User-wise content parsing from rulesets in a database Message-ID: Ram prob a custom function called from Lookup up last. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Ramprasad A Padmanabhan wrote: > Hi all, > > I want to take some specific actions on mail arrival at smtp server , > like sending SMS , depending on the user defined rules. These rules will > be stored in a database ( postgres or Mysql ) > Is there any mailscanner addon I can directly use. > > Thanks > Ram > > > ---------------------------------------------------------- > Netcore Solutions Pvt. Ltd. > Website: http://www.netcore.co.in > Spamtraps: http://cleanmail.netcore.co.in/directory.html > ---------------------------------------------------------- > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Tue Mar 8 11:36:49 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:28:53 2006 Subject: vnames.pl Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] :) yes it was last week and here it is attached. Some one made one and attched it to the list also, but i cant see how they would differ much :) David Curtis wrote: > Any one have the vnames.pl working to get virus information for > BitDefender? Sorry if it has been already discussed. > > Thanks. > > Thanks, > David Curtis > dcurtis@sbschools.net > (802) 652-7254 > South Burlington School District > 550 Dorset Street > South Burlington, Vt 05403 > > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2: "Attached Text" ] #!/usr/bin/perl -w # # vnames.pl [-v] Version 2.1.2 - 4/5/2004 # ---------------------------------------------------------------------------- # Print a report of all the e-mail viruses received today. # # Contributors v.2.x.x: # McAfee French, Text Formatting - Denis Beauchemin (Denis.Beauchemin@USherbrooke.ca) # H+BEDV AntiVir Support - Wolfgang Bönschen (wolfgang@antares.de) # McAfee virus|trojan fix - James Gray (james@grayonline.id.au) # Refined & Expanded Scanners - Joshua Hirsh (joshua.hirsh@partnersolutions.ca) # originally from David While's MailStats.pl script: (http://staff.cie.uce.ac.uk/~id001869/mailstats/). # Panda support - Pedro Rosa (Pedro.Rosa@SA.FC.UL.PT) # # Contributors v.1.x.x: # Sophos Support - Aaron Seelye (aseelye-lists@eltopia.com) # F-Prot Support - jburzenski (jburzenski@americanhm.com) # # Copyright, (c) 2003-2004, Corey S. McFadden & Associates (contact@csma.biz) # www.csma.biz # By postal mail: # McFadden Associates # PO Box 20665 # Lehigh Valley, PA 18002 # U.S.A. # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # Definable Vars $Scanner = "bitdefender,clamav"; # comma sep: sophos,sophossavi,inoculan,clamav,command,f-prot, # mcafee,mcafee_fr,fsecure,panda,antivir $HTML = "no"; # yes|no (no=text only) $Sort = "count"; #count|name (count=ascending) $MailLogFile = "/var/log/maillog"; $SendMail = "/usr/sbin/sendmail"; $StatsFile = "/root/virus.log"; # Scanner Strings my %Scanners = ( bitdefender => { Output => '\/.*infected:', String => '\/.*infected: (.*)' }, sophos => { Output => '>>> Virus', String => '>>> Virus \'(.*)\''}, sophossavi => { Output => 'INFECTED::', String => 'INFECTED:: (.*)::'}, inoculan => { Output => 'was infected by virus', String => 'was infected by virus \[(.*)\]'}, clamav => { Output => 'FOUND', String => ':.* (.*) FOUND'}, command => { Output => 'Infection:', String => 'Infection: (.*)'}, "f-prot" => { Output => 'Infection:', String => 'Infection: (.*)'}, mcafee => { Output => 'Found the', String => 'Found the (.*) (virus|trojan) !!!'}, mcafee_fr => { Output => 'contient le', String => 'contient le (?:virus|ver|cheval de Troie) (.*) !!!'}, fsecure => { Output => '.*Infection: (.*)', String => '.*Infection: (.*)'}, panda => { Output => 'Virus: (.*)', String => '.* => (.*)##'}, antivir => { Output => 'ALERT: (.*)', String => 'ALERT: \[(.*)\]'}, ); my %ScannerText = ( bitdefender => "BitDefender", sophos => "Sophos SAV", sophossavi => "Sophos SAVI", inoculan => "Inoculan", clamav => "ClamAV", command => "Command", "f-prot" => "F-Prot", mcafee => "McAfee", mcafee_fr => "McAfee (with French messages)", fsecure => "FSecure", panda => "Panda Antivirus", antivir => "H+BEDV AntiVir", ); # Internal Vars $EmailTo = $ARGV[0]; if ($EmailTo eq "") { print "\tUsage: vnames.pl [-v] \n"; exit 1; } if ($EmailTo eq "-v") { print "\n"; print "\tvnames.pl - MailScanner Virus Filter Report.\n"; print "\t Version 2.1.2, released 4/5/2004.\n"; print "\t http://web.csma.biz/apps/vnames.shtml\n\n"; print "\tScanners supported:\n"; foreach $in(sort(keys %ScannerText)) { printf "\t %-12s %-20s\n", $in, $ScannerText{$in}; } print "\n"; exit 0; } @UseScanners = split(/,/,$Scanner); $now_date = localtime(time); @TIM = split(/\ /,$now_date); # Check this $AnsiDate = ""; # # Program Main # &parse_date; open (SENDMAIL,"|$SendMail $EmailTo") or die "Cannot open $SendMail."; &print_header; foreach $in(@UseScanners) { &init_vars; &print_sectionheader($in); &check_log($in); &print_sortedresults; &print_sectionfooter; } &print_footer; close SENDMAIL; #&write_stats; # # Program Subroutines # sub init_vars { %Seen = (); @SortedList = (); @Names1 = (); $count = 0; } sub print_header { # Print e-mail header my $myhostname = (`hostname`); $myhostname =~ s/\n//g; print SENDMAIL "Reply-to: root\@$myhostname\n"; print SENDMAIL "Subject: E-Mail Viruses ($TIM[0]) - $myhostname\n"; print SENDMAIL "To: $EmailTo\n"; if ($HTML eq "yes") { print SENDMAIL "Content-type: text/html\;\n\n"; print SENDMAIL "\n"; } else { print SENDMAIL "\n"; } } sub print_sectionheader { # Start each scanner block # Current scanner name must be supplied my $currentscanner = $_[0]; if ($HTML eq "yes") { print SENDMAIL "

\n"; print SENDMAIL "Viruses found by MailScanner \&\; $ScannerText{$currentscanner} today:\n"; } else { print SENDMAIL "Viruses found by MailScanner \& $ScannerText{$currentscanner} today:\n"; } } sub print_sectionfooter { if ($HTML eq "yes") { print SENDMAIL "


"; } else { print SENDMAIL "\n\n"; } } sub check_log { # Current scanner name must be supplied my $currentscanner = $_[0]; my $ThisScanner = $Scanners{$currentscanner}; open (MAILLOG,$MailLogFile); while ($cline = ) { $cline =~ s/\n//g; if ($cline =~ "$TIM[1] $TIM[2]") { if ($cline =~ /$ThisScanner->{Output}/) { ($vname) = ($cline =~ /$ThisScanner->{String}/); $count = ($count + 1); $vname =~ s/\ //g; $vname =~ s/\n//g; push @Names1,"$vname"; } } } close MAILLOG; } sub print_sortedresults { # Take the resulting array, Names1, and sort with a count. my @UniqueList = (); foreach $in(@Names1) { push (@UniqueList,$in) unless ($Seen{$in}); $Seen{$in}++; } @SortedList = sort(@UniqueList); if ($HTML eq "yes") { # HTML output print SENDMAIL "\n"; if ($Sort eq "count") { # Sorted by count foreach $in(sort { $Seen{$b} <=> $Seen{$a} } keys %Seen) { # print SENDMAIL "\n"; print SENDMAIL "\n"; } } else { # Sorted by name foreach $in(@SortedList) { print SENDMAIL "\n"; } } print SENDMAIL "
\ \ $in\ \  $Seen{$in}
\ \ $in$Seen{$in}
\ \ $in$Seen{$in}
\n"; } else { # Text output if ($Sort eq "count") { # Sorted by count foreach $in(sort { $Seen{$b} <=> $Seen{$a} } keys %Seen) { printf SENDMAIL " - %-28s %7d\n", $in, $Seen{$in}; } } else { # Sorted by name foreach $in(@SortedList) { printf SENDMAIL " - %-28s %7d\n", $in, $Seen{$in}; } } } if ($count eq 0) { print SENDMAIL "None.\n"; } else { print SENDMAIL "A total of $count viruses were found and filtered.\n"; } } sub print_footer { if ($HTML eq "yes") { print SENDMAIL "\n"; } else { print SENDMAIL "\n"; } } sub write_stats { # Write CSV Stats for Excel graphs and whatnot open (STAT, ">>$StatsFile"); foreach $in(@SortedList) { print STAT "$AnsiDate,$in,$Seen{$in}\n"; } close STAT; } sub parse_date { my $date=localtime(); my ($day, $month, $num, $time, $year) = split(/\s+/,$date); if ($month eq "Jan") { $month = "1"; } if ($month eq "Feb") { $month = "2"; } if ($month eq "Mar") { $month = "3"; } if ($month eq "Apr") { $month = "4"; } if ($month eq "May") { $month = "5"; } if ($month eq "Jun") { $month = "6"; } if ($month eq "Jul") { $month = "7"; } if ($month eq "Aug") { $month = "8"; } if ($month eq "Sep") { $month = "9"; } if ($month eq "Oct") { $month = "10"; } if ($month eq "Nov") { $month = "11"; } if ($month eq "Dec") { $month = "12"; } $month = int($month); $num = int($num); if ($month < 10) { $fmonth = "0$month"; } else { $fmonth = "$month"; }; if ($num < 10) { $fnum = "0$num"; } else { $fnum = "$num"; }; $AnsiDate = "$year-$fmonth-$fnum"; } exit 0; ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ramprasad at NETCORE.CO.IN Tue Mar 8 11:58:24 2005 From: ramprasad at NETCORE.CO.IN (Ramprasad A Padmanabhan) Date: Thu Jan 12 21:28:53 2006 Subject: User-wise content parsing from rulesets in a database Message-ID: On Tue, 2005-03-08 at 16:59, Martin Hepworth wrote: > Ram > > prob a custom function called from Lookup up last. > > -- I am trying that, Someone must have already used DBI and the custom functions. I do not want to reinvent the wheel. What I want to know is , is there a way I can use a persistent database handle and optimize my queries. Or is there a better way Thanks Ram ---------------------------------------------------------- Netcore Solutions Pvt. Ltd. Website: http://www.netcore.co.in Spamtraps: http://cleanmail.netcore.co.in/directory.html ---------------------------------------------------------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Mar 8 11:55:27 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:53 2006 Subject: phishing net FP-ing on it's own messages Message-ID: Julian here's a fun on. If MS finds a phishinh exploit and marks up the html, then the email is forwarded via an alias or replied to with the body intact it double marks the email as a phishing attack. Found phishing fraud from www.shufirm.com claiming to be www.mailscannerhasdetectedapossiblefraudattemptfrom"www.shufirm.com"claimingtobe in 1D7I0Y-0000Eh-MD This was in 4.39-9. now running 4.40-2 and haven't seen an offending email in the last couple of days. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Tue Mar 8 11:55:56 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:53 2006 Subject: Panda not working Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Paul Welsh > Sent: den 8 mars 2005 00:37 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Panda not working > > > > -----Original Message----- > > From: MailScanner mailing list > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Steen, Glenn > > Sent: 07 March 2005 17:35 > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: Panda not working > > > > Ok, this one has pimples the size of Everest, but could you > > just try it > > out Paul? To run it as MailScanner does call it like: > > /usr/lib/MailScanner/panda-wrapper /usr -aut -aex -heu -nso > -cmp -esp > > /tmp > > > > Hi Glenn > > OK, this worked. Thanks very much. > > The output is messy when you use the -AEX option on a whole > directory, but I > guess this command: > > /usr/lib/MailScanner/panda-wrapper /usr -aut -aex -heu -nso -cmp -esp > /tmp/eicar.com > > would be more similar to the way MailScanner will use it and > this gets the > output: > > Virus: 1##Base: /tmp/eicar.com##1: '' => Eicar## Isn't it pretty:-). This strange format is what ProcessPandaOutput seems to need in SweepViruses.pm ... Didn't wan't to mess with it. As designed I'm looking at only processing directories, while the old script only processed the current directory and called pavcl once/file ... at least, that seems to have been the goal. I'll have to look further, but I'm not at all certain that MS will call it once per file as in your example, rather once per batch... The -AEX option is what the old one is called with (along with a few others, like the -AUT:-) from MS and ... Well, the output does get messy but not unreadably so. While the old script certainly has warts, it should've worked OK within MS, if nowhere else... But it doesn't for me. Perhaps the pavcl I use is at cause... (look below for version info and a bit of testruns). > > I'm a bit puzzled why you included the -ESP switch because > that changes the > output to Spanish. Man, I was in a hurry to catch a commuter train,... and since the script is done (originally) in spanish to accomodate both spanish and english... I just had to test it. But you are so right, it wasn't included by design, just by accident. I think I'll do some more testing, PHB willing etc:-). > > Now I'll let MS run for a while with the eval version and > then I'll install > the free version and see if the free version is capable of > using the latest > update file; Panda support suggested not. Interresting.... I'm testing with the "free" version rpm. Some info and runs: # rpm -qi pavcl Name : pavcl Relocations: (not relocatable) Version : 7.01.00 Vendor: (none) Release : 1 Build Date: ons 11 aug 2004 13.37.00 Install Date: mån 7 mar 2005 15.24.09 Build Host: spd Group : Applications/System Source RPM: pavcl-7.01.00-1.src.rpm Size : 8964781 License: Panda Sowftware International Signature : (none) Summary : Panda Antivirus for Linux 7.01.00.0004 Description : El antivirus pavcl es una utilidad de consola que permite escanear un sistema de ficheros buscando los posibles virus que pudieran encontrarse en los archivos # /root/MailScanner-install-4.39.6/perl-tar/MailScanner-4.39.6/lib/panda-wrapper /usr -aut -nso -cmp -aex ignored_directory_arg Virus: 0 # /usr/lib/MailScanner/panda-wrapper /usr -aut -nso -cmp -aex . Virus: 3##Base: /var/spool/MailScanner/quarantine/20050303/0E0C023DC7.6426E##1: '/./message.exe' => W32/Lovgate##2: '/./message.zip/var/spool/MailScanner/quarantine/20050303/.../message.zip[message.exe]' => W32/Lovgate##3: '/./message/var/spool/MailScanner/quarantine/20050303/.../message[~000000.@x@]1message.zip].../message[message.zip][message.exe]' => W32/Lovgate## # /usr/lib/MailScanner/panda-wrapper /usr -aut -nso -cmp . Virus: 2##Base: /var/spool/MailScanner/quarantine/20050303/0E0C023DC7.6426E##1: '/./message.exe' => W32/Lovgate##2: '/./message.zip/var/spool/MailScanner/quarantine/20050303/.../message.zip[message.exe]' => W32/Lovgate## # ls message message.exe message.zip # I probably should make it just run on dirs, and make sure the $base contain a trailing slash... -- Glenn > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Tue Mar 8 12:34:20 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:53 2006 Subject: Panda not working Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] The more I look at it, the more sure I am that the only place where the pavcl-wrapper (original) works is within MS, or if run exactly like in MS (meaning that it relies heavily on the ... expected directory hierarchy). I think I've got another bright idea of how to both make it efficient _and_ retain the exact same output, while making it a bit more like the other wrappers... Stay tuned... Perhaps not for today, but...:-). -- Glenn > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Steen, Glenn > Sent: den 8 mars 2005 12:56 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Panda not working > > > > -----Original Message----- > > From: MailScanner mailing list > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Paul Welsh > > Sent: den 8 mars 2005 00:37 > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: Panda not working > > > > > > > -----Original Message----- > > > From: MailScanner mailing list > > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Steen, Glenn > > > Sent: 07 March 2005 17:35 > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > Subject: Re: Panda not working > > > > > > Ok, this one has pimples the size of Everest, but could you > > > just try it > > > out Paul? To run it as MailScanner does call it like: > > > /usr/lib/MailScanner/panda-wrapper /usr -aut -aex -heu -nso > > -cmp -esp > > > /tmp > > > > > > > Hi Glenn > > > > OK, this worked. Thanks very much. > > > > The output is messy when you use the -AEX option on a whole > > directory, but I > > guess this command: > > > > /usr/lib/MailScanner/panda-wrapper /usr -aut -aex -heu -nso > -cmp -esp > > /tmp/eicar.com > > > > would be more similar to the way MailScanner will use it and > > this gets the > > output: > > > > Virus: 1##Base: /tmp/eicar.com##1: '' => Eicar## > Isn't it pretty:-). This strange format is what > ProcessPandaOutput seems > to need in SweepViruses.pm ... Didn't wan't to mess with it. > > As designed I'm looking at only processing directories, while > the old script only processed the current directory and called > pavcl once/file ... at least, that seems to have been the goal. > I'll have to look further, but I'm not at all certain that MS > will call > it once per file as in your example, rather once per batch... > > The -AEX option is what the old one is called with (along with a few > others, like the -AUT:-) from MS and ... Well, the output > does get messy > but not unreadably so. > > While the old script certainly has warts, it should've worked > OK within > MS, if nowhere else... But it doesn't for me. Perhaps the > pavcl I use is > at cause... (look below for version info and a bit of testruns). > > > > > I'm a bit puzzled why you included the -ESP switch because > > that changes the > > output to Spanish. > Man, I was in a hurry to catch a commuter train,... and since > the script > is done (originally) in spanish to accomodate both spanish > and english... > I just had to test it. But you are so right, it wasn't included by > design, just by accident. > > I think I'll do some more testing, PHB willing etc:-). > > > > > Now I'll let MS run for a while with the eval version and > > then I'll install > > the free version and see if the free version is capable of > > using the latest > > update file; Panda support suggested not. > Interresting.... I'm testing with the "free" version rpm. > > Some info and runs: > # rpm -qi pavcl > Name : pavcl Relocations: (not > relocatable) > Version : 7.01.00 Vendor: (none) > Release : 1 Build Date: ons > 11 aug 2004 13.37.00 > Install Date: mån 7 mar 2005 15.24.09 Build Host: spd > Group : Applications/System Source RPM: > pavcl-7.01.00-1.src.rpm > Size : 8964781 License: Panda > Sowftware International > Signature : (none) > Summary : Panda Antivirus for Linux 7.01.00.0004 > Description : > El antivirus pavcl es una utilidad de consola que permite escanear > un sistema de ficheros buscando los posibles virus que pudieran > encontrarse en los archivos > # > /root/MailScanner-install-4.39.6/perl-tar/MailScanner-4.39.6/l > ib/panda-wrapper /usr -aut -nso -cmp -aex ignored_directory_arg > Virus: 0 > # /usr/lib/MailScanner/panda-wrapper /usr -aut -nso -cmp -aex . > Virus: 3##Base: > /var/spool/MailScanner/quarantine/20050303/0E0C023DC7.6426E##1 > : '/./message.exe' => W32/Lovgate##2: > '/./message.zip/var/spool/MailScanner/quarantine/20050303/.../ > message.zip[message.exe]' => W32/Lovgate##3: > '/./message/var/spool/MailScanner/quarantine/20050303/.../mess > age[~000000.@x@]1message.zip].../message[message.zip][message. > exe]' => W32/Lovgate## > # /usr/lib/MailScanner/panda-wrapper /usr -aut -nso -cmp . > Virus: 2##Base: > /var/spool/MailScanner/quarantine/20050303/0E0C023DC7.6426E##1 > : '/./message.exe' => W32/Lovgate##2: > '/./message.zip/var/spool/MailScanner/quarantine/20050303/.../ > message.zip[message.exe]' => W32/Lovgate## > # ls > message message.exe message.zip > # > > I probably should make it just run on dirs, and make sure the > $base contain a trailing slash... > > -- Glenn > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From gareth at GRIFFIN.COM Tue Mar 8 13:35:42 2005 From: gareth at GRIFFIN.COM (Gareth Campling) Date: Thu Jan 12 21:28:53 2006 Subject: Outstanding feature/fix requests? Message-ID: The thing that would be very handy is getting the config from MySQL, Some people will hate to have this in MySQL but it has superb replication features so For clustering and bringing new servers online its very helpful. I think FSL are doing this for there commercial products but for the open source side this would be very nice feature. -- Gareth Campling Network Operations Engineer Griffin Internet -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: 06 March 2005 16:42 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Outstanding feature/fix requests? Other than a minor cosmetic one I can't reproduce, I don't think I have any outstanding requests for fixes. Does anyone know of any fixes or features they would like to see, that I haven't yet done? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! Disclaimer: The information contained in this message from Griffin Internet Limited and any attachments is confidential and intended only for the named recipient(s). If you have received this message in error, you are prohibited from copying, distributing or using the information. Please contact the sender immediately by return email and delete the original message. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martelm at QUARK.VSC.EDU Tue Mar 8 13:38:10 2005 From: martelm at QUARK.VSC.EDU (Michael H. Martel) Date: Thu Jan 12 21:28:53 2006 Subject: Correct/Best MailTools version ? Message-ID: Hello! On my production MailScanner box I've got MailTools-1.50 from the distribution. On my new test machine, I grabbed MailTools from CPAN and got version 1.66 . Are there any issues with version 1.66 and MailScanner ? Or is MailScanner going to move to the newer release ? Thanks for any thoughts! Michael -- --------------------------------o--------------------------------- Michael H. Martel | Systems Administrator michael.martel@vsc.edu | Vermont State Colleges http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rgreen at TRAYERPRODUCTS.COM Tue Mar 8 14:01:46 2005 From: rgreen at TRAYERPRODUCTS.COM (Rodney Green) Date: Thu Jan 12 21:28:53 2006 Subject: User unknown in virtual alias table Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] MailScanner 4.37.7-1 SpamAssassin 3.0.2 Postfix 2.0.20 Hello, I've just moved mail services from a server running older versions of the above software to the newer versions listed. In testing, I've noticed something that seems odd to me. When I send a message to my address from yahoo with the gtube spam testing string, my mail server sends back an error message saying "user unknown in virtual alias table." The user (myself) is definitely in the virtual alias table and receiving mail just fine. When I send normal mail from my yahoo account it is delivered without any problems. Anyone have any idea what's happening here? Is there some kind of feature in MS or SA that is sending back a "user unknown" error to trick spammers into taking the address of their list? Thanks! Rod ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Mar 8 14:15:07 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:53 2006 Subject: User unknown in virtual alias table Message-ID: Rodney anything in the log files for this test message? Like is MS processing it at all or is PF rejecting it? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Rodney Green wrote: > MailScanner 4.37.7-1 > SpamAssassin 3.0.2 > Postfix 2.0.20 > > Hello, > > I've just moved mail services from a server running older versions of > the above software to the newer versions listed. In testing, I've > noticed something that seems odd to me. When I send a message to my > address from yahoo with the gtube spam testing string, my mail server > sends back an error message saying "user unknown in virtual alias > table." The user (myself) is definitely in the virtual alias table and > receiving mail just fine. When I send normal mail from my yahoo account > it is delivered without any problems. > > Anyone have any idea what's happening here? Is there some kind of > feature in MS or SA that is sending back a "user unknown" error to trick > spammers into taking the address of their list? > > Thanks! > Rod > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dwinkler at ALGORITHMICS.COM Tue Mar 8 14:16:01 2005 From: dwinkler at ALGORITHMICS.COM (Derek Winkler) Date: Thu Jan 12 21:28:53 2006 Subject: User unknown in virtual alias table Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Are you sure it's not your forward or report addresses that aren't found? Some log entries would really help. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Rodney Green Sent: Tuesday, March 08, 2005 9:02 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: User unknown in virtual alias table MailScanner 4.37.7-1 SpamAssassin 3.0.2 Postfix 2.0.20 Hello, I've just moved mail services from a server running older versions of the above software to the newer versions listed. In testing, I've noticed something that seems odd to me. When I send a message to my address from yahoo with the gtube spam testing string, my mail server sends back an error message saying "user unknown in virtual alias table." The user (myself) is definitely in the virtual alias table and receiving mail just fine. When I send normal mail from my yahoo account it is delivered without any problems. Anyone have any idea what's happening here? Is there some kind of feature in MS or SA that is sending back a "user unknown" error to trick spammers into taking the address of their list? Thanks! Rod This email and any files transmitted with it are confidential and proprietary to Algorithmics Incorporated and its affiliates ("Algorithmics"). If received in error, use is prohibited. Please destroy, and notify sender. Sender does not waive confidentiality or privilege. Internet communications cannot be guaranteed to be timely, secure, error or virus-free. Algorithmics does not accept liability for any errors or omissions. Any commitment intended to bind Algorithmics must be reduced to writing and signed by an authorized signatory. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Mar 8 14:26:36 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:53 2006 Subject: User-wise content parsing from rulesets in a database Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Take a look in CustomConfig.pm, there are various examples in there, some of which use DBI and persistent handles. Ramprasad A Padmanabhan wrote: >On Tue, 2005-03-08 at 16:59, Martin Hepworth wrote: > > >>Ram >> >>prob a custom function called from Lookup up last. >> >>-- >> >> > >I am trying that, Someone must have already used DBI and the custom >functions. I do not want to reinvent the wheel. > What I want to know is , is there a way I can use a persistent >database handle and optimize my queries. Or is there a better way > > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Mar 8 14:29:33 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:53 2006 Subject: Correct/Best MailTools version ? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I haven't upgraded it as I haven't seen any problems with 1.50. Take a look at the MailTools Change Log and let me know if there is anything major in there between 1.50 and 1.66. Michael H. Martel wrote: > Hello! > > On my production MailScanner box I've got MailTools-1.50 from the > distribution. On my new test machine, I grabbed MailTools from CPAN > and got > version 1.66 . Are there any issues with version 1.66 and MailScanner ? > Or is MailScanner going to move to the newer release ? > > Thanks for any thoughts! > > > Michael > > -- > > --------------------------------o--------------------------------- > Michael H. Martel | Systems Administrator > michael.martel@vsc.edu | Vermont State Colleges > http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Mar 8 14:31:37 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:53 2006 Subject: Phishing Net: How it works Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Take a quick look at www.phishingnet.info and you will see a description of how the phishing net works. In reality it is more complicated due to handling all the "obfuscations" that scammers can use to hide their real location. Just thought some of you might be interested. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rgreen at TRAYERPRODUCTS.COM Tue Mar 8 14:36:42 2005 From: rgreen at TRAYERPRODUCTS.COM (Rodney Green) Date: Thu Jan 12 21:28:53 2006 Subject: User unknown in virtual alias table Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Martin, Derek, I did suspect that maybe there was a problem with the forward I use in the spam and high scoring spam actions. I simply used my e-mail address, rgreen@trayerproducts.com. I just did a test by setting the actions to deliver and the bounce problem went away. I just set the action to forward again and this time I modified my e-mail address to be rgreen@mail4.trayerproducts.com and it's working okay now. Here are my logs (below message), and they do show that it is a postfix problem. Any ideas on what I might have configured incorrectly? Thanks for your help, Rod Mar 8 08:43:50 proxy MailScanner[16793]: Message 97DF93132C.95381 from 206.190.38.213 (reason1000@yahoo.com) to trayerproducts.com,mail4.trayerproducts.com is spam, SpamAssassin (score=997.401, required 5, autolearn=not spam, BAYES_00 -2.60, GTUBE 1000.00) Mar 8 08:43:52 proxy MailScanner[16793]: Spam Checks: Found 1 spam messages Mar 8 08:43:52 proxy MailScanner[16793]: Spam Actions: message 97DF93132C.95381 actions are store,forward,rgreen@trayerproducts.com Mar 8 08:43:52 proxy MailScanner[16793]: Virus and Content Scanning: Starting Mar 8 08:43:52 proxy MailScanner[16793]: Requeue: 97DF93132C.95381 to 832783132D Mar 8 08:43:52 proxy postfix/qmgr[16765]: 832783132D: from=, size=1640, nrcpt=1 (queue active) Mar 8 08:43:53 proxy MailScanner[16793]: Uninfected: Delivered 1 messages Mar 8 08:43:53 proxy postfix/error[17012]: 832783132D: to=, orig_to=, relay=none, delay=6, status=bounced (user unknown in virtual alias table) Martin Hepworth wrote: > Rodney > > anything in the log files for this test message? Like is MS processing > it at all or is PF rejecting it? > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Rodney Green wrote: > >> MailScanner 4.37.7-1 >> SpamAssassin 3.0.2 >> Postfix 2.0.20 >> >> Hello, >> >> I've just moved mail services from a server running older versions of >> the above software to the newer versions listed. In testing, I've >> noticed something that seems odd to me. When I send a message to my >> address from yahoo with the gtube spam testing string, my mail server >> sends back an error message saying "user unknown in virtual alias >> table." The user (myself) is definitely in the virtual alias table and >> receiving mail just fine. When I send normal mail from my yahoo account >> it is delivered without any problems. >> >> Anyone have any idea what's happening here? Is there some kind of >> feature in MS or SA that is sending back a "user unknown" error to trick >> spammers into taking the address of their list? >> >> Thanks! >> Rod >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Rodney Green Network/Security Administrator Trayer Products, Inc. E-Mail: rgreen@trayerproducts.com Phone: 607-734-8124 Ext. 343 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Tue Mar 8 14:41:51 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:53 2006 Subject: Eathlink spamblocker Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Anyone run into this? I would think Earthlink would not send spam ;-) don't laugh too hard. Thanks. I apologize for this automatic reply to your email. To control spam, I now allow incoming messages only from senders I have approved beforehand. If you would like to be added to my list of approved senders, please fill out the short request form (see link below). Once I approve you, I will receive your original message in my inbox. You do not need to resend your message. I apologize for this one-time inconvenience. Click the link below to fill out the request: X-SBSD-MailScanner: Found to be clean X-SBSD-MailScanner-SpamCheck: spam, SpamAssassin (score=4.863, required 3.75, DCC_CHECK 2.17, DIGEST_MULTIPLE 0.10, HTML_30_40 0.02, HTML_MESSAGE 0.00, NO_REAL_NAME 0.01, PYZOR_CHECK 1.00, RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK 1.51) X-SBSD-MailScanner-SpamScore: 4 X-MailScanner-From: spamblocker-challenge@bounce.earthlink.net Return-Path: spamblocker-challenge@bounce.earthlink.net This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Mar 8 14:45:33 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:53 2006 Subject: User unknown in virtual alias table Message-ID: Rodney what does the MS machine think the MX record for trayerproducts.com is? It looks like its routing the forward to itself, and not finding rgreen@trayerproducts.com and producing the bounce then. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Rodney Green wrote: > Martin, Derek, > > I did suspect that maybe there was a problem with the forward I use in > the spam and high scoring spam actions. I simply used my e-mail address, > rgreen@trayerproducts.com. I just did a test by setting the actions to > deliver and the bounce problem went away. I just set the action to > forward again and this time I modified my e-mail address to be > rgreen@mail4.trayerproducts.com and it's working okay now. Here are my > logs (below message), and they do show that it is a postfix problem. Any > ideas on what I might have configured incorrectly? > > Thanks for your help, > Rod > > Mar 8 08:43:50 proxy MailScanner[16793]: Message 97DF93132C.95381 from > 206.190.38.213 (reason1000@yahoo.com) to > trayerproducts.com,mail4.trayerproducts.com is spam, SpamAssassin > (score=997.401, required 5, autolearn=not spam, BAYES_00 -2.60, GTUBE > 1000.00) > Mar 8 08:43:52 proxy MailScanner[16793]: Spam Checks: Found 1 spam > messages > Mar 8 08:43:52 proxy MailScanner[16793]: Spam Actions: message > 97DF93132C.95381 actions are store,forward,rgreen@trayerproducts.com > Mar 8 08:43:52 proxy MailScanner[16793]: Virus and Content Scanning: > Starting > Mar 8 08:43:52 proxy MailScanner[16793]: Requeue: 97DF93132C.95381 to > 832783132D > Mar 8 08:43:52 proxy postfix/qmgr[16765]: 832783132D: > from=, size=1640, nrcpt=1 (queue active) > Mar 8 08:43:53 proxy MailScanner[16793]: Uninfected: Delivered 1 messages > Mar 8 08:43:53 proxy postfix/error[17012]: 832783132D: > to=, orig_to=, relay=none, delay=6, > status=bounced (user unknown in virtual alias table) > > > Martin Hepworth wrote: > >> Rodney >> >> anything in the log files for this test message? Like is MS processing >> it at all or is PF rejecting it? >> >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >> >> Rodney Green wrote: >> >>> MailScanner 4.37.7-1 >>> SpamAssassin 3.0.2 >>> Postfix 2.0.20 >>> >>> Hello, >>> >>> I've just moved mail services from a server running older versions of >>> the above software to the newer versions listed. In testing, I've >>> noticed something that seems odd to me. When I send a message to my >>> address from yahoo with the gtube spam testing string, my mail server >>> sends back an error message saying "user unknown in virtual alias >>> table." The user (myself) is definitely in the virtual alias table and >>> receiving mail just fine. When I send normal mail from my yahoo account >>> it is delivered without any problems. >>> >>> Anyone have any idea what's happening here? Is there some kind of >>> feature in MS or SA that is sending back a "user unknown" error to trick >>> spammers into taking the address of their list? >>> >>> Thanks! >>> Rod >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >> >> >> >> ********************************************************************** >> >> This email and any files transmitted with it are confidential and >> intended solely for the use of the individual or entity to whom they >> are addressed. If you have received this email in error please notify >> the system manager. >> >> This footnote confirms that this email message has been swept >> for the presence of computer viruses and is believed to be clean. >> >> ********************************************************************** >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > -- > Rodney Green > Network/Security Administrator > Trayer Products, Inc. > E-Mail: rgreen@trayerproducts.com > Phone: 607-734-8124 Ext. 343 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Mar 8 14:48:22 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:53 2006 Subject: Eathlink spamblocker Message-ID: David I think there's been some traffic on this over on the nanog email list a couple of weeks ago. Alot of people are starting to do this as 'solutions' against spammers. Of course the hole is when you have so many people on the whitelist the spam starts to get through again. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 David Curtis wrote: > Anyone run into this? I would think Earthlink would not send spam ;-) > don't laugh too hard. > > Thanks. > > I apologize for this automatic reply to your email. > > To control spam, I now allow incoming messages only from senders I have > approved beforehand. > > If you would like to be added to my list of approved senders, please > fill out the short request form (see link below). Once I approve you, I > will receive your original message in my inbox. You do not need to > resend your message. I apologize for this one-time inconvenience. > > Click the link below to fill out the request: > > X-SBSD-MailScanner: Found to be clean > X-SBSD-MailScanner-SpamCheck: spam, SpamAssassin (score=4.863, required > 3.75, > DCC_CHECK 2.17, DIGEST_MULTIPLE 0.10, HTML_30_40 0.02, > HTML_MESSAGE 0.00, NO_REAL_NAME 0.01, PYZOR_CHECK 1.00, > RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK 1.51) > X-SBSD-MailScanner-SpamScore: 4 > X-MailScanner-From: spamblocker-challenge@bounce.earthlink.net > > Return-Path: spamblocker-challenge@bounce.earthlink.net > > > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From P.G.M.Peters at UTWENTE.NL Tue Mar 8 14:49:37 2005 From: P.G.M.Peters at UTWENTE.NL (Peter Peters) Date: Thu Jan 12 21:28:53 2006 Subject: Outstanding feature/fix requests? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote on 7-3-2005 23:35: > Do other people need this as well? It will mean yet another 2 > configuration variables (one for spam, one for mcp) and a change to the > current option covering this. Can't this be done with a ruleset? >> # When you quarantine an entire message, do you want to store it as >> # raw mail queue files (so you can easily send them onto users) or >> # as human-readable files (header then body in 1 file)? >> Quarantine Whole Messages As Queue Files = no Put in the ruleset: virus:* yes default no -- Peter Peters, senior beheerder (Security) Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rgreen at TRAYERPRODUCTS.COM Tue Mar 8 15:10:54 2005 From: rgreen at TRAYERPRODUCTS.COM (Rodney Green) Date: Thu Jan 12 21:28:53 2006 Subject: User unknown in virtual alias table Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Martin, The MX record resolves to mail2.trayerproducts.com. mail2.trayerproducts.com resolves to the same IP address as mail4.trayerproducts.com. Really odd that it's bouncing mail to my address when it's delivered normally when it's not spam. I just don't get it. Thanks for your help, Rodney Martin Hepworth wrote: > Rodney > > what does the MS machine think the MX record for trayerproducts.com is? > It looks like its routing the forward to itself, and not finding > rgreen@trayerproducts.com and producing the bounce then. > > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Rodney Green wrote: > >> Martin, Derek, >> >> I did suspect that maybe there was a problem with the forward I use in >> the spam and high scoring spam actions. I simply used my e-mail address, >> rgreen@trayerproducts.com. I just did a test by setting the actions to >> deliver and the bounce problem went away. I just set the action to >> forward again and this time I modified my e-mail address to be >> rgreen@mail4.trayerproducts.com and it's working okay now. Here are my >> logs (below message), and they do show that it is a postfix problem. Any >> ideas on what I might have configured incorrectly? >> >> Thanks for your help, >> Rod >> >> Mar 8 08:43:50 proxy MailScanner[16793]: Message 97DF93132C.95381 from >> 206.190.38.213 (reason1000@yahoo.com) to >> trayerproducts.com,mail4.trayerproducts.com is spam, SpamAssassin >> (score=997.401, required 5, autolearn=not spam, BAYES_00 -2.60, GTUBE >> 1000.00) >> Mar 8 08:43:52 proxy MailScanner[16793]: Spam Checks: Found 1 spam >> messages >> Mar 8 08:43:52 proxy MailScanner[16793]: Spam Actions: message >> 97DF93132C.95381 actions are store,forward,rgreen@trayerproducts.com >> Mar 8 08:43:52 proxy MailScanner[16793]: Virus and Content Scanning: >> Starting >> Mar 8 08:43:52 proxy MailScanner[16793]: Requeue: 97DF93132C.95381 to >> 832783132D >> Mar 8 08:43:52 proxy postfix/qmgr[16765]: 832783132D: >> from=, size=1640, nrcpt=1 (queue active) >> Mar 8 08:43:53 proxy MailScanner[16793]: Uninfected: Delivered 1 >> messages >> Mar 8 08:43:53 proxy postfix/error[17012]: 832783132D: >> to=, orig_to=, relay=none, delay=6, >> status=bounced (user unknown in virtual alias table) >> >> >> Martin Hepworth wrote: >> >>> Rodney >>> >>> anything in the log files for this test message? Like is MS processing >>> it at all or is PF rejecting it? >>> >>> -- >>> Martin Hepworth >>> Snr Systems Administrator >>> Solid State Logic >>> Tel: +44 (0)1865 842300 >>> >>> >>> Rodney Green wrote: >>> >>>> MailScanner 4.37.7-1 >>>> SpamAssassin 3.0.2 >>>> Postfix 2.0.20 >>>> >>>> Hello, >>>> >>>> I've just moved mail services from a server running older versions of >>>> the above software to the newer versions listed. In testing, I've >>>> noticed something that seems odd to me. When I send a message to my >>>> address from yahoo with the gtube spam testing string, my mail server >>>> sends back an error message saying "user unknown in virtual alias >>>> table." The user (myself) is definitely in the virtual alias table and >>>> receiving mail just fine. When I send normal mail from my yahoo account >>>> it is delivered without any problems. >>>> >>>> Anyone have any idea what's happening here? Is there some kind of >>>> feature in MS or SA that is sending back a "user unknown" error to >>>> trick >>>> spammers into taking the address of their list? >>>> >>>> Thanks! >>>> Rod >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>> >>> >>> >>> >>> ********************************************************************** >>> >>> This email and any files transmitted with it are confidential and >>> intended solely for the use of the individual or entity to whom they >>> are addressed. If you have received this email in error please notify >>> the system manager. >>> >>> This footnote confirms that this email message has been swept >>> for the presence of computer viruses and is believed to be clean. >>> >>> ********************************************************************** >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> -- >> Rodney Green >> Network/Security Administrator >> Trayer Products, Inc. >> E-Mail: rgreen@trayerproducts.com >> Phone: 607-734-8124 Ext. 343 >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Rodney Green Network/Security Administrator Trayer Products, Inc. E-Mail: rgreen@trayerproducts.com Phone: 607-734-8124 Ext. 343 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martelm at QUARK.VSC.EDU Tue Mar 8 15:27:59 2005 From: martelm at QUARK.VSC.EDU (Michael H. Martel) Date: Thu Jan 12 21:28:54 2006 Subject: Correct/Best MailTools version ? Message-ID: --On Tuesday, March 8, 2005 2:29 PM +0000 Julian Field wrote: > I haven't upgraded it as I haven't seen any problems with 1.50. Take a > look at the MailTools Change Log and let me know if there is anything > major in there between 1.50 and 1.66. To my untrained eye, I think I spot some stuff in here that would be considered major and usefull. version 1.66: Thu Jan 20 10:16:10 CET 2005 - Extended explanation that Mail::Address is limited. - Added examples/mail-mailer.pl, contributed by [Bruno Negr?o] - use Mail::Mailer qw(mail) sets default mailer. Doc update by [Slavan Rezic] - Mail::Mailer::smtp now can authenticate SSL [Aaron J. Mackey] version 1.65: Wed Nov 24 15:43:17 CET 2004 - Remove "minimal" comments from Mail::Address - [Dan Grillo] suggested some improvements to Mail::Address::name(), and some more were added. - [Slavan Rezic] small typo. version 1.64: Tue Aug 17 22:24:22 CEST 2004 - CPAN failed to index 1.63 correctly, so hopefully it will work now. version 1.63: Mon Aug 16 17:28:15 CEST 2004 - [Craig Davison] Fixed date format in Mail::Field::Date to comply to the RFC - [Alex Vandiver] patched the email address parser to be able to understand a list of addresses separated by ';', as Outlook does. The ';' is the group separator, which was not understood by MailTools before, but valid according to the RFCs. - [Torsten Luettgert] found that field labels like '-' where not beautified correctly. - [Slavan Rezic] Updated doc in Mail::Mailer: referred to $command which doesn't mean anything, and "testfile" is working differently. - [chris] Mail::Message::Field::wellformedName() will upper-case *-ID as part in the fieldname. version 1.62: Wed Mar 24 13:29:27 CET 2004 - [Reuven M. Lerner], removed warning by Mail::Address::host() when no e-mail address is provided. - [Ville Skytta] contributed another Mail::Mailer::testfile fix version 1.61: Wed Mar 10 10:51:44 CET 2004 - [Erik Van Roode] Mail::Mailer::test.pm -> Mail::Mailer::testfile.pm - [J?r?me Dion] corrected the folding of lines: folds start only with one blank according to rfc2822. - Added a big warning against automatic sender email address detection as provided by Mail::Util::mailaddress(). Please explicitly set MAILADDRESS. This after a discussion with [Wolfgang Friebel]. - Mail::Address->format should quote phrases with weird character. Patched based on patch by [Marc 'HE' Brockschmidt] - [Ruslan U. Zakirov] reported confusing error message when no MailerType was specified. - [Steve Roberts] fixed folding to produce longer lines. version 1.60: Wed Sep 24 09:20:30 CEST 2003 - [Henrique Martins] found that enclosing parenthesis where not correctly stripped when processing a Mail::Address. - [Tony Bowden] asked for a change in Mail::Address::name, where existing (probably correct) capitization is left intact. The _extract_name() can be called as method, is needed, such that it can be extended. version 1.59: Wed Aug 13 08:13:00 CEST 2003 - Patch by [Shafiek Rasdien] which adds Mail::Internet::smtpsend option MailFrom. - [Ziya Suzen] extended Mail::Mailer::test to provide more test information. - Added SWE (Sender Waranted E-mail) as abbreviation in field names which is always in caps, on request by [Ronnie Paskin] - Added SOAP and LDAP as abbreviation in field names which is always in caps. version 1.58: Tue Jan 14 14:42:29 CET 2003 - And again utf8 [Philip Molter] version 1.57: Tue Jan 14 09:47:46 CET 2003 - Added myself to the copyright notices... dates needed an update as well. - Typos in Mail::Internet [Florian Helmberger] - More tries to program around perl5.8.0's uc/lc-utf8 bugs in regexps [Autrijus Tang and Philip Molter] version 1.56: Mon Jan 6 17:13:17 CET 2003 - And again, the patches of Autrijus had to be adapted to run on a perl 5.6.1 installation. Thanks to [Philip Molter] version 1.55: Mon Jan 6 08:05:58 CET 2003 - One explicit utf8::downgrade for 5.8.0, this time for Mail::Address by [Autrijus Tang]. version 1.54: Mon Jan 6 08:00:00 CET 2003 - Another try to avoid the utf8 problems, this time by [Philip Molter] - Two explicit utf8::downgrades for 5.8.0, this time for Mail::Field by [Autrijus Tang]. version 1.53: Mon Dec 9 17:53:27 CET 2002 - New try on work-around for bug in perl 5.8.0 unicode \U within s/// Patched in Mail::Header by [Autrijus Tang] version 1.52: Fri Nov 29 13:52:00 CET 2002 - Work-around for bug in perl 5.8.0 unicode \U within s/// Patched in Mail::Header by [Autrijus Tang] version 1.51: Tue Oct 29 14:25:28 CET 2002 - Mail::Util::maildomain() if no information about domains is found in sendmail.cf, no error should be reported. [Vaughn Skinner] - Removed the possibility to use 'mailx', which was the default: removal from the detectionn routines and Mail/Mailer/mail.pm. Strongly suggested by [Sebastian Krahmer] Michael -- --------------------------------o--------------------------------- Michael H. Martel | Systems Administrator michael.martel@vsc.edu | Vermont State Colleges http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Tue Mar 8 15:45:43 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:54 2006 Subject: Eathlink spamblocker Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks I will try to find it. >>> martinh@SOLID-STATE-LOGIC.COM 03/08 9:48 AM >>> David I think there's been some traffic on this over on the nanog email list a couple of weeks ago. Alot of people are starting to do this as 'solutions' against spammers. Of course the hole is when you have so many people on the whitelist the spam starts to get through again. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 David Curtis wrote: > Anyone run into this? I would think Earthlink would not send spam ;-) > don't laugh too hard. > > Thanks. > > I apologize for this automatic reply to your email. > > To control spam, I now allow incoming messages only from senders I have > approved beforehand. > > If you would like to be added to my list of approved senders, please > fill out the short request form (see link below). Once I approve you, I > will receive your original message in my inbox. You do not need to > resend your message. I apologize for this one-time inconvenience. > > Click the link below to fill out the request: > > X-SBSD-MailScanner: Found to be clean > X-SBSD-MailScanner-SpamCheck: spam, SpamAssassin (score=4.863, required > 3.75, > DCC_CHECK 2.17, DIGEST_MULTIPLE 0.10, HTML_30_40 0.02, > HTML_MESSAGE 0.00, NO_REAL_NAME 0.01, PYZOR_CHECK 1.00, > RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK 1.51) > X-SBSD-MailScanner-SpamScore: 4 > X-MailScanner-From: spamblocker-challenge@bounce.earthlink.net > > Return-Path: spamblocker-challenge@bounce.earthlink.net > > > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcin.rozek at IOS.EDU.PL Tue Mar 8 15:55:08 2005 From: marcin.rozek at IOS.EDU.PL ([ISO-8859-2] Marcin Ro¿ek) Date: Thu Jan 12 21:28:54 2006 Subject: bug? using unrar Message-ID: [ The following text is in the "ISO-8859-2" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, i've installed MS version 4.40.2. Today we've received 2 zip-files that are 100% not virused (i've checked them after pulling them from quarantine). They were quarantined because of containing .exe files). I've released them from quarantine using MailWatch but they didn't reach recipient. I've checked logs and i saw that one of instances of MS couldn't finish scanning released message. Mar 8 16:14:50 gandalf sendmail[14797]: j28FEnXB014797: from=, size=897208, class=0, nrcpts=1, msgid=<422DC260.6060703@ios.edu.pl>, proto=ESMTP, daemon=MTA, relay=[193.0.91.121] Mar 8 16:14:52 gandalf MailScanner[7102]: New Batch: Scanning 1 messages, 897726 bytes Mar 8 16:14:55 gandalf MailScanner[7102]: Unrar : Archive Testing Completed On : BIURA.CDX Mar 8 16:14:55 gandalf MailScanner[7102]: BIURA.DBF Mar 8 16:14:55 gandalf MailScanner[7102]: DEC32.CDX Mar 8 16:14:55 gandalf MailScanner[7102]: DEC32.DBF Mar 8 16:14:55 gandalf MailScanner[7102]: DECYZJE.CDX Mar 8 16:14:55 gandalf MailScanner[7102]: DECYZJE.DBF Mar 8 16:14:55 gandalf MailScanner[7102]: DR32.CDX Mar 8 16:14:55 gandalf MailScanner[7102]: DR32.DBF Mar 8 16:14:55 gandalf MailScanner[7102]: DR_PO32.CDX Mar 8 16:14:55 gandalf MailScanner[7102]: DR_PO32.DBF Mar 8 16:14:55 gandalf MailScanner[7102]: DR_PU32.CDX Mar 8 16:14:55 gandalf MailScanner[7102]: DR_PU32.DBF Mar 8 16:14:55 gandalf MailScanner[7102]: DR_RAP32.DBF Mar 8 16:14:55 gandalf MailScanner[7102]: DZU.DBF Mar 8 16:14:55 gandalf MailScanner[7102]: EKD.DBF Mar 8 16:14:55 gandalf MailScanner[7102]: GDZIE32.CDX Mar 8 16:14:55 gandalf MailScanner[7102]: GDZIE32.DBF Mar 8 16:14:55 gandalf MailScanner[7102]: GMINA32.CDX Mar 8 16:14:55 gandalf MailScanner[7102]: GMINA32.DBF Mar 8 16:14:55 gandalf MailScanner[7102]: GRAF.CDX Mar 8 16:14:55 gandalf MailScanner[7102]: GRAF.DBF Mar 8 16:14:55 gandalf MailScanner[7102]: KAT_MA.CDX Mar 8 16:14:55 gandalf MailScanner[7102]: KAT_MA.DBF Mar 8 16:14:55 gandalf MailScanner[7102]: KO32.DBF Mar 8 16:14:55 gandalf MailScanner[7102]: KO_PO32.DBF Mar 8 16:14:55 gandalf MailScanner[7102]: KO_PO50.DBF Mar 8 16:14:55 gandalf MailScanner[7102]: KO_PU32.DBF Mar 8 16:14:55 gandalf MailScanner[7102]: KO_RAP32.DBF Mar 8 16:14:55 gandalf MailScanner[7102]: METODYKA.DBF Mar 8 16:14:55 gandalf MailScanner[7102]: NORMY.DBF Mar 8 16:14:55 gandalf MailScanner[7102]: OBSZAR32.CDX Mar 8 16:14:55 gandalf MailScanner[7102]: OBSZAR32.DBF Mar 8 16:14:55 gandalf MailScanner[7102]: OPH-02.DBF Mar 8 16:14:55 gandalf MailScanner[7102]: OPH-HLP.DBF Mar 8 16:14:55 gandalf MailScanner[7102]: OPHUSER.DBF Mar 8 16:14:55 gandalf MailScanner[7102]: POM32.CDX Mar 8 16:14:55 gandalf MailScanner[7102]: POM32.DBF Mar 8 16:14:55 gandalf MailScanner[7102]: PRZESZ32.DBF Mar 8 16:14:55 gandalf MailScanner[7102]: REJON32.CDX Mar 8 16:14:55 gandalf MailScanner[7102]: REJON32.DBF Mar 8 16:14:55 gandalf MailScanner[7102]: S_BRAN32.CDX Mar 8 16:14:55 gandalf MailScanner[7102]: S_BRAN32.DBF Mar 8 16:14:55 gandalf MailScanner[7102]: S_DZIA32.CDX Mar 8 16:14:55 gandalf MailScanner[7102]: S_DZIA32.DBF Mar 8 16:14:55 gandalf MailScanner[7102]: S_MASZ32.DBF Mar 8 16:14:55 gandalf MailScanner[7102]: SEKCJE32.DBF Mar 8 16:14:55 gandalf MailScanner[7102]: ST_KAR.CDX Mar 8 16:14:55 gandalf MailScanner[7102]: ST_KAR.DBF Mar 8 16:14:55 gandalf MailScanner[7102]: TE32.DBF Mar 8 16:14:55 gandalf MailScanner[7102]: TERENY.CDX Mar 8 16:14:55 gandalf MailScanner[7102]: TERENY.DBF Mar 8 16:14:55 gandalf MailScanner[7102]: TR32.DBF Mar 8 16:14:55 gandalf MailScanner[7102]: TR_PO32.DBF Mar 8 16:14:55 gandalf MailScanner[7102]: TR_PU32.DBF Mar 8 16:14:55 gandalf MailScanner[7102]: TRASY.DBF Mar 8 16:14:55 gandalf MailScanner[7102]: WARI32.DBF Mar 8 16:14:55 gandalf MailScanner[7102]: WARI9.CDX Mar 8 16:14:55 gandalf MailScanner[7102]: WARI9.DBF Mar 8 16:14:55 gandalf MailScanner[7102]: WARUN32.CDX Mar 8 16:14:55 gandalf MailScanner[7102]: WARUN32.DBF Mar 8 16:14:55 gandalf MailScanner[7102]: ZA32.CDX Mar 8 16:14:55 gandalf MailScanner[7102]: ZA32.DBF Mar 8 16:14:55 gandalf MailScanner[7102]: ZA_PO32.CDX Mar 8 16:14:55 gandalf MailScanner[7102]: ZA_PO32.DBF Mar 8 16:14:55 gandalf MailScanner[7102]: ZA_PU32.CDX Mar 8 16:14:55 gandalf MailScanner[7102]: ZA_PU32.DBF Mar 8 16:14:55 gandalf MailScanner[7102]: ZA_RAP32.CDX Mar 8 16:14:55 gandalf MailScanner[7102]: ZA_RAP32.DBF Mar 8 16:14:55 gandalf MailScanner[7102]: ZNAKI.DBF Mar 8 16:15:45 gandalf MailScanner[7102]: Safepipe in Message.pm : /usr/local/bin/unrar e -p- -idp '/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DBF.EXE' 'BIURA.DBF' 2>&1 timed out! Mar 8 16:15:45 gandalf MailScanner[7102]: Unrar : Encrypted Or Extract Error Creating 0 length /var/spool/MailScanner/incoming/7102/j28FEnXB014797/BIURA4.DBF Mar 8 16:15:45 gandalf MailScanner[7102]: Unrar : Encrypted Or Extract Error Creating 0 length /var/spool/MailScanner/incoming/7102/j28FEnXB014797/DEC32.CDX Mar 8 16:16:36 gandalf MailScanner[7102]: Safepipe in Message.pm : /usr/local/bin/unrar e -p- -idp '/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DBF.EXE' 'DEC32.DBF' 2>&1 timed out! Mar 8 16:16:36 gandalf MailScanner[7102]: Unrar : Encrypted Or Extract Error Creating 0 length /var/spool/MailScanner/incoming/7102/j28FEnXB014797/DEC321.DBF Mar 8 16:16:36 gandalf MailScanner[7102]: Unrar : Encrypted Or Extract Error Creating 0 length /var/spool/MailScanner/incoming/7102/j28FEnXB014797/DECYZJE.CDX Mar 8 16:17:28 gandalf MailScanner[7102]: Safepipe in Message.pm : /usr/local/bin/unrar e -p- -idp '/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DBF.EXE' 'DECYZJE.DBF' 2>&1 timed out! Mar 8 16:17:28 gandalf MailScanner[7102]: Unrar : Encrypted Or Extract Error Creating 0 length /var/spool/MailScanner/incoming/7102/j28FEnXB014797/DECYZJE4.DBF Mar 8 16:17:28 gandalf MailScanner[7102]: Unrar : Encrypted Or Extract Error Creating 0 length /var/spool/MailScanner/incoming/7102/j28FEnXB014797/DR32.CDX Mar 8 16:18:19 gandalf MailScanner[7102]: Safepipe in Message.pm : /usr/local/bin/unrar e -p- -idp '/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DBF.EXE' 'DR32.DBF' 2>&1 timed out! Mar 8 16:18:19 gandalf MailScanner[7102]: Unrar : Encrypted Or Extract Error Creating 0 length /var/spool/MailScanner/incoming/7102/j28FEnXB014797/DR321.DBF Mar 8 16:18:19 gandalf MailScanner[7102]: Unrar : Encrypted Or Extract Error Creating 0 length /var/spool/MailScanner/incoming/7102/j28FEnXB014797/DR_PO32.CDX Mar 8 16:19:10 gandalf MailScanner[7102]: Safepipe in Message.pm : /usr/local/bin/unrar e -p- -idp '/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DBF.EXE' 'DR_PO32.DBF' 2>&1 timed out! Mar 8 16:19:10 gandalf MailScanner[7102]: Unrar : Encrypted Or Extract Error Creating 0 length /var/spool/MailScanner/incoming/7102/j28FEnXB014797/DR_PO321.DBF Mar 8 16:19:10 gandalf MailScanner[7102]: Unrar : Encrypted Or Extract Error Creating 0 length /var/spool/MailScanner/incoming/7102/j28FEnXB014797/DR_PU32.CDX Mar 8 16:20:01 gandalf MailScanner[7102]: Safepipe in Message.pm : /usr/local/bin/unrar e -p- -idp '/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DBF.EXE' 'DR_PU32.DBF' 2>&1 timed out! Mar 8 16:20:01 gandalf MailScanner[7102]: Unrar : Encrypted Or Extract Error Creating 0 length /var/spool/MailScanner/incoming/7102/j28FEnXB014797/DR_PU321.DBF Mar 8 16:20:53 gandalf MailScanner[7102]: Safepipe in Message.pm : /usr/local/bin/unrar e -p- -idp '/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DBF.EXE' 'DR_RAP32.DBF' 2>&1 timed out! Mar 8 16:20:53 gandalf MailScanner[7102]: Unrar : Encrypted Or Extract Error Creating 0 length /var/spool/MailScanner/incoming/7102/j28FEnXB014797/DR_RAP321.DBF Mar 8 16:21:44 gandalf MailScanner[7102]: Safepipe in Message.pm : /usr/local/bin/unrar e -p- -idp '/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DBF.EXE' 'DZU.DBF' 2>&1 timed out! Mar 8 16:21:44 gandalf MailScanner[7102]: Unrar : Encrypted Or Extract Error Creating 0 length /var/spool/MailScanner/incoming/7102/j28FEnXB014797/DZU4.DBF Mar 8 16:22:35 gandalf MailScanner[7102]: Safepipe in Message.pm : /usr/local/bin/unrar e -p- -idp '/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DBF.EXE' 'EKD.DBF' 2>&1 timed out! Mar 8 16:22:35 gandalf MailScanner[7102]: Unrar : Encrypted Or Extract Error Creating 0 length /var/spool/MailScanner/incoming/7102/j28FEnXB014797/EKD4.DBF Mar 8 16:22:35 gandalf MailScanner[7102]: Unrar : Encrypted Or Extract Error Creating 0 length /var/spool/MailScanner/incoming/7102/j28FEnXB014797/GDZIE32.CDX Mar 8 16:23:26 gandalf MailScanner[7102]: Safepipe in Message.pm : /usr/local/bin/unrar e -p- -idp '/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DBF.EXE' 'GDZIE32.DBF' 2>&1 timed out! Mar 8 16:23:26 gandalf MailScanner[7102]: Unrar : Encrypted Or Extract Error Creating 0 length /var/spool/MailScanner/incoming/7102/j28FEnXB014797/GDZIE321.DBF Mar 8 16:23:26 gandalf MailScanner[7102]: Unrar : Encrypted Or Extract Error Creating 0 length /var/spool/MailScanner/incoming/7102/j28FEnXB014797/GMINA32.CDX Mar 8 16:24:17 gandalf MailScanner[7102]: Safepipe in Message.pm : /usr/local/bin/unrar e -p- -idp '/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DBF.EXE' 'GMINA32.DBF' 2>&1 timed out! Mar 8 16:24:17 gandalf MailScanner[7102]: Unrar : Encrypted Or Extract Error Creating 0 length /var/spool/MailScanner/incoming/7102/j28FEnXB014797/GMINA321.DBF Mar 8 16:24:18 gandalf MailScanner[7102]: Unrar : Encrypted Or Extract Error Creating 0 length /var/spool/MailScanner/incoming/7102/j28FEnXB014797/GRAF.CDX Mar 8 16:25:09 gandalf MailScanner[7102]: Safepipe in Message.pm : /usr/local/bin/unrar e -p- -idp '/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DBF.EXE' 'GRAF.DBF' 2>&1 timed out! Mar 8 16:25:09 gandalf MailScanner[7102]: Unrar : Encrypted Or Extract Error Creating 0 length /var/spool/MailScanner/incoming/7102/j28FEnXB014797/GRAF4.DBF Mar 8 16:25:09 gandalf MailScanner[7102]: Unrar : Encrypted Or Extract Error Creating 0 length /var/spool/MailScanner/incoming/7102/j28FEnXB014797/KAT_MA.CDX Mar 8 16:26:00 gandalf MailScanner[7102]: Safepipe in Message.pm : /usr/local/bin/unrar e -p- -idp '/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DBF.EXE' 'KAT_MA.DBF' 2>&1 timed out! Mar 8 16:26:00 gandalf MailScanner[7102]: Unrar : Encrypted Or Extract Error Creating 0 length /var/spool/MailScanner/incoming/7102/j28FEnXB014797/KAT_MA3.DBF Mar 8 16:26:51 gandalf MailScanner[7102]: Safepipe in Message.pm : /usr/local/bin/unrar e -p- -idp '/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DBF.EXE' 'KO32.DBF' 2>&1 timed out! Mar 8 16:26:51 gandalf MailScanner[7102]: Unrar : Encrypted Or Extract Error Creating 0 length /var/spool/MailScanner/incoming/7102/j28FEnXB014797/KO321.DBF Mar 8 16:27:42 gandalf MailScanner[7102]: Safepipe in Message.pm : /usr/local/bin/unrar e -p- -idp '/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DBF.EXE' 'KO_PO32.DBF' 2>&1 timed out! Mar 8 16:27:42 gandalf MailScanner[7102]: Unrar : Encrypted Or Extract Error Creating 0 length /var/spool/MailScanner/incoming/7102/j28FEnXB014797/KO_PO321.DBF Mar 8 16:28:34 gandalf MailScanner[7102]: Safepipe in Message.pm : /usr/local/bin/unrar e -p- -idp '/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DBF.EXE' 'KO_PO50.DBF' 2>&1 timed out! Mar 8 16:28:34 gandalf MailScanner[7102]: Unrar : Encrypted Or Extract Error Creating 0 length /var/spool/MailScanner/incoming/7102/j28FEnXB014797/KO_PO502.DBF When i run 'strace -p 7102' i see: Process 7102 attached - interrupt to quit read(10, "[R]ename, [Q]uit \n\nPOM32.DBF alr"..., 4096) = 696 read(10, "[A]ll, n[E]ver, [R]ename, [Q]uit"..., 4096) = 261 read(10, "[N]o, [A]ll, n[E]ver, [R]ename, "..., 4096) = 176 read(10, ", [N]o, [A]ll, n[E]ver, [R]ename"..., 4096) = 130 read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 161 read(10, "[R]ename, [Q]uit \n\nPOM32.DBF alr"..., 4096) = 162 read(10, "[A]ll, n[E]ver, [R]ename, [Q]uit"..., 4096) = 164 read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 136 read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 153 read(10, "[E]ver, [R]ename, [Q]uit \n\nPOM32"..., 4096) = 164 read(10, "[N]o, [A]ll, n[E]ver, [R]ename, "..., 4096) = 170 read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 129 read(10, "[Q]uit \n\nPOM32.DBF already exist"..., 4096) = 157 read(10, ", n[E]ver, [R]ename, [Q]uit \n\nPO"..., 4096) = 160 read(10, "[Y]es, [N]o, [A]ll, n[E]ver, [R]"..., 4096) = 135 read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 161 read(10, "[R]ename, [Q]uit \n\nPOM32.DBF alr"..., 4096) = 162 read(10, "[A]ll, n[E]ver, [R]ename, [Q]uit"..., 4096) = 164 read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 135 read(10, " \n\nPOM32.DBF already exists. Ove"..., 4096) = 153 read(10, "n[E]ver, [R]ename, [Q]uit \n\nPOM3"..., 4096) = 163 read(10, ", [N]o, [A]ll, n[E]ver, [R]ename"..., 4096) = 130 read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 161 read(10, "[R]ename, [Q]uit \n\nPOM32.DBF alr"..., 4096) = 162 read(10, "[A]ll, n[E]ver, [R]ename, [Q]uit"..., 4096) = 164 read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 136 read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 153 read(10, "[E]ver, [R]ename, [Q]uit \n\nPOM32"..., 4096) = 164 read(10, "[N]o, [A]ll, n[E]ver, [R]ename, "..., 4096) = 170 read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 136 read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 153 read(10, "[E]ver, [R]ename, [Q]uit \n\nPOM32"..., 4096) = 164 read(10, "[N]o, [A]ll, n[E]ver, [R]ename, "..., 4096) = 170 read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 135 read(10, " \n\nPOM32.DBF already exists. Ove"..., 4096) = 153 read(10, "n[E]ver, [R]ename, [Q]uit \n\nPOM3"..., 4096) = 158 read(10, "[Y]es, [N]o, [A]ll, n[E]ver, [R]"..., 4096) = 135 read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 159 read(10, ", [R]ename, [Q]uit \n\nPOM32.DBF a"..., 4096) = 162 read(10, ", [A]ll, n[E]ver, [R]ename, [Q]u"..., 4096) = 166 read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 136 read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 153 read(10, "[E]ver, [R]ename, [Q]uit \n\nPOM32"..., 4096) = 164 read(10, "[N]o, [A]ll, n[E]ver, [R]ename, "..., 4096) = 170 read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 135 read(10, " \n\nPOM32.DBF already exists. Ove"..., 4096) = 153 read(10, "n[E]ver, [R]ename, [Q]uit \n\nPOM3"..., 4096) = 163 read(10, ", [N]o, [A]ll, n[E]ver, [R]ename"..., 4096) = 130 read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 161 read(10, "[R]ename, [Q]uit \n\nPOM32.DBF alr"..., 4096) = 162 read(10, "[A]ll, n[E]ver, [R]ename, [Q]uit"..., 4096) = 164 read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 136 read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 153 read(10, "[E]ver, [R]ename, [Q]uit \n\nPOM32"..., 4096) = 164 read(10, "[N]o, [A]ll, n[E]ver, [R]ename, "..., 4096) = 170 read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 136 read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 153 read(10, "[E]ver, [R]ename, [Q]uit \n\nPOM32"..., 4096) = 162 read(10, ", [N]o, [A]ll, n[E]ver, [R]ename"..., 4096) = 130 read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 159 read(10, ", [R]ename, [Q]uit \n\nPOM32.DBF a"..., 4096) = 158 read(10, "[N]o, [A]ll, n[E]ver, [R]ename, "..., 4096) = 128 read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 161 read(10, "[R]ename, [Q]uit \n\nPOM32.DBF alr"..., 4096) = 162 read(10, "[A]ll, n[E]ver, [R]ename, [Q]uit"..., 4096) = 164 read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 135 read(10, " \n\nPOM32.DBF already exists. Ove"..., 4096) = 153 read(10, "n[E]ver, [R]ename, [Q]uit \n\nPOM3"..., 4096) = 204 read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 159 read(10, ", [R]ename, [Q]uit \n\nPOM32.DBF a"..., 4096) = 158 read(10, "[N]o, [A]ll, n[E]ver, [R]ename, "..., 4096) = 128 read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 161 read(10, "[R]ename, [Q]uit \n\nPOM32.DBF alr"..., 4096) = 162 read(10, "[A]ll, n[E]ver, [R]ename, [Q]uit"..., 4096) = 164 read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 119 read(10, "[R]ename, [Q]uit \n\nPOM32.DBF alr"..., 4096) = 156 read(10, "[N]o, [A]ll, n[E]ver, [R]ename, "..., 4096) = 128 read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 169 read(10, ", [Q]uit \n\nPOM32.DBF already exi"..., 4096) = 159 read(10, ", n[E]ver, [R]ename, [Q]uit \n\nPO"..., 4096) = 160 read(10, "[Y]es, [N]o, [A]ll, n[E]ver, [R]"..., 4096) = 135 read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 161 read(10, "[R]ename, [Q]uit \n\nPOM32.DBF alr"..., 4096) = 162 read(10, "[A]ll, n[E]ver, [R]ename, [Q]uit"..., 4096) = 164 read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 136 read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 153 read(10, "[E]ver, [R]ename, [Q]uit \n\nPOM32"..., 4096) = 164 read(10, "[N]o, [A]ll, n[E]ver, [R]ename, "..., 4096) = 128 read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 161 read(10, "[R]ename, [Q]uit \n\nPOM32.DBF alr"..., 4096) = 162 read(10, "[A]ll, n[E]ver, [R]ename, [Q]uit"..., 4096) = 164 read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 136 read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 153 read(10, "[E]ver, [R]ename, [Q]uit \n\nPOM32"..., 4096) = 164 read(10, "[N]o, [A]ll, n[E]ver, [R]ename, "..., 4096) = 170 read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 129 read(10, "[Q]uit \n\nPOM32.DBF already exist"..., 4096) = 152 read(10, "[A]ll, n[E]ver, [R]ename, [Q]uit"..., 4096) = 164 read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 136 read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 153 read(10, "[E]ver, [R]ename, [Q]uit \n\nPOM32"..., 4096) = 164 read(10, "[N]o, [A]ll, n[E]ver, [R]ename, "..., 4096) = 128 read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 161 read(10, "[R]ename, [Q]uit \n\nPOM32.DBF alr"..., 4096) = 162 read(10, "[A]ll, n[E]ver, [R]ename, [Q]uit"..., 4096) = 165 read(10, "[Y]es, [N]o, [A]ll, n[E]ver, [R]"..., 4096) = 135 read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 159 read(10, ", [R]ename, [Q]uit \n\nPOM32.DBF a"..., 4096) = 162 read(10, ", [A]ll, n[E]ver, [R]ename, [Q]u"..., 4096) = 167 read(10, "[Y]es, [N]o, [A]ll, n[E]ver, [R]"..., 4096) = 135 read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 159 read(10, ", [R]ename, [Q]uit \n\nPOM32.DBF a"..., 4096) = 158 read(10, "[N]o, [A]ll, n[E]ver, [R]ename, "..., 4096) = 128 read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 161 read(10, "[R]ename, [Q]uit \n\nPOM32.DBF alr"..., 4096) = 162 read(10, "[A]ll, n[E]ver, [R]ename, [Q]uit"..., 4096) = 164 read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 135 read(10, " \n\nPOM32.DBF already exists. Ove"..., 4096) = 151 read(10, ", n[E]ver, [R]ename, [Q]uit \n\nPO"..., 4096) = 160 read(10, "[Y]es, [N]o, [A]ll, n[E]ver, [R]"..., 4096) = 135 read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 159 read(10, ", [R]ename, [Q]uit \n\nPOM32.DBF a"..., 4096) = 162 read(10, ", [A]ll, n[E]ver, [R]ename, [Q]u"..., 4096) = 166 read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 135 read(10, " \n\nPOM32.DBF already exists. Ove"..., 4096) = 153 read(10, "n[E]ver, [R]ename, [Q]uit \n\nPOM3"..., 4096) = 163 read(10, ", [N]o, [A]ll, n[E]ver, [R]ename"..., 4096) = 130 read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 161 read(10, "[R]ename, [Q]uit \n\nPOM32.DBF alr"..., 4096) = 162 read(10, "[A]ll, n[E]ver, [R]ename, [Q]uit"..., 4096) = 164 read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 136 read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 153 read(10, "[E]ver, [R]ename, [Q]uit \n\nPOM32"..., 4096) = 164 read(10, "[N]o, [A]ll, n[E]ver, [R]ename, "..., 4096) = 198 read(10, ", [R]ename, [Q]uit \n\nPOM32.DBF a"..., 4096) = 169 read(10, ", n[E]ver, [R]ename, [Q]uit \n\nPO"..., 4096) = 160 read(10, "[Y]es, [N]o, [A]ll, n[E]ver, [R]"..., 4096) = 135 read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 159 read(10, ", [R]ename, [Q]uit \n\nPOM32.DBF a"..., 4096) = 162 read(10, ", [A]ll, n[E]ver, [R]ename, [Q]u"..., 4096) = 166 read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 135 read(10, " \n\nPOM32.DBF already exists. Ove"..., 4096) = 153 read(10, "n[E]ver, [R]ename, [Q]uit \n\nPOM3"..., 4096) = 158 read(10, "[Y]es, [N]o, [A]ll, n[E]ver, [R]"..., 4096) = 135 read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 161 read(10, "[R]ename, [Q]uit \n\nPOM32.DBF alr"..., 4096) = 162 read(10, "[A]ll, n[E]ver, [R]ename, [Q]uit"..., 4096) = 164 read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 135 read(10, " \n\nPOM32.DBF already exists. Ove"..., 4096) = 153 read(10, "n[E]ver, [R]ename, [Q]uit \n\nPOM3"..., 4096) = 163 read(10, ", [N]o, [A]ll, n[E]ver, [R]ename"..., 4096) = 130 read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 161 read(10, "[R]ename, [Q]uit \n\nPOM32.DBF alr"..., 4096) = 162 read(10, "[A]ll, n[E]ver, [R]ename, [Q]uit"..., 4096) = 164 read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 135 read(10, " \n\nPOM32.DBF already exists. Ove"..., 4096) = 151 read(10, ", n[E]ver, [R]ename, [Q]uit \n\nPO"..., 4096) = 160 read(10, "[Y]es, [N]o, [A]ll, n[E]ver, [R]"..., 4096) = 135 read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 161 read(10, "[R]ename, [Q]uit \n\nPOM32.DBF alr"..., 4096) = 162 read(10, "[A]ll, n[E]ver, [R]ename, [Q]uit"..., 4096) = 164 read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 136 read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 159 read(10, ", [R]ename, [Q]uit \n\nPOM32.DBF a"..., 4096) = 162 read(10, ", [A]ll, n[E]ver, [R]ename, [Q]u"..., 4096) = 166 read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 136 read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 145 read(10, "[A]ll, n[E]ver, [R]ename, [Q]uit"..., 4096) = 164 read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 135 read(10, " \n\nPOM32.DBF already exists. Ove"..., 4096) = 153 read(10, "n[E]ver, [R]ename, [Q]uit \n\nPOM3"..., 4096) = 163 read(10, ", [N]o, [A]ll, n[E]ver, [R]ename"..., 4096) = 130 read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 161 read(10, "[R]ename, [Q]uit \n\nPOM32.DBF alr"..., 4096) = 160 read(10, ", [A]ll, n[E]ver, [R]ename, [Q]u"..., 4096) = 166 (and so on...) It looks like MS is trying to unpack files for a few times. Strange is that MS is using 'unrar' for unpacking .zip ('file' shows: Zip archive data, at least v2.0 to extract) I'm using clamavmodule, sophossavi and bitdefender. Any advice? -- Regards, Marcin ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcin.rozek at IOS.EDU.PL Tue Mar 8 16:10:27 2005 From: marcin.rozek at IOS.EDU.PL ([ISO-8859-2] Marcin Ro¿ek) Date: Thu Jan 12 21:28:54 2006 Subject: bug? using unrar Message-ID: [ The following text is in the "ISO-8859-2" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > Strange is that MS is using 'unrar' for unpacking .zip ('file' shows: Zip > archive data, at least v2.0 to extract) oops, of course MS is trying to unpack DBF.EXE (rar self-extracting archive), which was (among else) included in that .zip file. -- Marcin ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Tue Mar 8 16:08:08 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:54 2006 Subject: vnames.pl Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thank you. Works great. >>> pete@ENITECH.COM.AU 03/08 6:36 AM >>> :) yes it was last week and here it is attached. Some one made one and attched it to the list also, but i cant see how they would differ much :) David Curtis wrote: > Any one have the vnames.pl working to get virus information for > BitDefender? Sorry if it has been already discussed. > > Thanks. > > Thanks, > David Curtis > dcurtis@sbschools.net > (802) 652-7254 > South Burlington School District > 550 Dorset Street > South Burlington, Vt 05403 > > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Tue Mar 8 16:23:53 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:54 2006 Subject: Virus being missed. (assumed) Message-ID: At 02:18 AM 3/8/2005, Anders Kongsted wrote: >How do I install the external RAR support? I also tested eicar.lzh - with >the same result! :-( I'll repost my previous directions.. Same thing applies to .lzh files, you just need to install lha and add the appropriate parameter to the config file. You can also install decompressors for ace, zoo, and arj with the same basic methods. ------ Do you have the external unrar utility installed? (note: the latest version of rar costs, but there is a freeware command-line unrar for *nix) See: http://www.rarlab.com/rar_add.htm ClamAV's built-in rar support doesn't support the newer rar3 format, so you need to install the external unrar utility and then edit /usr/lib/MailScanner/clamav-wrapper to enable the --unrar parameter. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Mar 8 16:33:45 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:54 2006 Subject: Outstanding feature/fix requests? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Good point. That didn't occur to me. It always amuses me when you know my product better than I do :-) Peter Peters wrote: > Julian Field wrote on 7-3-2005 23:35: > >> Do other people need this as well? It will mean yet another 2 >> configuration variables (one for spam, one for mcp) and a change to the >> current option covering this. > > > Can't this be done with a ruleset? > >>> # When you quarantine an entire message, do you want to store it as >>> # raw mail queue files (so you can easily send them onto users) or >>> # as human-readable files (header then body in 1 file)? >>> Quarantine Whole Messages As Queue Files = no >> > > Put in the ruleset: > > virus:* yes > default no > > -- > Peter Peters, senior beheerder (Security) > Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) > Universiteit Twente, Postbus 217, 7500 AE Enschede > telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Tue Mar 8 19:53:43 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:28:54 2006 Subject: Outstanding feature/fix requests? Message-ID: Peter Bonivart wrote: > Julian Field wrote: >> Other than a minor cosmetic one I can't reproduce, I don't think I >> have any outstanding requests for fixes. >> >> Does anyone know of any fixes or features they would like to see, >> that I haven't yet done? > > Maybe it's time to change: > > Spam List = ORDB-RBL SBL+XBL # MAPS-RBL+ costs money (except .ac.uk) > > into a blank as default just like the virus scanners. There's many > beginners that end up with the below and don't understand why it got > classified as spam even though SA score below the threshold: > > MailScanner-SpamCheck: spam, SBL+XBL, SORBS-SPAM, > SORBS-DNSBL, SpamAssassin (score=1.853, required 5, > DEAR_SOMETHING 0.80, RCVD_IN_SBL 1.05) > > Since most use SA anyway it's confusing that both are on if you're not > aware of it. Rather than blank, maybe just commented out as an example so it's easily implemented w/o a newcomer having to track it down. One thing that would also be helpful (if it hasn't been done already) is to integrate/syncronize the spamassassin.prefs.conf supplied w/MailScanner with that on the Fortress System site (http://www.fsl.com/support/spam.assassin.prefs.conf.SA-3.0). There's a number of settings that are good but are either in a different location in the files, or present in one file but not the other. I go through the files by hand and glean what I want to implement, but sometimes it's easy to lose site of the forest for the trees. S'later... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jase at SENSIS.COM Tue Mar 8 20:15:42 2005 From: jase at SENSIS.COM (Desai, Jason) Date: Thu Jan 12 21:28:54 2006 Subject: Outstanding feature/fix requests? Message-ID: If it's not too late, can you fix the bug with rulesets containing multiple actions as well as a To: and a From: condition? See also http://article.gmane.org/gmane.mail.virus.mailscanner/20046/. Thanks! Jase Julian Field wrote: > Other than a minor cosmetic one I can't reproduce, I don't think I > have any outstanding requests for fixes. > > Does anyone know of any fixes or features they would like to see, > that I haven't yet done? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Mar 8 20:29:30 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:54 2006 Subject: Outstanding feature/fix requests? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] You can work around this in the mean time by separating the actions with commas instead of spaces. But yes, I will take a look. It's a very nasty one :-( Desai, Jason wrote: >If it's not too late, can you fix the bug with rulesets containing multiple >actions as well as a To: and a From: condition? > >See also http://article.gmane.org/gmane.mail.virus.mailscanner/20046/. > >Thanks! > >Jase > >Julian Field wrote: > > >>Other than a minor cosmetic one I can't reproduce, I don't think I >>have any outstanding requests for fixes. >> >>Does anyone know of any fixes or features they would like to see, >>that I haven't yet done? >> >> > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From hmkash at ARL.ARMY.MIL Tue Mar 8 20:44:45 2005 From: hmkash at ARL.ARMY.MIL (Kash, Howard (Civ,ARL/CISD)) Date: Thu Jan 12 21:28:54 2006 Subject: Outstanding feature/fix requests? Message-ID: How about an optional argument to the "store" Spam Action so that low and high scoring spam can be stored in different locations. Just a relative path to "${Quarantine Dir}/YYYYMMDD/spam" would work for me. For example: Spam Actions = store High Scoring Spam Actions = store high stores spam with scores between "Required SpamAssassin Score" and "High SpamAssassin Score" in the usual location (/${Quarantine Dir}/$Date/spam), and spam with scores greater than "High SpamAssassin Score" in /${Quarantine Dir}/$DATE/spam/high. Or something like this: Spam Actions = store low High Scoring Spam Actions = store high puts low scoring spam in /${Quarantine Dir}/$Date/spam/low and high scoring spam in /${Quarantine Dir}/$Date/spam/high. Howard ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Mar 8 20:48:03 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:54 2006 Subject: Outstanding feature/fix requests? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Kevin Miller wrote: >Peter Bonivart wrote: > > >>Julian Field wrote: >> >> >>>Other than a minor cosmetic one I can't reproduce, I don't think I >>>have any outstanding requests for fixes. >>> >>>Does anyone know of any fixes or features they would like to see, >>>that I haven't yet done? >>> >>> >>Maybe it's time to change: >> >>Spam List = ORDB-RBL SBL+XBL # MAPS-RBL+ costs money (except .ac.uk) >> >>into a blank as default just like the virus scanners. There's many >>beginners that end up with the below and don't understand why it got >>classified as spam even though SA score below the threshold: >> >>MailScanner-SpamCheck: spam, SBL+XBL, SORBS-SPAM, >> SORBS-DNSBL, SpamAssassin (score=1.853, required 5, >> DEAR_SOMETHING 0.80, RCVD_IN_SBL 1.05) >> >>Since most use SA anyway it's confusing that both are on if you're not >>aware of it. >> >> > >Rather than blank, maybe just commented out as an example so it's easily >implemented w/o a newcomer having to track it down. > > Done. >One thing that would also be helpful (if it hasn't been done already) is to >integrate/syncronize the spamassassin.prefs.conf supplied w/MailScanner with >that on the Fortress System site >(http://www.fsl.com/support/spam.assassin.prefs.conf.SA-3.0). There's a >number of settings that are good but are either in a different location in >the files, or present in one file but not the other. I go through the files >by hand and glean what I want to implement, but sometimes it's easy to lose >site of the forest for the trees. > > Very good point. Done. I am now using a copy of the www.fsl.com version of the file, with a couple of small changes to leave SpamAssassin files in the same places as previous MailScanner distributions. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dwinkler at ALGORITHMICS.COM Tue Mar 8 20:51:24 2005 From: dwinkler at ALGORITHMICS.COM (Derek Winkler) Date: Thu Jan 12 21:28:54 2006 Subject: Outstanding feature/fix requests? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Include statements in rule/config files? No nesting necessary since it makes it messy. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Julian Field Sent: Sunday, March 06, 2005 11:42 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Outstanding feature/fix requests? Other than a minor cosmetic one I can't reproduce, I don't think I have any outstanding requests for fixes. Does anyone know of any fixes or features they would like to see, that I haven't yet done? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email and any files transmitted with it are confidential and proprietary to Algorithmics Incorporated and its affiliates ("Algorithmics"). If received in error, use is prohibited. Please destroy, and notify sender. Sender does not waive confidentiality or privilege. Internet communications cannot be guaranteed to be timely, secure, error or virus-free. Algorithmics does not accept liability for any errors or omissions. Any commitment intended to bind Algorithmics must be reduced to writing and signed by an authorized signatory. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cconn at ABACOM.COM Tue Mar 8 21:03:54 2005 From: cconn at ABACOM.COM (Chris Conn) Date: Thu Jan 12 21:28:54 2006 Subject: bayes expire tokens Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, I am still facing problems with Bayes token expiry. In my MailScanner.conf file, I have: Rebuild Bayes Every = 86400 and Wait During Bayes Rebuild = yes in /etc/mail/spamassassin/local.cf I have: bayes_auto_expire 0 in /etc/MailScanner/spam.assassin.prefs.conf I have: bayes_path /var/spool/MailScanner/spamassassin/bayes bayes_file_mode 0600 use_bayes 1 bayes_auto_expire 0 (again, since it did not seem to be working in local.cf) I am using MailScanner 4.37.7, which supposedly has resolved this issue, yet in /var/spool/MailScanner/spamassassin/, I have 121533 Mar 8 16:00 bayes_journal 335876096 Mar 8 15:59 bayes_seen 21909504 Mar 8 15:59 bayes_toks 5976064 Mar 7 22:03 bayes_toks.expire11073 9482240 Mar 8 00:44 bayes_toks.expire1211 10518528 Mar 7 22:13 bayes_toks.expire12709 10121216 Mar 7 22:19 bayes_toks.expire13541 9842688 Mar 7 22:24 bayes_toks.expire14207 10113024 Mar 7 22:30 bayes_toks.expire15013 10076160 Mar 7 22:35 bayes_toks.expire15666 9781248 Mar 7 22:40 bayes_toks.expire16569 9904128 Mar 7 22:46 bayes_toks.expire17311 9678848 Mar 7 22:51 bayes_toks.expire18116 9682944 Mar 7 22:56 bayes_toks.expire18905 9478144 Mar 8 00:50 bayes_toks.expire1958 9756672 Mar 7 23:01 bayes_toks.expire19619 9773056 Mar 7 23:07 bayes_toks.expire20537 9789440 Mar 7 23:13 bayes_toks.expire21248 9883648 Mar 7 23:18 bayes_toks.expire22052 9482240 Mar 7 23:23 bayes_toks.expire22802 9449472 Mar 7 23:28 bayes_toks.expire23494 9531392 Mar 7 23:34 bayes_toks.expire24158 9486336 Mar 7 23:39 bayes_toks.expire24781 9474048 Mar 7 23:44 bayes_toks.expire25327 9486336 Mar 8 00:55 bayes_toks.expire2551 9465856 Mar 7 23:49 bayes_toks.expire25930 5263360 Mar 7 23:55 bayes_toks.expire26710 9469952 Mar 8 00:00 bayes_toks.expire27390 9482240 Mar 8 00:06 bayes_toks.expire28351 9465856 Mar 8 00:12 bayes_toks.expire29198 9469952 Mar 8 00:17 bayes_toks.expire30081 9469952 Mar 8 00:22 bayes_toks.expire30748 9490432 Mar 8 00:27 bayes_toks.expire31316 9482240 Mar 8 01:01 bayes_toks.expire3174 9486336 Mar 8 00:33 bayes_toks.expire31978 9469952 Mar 8 01:06 bayes_toks.expire3845 9465856 Mar 8 01:11 bayes_toks.expire4458 9482240 Mar 8 00:39 bayes_toks.expire460 5263360 Mar 8 01:16 bayes_toks.expire5055 9469952 Mar 8 01:22 bayes_toks.expire5617 9469952 Mar 8 01:28 bayes_toks.expire6292 9465856 Mar 8 01:34 bayes_toks.expire6996 9465856 Mar 8 01:40 bayes_toks.expire7772 9469952 Mar 8 01:45 bayes_toks.expire8319 9474048 Mar 8 01:51 bayes_toks.expire9002 9486336 Mar 8 01:57 bayes_toks.expire9720 Here is what my logs have to say for yesterday's expiry: Mar 7 21:58:12 mx2 MailScanner[10568]: Bayes database rebuild is due Mar 7 21:58:12 mx2 MailScanner[10568]: SpamAssassin Bayes database rebuild preparing Mar 7 21:58:12 mx2 MailScanner[10568]: SpamAssassin Bayes database rebuild starting Mar 7 21:59:38 mx2 MailScanner[10568]: SpamAssassin Bayes database rebuild completed Mar 7 21:59:38 mx2 MailScanner[10568]: Rebuilding SpamAssassin Bayes database What I find curious is the log message "Rebuilding SpamAssassin Bayes database", which comes _after_ the completed message??? Am I doing something wrong? I have read and re-read the docs regarding this and I have never been able to not have these annoying expire files appear. Thanks in advance, Chris ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Mar 8 21:04:40 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:54 2006 Subject: Outstanding feature/fix requests? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] If you have a lot of address patterns that produce the same result, you can rewrite the rule so that it contains a filename instead of the address pattern. The rule will be replicated for each of the address patterns in the named file. So instead of putting this in a ruleset: From: a@b.com yes From: *@c.com yes From: d@* yes From: 127.0.0.1 yes From: 152.78. yes From: 10.1. no From: default no You can use this: From: /etc/MailScanner.conf/spam.whitelist.addresses yes From: 10.1. no From: default no And then in /etc/MailScanner.conf/spam.whitelist.addresses you put this: a@b.com *@c.com d@* 127.0.0.1 152.78. And files like the one above can contain the names of files containing yet more addresses. You can nest them up to 4 layers deep (intentional arbitrary limit to stop you making loops by mistake). Derek Winkler wrote: >Include statements in rule/config files? > >No nesting necessary since it makes it messy. > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >Behalf Of Julian Field >Sent: Sunday, March 06, 2005 11:42 AM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Outstanding feature/fix requests? > > >Other than a minor cosmetic one I can't reproduce, I don't think I have >any outstanding requests for fixes. > >Does anyone know of any fixes or features they would like to see, that I >haven't yet done? > >-- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >This email and any files transmitted with it are confidential and >proprietary to Algorithmics Incorporated and its affiliates >("Algorithmics"). If received in error, use is prohibited. Please destroy, >and notify sender. Sender does not waive confidentiality or privilege. >Internet communications cannot be guaranteed to be timely, secure, error or >virus-free. Algorithmics does not accept liability for any errors or >omissions. Any commitment intended to bind Algorithmics must be reduced to >writing and signed by an authorized signatory. > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dwinkler at ALGORITHMICS.COM Tue Mar 8 21:04:53 2005 From: dwinkler at ALGORITHMICS.COM (Derek Winkler) Date: Thu Jan 12 21:28:54 2006 Subject: Outstanding feature/fix requests? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] What's the syntax for rules containing and statements? -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Julian Field Sent: Tuesday, March 08, 2005 4:05 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Outstanding feature/fix requests? If you have a lot of address patterns that produce the same result, you can rewrite the rule so that it contains a filename instead of the address pattern. The rule will be replicated for each of the address patterns in the named file. So instead of putting this in a ruleset: From: a@b.com yes From: *@c.com yes From: d@* yes From: 127.0.0.1 yes From: 152.78. yes From: 10.1. no From: default no You can use this: From: /etc/MailScanner.conf/spam.whitelist.addresses yes From: 10.1. no From: default no And then in /etc/MailScanner.conf/spam.whitelist.addresses you put this: a@b.com *@c.com d@* 127.0.0.1 152.78. And files like the one above can contain the names of files containing yet more addresses. You can nest them up to 4 layers deep (intentional arbitrary limit to stop you making loops by mistake). Derek Winkler wrote: >Include statements in rule/config files? > >No nesting necessary since it makes it messy. > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >Behalf Of Julian Field >Sent: Sunday, March 06, 2005 11:42 AM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Outstanding feature/fix requests? > > >Other than a minor cosmetic one I can't reproduce, I don't think I have >any outstanding requests for fixes. > >Does anyone know of any fixes or features they would like to see, that I >haven't yet done? > >-- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >This email and any files transmitted with it are confidential and >proprietary to Algorithmics Incorporated and its affiliates >("Algorithmics"). If received in error, use is prohibited. Please destroy, >and notify sender. Sender does not waive confidentiality or privilege. >Internet communications cannot be guaranteed to be timely, secure, error or >virus-free. Algorithmics does not accept liability for any errors or >omissions. Any commitment intended to bind Algorithmics must be reduced to >writing and signed by an authorized signatory. > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email and any files transmitted with it are confidential and proprietary to Algorithmics Incorporated and its affiliates ("Algorithmics"). If received in error, use is prohibited. Please destroy, and notify sender. Sender does not waive confidentiality or privilege. Internet communications cannot be guaranteed to be timely, secure, error or virus-free. Algorithmics does not accept liability for any errors or omissions. Any commitment intended to bind Algorithmics must be reduced to writing and signed by an authorized signatory. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From wintermutecx at gmail.com Tue Mar 8 21:01:03 2005 From: wintermutecx at gmail.com (Dave) Date: Thu Jan 12 21:28:54 2006 Subject: Outstanding feature/fix requests? Message-ID: On Sun, 6 Mar 2005 16:41:47 +0000, Julian Field wrote: > Other than a minor cosmetic one I can't reproduce, I don't think I have > any outstanding requests for fixes. > > Does anyone know of any fixes or features they would like to see, that I > haven't yet done? Is it possible to have a separate action for the SBL+XBL mail? About 25% of the SBL+XBL tagged mail here is legit and I'm afraid I've missed some ham. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Mar 8 21:22:39 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:54 2006 Subject: Outstanding feature/fix requests? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Direction: address-pattern and Direction: address-pattern result So for example: From: domain.com and to: customer.com store,deliver This could be used in, for example, Non-Spam Actions, and would cause non-spam mail going from domain.com to customer.com to be stored in the quarantine as well as being delivered. Derek Winkler wrote: >What's the syntax for rules containing and statements? > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >Behalf Of Julian Field >Sent: Tuesday, March 08, 2005 4:05 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Outstanding feature/fix requests? > > >If you have a lot of address patterns that produce the same result, you >can rewrite the rule so that it contains a filename instead of the >address pattern. The rule will be replicated for each of the address >patterns in the named file. > >So instead of putting this in a ruleset: >From: a@b.com yes >From: *@c.com yes >From: d@* yes >From: 127.0.0.1 yes >From: 152.78. yes >From: 10.1. no >From: default no > >You can use this: >From: /etc/MailScanner.conf/spam.whitelist.addresses yes >From: 10.1. no >From: default no > >And then in /etc/MailScanner.conf/spam.whitelist.addresses you put this: >a@b.com >*@c.com >d@* >127.0.0.1 >152.78. > >And files like the one above can contain the names of files containing >yet more addresses. You can nest them up to 4 layers deep (intentional >arbitrary limit to stop you making loops by mistake). > > >Derek Winkler wrote: > > > >>Include statements in rule/config files? >> >>No nesting necessary since it makes it messy. >> >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >>Behalf Of Julian Field >>Sent: Sunday, March 06, 2005 11:42 AM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Outstanding feature/fix requests? >> >> >>Other than a minor cosmetic one I can't reproduce, I don't think I have >>any outstanding requests for fixes. >> >>Does anyone know of any fixes or features they would like to see, that I >>haven't yet done? >> >>-- >>Julian Field >>www.MailScanner.info >>Buy the MailScanner book at www.MailScanner.info/store >>Professional Support Services at www.MailScanner.biz >>MailScanner thanks transtec Computers for their support >> >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >>This email and any files transmitted with it are confidential and >>proprietary to Algorithmics Incorporated and its affiliates >>("Algorithmics"). If received in error, use is prohibited. Please >> >> >destroy, > > >>and notify sender. Sender does not waive confidentiality or privilege. >>Internet communications cannot be guaranteed to be timely, secure, error or >>virus-free. Algorithmics does not accept liability for any errors or >>omissions. Any commitment intended to bind Algorithmics must be reduced to >>writing and signed by an authorized signatory. >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> >> >> > >-- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >This email and any files transmitted with it are confidential and >proprietary to Algorithmics Incorporated and its affiliates >("Algorithmics"). If received in error, use is prohibited. Please destroy, >and notify sender. Sender does not waive confidentiality or privilege. >Internet communications cannot be guaranteed to be timely, secure, error or >virus-free. Algorithmics does not accept liability for any errors or >omissions. Any commitment intended to bind Algorithmics must be reduced to >writing and signed by an authorized signatory. > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dwinkler at ALGORITHMICS.COM Tue Mar 8 21:26:12 2005 From: dwinkler at ALGORITHMICS.COM (Derek Winkler) Date: Thu Jan 12 21:28:54 2006 Subject: Outstanding feature/fix requests? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Yes but using files and keeping the LHS associated with the RHS of the and. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Julian Field Sent: Tuesday, March 08, 2005 4:23 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Outstanding feature/fix requests? Direction: address-pattern and Direction: address-pattern result So for example: From: domain.com and to: customer.com store,deliver This could be used in, for example, Non-Spam Actions, and would cause non-spam mail going from domain.com to customer.com to be stored in the quarantine as well as being delivered. Derek Winkler wrote: >What's the syntax for rules containing and statements? > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >Behalf Of Julian Field >Sent: Tuesday, March 08, 2005 4:05 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Outstanding feature/fix requests? > > >If you have a lot of address patterns that produce the same result, you >can rewrite the rule so that it contains a filename instead of the >address pattern. The rule will be replicated for each of the address >patterns in the named file. > >So instead of putting this in a ruleset: >From: a@b.com yes >From: *@c.com yes >From: d@* yes >From: 127.0.0.1 yes >From: 152.78. yes >From: 10.1. no >From: default no > >You can use this: >From: /etc/MailScanner.conf/spam.whitelist.addresses yes >From: 10.1. no >From: default no > >And then in /etc/MailScanner.conf/spam.whitelist.addresses you put this: >a@b.com >*@c.com >d@* >127.0.0.1 >152.78. > >And files like the one above can contain the names of files containing >yet more addresses. You can nest them up to 4 layers deep (intentional >arbitrary limit to stop you making loops by mistake). > > >Derek Winkler wrote: > > > >>Include statements in rule/config files? >> >>No nesting necessary since it makes it messy. >> >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >>Behalf Of Julian Field >>Sent: Sunday, March 06, 2005 11:42 AM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Outstanding feature/fix requests? >> >> >>Other than a minor cosmetic one I can't reproduce, I don't think I have >>any outstanding requests for fixes. >> >>Does anyone know of any fixes or features they would like to see, that I >>haven't yet done? >> >>-- >>Julian Field This email and any files transmitted with it are confidential and proprietary to Algorithmics Incorporated and its affiliates ("Algorithmics"). If received in error, use is prohibited. Please destroy, and notify sender. Sender does not waive confidentiality or privilege. Internet communications cannot be guaranteed to be timely, secure, error or virus-free. Algorithmics does not accept liability for any errors or omissions. Any commitment intended to bind Algorithmics must be reduced to writing and signed by an authorized signatory. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Mar 8 21:38:06 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:54 2006 Subject: bayes expire tokens Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Chris Conn wrote: > Hello, > > I am still facing problems with Bayes token expiry. In my > MailScanner.conf file, I have: > > Rebuild Bayes Every = 86400 > > and > > Wait During Bayes Rebuild = yes > > in /etc/mail/spamassassin/local.cf I have: > > bayes_auto_expire 0 > > in /etc/MailScanner/spam.assassin.prefs.conf I have: > > bayes_path /var/spool/MailScanner/spamassassin/bayes > bayes_file_mode 0600 > use_bayes 1 > bayes_auto_expire 0 (again, since it did not seem to be working in > local.cf) > > I am using MailScanner 4.37.7, which supposedly has resolved this issue, > yet in /var/spool/MailScanner/spamassassin/, I have > > 121533 Mar 8 16:00 bayes_journal > 335876096 Mar 8 15:59 bayes_seen > 21909504 Mar 8 15:59 bayes_toks > 5976064 Mar 7 22:03 bayes_toks.expire11073 > 9482240 Mar 8 00:44 bayes_toks.expire1211 > 10518528 Mar 7 22:13 bayes_toks.expire12709 > 10121216 Mar 7 22:19 bayes_toks.expire13541 > 9842688 Mar 7 22:24 bayes_toks.expire14207 > 10113024 Mar 7 22:30 bayes_toks.expire15013 > 10076160 Mar 7 22:35 bayes_toks.expire15666 > 9781248 Mar 7 22:40 bayes_toks.expire16569 > 9904128 Mar 7 22:46 bayes_toks.expire17311 > 9678848 Mar 7 22:51 bayes_toks.expire18116 > 9682944 Mar 7 22:56 bayes_toks.expire18905 > 9478144 Mar 8 00:50 bayes_toks.expire1958 > 9756672 Mar 7 23:01 bayes_toks.expire19619 > 9773056 Mar 7 23:07 bayes_toks.expire20537 > 9789440 Mar 7 23:13 bayes_toks.expire21248 > 9883648 Mar 7 23:18 bayes_toks.expire22052 > 9482240 Mar 7 23:23 bayes_toks.expire22802 > 9449472 Mar 7 23:28 bayes_toks.expire23494 > 9531392 Mar 7 23:34 bayes_toks.expire24158 > 9486336 Mar 7 23:39 bayes_toks.expire24781 > 9474048 Mar 7 23:44 bayes_toks.expire25327 > 9486336 Mar 8 00:55 bayes_toks.expire2551 > 9465856 Mar 7 23:49 bayes_toks.expire25930 > 5263360 Mar 7 23:55 bayes_toks.expire26710 > 9469952 Mar 8 00:00 bayes_toks.expire27390 > 9482240 Mar 8 00:06 bayes_toks.expire28351 > 9465856 Mar 8 00:12 bayes_toks.expire29198 > 9469952 Mar 8 00:17 bayes_toks.expire30081 > 9469952 Mar 8 00:22 bayes_toks.expire30748 > 9490432 Mar 8 00:27 bayes_toks.expire31316 > 9482240 Mar 8 01:01 bayes_toks.expire3174 > 9486336 Mar 8 00:33 bayes_toks.expire31978 > 9469952 Mar 8 01:06 bayes_toks.expire3845 > 9465856 Mar 8 01:11 bayes_toks.expire4458 > 9482240 Mar 8 00:39 bayes_toks.expire460 > 5263360 Mar 8 01:16 bayes_toks.expire5055 > 9469952 Mar 8 01:22 bayes_toks.expire5617 > 9469952 Mar 8 01:28 bayes_toks.expire6292 > 9465856 Mar 8 01:34 bayes_toks.expire6996 > 9465856 Mar 8 01:40 bayes_toks.expire7772 > 9469952 Mar 8 01:45 bayes_toks.expire8319 > 9474048 Mar 8 01:51 bayes_toks.expire9002 > 9486336 Mar 8 01:57 bayes_toks.expire9720 > > Here is what my logs have to say for yesterday's expiry: > > Mar 7 21:58:12 mx2 MailScanner[10568]: Bayes database rebuild is due > Mar 7 21:58:12 mx2 MailScanner[10568]: SpamAssassin Bayes database > rebuild preparing > Mar 7 21:58:12 mx2 MailScanner[10568]: SpamAssassin Bayes database > rebuild starting > Mar 7 21:59:38 mx2 MailScanner[10568]: SpamAssassin Bayes database > rebuild completed > Mar 7 21:59:38 mx2 MailScanner[10568]: Rebuilding SpamAssassin Bayes > database > > What I find curious is the log message "Rebuilding SpamAssassin Bayes > database", which comes _after_ the completed message??? It comes from a call in line 165 of SA.pm. You can safely just comment it out, I can't see why that line is there. > Am I doing something wrong? I have read and re-read the docs regarding > this and I have never been able to not have these annoying expire files > appear. Very good question. I don't know the answer to that one at the moment. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Mar 8 21:39:09 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:54 2006 Subject: Outstanding feature/fix requests? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Don't understand your question :( Derek Winkler wrote: >Yes but using files and keeping the LHS associated with the RHS of the and. > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >Behalf Of Julian Field >Sent: Tuesday, March 08, 2005 4:23 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Outstanding feature/fix requests? > > >Direction: address-pattern and Direction: address-pattern result >So for example: > >From: domain.com and to: customer.com store,deliver > >This could be used in, for example, Non-Spam Actions, and would cause >non-spam mail going from domain.com to customer.com to be stored in the >quarantine as well as being delivered. > >Derek Winkler wrote: > > > >>What's the syntax for rules containing and statements? >> >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >>Behalf Of Julian Field >>Sent: Tuesday, March 08, 2005 4:05 PM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: Outstanding feature/fix requests? >> >> >>If you have a lot of address patterns that produce the same result, you >>can rewrite the rule so that it contains a filename instead of the >>address pattern. The rule will be replicated for each of the address >>patterns in the named file. >> >>So instead of putting this in a ruleset: >>From: a@b.com yes >>From: *@c.com yes >>From: d@* yes >>From: 127.0.0.1 yes >>From: 152.78. yes >>From: 10.1. no >>From: default no >> >>You can use this: >>From: /etc/MailScanner.conf/spam.whitelist.addresses yes >>From: 10.1. no >>From: default no >> >>And then in /etc/MailScanner.conf/spam.whitelist.addresses you put this: >>a@b.com >>*@c.com >>d@* >>127.0.0.1 >>152.78. >> >>And files like the one above can contain the names of files containing >>yet more addresses. You can nest them up to 4 layers deep (intentional >>arbitrary limit to stop you making loops by mistake). >> >> >>Derek Winkler wrote: >> >> >> >> >> >>>Include statements in rule/config files? >>> >>>No nesting necessary since it makes it messy. >>> >>>-----Original Message----- >>>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >>>Behalf Of Julian Field >>>Sent: Sunday, March 06, 2005 11:42 AM >>>To: MAILSCANNER@JISCMAIL.AC.UK >>>Subject: Outstanding feature/fix requests? >>> >>> >>>Other than a minor cosmetic one I can't reproduce, I don't think I have >>>any outstanding requests for fixes. >>> >>>Does anyone know of any fixes or features they would like to see, that I >>>haven't yet done? >>> >>>-- >>>Julian Field >>> >>> > > >This email and any files transmitted with it are confidential and >proprietary to Algorithmics Incorporated and its affiliates >("Algorithmics"). If received in error, use is prohibited. Please destroy, >and notify sender. Sender does not waive confidentiality or privilege. >Internet communications cannot be guaranteed to be timely, secure, error or >virus-free. Algorithmics does not accept liability for any errors or >omissions. Any commitment intended to bind Algorithmics must be reduced to >writing and signed by an authorized signatory. > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jase at SENSIS.COM Tue Mar 8 21:44:11 2005 From: jase at SENSIS.COM (Desai, Jason) Date: Thu Jan 12 21:28:54 2006 Subject: Outstanding feature/fix requests? Message-ID: Thanks for checking into it. I am running an older version of MailScanner (4.34.8), and using commas to separate the actions did not help. I don't recall seeing anything in changelogs that addressed this, but maybe I missed it. Anyways, thought you'd like to know. Thanks again! Jase Julian Field wrote: > You can work around this in the mean time by separating the actions > with commas instead of spaces. > But yes, I will take a look. It's a very nasty one :-( > > Desai, Jason wrote: > >> If it's not too late, can you fix the bug with rulesets containing >> multiple actions as well as a To: and a From: condition? >> >> See also >> http://article.gmane.org/gmane.mail.virus.mailscanner/20046/. >> >> Thanks! >> >> Jase >> >> Julian Field wrote: >> >> >>> Other than a minor cosmetic one I can't reproduce, I don't think I >>> have any outstanding requests for fixes. >>> >>> Does anyone know of any fixes or features they would like to see, >>> that I haven't yet done? >>> >>> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dwinkler at ALGORITHMICS.COM Tue Mar 8 21:41:07 2005 From: dwinkler at ALGORITHMICS.COM (Derek Winkler) Date: Thu Jan 12 21:28:54 2006 Subject: Outstanding feature/fix requests? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] How do you do this with file... From: whoever@whatever.com and To: somebody@somewhere.com yes Ummmm.... From: /etc/MailScanner.conf/spam.whitelist.addresses yes with /etc/MailScanner.conf/spam.whitelist.addresses containing... whoever@whatever.com and To: somebody@somewhere.com -OR- ??? -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Julian Field Sent: Tuesday, March 08, 2005 4:39 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Outstanding feature/fix requests? Don't understand your question :( Derek Winkler wrote: >Yes but using files and keeping the LHS associated with the RHS of the and. > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >Behalf Of Julian Field >Sent: Tuesday, March 08, 2005 4:23 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Outstanding feature/fix requests? > > >Direction: address-pattern and Direction: address-pattern result >So for example: > >From: domain.com and to: customer.com store,deliver > >This could be used in, for example, Non-Spam Actions, and would cause >non-spam mail going from domain.com to customer.com to be stored in the >quarantine as well as being delivered. > >Derek Winkler wrote: > > > >>What's the syntax for rules containing and statements? >> >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >>Behalf Of Julian Field >>Sent: Tuesday, March 08, 2005 4:05 PM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: Outstanding feature/fix requests? >> >> >>If you have a lot of address patterns that produce the same result, you >>can rewrite the rule so that it contains a filename instead of the >>address pattern. The rule will be replicated for each of the address >>patterns in the named file. >> >>So instead of putting this in a ruleset: >>From: a@b.com yes >>From: *@c.com yes >>From: d@* yes >>From: 127.0.0.1 yes >>From: 152.78. yes >>From: 10.1. no >>From: default no >> >>You can use this: >>From: /etc/MailScanner.conf/spam.whitelist.addresses yes >>From: 10.1. no >>From: default no >> >>And then in /etc/MailScanner.conf/spam.whitelist.addresses you put this: >>a@b.com >>*@c.com >>d@* >>127.0.0.1 >>152.78. >> >>And files like the one above can contain the names of files containing >>yet more addresses. You can nest them up to 4 layers deep (intentional >>arbitrary limit to stop you making loops by mistake). >> >> >>Derek Winkler wrote: >> >> >> >> >> >>>Include statements in rule/config files? >>> >>>No nesting necessary since it makes it messy. >>> >>>-----Original Message----- >>>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >>>Behalf Of Julian Field >>>Sent: Sunday, March 06, 2005 11:42 AM >>>To: MAILSCANNER@JISCMAIL.AC.UK >>>Subject: Outstanding feature/fix requests? >>> >>> >>>Other than a minor cosmetic one I can't reproduce, I don't think I have >>>any outstanding requests for fixes. >>> >>>Does anyone know of any fixes or features they would like to see, that I >>>haven't yet done? >>> >>>-- >>>Julian Field >>> >>> This email and any files transmitted with it are confidential and proprietary to Algorithmics Incorporated and its affiliates ("Algorithmics"). If received in error, use is prohibited. Please destroy, and notify sender. Sender does not waive confidentiality or privilege. Internet communications cannot be guaranteed to be timely, secure, error or virus-free. Algorithmics does not accept liability for any errors or omissions. Any commitment intended to bind Algorithmics must be reduced to writing and signed by an authorized signatory. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From zen23003 at ZEN.CO.UK Tue Mar 8 21:47:18 2005 From: zen23003 at ZEN.CO.UK (Paul Welsh) Date: Thu Jan 12 21:28:54 2006 Subject: Panda not working Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Steen, Glenn > Sent: 08 March 2005 11:56 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Panda not working > > > Interresting.... I'm testing with the "free" version rpm. > > Some info and runs: > # rpm -qi pavcl > Name : pavcl Relocations: (not > relocatable) > Version : 7.01.00 Vendor: (none) > Release : 1 Build Date: ons > 11 aug 2004 13.37.00 > Install Date: mån 7 mar 2005 15.24.09 Build Host: spd > Group : Applications/System Source RPM: > pavcl-7.01.00-1.src.rpm > Size : 8964781 License: Panda > Sowftware International > Signature : (none) > Summary : Panda Antivirus for Linux 7.01.00.0004 Here's the "current" version of pavcl from the registered users section of Panda's site http://enterprises.pandasoftware.com/acs/software/secure/pavcl/pavcl_linux_i 386.rpm # rpm -qi pavcl Name : pavcl Relocations: (not relocateable) Version : 7.0 Vendor: (none) Release : 1 Build Date: Tue 01 Jul 2003 07:57:05 BST Install Date: Tue 08 Mar 2005 20:47:22 GMT Build Host: spd Group : Applications/System Source RPM: pavcl-7.0-1.src.rpm Size : 5145014 License: Panda Sowftware International Signature : (none) Summary : Panda Antivirus for Linux 7.0 Anyow, it doesn't work with MailScanner. No viruses were found by Panda today. F-Prot and Bitdefender found 126 each and ClamAV 133. One other point. Yesterday you advised testing it with the -HEU option in order to "Activate heuristic detection method". I delete viruses so isn't using heuristic detection a bit dangerous? I must say, I'm getting rather tired of Panda... ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Mar 8 21:51:52 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:54 2006 Subject: Outstanding feature/fix requests? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] From: /etc/MailScanner/from.addresses and To: /etc/MailScanner/to.addresses yes should work. Derek Winkler wrote: >How do you do this with file... > >From: whoever@whatever.com and To: somebody@somewhere.com yes > >Ummmm.... > >From: /etc/MailScanner.conf/spam.whitelist.addresses yes > >with /etc/MailScanner.conf/spam.whitelist.addresses containing... > >whoever@whatever.com and To: somebody@somewhere.com > >-OR- > >??? > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >Behalf Of Julian Field >Sent: Tuesday, March 08, 2005 4:39 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Outstanding feature/fix requests? > > >Don't understand your question :( > >Derek Winkler wrote: > > > >>Yes but using files and keeping the LHS associated with the RHS of the and. >> >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >>Behalf Of Julian Field >>Sent: Tuesday, March 08, 2005 4:23 PM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: Outstanding feature/fix requests? >> >> >>Direction: address-pattern and Direction: address-pattern result >>So for example: >> >>From: domain.com and to: customer.com store,deliver >> >>This could be used in, for example, Non-Spam Actions, and would cause >>non-spam mail going from domain.com to customer.com to be stored in the >>quarantine as well as being delivered. >> >>Derek Winkler wrote: >> >> >> >> >> >>>What's the syntax for rules containing and statements? >>> >>>-----Original Message----- >>>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >>>Behalf Of Julian Field >>>Sent: Tuesday, March 08, 2005 4:05 PM >>>To: MAILSCANNER@JISCMAIL.AC.UK >>>Subject: Re: Outstanding feature/fix requests? >>> >>> >>>If you have a lot of address patterns that produce the same result, you >>>can rewrite the rule so that it contains a filename instead of the >>>address pattern. The rule will be replicated for each of the address >>>patterns in the named file. >>> >>>So instead of putting this in a ruleset: >>>From: a@b.com yes >>>From: *@c.com yes >>>From: d@* yes >>>From: 127.0.0.1 yes >>>From: 152.78. yes >>>From: 10.1. no >>>From: default no >>> >>>You can use this: >>>From: /etc/MailScanner.conf/spam.whitelist.addresses yes >>>From: 10.1. no >>>From: default no >>> >>>And then in /etc/MailScanner.conf/spam.whitelist.addresses you put this: >>>a@b.com >>>*@c.com >>>d@* >>>127.0.0.1 >>>152.78. >>> >>>And files like the one above can contain the names of files containing >>>yet more addresses. You can nest them up to 4 layers deep (intentional >>>arbitrary limit to stop you making loops by mistake). >>> >>> >>>Derek Winkler wrote: >>> >>> >>> >>> >>> >>> >>> >>>>Include statements in rule/config files? >>>> >>>>No nesting necessary since it makes it messy. >>>> >>>>-----Original Message----- >>>>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >>>>Behalf Of Julian Field >>>>Sent: Sunday, March 06, 2005 11:42 AM >>>>To: MAILSCANNER@JISCMAIL.AC.UK >>>>Subject: Outstanding feature/fix requests? >>>> >>>> >>>>Other than a minor cosmetic one I can't reproduce, I don't think I have >>>>any outstanding requests for fixes. >>>> >>>>Does anyone know of any fixes or features they would like to see, that I >>>>haven't yet done? >>>> >>>>-- >>>>Julian Field >>>> >>>> >>>> >>>> > > >This email and any files transmitted with it are confidential and >proprietary to Algorithmics Incorporated and its affiliates >("Algorithmics"). If received in error, use is prohibited. Please destroy, >and notify sender. Sender does not waive confidentiality or privilege. >Internet communications cannot be guaranteed to be timely, secure, error or >virus-free. Algorithmics does not accept liability for any errors or >omissions. Any commitment intended to bind Algorithmics must be reduced to >writing and signed by an authorized signatory. > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jase at SENSIS.COM Tue Mar 8 21:52:25 2005 From: jase at SENSIS.COM (Desai, Jason) Date: Thu Jan 12 21:28:54 2006 Subject: bayes expire tokens Message-ID: Julian Field wrote: > Chris Conn wrote: >> Here is what my logs have to say for yesterday's expiry: >> >> Mar 7 21:58:12 mx2 MailScanner[10568]: Bayes database rebuild is due >> Mar 7 21:58:12 mx2 MailScanner[10568]: SpamAssassin Bayes database >> rebuild preparing Mar 7 21:58:12 mx2 MailScanner[10568]: >> SpamAssassin Bayes database rebuild starting Mar 7 21:59:38 mx2 >> MailScanner[10568]: SpamAssassin Bayes database rebuild completed >> Mar 7 21:59:38 mx2 MailScanner[10568]: Rebuilding SpamAssassin >> Bayes database >> >> What I find curious is the log message "Rebuilding SpamAssassin Bayes >> database", which comes _after_ the completed message??? > > It comes from a call in line 165 of SA.pm. You can safely just comment > it out, I can't see why that line is there. I pointed this out last year (http://article.gmane.org/gmane.mail.virus.mailscanner/12754/). Could it be that you meant to log that rebuilding the database was complete? Jase ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cconn at ABACOM.COM Tue Mar 8 21:55:21 2005 From: cconn at ABACOM.COM (Chris Conn) Date: Thu Jan 12 21:28:54 2006 Subject: bayes expire tokens Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] >> Am I doing something wrong? I have read and re-read the docs regarding >> this and I have never been able to not have these annoying expire files >> appear. > > > Very good question. I don't know the answer to that one at the moment. > Hello, Does this mean I am alone? I have 3 servers that do this, however they are in essense clones of each other (they were 12 months ago when they were set up, they have been upgraded MailScanner versions independantly since then). I am not running spamd and only MailScanner can reference SpamAssassin on these boxes. More logs I found: Mar 7 22:03:10 mx2 MailScanner[10568]: Delete bayes lockfile for 11073 Mar 7 22:13:26 mx2 MailScanner[10568]: Delete bayes lockfile for 12709 Mar 7 22:19:20 mx2 MailScanner[10568]: Delete bayes lockfile for 13541 Mar 7 22:24:35 mx2 MailScanner[10568]: Delete bayes lockfile for 14207 Mar 7 22:30:06 mx2 MailScanner[10568]: Delete bayes lockfile for 15013 Mar 7 22:35:15 mx2 MailScanner[10568]: Delete bayes lockfile for 15666 Mar 7 22:40:20 mx2 MailScanner[10568]: Delete bayes lockfile for 16569 Mar 7 22:46:09 mx2 MailScanner[10568]: Delete bayes lockfile for 17311 Mar 7 22:51:13 mx2 MailScanner[10568]: Delete bayes lockfile for 18116 Mar 7 22:56:33 mx2 MailScanner[10568]: Delete bayes lockfile for 18905 Mar 7 23:01:55 mx2 MailScanner[10568]: Delete bayes lockfile for 19619 Mar 7 23:07:51 mx2 MailScanner[10568]: Delete bayes lockfile for 20537 Mar 7 23:13:20 mx2 MailScanner[10568]: Delete bayes lockfile for 21248 Mar 7 23:18:45 mx2 MailScanner[10568]: Delete bayes lockfile for 22052 Mar 7 23:23:49 mx2 MailScanner[10568]: Delete bayes lockfile for 22802 Mar 7 23:28:59 mx2 MailScanner[10568]: Delete bayes lockfile for 23494 Mar 7 23:34:09 mx2 MailScanner[10568]: Delete bayes lockfile for 24158 Mar 7 23:39:21 mx2 MailScanner[10568]: Delete bayes lockfile for 24781 Mar 7 23:44:54 mx2 MailScanner[10568]: Delete bayes lockfile for 25327 Mar 7 23:49:54 mx2 MailScanner[10568]: Delete bayes lockfile for 25930 Mar 7 23:55:39 mx2 MailScanner[10568]: Delete bayes lockfile for 26710 Mar 8 00:00:48 mx2 MailScanner[10568]: Delete bayes lockfile for 27390 Mar 8 00:06:21 mx2 MailScanner[10568]: Delete bayes lockfile for 28351 Mar 8 00:12:32 mx2 MailScanner[10568]: Delete bayes lockfile for 29198 Mar 8 00:17:38 mx2 MailScanner[10568]: Delete bayes lockfile for 30081 Mar 8 00:22:52 mx2 MailScanner[10568]: Delete bayes lockfile for 30748 Mar 8 00:27:59 mx2 MailScanner[10568]: Delete bayes lockfile for 31316 Mar 8 00:33:03 mx2 MailScanner[10568]: Delete bayes lockfile for 31978 Mar 8 00:39:29 mx2 MailScanner[10568]: Delete bayes lockfile for 460 Mar 8 00:44:50 mx2 MailScanner[10568]: Delete bayes lockfile for 1211 Mar 8 00:50:33 mx2 MailScanner[10568]: Delete bayes lockfile for 1958 Mar 8 00:55:39 mx2 MailScanner[10568]: Delete bayes lockfile for 2551 Mar 8 01:01:16 mx2 MailScanner[10568]: Delete bayes lockfile for 3174 Mar 8 01:06:26 mx2 MailScanner[10568]: Delete bayes lockfile for 3845 Mar 8 01:11:36 mx2 MailScanner[10568]: Delete bayes lockfile for 4458 Mar 8 01:16:45 mx2 MailScanner[10568]: Delete bayes lockfile for 5055 Mar 8 01:22:37 mx2 MailScanner[10568]: Delete bayes lockfile for 5617 Mar 8 01:28:14 mx2 MailScanner[10568]: Delete bayes lockfile for 6292 Mar 8 01:34:25 mx2 MailScanner[10568]: Delete bayes lockfile for 6996 Mar 8 01:40:04 mx2 MailScanner[10568]: Delete bayes lockfile for 7772 Mar 8 01:45:13 mx2 MailScanner[10568]: Delete bayes lockfile for 8319 Mar 8 01:51:47 mx2 MailScanner[10568]: Delete bayes lockfile for 9002 Mar 8 01:57:52 mx2 MailScanner[10568]: Delete bayes lockfile for 9720 and Mar 7 22:03:09 mx2 MailScanner[10568]: SpamAssassin timed out and was killed, failure 1 of 20 Mar 7 22:13:25 mx2 MailScanner[10568]: SpamAssassin timed out and was killed, failure 0 of 20 Mar 7 22:19:19 mx2 MailScanner[10568]: SpamAssassin timed out and was killed, failure 0 of 20 Mar 7 22:24:34 mx2 MailScanner[10568]: SpamAssassin timed out and was killed, failure 0 of 20 Mar 7 22:30:05 mx2 MailScanner[10568]: SpamAssassin timed out and was killed, failure 0 of 20 Mar 7 22:35:14 mx2 MailScanner[10568]: SpamAssassin timed out and was killed, failure 0 of 20 Mar 7 22:40:19 mx2 MailScanner[10568]: SpamAssassin timed out and was killed, failure 0 of 20 Mar 7 22:46:08 mx2 MailScanner[10568]: SpamAssassin timed out and was killed, failure 0 of 20 Mar 7 22:51:12 mx2 MailScanner[10568]: SpamAssassin timed out and was killed, failure 1 of 20 Mar 7 22:56:32 mx2 MailScanner[10568]: SpamAssassin timed out and was killed, failure 0 of 20 Mar 7 23:01:54 mx2 MailScanner[10568]: SpamAssassin timed out and was killed, failure 0 of 20 Mar 7 23:07:50 mx2 MailScanner[10568]: SpamAssassin timed out and was killed, failure 0 of 20 Mar 7 23:13:19 mx2 MailScanner[10568]: SpamAssassin timed out and was killed, failure 0 of 20 Mar 7 23:18:44 mx2 MailScanner[10568]: SpamAssassin timed out and was killed, failure 2 of 20 Mar 7 23:23:48 mx2 MailScanner[10568]: SpamAssassin timed out and was killed, failure 0 of 20 Mar 7 23:28:58 mx2 MailScanner[10568]: SpamAssassin timed out and was killed, failure 0 of 20 Mar 7 23:34:08 mx2 MailScanner[10568]: SpamAssassin timed out and was killed, failure 0 of 20 Mar 7 23:39:20 mx2 MailScanner[10568]: SpamAssassin timed out and was killed, failure 0 of 20 Mar 7 23:44:53 mx2 MailScanner[10568]: SpamAssassin timed out and was killed, failure 0 of 20 Mar 7 23:49:53 mx2 MailScanner[10568]: SpamAssassin timed out and was killed, failure 0 of 20 Mar 7 23:55:38 mx2 MailScanner[10568]: SpamAssassin timed out and was killed, failure 0 of 20 Mar 8 00:00:47 mx2 MailScanner[10568]: SpamAssassin timed out and was killed, failure 0 of 20 Mar 8 00:06:20 mx2 MailScanner[10568]: SpamAssassin timed out and was killed, failure 0 of 20 Mar 8 00:12:31 mx2 MailScanner[10568]: SpamAssassin timed out and was killed, failure 0 of 20 Mar 8 00:17:37 mx2 MailScanner[10568]: SpamAssassin timed out and was killed, failure 0 of 20 Mar 8 00:22:51 mx2 MailScanner[10568]: SpamAssassin timed out and was killed, failure 0 of 20 Mar 8 00:27:58 mx2 MailScanner[10568]: SpamAssassin timed out and was killed, failure 0 of 20 Mar 8 00:33:02 mx2 MailScanner[10568]: SpamAssassin timed out and was killed, failure 0 of 20 Mar 8 00:39:28 mx2 MailScanner[10568]: SpamAssassin timed out and was killed, failure 0 of 20 Mar 8 00:44:49 mx2 MailScanner[10568]: SpamAssassin timed out and was killed, failure 0 of 20 Mar 8 00:50:32 mx2 MailScanner[10568]: SpamAssassin timed out and was killed, failure 0 of 20 Mar 8 00:55:38 mx2 MailScanner[10568]: SpamAssassin timed out and was killed, failure 0 of 20 Mar 8 01:01:15 mx2 MailScanner[10568]: SpamAssassin timed out and was killed, failure 0 of 20 Mar 8 01:06:25 mx2 MailScanner[10568]: SpamAssassin timed out and was killed, failure 0 of 20 Mar 8 01:11:35 mx2 MailScanner[10568]: SpamAssassin timed out and was killed, failure 0 of 20 Mar 8 01:16:44 mx2 MailScanner[10568]: SpamAssassin timed out and was killed, failure 0 of 20 Mar 8 01:22:36 mx2 MailScanner[10568]: SpamAssassin timed out and was killed, failure 0 of 20 Mar 8 01:28:13 mx2 MailScanner[10568]: SpamAssassin timed out and was killed, failure 2 of 20 Mar 8 01:34:24 mx2 MailScanner[10568]: SpamAssassin timed out and was killed, failure 0 of 20 Mar 8 01:40:03 mx2 MailScanner[10568]: SpamAssassin timed out and was killed, failure 0 of 20 Mar 8 01:45:12 mx2 MailScanner[10568]: SpamAssassin timed out and was killed, failure 0 of 20 Mar 8 01:51:46 mx2 MailScanner[10568]: SpamAssassin timed out and was killed, failure 0 of 20 Mar 8 01:57:51 mx2 MailScanner[10568]: SpamAssassin timed out and was killed, failure 1 of 20 Each file was created after these events. Is it possible that MailScanner is not pausing while it is doing the expiry? I ask this because: Mar 7 21:58:12 mx2 MailScanner[10568]: Bayes database rebuild is due Mar 7 21:58:12 mx2 MailScanner[10568]: SpamAssassin Bayes database rebuild preparing Mar 7 21:58:12 mx2 MailScanner[10568]: SpamAssassin Bayes database rebuild starting and Mar 7 21:58:18 mx2 MailScanner[29837]: New Batch: Scanning 3 messages, 231876 bytes Mar 7 21:58:18 mx2 MailScanner[29837]: Spam Checks: Starting Mar 7 21:59:38 mx2 MailScanner[10568]: SpamAssassin Bayes database rebuild completed Mar 7 21:59:38 mx2 MailScanner[10568]: Rebuilding SpamAssassin Bayes database Mar 7 21:59:51 mx2 MailScanner[29837]: Message j282w4N6010556 from 210.243.155 Mar 7 21:59:51 mx2 MailScanner[29837]: Spam Checks: Found 1 spam messages Mar 7 21:59:51 mx2 MailScanner[29837]: Spam Actions: message j282w4N6010556 ac Mar 7 21:59:52 mx2 MailScanner[29837]: Virus and Content Scanning: Starting Mar 7 21:59:52 mx2 MailScanner[29837]: Content Checks: Detected and will disar Mar 7 21:59:52 mx2 MailScanner[29837]: Uninfected: Delivered 2 messages Mar 7 21:59:52 mx2 MailScanner[29837]: MailScanner child dying of old age Mar 7 21:59:52 mx2 MailScanner[10673]: MailScanner E-Mail Virus Scanner versio Another MailScanner child was scanning while the first one was rebuilding? Thanks again, Chris ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mgt at STELLARCORE.NET Tue Mar 8 21:59:27 2005 From: mgt at STELLARCORE.NET (Mike Tremaine) Date: Thu Jan 12 21:28:54 2006 Subject: bayes expire tokens Message-ID: On Tue, 2005-03-08 at 13:55, Chris Conn wrote: > >> Am I doing something wrong? I have read and re-read the docs regarding > >> this and I have never been able to not have these annoying expire files > >> appear. > > > > > > Very good question. I don't know the answer to that one at the moment. > > > > Hello, > > Does this mean I am alone? I have 3 servers that do this, however they > are in essense clones of each other (they were 12 months ago when they > were set up, they have been upgraded MailScanner versions independantly > since then). I am not running spamd and only MailScanner can reference > SpamAssassin on these boxes. I had this problem on a busy mailgateway I finally set Rebuild Bayes Every = 0 Along with all the other things, and made a cron job to to the expiring. This finally stopped it. -- Mike Tremaine mgt@stellarcore.net http://www.stellarcore.net ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Mar 8 22:05:30 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:54 2006 Subject: bayes expire tokens Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Looks like I need to take another look at this again. One process doing a Bayes rebuild should lock out all the other processes from trying to use SA, or it should make them wait. What is the value of your "Wait For Bayes Rebuild" setting? It may be a little while until I manage to fix this, but it is top of the list of problems to be resolved. Fortunately I have just had a new server delivered this afternoon, and should get my hands on it tomorrow morning, so I will be able to try out some of this stuff on a clean system. Official (and unofficial) thanks are due to the University of Southampton for their very kind donation of a new testing server. I intend making good use of it. Chris Conn wrote: >>> Am I doing something wrong? I have read and re-read the docs regarding >>> this and I have never been able to not have these annoying expire files >>> appear. >> >> >> >> Very good question. I don't know the answer to that one at the moment. >> > > Hello, > > Does this mean I am alone? I have 3 servers that do this, however they > are in essense clones of each other (they were 12 months ago when they > were set up, they have been upgraded MailScanner versions independantly > since then). I am not running spamd and only MailScanner can reference > SpamAssassin on these boxes. > > More logs I found: > > Mar 7 22:03:10 mx2 MailScanner[10568]: Delete bayes lockfile for 11073 > Mar 7 22:13:26 mx2 MailScanner[10568]: Delete bayes lockfile for 12709 > Mar 7 22:19:20 mx2 MailScanner[10568]: Delete bayes lockfile for 13541 > Mar 7 22:24:35 mx2 MailScanner[10568]: Delete bayes lockfile for 14207 > Mar 7 22:30:06 mx2 MailScanner[10568]: Delete bayes lockfile for 15013 > Mar 7 22:35:15 mx2 MailScanner[10568]: Delete bayes lockfile for 15666 > Mar 7 22:40:20 mx2 MailScanner[10568]: Delete bayes lockfile for 16569 > Mar 7 22:46:09 mx2 MailScanner[10568]: Delete bayes lockfile for 17311 > Mar 7 22:51:13 mx2 MailScanner[10568]: Delete bayes lockfile for 18116 > Mar 7 22:56:33 mx2 MailScanner[10568]: Delete bayes lockfile for 18905 > Mar 7 23:01:55 mx2 MailScanner[10568]: Delete bayes lockfile for 19619 > Mar 7 23:07:51 mx2 MailScanner[10568]: Delete bayes lockfile for 20537 > Mar 7 23:13:20 mx2 MailScanner[10568]: Delete bayes lockfile for 21248 > Mar 7 23:18:45 mx2 MailScanner[10568]: Delete bayes lockfile for 22052 > Mar 7 23:23:49 mx2 MailScanner[10568]: Delete bayes lockfile for 22802 > Mar 7 23:28:59 mx2 MailScanner[10568]: Delete bayes lockfile for 23494 > Mar 7 23:34:09 mx2 MailScanner[10568]: Delete bayes lockfile for 24158 > Mar 7 23:39:21 mx2 MailScanner[10568]: Delete bayes lockfile for 24781 > Mar 7 23:44:54 mx2 MailScanner[10568]: Delete bayes lockfile for 25327 > Mar 7 23:49:54 mx2 MailScanner[10568]: Delete bayes lockfile for 25930 > Mar 7 23:55:39 mx2 MailScanner[10568]: Delete bayes lockfile for 26710 > Mar 8 00:00:48 mx2 MailScanner[10568]: Delete bayes lockfile for 27390 > Mar 8 00:06:21 mx2 MailScanner[10568]: Delete bayes lockfile for 28351 > Mar 8 00:12:32 mx2 MailScanner[10568]: Delete bayes lockfile for 29198 > Mar 8 00:17:38 mx2 MailScanner[10568]: Delete bayes lockfile for 30081 > Mar 8 00:22:52 mx2 MailScanner[10568]: Delete bayes lockfile for 30748 > Mar 8 00:27:59 mx2 MailScanner[10568]: Delete bayes lockfile for 31316 > Mar 8 00:33:03 mx2 MailScanner[10568]: Delete bayes lockfile for 31978 > Mar 8 00:39:29 mx2 MailScanner[10568]: Delete bayes lockfile for 460 > Mar 8 00:44:50 mx2 MailScanner[10568]: Delete bayes lockfile for 1211 > Mar 8 00:50:33 mx2 MailScanner[10568]: Delete bayes lockfile for 1958 > Mar 8 00:55:39 mx2 MailScanner[10568]: Delete bayes lockfile for 2551 > Mar 8 01:01:16 mx2 MailScanner[10568]: Delete bayes lockfile for 3174 > Mar 8 01:06:26 mx2 MailScanner[10568]: Delete bayes lockfile for 3845 > Mar 8 01:11:36 mx2 MailScanner[10568]: Delete bayes lockfile for 4458 > Mar 8 01:16:45 mx2 MailScanner[10568]: Delete bayes lockfile for 5055 > Mar 8 01:22:37 mx2 MailScanner[10568]: Delete bayes lockfile for 5617 > Mar 8 01:28:14 mx2 MailScanner[10568]: Delete bayes lockfile for 6292 > Mar 8 01:34:25 mx2 MailScanner[10568]: Delete bayes lockfile for 6996 > Mar 8 01:40:04 mx2 MailScanner[10568]: Delete bayes lockfile for 7772 > Mar 8 01:45:13 mx2 MailScanner[10568]: Delete bayes lockfile for 8319 > Mar 8 01:51:47 mx2 MailScanner[10568]: Delete bayes lockfile for 9002 > Mar 8 01:57:52 mx2 MailScanner[10568]: Delete bayes lockfile for 9720 > > and > > Mar 7 22:03:09 mx2 MailScanner[10568]: SpamAssassin timed out and was > killed, failure 1 of 20 > Mar 7 22:13:25 mx2 MailScanner[10568]: SpamAssassin timed out and was > killed, failure 0 of 20 > Mar 7 22:19:19 mx2 MailScanner[10568]: SpamAssassin timed out and was > killed, failure 0 of 20 > Mar 7 22:24:34 mx2 MailScanner[10568]: SpamAssassin timed out and was > killed, failure 0 of 20 > Mar 7 22:30:05 mx2 MailScanner[10568]: SpamAssassin timed out and was > killed, failure 0 of 20 > Mar 7 22:35:14 mx2 MailScanner[10568]: SpamAssassin timed out and was > killed, failure 0 of 20 > Mar 7 22:40:19 mx2 MailScanner[10568]: SpamAssassin timed out and was > killed, failure 0 of 20 > Mar 7 22:46:08 mx2 MailScanner[10568]: SpamAssassin timed out and was > killed, failure 0 of 20 > Mar 7 22:51:12 mx2 MailScanner[10568]: SpamAssassin timed out and was > killed, failure 1 of 20 > Mar 7 22:56:32 mx2 MailScanner[10568]: SpamAssassin timed out and was > killed, failure 0 of 20 > Mar 7 23:01:54 mx2 MailScanner[10568]: SpamAssassin timed out and was > killed, failure 0 of 20 > Mar 7 23:07:50 mx2 MailScanner[10568]: SpamAssassin timed out and was > killed, failure 0 of 20 > Mar 7 23:13:19 mx2 MailScanner[10568]: SpamAssassin timed out and was > killed, failure 0 of 20 > Mar 7 23:18:44 mx2 MailScanner[10568]: SpamAssassin timed out and was > killed, failure 2 of 20 > Mar 7 23:23:48 mx2 MailScanner[10568]: SpamAssassin timed out and was > killed, failure 0 of 20 > Mar 7 23:28:58 mx2 MailScanner[10568]: SpamAssassin timed out and was > killed, failure 0 of 20 > Mar 7 23:34:08 mx2 MailScanner[10568]: SpamAssassin timed out and was > killed, failure 0 of 20 > Mar 7 23:39:20 mx2 MailScanner[10568]: SpamAssassin timed out and was > killed, failure 0 of 20 > Mar 7 23:44:53 mx2 MailScanner[10568]: SpamAssassin timed out and was > killed, failure 0 of 20 > Mar 7 23:49:53 mx2 MailScanner[10568]: SpamAssassin timed out and was > killed, failure 0 of 20 > Mar 7 23:55:38 mx2 MailScanner[10568]: SpamAssassin timed out and was > killed, failure 0 of 20 > Mar 8 00:00:47 mx2 MailScanner[10568]: SpamAssassin timed out and was > killed, failure 0 of 20 > Mar 8 00:06:20 mx2 MailScanner[10568]: SpamAssassin timed out and was > killed, failure 0 of 20 > Mar 8 00:12:31 mx2 MailScanner[10568]: SpamAssassin timed out and was > killed, failure 0 of 20 > Mar 8 00:17:37 mx2 MailScanner[10568]: SpamAssassin timed out and was > killed, failure 0 of 20 > Mar 8 00:22:51 mx2 MailScanner[10568]: SpamAssassin timed out and was > killed, failure 0 of 20 > Mar 8 00:27:58 mx2 MailScanner[10568]: SpamAssassin timed out and was > killed, failure 0 of 20 > Mar 8 00:33:02 mx2 MailScanner[10568]: SpamAssassin timed out and was > killed, failure 0 of 20 > Mar 8 00:39:28 mx2 MailScanner[10568]: SpamAssassin timed out and was > killed, failure 0 of 20 > Mar 8 00:44:49 mx2 MailScanner[10568]: SpamAssassin timed out and was > killed, failure 0 of 20 > Mar 8 00:50:32 mx2 MailScanner[10568]: SpamAssassin timed out and was > killed, failure 0 of 20 > Mar 8 00:55:38 mx2 MailScanner[10568]: SpamAssassin timed out and was > killed, failure 0 of 20 > Mar 8 01:01:15 mx2 MailScanner[10568]: SpamAssassin timed out and was > killed, failure 0 of 20 > Mar 8 01:06:25 mx2 MailScanner[10568]: SpamAssassin timed out and was > killed, failure 0 of 20 > Mar 8 01:11:35 mx2 MailScanner[10568]: SpamAssassin timed out and was > killed, failure 0 of 20 > Mar 8 01:16:44 mx2 MailScanner[10568]: SpamAssassin timed out and was > killed, failure 0 of 20 > Mar 8 01:22:36 mx2 MailScanner[10568]: SpamAssassin timed out and was > killed, failure 0 of 20 > Mar 8 01:28:13 mx2 MailScanner[10568]: SpamAssassin timed out and was > killed, failure 2 of 20 > Mar 8 01:34:24 mx2 MailScanner[10568]: SpamAssassin timed out and was > killed, failure 0 of 20 > Mar 8 01:40:03 mx2 MailScanner[10568]: SpamAssassin timed out and was > killed, failure 0 of 20 > Mar 8 01:45:12 mx2 MailScanner[10568]: SpamAssassin timed out and was > killed, failure 0 of 20 > Mar 8 01:51:46 mx2 MailScanner[10568]: SpamAssassin timed out and was > killed, failure 0 of 20 > Mar 8 01:57:51 mx2 MailScanner[10568]: SpamAssassin timed out and was > killed, failure 1 of 20 > > Each file was created after these events. Is it possible that > MailScanner is not pausing while it is doing the expiry? I ask this > because: > > > Mar 7 21:58:12 mx2 MailScanner[10568]: Bayes database rebuild is due > Mar 7 21:58:12 mx2 MailScanner[10568]: SpamAssassin Bayes database > rebuild preparing > Mar 7 21:58:12 mx2 MailScanner[10568]: SpamAssassin Bayes database > rebuild starting > > and > > Mar 7 21:58:18 mx2 MailScanner[29837]: New Batch: Scanning 3 messages, > 231876 bytes > Mar 7 21:58:18 mx2 MailScanner[29837]: Spam Checks: Starting > > Mar 7 21:59:38 mx2 MailScanner[10568]: SpamAssassin Bayes database > rebuild completed > Mar 7 21:59:38 mx2 MailScanner[10568]: Rebuilding SpamAssassin Bayes > database > > Mar 7 21:59:51 mx2 MailScanner[29837]: Message j282w4N6010556 from > 210.243.155 > Mar 7 21:59:51 mx2 MailScanner[29837]: Spam Checks: Found 1 spam > messages > Mar 7 21:59:51 mx2 MailScanner[29837]: Spam Actions: message > j282w4N6010556 ac > Mar 7 21:59:52 mx2 MailScanner[29837]: Virus and Content Scanning: > Starting > Mar 7 21:59:52 mx2 MailScanner[29837]: Content Checks: Detected and > will disar > Mar 7 21:59:52 mx2 MailScanner[29837]: Uninfected: Delivered 2 messages > Mar 7 21:59:52 mx2 MailScanner[29837]: MailScanner child dying of old > age > Mar 7 21:59:52 mx2 MailScanner[10673]: MailScanner E-Mail Virus Scanner > versio > > Another MailScanner child was scanning while the first one was > rebuilding? > > Thanks again, > > Chris > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From brad at BECKENHAUER.COM Tue Mar 8 22:06:20 2005 From: brad at BECKENHAUER.COM (Brad Beckenhauer) Date: Thu Jan 12 21:28:54 2006 Subject: Outstanding feature/fix requests? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian, This is definitely on the "minor cosmetic" side of fix and request. Running MailScanner v4.38.9 You've done an excellent job documenting the MailScanner.conf, but there are some options where the availablility of "filename / rulesets" is unclear. Example: # Set the "Information Header" to this value. # This can also be the filename of a ruleset. Information Header Value = Please contact the ISP for more information # Do you want the full spam report, or just a simple "spam / not spam" report? Detailed Spam Report = yes # Do you want to include the numerical scores in the detailed SpamAssassin # report, or just list the names of the scores Include Scores In SpamAssassin Report = yes As shown above, the "Information Header Value" option clearly states it is available as a filename/ruleset. The last two options have no comment indicating if filename/rulesets are available or not available. Please parse the MailScanner.conf and add comments to any options that are missing the comments concerning filename/ruleset availability. Also, if a filename/ruleset is NOT available for an option, add a comment indicating it is not available. thanks! Brad >>> Julian Field 3/6/2005 10:41:47 AM >>> Other than a minor cosmetic one I can't reproduce, I don't think I have any outstanding requests for fixes. Does anyone know of any fixes or features they would like to see, that I haven't yet done? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Mar 8 22:08:55 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:54 2006 Subject: Outstanding feature/fix requests? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Good point. A job for tomorrow morning while waiting for RedHat AS4 to install :-) Brad Beckenhauer wrote: >Julian, >This is definitely on the "minor cosmetic" side of fix and request. >Running MailScanner v4.38.9 > >You've done an excellent job documenting the MailScanner.conf, but there are some options where the availablility of "filename / rulesets" is unclear. > >Example: > ># Set the "Information Header" to this value. ># This can also be the filename of a ruleset. >Information Header Value = Please contact the ISP for more information > ># Do you want the full spam report, or just a simple "spam / not spam" report? >Detailed Spam Report = yes > ># Do you want to include the numerical scores in the detailed SpamAssassin ># report, or just list the names of the scores >Include Scores In SpamAssassin Report = yes > > > >As shown above, the "Information Header Value" option clearly states it is available as a filename/ruleset. The last two options have no comment indicating if filename/rulesets are available or not available. > >Please parse the MailScanner.conf and add comments to any options that are missing the comments concerning filename/ruleset availability. Also, if a filename/ruleset is NOT available for an option, add a comment indicating it is not available. > >thanks! >Brad > > > > > >>>>Julian Field 3/6/2005 10:41:47 AM >>> >>>> >>>> >Other than a minor cosmetic one I can't reproduce, I don't think I have >any outstanding requests for fixes. > >Does anyone know of any fixes or features they would like to see, that I >haven't yet done? > >-- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Tue Mar 8 22:14:51 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:28:54 2006 Subject: When does MS insert envelope headers? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I'm trying to troubleshoot a problem with spamassassin just flagging every message as SPF_FAIL. Investigating I noticed that I had told spamassassin to use the X-Envelope-To header for that purpose. However I had forgotten to tell sendmail or Mailscanner to add it. When I run the message manually thru spamassassin (with an added X-Envelope-To header) it produces a correct result. So I configured MS to add the header (and it does), but the problem persists. Is it possible that MS adds the header only after the SA scan and SA gets the completely unaltered message? If so, how do others assure that they get correct SPF results? Set the From: as envelope_sender_header? BTW: this is MS 4.32.5, in case this problem has already been resolved in a later version. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mark at TIPPINGMAR.COM Tue Mar 8 22:31:24 2005 From: mark at TIPPINGMAR.COM (Mark Nienberg) Date: Thu Jan 12 21:28:54 2006 Subject: When does MS insert envelope headers? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Kai Schaetzl wrote: >I'm trying to troubleshoot a problem with spamassassin just flagging every >message as SPF_FAIL. Investigating I noticed that I had told spamassassin >to use the X-Envelope-To header for that purpose. However I had forgotten >to tell sendmail or Mailscanner to add it. When I run the message manually >thru spamassassin (with an added X-Envelope-To header) it produces a >correct result. So I configured MS to add the header (and it does), but >the problem persists. >Is it possible that MS adds the header only after the SA scan and SA gets >the completely unaltered message? >If so, how do others assure that they get correct SPF results? Set the >From: as envelope_sender_header? >BTW: this is MS 4.32.5, in case this problem has already been resolved in >a later version. > >Kai > > > This was fixed in 4.37.7. Time to upgrade. -- Mark Nienberg, SE Tipping Mar + associates 1906 Shattuck Ave Berkeley, CA 94704 http://www.tippingmar.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cconn at ABACOM.COM Tue Mar 8 23:34:29 2005 From: cconn at ABACOM.COM (Chris Conn) Date: Thu Jan 12 21:28:54 2006 Subject: bayes expire tokens Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > Looks like I need to take another look at this again. > One process doing a Bayes rebuild should lock out all the other > processes from trying to use SA, or it should make them wait. > What is the value of your "Wait For Bayes Rebuild" setting? > Wait During Bayes Rebuild = yes > It may be a little while until I manage to fix this, but it is top of > the list of problems to be resolved. It was suggested to disable bayes housekeeping from within MailScanner and do it via sa-learn cronjob. It is in my memory mentioned this has a slim chance of corrupting the database. How slim is slim? Chris ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Wed Mar 9 00:08:47 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:54 2006 Subject: bayes expire tokens Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Chris Conn wrote: > It was suggested to disable bayes housekeeping from within MailScanner > and do it via sa-learn cronjob. It is in my memory mentioned this has a > slim chance of corrupting the database. How slim is slim? I have run a cron job since before Julian implemented it in MS and I never switched since it has worked flawlessly on several servers for more than a year. With flawless I mean not a single expire file so I would say that the chance is very slim. I of course set the job to night time when the load is less to make it as slim as possible. Another thing is that in my experience bayes shouldn't be overrated, I think it scores pretty well even just after the necessary 200 spam plus 200 ham and I don't train it manually so having to start over wouldn't be all that horrible. The SURBL lists are much more important in my opinion. -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rzewnickie at RFA.ORG Wed Mar 9 00:08:05 2005 From: rzewnickie at RFA.ORG (Eric Dantan Rzewnicki) Date: Thu Jan 12 21:28:54 2006 Subject: mcafee extra.dat Message-ID: On Sun, Mar 06, 2005 at 06:45:53PM +0000, Tony Finch wrote: > "Steen, Glenn" wrote: > >The -e option to mcafee-autoupdate seem to be ... non-functional, > > Yes. I'm surprised it's still there. I never worked out how to > automatically find out if there is an extra.dat and if so what its > filename is. > > I would not recommend using McAfee by itself if you want > really prompt automatic signature updates. We also have Sophos and I'm planning to add clamav this week. -- Eric Dantan Rzewnicki | Systems Administrator Technical Operations Division | Radio Free Asia 2025 M Street, NW | Washington, DC 20036 | 202-530-4900 CONFIDENTIAL COMMUNICATION This e-mail message is intended only for the use of the addressee and may contain information that is privileged and confidential. Any unauthorized dissemination, distribution, or copying is strictly prohibited. If you receive this transmission in error, please contact network@rfa.org. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Wed Mar 9 00:17:41 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:54 2006 Subject: MailScanner setting score ALL_TRUSTED 0???!!!! Message-ID: At 12:45 PM 1/14/2005, Julian Field wrote: >- Added zero score for ALL_TRUSTED rule in SpamAssassin as it is known to > cause problems. Ok, I know I'm responding very late to a version update, but I just now got around to look at performing an upgrade. In doing so I read the changelogs and my jaw hit the floor. All I have to ask is: Are you completely out of your mind Julian? Setting ALL_TRUSTED to zero doesn't fix the problem, it covers up one of the early warning signs that your system is misconfigured! This is like taking painkillers for a case of gangrene, the pain is your warning sign to get help before the infection kills you. The fundamental cause of ALL_TRUSTED misfiring is SA's trust path code being confused by one of two things: 1) non RFC compliant Received: headers by the local MTA. All MTAs supported by MailScanner default to using RFC compliant formats, but some people modify them to be invalid. 2) A network with a NATed gateway MX. Case 1) needs to be fixed by un-breaking your MTA configuration. Case 2) needs to be fixed by setting a correct trusted_netwoks value in your local.cf. Setting the score to zero prevents the "ALL_TRUSTED" problem from showing up, but you're actually inhibiting the warning signs of a much more severe problem that needs critical attention! If SA's trust path is incorrectly configured you can have MANY other problems, ALL_TRUSTED mis-firing is just the first sign. The broken trust path will cause FPs in the bonded sender tests in messages with forged headers, FNs AND FPs in whitelist_from_rcvd, FPs in any dialup RBL. Just to name a few of the problems that crop up from this. The implications of a broken trust path are very severe. This is not a problem that should be covered up one symptom at a time. It needs to be fixed at the cause, or it's only going to get worse as SA makes more and more use of the trust path code. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Wed Mar 9 00:29:21 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:28:54 2006 Subject: When does MS insert envelope headers? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Mark Nienberg wrote on Tue, 8 Mar 2005 14:31:24 -0800: > This was fixed in 4.37.7. Time to upgrade. > Thanks for the quick reply. MailScanner gets so many upgrades that I try to avoid upgrading too often. I have some questions: 1. don't want to install any perl rpms anymore since I found out that the last Suse perl upgrade hosed several of my modules. I now install only from CPAN. I checked the module versions and upgraded the few that were older than in the MailScanner rpm provided. Can I avoid using install.sh and just install mailscanner-4.39.6-1.noarch.rpm ? 2. I saw an upgrade file mentioned in some mails, but there isn't one. Is this only available after installation of the rpm? Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Wed Mar 9 00:29:22 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:28:54 2006 Subject: link blacklist Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dörfler Andreas wrote on Tue, 8 Mar 2005 09:36:52 +0100: > SURBL is serverbased, think the multible reportings wont be fast enough > to block the flood of incoming spam (100+ in 30 minutes) > > or im wrong ? > Maybe. But you can just add your own rule for this URL to SA, this isn't a job for MS. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Wed Mar 9 00:44:30 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:28:54 2006 Subject: bayes expire tokens Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Chris, simply run a "sa-learn --force-expire" and see what you get as an output. If it has a problem rebuilding it may hang for quite a while, just let it run, it will eventually finish. When it says it could not rebuild then you have a (known) problem. You can then either throw the db away or dig (long) in the spamassassin mailing list archives for help. From your explanation it looks like your db is quite old and you probably added much more spam in its early time than later on. Then it's likely that SA cannot create a good delta for expiring (because it would expire much more tokens than it is supposed to do) and goes in a trial loop to find one. However, in most cases it won't find a good one. Those expire files are from such attempts. They took so long that the MS timeout was reached and the process called off. This is not a MailScanner problem, it's due to the expiry algorithm used in SA. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at ICNET.NET Wed Mar 9 00:35:00 2005 From: mailscanner at ICNET.NET (Brady Tucker) Date: Thu Jan 12 21:28:54 2006 Subject: bayes expire tokens Message-ID: Chris, I'm going to be very verbose in all of this.. Because this problem haunted me and at least one other guy here for a very long time...and we finally worked on it off list together.... I think everybody else here thought we were crazy ;) I ran for a year+ without this problem... Then starting having this problem sporadically.. Then it became an continually occurring annoyance with 100's of them/day..... I continued to have these problems with various SA/MS versions on 4 servers even after following the advice of many people in multiple threads last year.... Even going so far as to try mounting my /root/.spamassassin dir in tmpfs with some hourly backup scripts and a script that repopulates it from backup on boot) which helped but didn't fix the problem. I have 2 gigs of ram in my main MailScanner machine and played with anything from 3 to 10 children and 5 to 200 messages per scan. I've disabled the rebuild in SA, done the same as you have in MailScanner.conf with the wait/build/reload parameters etc... To no avail at the time I was having problems. Here's what finally fixed it for me... I run the bayes expire script from a cron job at least 3 times a day. If I Run it twice and I get a few lock files... Run it once/day and I get a crapload.... Run it three times/day and its smooth. I therefore do it every 8 hours. I'm assuming that the bayes DB gets so big that doing the expire job only once/day it takes to long to finish and it gives up and tries again repeatedly ? (even when running in tmpfs)???? I don't know why.. But it works.. And worked on all 4 servers... The expiry only takes about 1-3 minutes when run 3 times a day... Was taking upwards of 7 to 10 when once/day... Can't believe it was the problem... But.. There you have it. Somebody smarter than me can either tell me I'm crazy... Or explain why. I've setup boxes for clients that are *low* (less than say 5,000 message/day) usage, or *real* servers (dual/quad proc's etc doing other jobs as well) and don't have these symptoms and never have. I don't bother with the tmfps bayes or tmpfs on mailscanner/incoming or any of the other optimizations suggested in the MAQ for those machines and they run fine. Good luck... Let me know how you come out, Brady A. Tucker batucker@icnet.net Internet Complete! w w w . i c n e t . n e t My basic HW/SW Configs: My 4 systems are averaging 80-100,000 msg/day each all but one act as a gateway for a 5th machine, the 4th acts as a gateway but delivers some locally FC3 on all but one which still has RH9 on it Each machine is SCSI Raid V, various HW/Drive speed, 1 machine is SATA Procs from AMD Barton 2500's to AMD64 3500+ 1 or 2 gigs in each machine Running SA/MS/DCC/Pyzor/Razor/ClamAV/McAfee (latest or close to latest on each) few rbls in SA disabled.. But mostly vanilla install Running MailWatch 0.5.1 w/sql logging ( MySQL on each machine for MailWatch with some CF scripts I've written for searching/managing them by techs here ) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Wed Mar 9 00:59:43 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:54 2006 Subject: bayes expire tokens Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Brady Tucker wrote: > Here's what finally fixed it for me... I run the bayes expire script from a > cron job at least 3 times a day. If I Run it twice and I get a few lock > files... Run it once/day and I get a crapload.... Run it three times/day and > its smooth. I therefore do it every 8 hours. I'm assuming that the bayes > DB gets so big that doing the expire job only once/day it takes to long to > finish and it gives up and tries again repeatedly ? (even when running in > tmpfs)???? I don't know why.. But it works.. And worked on all 4 servers... > The expiry only takes about 1-3 minutes when run 3 times a day... Was taking > upwards of 7 to 10 when once/day... Can't believe it was the problem... > But.. There you have it. Somebody smarter than me can either tell me I'm > crazy... Or explain why. You may be on to something there. I output the expire run to a file and check it from time to time and it never takes more than a minute to finish, big difference from your 7-8. I remember setting one of my servers to twice a day since it took more than a minute on that one. Another thing, when you run the same Bayes DB for a long time the bayes_seen gets insanely large, the expire doesn't touch it or..? -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Wed Mar 9 01:09:23 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:28:54 2006 Subject: DNS wildcards used in new phishing attacks Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Forgive me if this is a silly question - phishing net is using the latest mailscanner? Is this a name given to a feature of MS? Pete Julian Field wrote: > As highlighted here on Slashdot: > > http://slashdot.org/articles/05/03/08/0052235.shtml > > which links to the full Netcraft article at > > http://news.netcraft.com/archives/2005/03/07/phishers_use_wildcard_dns_to_build_convincing_bait_urls.html > > > I have just tested the examples given by Netcraft, and the current > phishing net already traps these phishing attacks and needs no changes > or improvements in this case. > > If you are running an old version of the phishing net, I strongly advise > you to upgrade. You should at least test the 3 URLs given by Netcraft > and ensure that you can catch them. Use an HTML segment like this: > > Barclays bank wildcard DNS attack here: > href="http://barclays.co.uk|snc9d8ynusktl2wpqxzn1anes89gi8z.dvdlinKs.at/pgcgc3p/">barclays.co.uk > > href="http://barclays.co.uk|YJ3EMOHOqljQ8J5oW2ZKyTaRMQOahSWaxTrFTEQK9l9VVQj6jDtyq10d24r2h0bijh2">barclays.co.uk > > href="http://barclays.co.uk|34fdcb4rvdnp9phxbahhvbs6l56a2uyx%2edivxmovies%2ea%74/41pvaw3/">barclays.co.uk > > > Beware that the above paragraph should have 4 lines in it, in case my > mail client messes with it. > > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Electronics & Computer Science > Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Wed Mar 9 01:25:33 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:28:54 2006 Subject: When does MS insert envelope headers? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Kai Schaetzl wrote on Wed, 9 Mar 2005 01:29:21 +0100: > 2. I saw an upgrade file mentioned in some mails, but there isn't one. Is > this only available after installation of the rpm? > Found that file. Installed just the MS rpm and then did the upgrade, everything's fine and SPF is cured, indeed. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mark at TIPPINGMAR.COM Wed Mar 9 01:43:17 2005 From: mark at TIPPINGMAR.COM (Mark Nienberg) Date: Thu Jan 12 21:28:54 2006 Subject: MailScanner setting score ALL_TRUSTED 0???!!!! Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Matt Kettler wrote: > The fundamental cause of ALL_TRUSTED misfiring is SA's trust path code > being confused by one of two things: > > 1) non RFC compliant Received: headers by the local MTA. All MTAs > supported by MailScanner default to using RFC compliant formats, but some > people modify them to be invalid. > > 2) A network with a NATed gateway MX. > > Case 1) needs to be fixed by un-breaking your MTA configuration. Case 2) > needs to be fixed by setting a correct trusted_netwoks value in your > local.cf. My server falls into case 2) and I can confirm that setting the correct trusted_networks variable makes the ALL_TRUSTED test work fine for me. The only time it triggers is when a remote user authenticates (sendmail AUTH/STARTTLS) to send mail through the server. -- Mark Nienberg, SE Tipping Mar + associates 1906 Shattuck Ave Berkeley, CA 94704 http://www.tippingmar.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at ICNET.NET Wed Mar 9 01:57:32 2005 From: mailscanner at ICNET.NET (Brady Tucker) Date: Thu Jan 12 21:28:54 2006 Subject: bayes expire tokens Message-ID: Peter... You are correct.. Before I got this under control my bayes_seen was indeed growing at an insane pace... Upwards of 100 to 300 megs after a week of fighting it and just running a job to delete the lock files and ignore the problem for far too long :) Now all the boxes have stabilized around 20 megs for toks and 22 megs for seen... Seems to be the average on all of them anyway... Other boxes I manage for clients seem to run around 3 and 5 megs for each db respectively on lower volume machines. I haven't started fresh with my db's in a long long time... Don't seem to have, or haven't noticed a bayes poisoning issues, so I've had no reason to. Perhaps because of the # of msgs I get a day they are nullified ? But Back when this was a problem I routinely replaced the db with the starter db provided by somebody here (thanks). We also have a common imap box that is replicated amongst the servers and learned with Julians's script hourly on each box... And all the techs and a few people I trust are very good about training.. So perhaps that helps that issue as well. Brady A. Tucker batucker@icnet.net Internet Complete! w w w . i c n e t . n e t -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Peter Bonivart Sent: Tuesday, March 08, 2005 7:00 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: bayes expire tokens Brady Tucker wrote: > Here's what finally fixed it for me... I run the bayes expire script from a > cron job at least 3 times a day. If I Run it twice and I get a few lock > files... Run it once/day and I get a crapload.... Run it three times/day and > its smooth. I therefore do it every 8 hours. I'm assuming that the bayes > DB gets so big that doing the expire job only once/day it takes to long to > finish and it gives up and tries again repeatedly ? (even when running in > tmpfs)???? I don't know why.. But it works.. And worked on all 4 servers... > The expiry only takes about 1-3 minutes when run 3 times a day... Was taking > upwards of 7 to 10 when once/day... Can't believe it was the problem... > But.. There you have it. Somebody smarter than me can either tell me I'm > crazy... Or explain why. You may be on to something there. I output the expire run to a file and check it from time to time and it never takes more than a minute to finish, big difference from your 7-8. I remember setting one of my servers to twice a day since it took more than a minute on that one. Another thing, when you run the same Bayes DB for a long time the bayes_seen gets insanely large, the expire doesn't touch it or..? -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Wed Mar 9 03:10:51 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:28:54 2006 Subject: bug? using unrar Message-ID: [ The following text is in the "ISO-8859-2" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I am not sure how that could have gotten to unrar, oh.. I looked again it's looking at an exe file. I am also a loss as to how come the safe name is a duplicate though. In any event open Message.pm and look for unrar e -p- -idp (lines 1635 and 1641) and change to unrar e -Y -p- -idp and that will stop the looping trying to unpack a duplicate. Is this a self extracting exe? Kind of looks like it must be. Any chance I get get a copy of the archive in question? Or get it to Julian. Julian if you want to mail me off list about this I have a couple of ideas on this, nothing too difficult I think Sorry it took so long to see this but I have been off line most of the day/evening Rick > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Marcin Ro¿ek > Sent: Tuesday, March 08, 2005 10:55 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: bug? using unrar > > > Hello, > i've installed MS version 4.40.2. Today we've received 2 > zip-files that are 100% > not virused (i've checked them after pulling them from > quarantine). They were > quarantined because of containing .exe files). I've released them from > quarantine using MailWatch but they didn't reach recipient. I've > checked logs > and i saw that one of instances of MS couldn't finish scanning > released message. > > Mar 8 16:14:50 gandalf sendmail[14797]: j28FEnXB014797: > from=, size=897208, class=0, nrcpts=1, > msgid=<422DC260.6060703@ios.edu.pl>, proto=ESMTP, daemon=MTA, > relay=[193.0.91.121] > Mar 8 16:14:52 gandalf MailScanner[7102]: New Batch: Scanning 1 messages, > 897726 bytes > Mar 8 16:14:55 gandalf MailScanner[7102]: Unrar : Archive > Testing Completed On > : BIURA.CDX > Mar 8 16:14:55 gandalf MailScanner[7102]: BIURA.DBF > Mar 8 16:14:55 gandalf MailScanner[7102]: DEC32.CDX > Mar 8 16:14:55 gandalf MailScanner[7102]: DEC32.DBF > Mar 8 16:14:55 gandalf MailScanner[7102]: DECYZJE.CDX > Mar 8 16:14:55 gandalf MailScanner[7102]: DECYZJE.DBF > Mar 8 16:14:55 gandalf MailScanner[7102]: DR32.CDX > Mar 8 16:14:55 gandalf MailScanner[7102]: DR32.DBF > Mar 8 16:14:55 gandalf MailScanner[7102]: DR_PO32.CDX > Mar 8 16:14:55 gandalf MailScanner[7102]: DR_PO32.DBF > Mar 8 16:14:55 gandalf MailScanner[7102]: DR_PU32.CDX > Mar 8 16:14:55 gandalf MailScanner[7102]: DR_PU32.DBF > Mar 8 16:14:55 gandalf MailScanner[7102]: DR_RAP32.DBF > Mar 8 16:14:55 gandalf MailScanner[7102]: DZU.DBF > Mar 8 16:14:55 gandalf MailScanner[7102]: EKD.DBF > Mar 8 16:14:55 gandalf MailScanner[7102]: GDZIE32.CDX > Mar 8 16:14:55 gandalf MailScanner[7102]: GDZIE32.DBF > Mar 8 16:14:55 gandalf MailScanner[7102]: GMINA32.CDX > Mar 8 16:14:55 gandalf MailScanner[7102]: GMINA32.DBF > Mar 8 16:14:55 gandalf MailScanner[7102]: GRAF.CDX > Mar 8 16:14:55 gandalf MailScanner[7102]: GRAF.DBF > Mar 8 16:14:55 gandalf MailScanner[7102]: KAT_MA.CDX > Mar 8 16:14:55 gandalf MailScanner[7102]: KAT_MA.DBF > Mar 8 16:14:55 gandalf MailScanner[7102]: KO32.DBF > Mar 8 16:14:55 gandalf MailScanner[7102]: KO_PO32.DBF > Mar 8 16:14:55 gandalf MailScanner[7102]: KO_PO50.DBF > Mar 8 16:14:55 gandalf MailScanner[7102]: KO_PU32.DBF > Mar 8 16:14:55 gandalf MailScanner[7102]: KO_RAP32.DBF > Mar 8 16:14:55 gandalf MailScanner[7102]: METODYKA.DBF > Mar 8 16:14:55 gandalf MailScanner[7102]: NORMY.DBF > Mar 8 16:14:55 gandalf MailScanner[7102]: OBSZAR32.CDX > Mar 8 16:14:55 gandalf MailScanner[7102]: OBSZAR32.DBF > Mar 8 16:14:55 gandalf MailScanner[7102]: OPH-02.DBF > Mar 8 16:14:55 gandalf MailScanner[7102]: OPH-HLP.DBF > Mar 8 16:14:55 gandalf MailScanner[7102]: OPHUSER.DBF > Mar 8 16:14:55 gandalf MailScanner[7102]: POM32.CDX > Mar 8 16:14:55 gandalf MailScanner[7102]: POM32.DBF > Mar 8 16:14:55 gandalf MailScanner[7102]: PRZESZ32.DBF > Mar 8 16:14:55 gandalf MailScanner[7102]: REJON32.CDX > Mar 8 16:14:55 gandalf MailScanner[7102]: REJON32.DBF > Mar 8 16:14:55 gandalf MailScanner[7102]: S_BRAN32.CDX > Mar 8 16:14:55 gandalf MailScanner[7102]: S_BRAN32.DBF > Mar 8 16:14:55 gandalf MailScanner[7102]: S_DZIA32.CDX > Mar 8 16:14:55 gandalf MailScanner[7102]: S_DZIA32.DBF > Mar 8 16:14:55 gandalf MailScanner[7102]: S_MASZ32.DBF > Mar 8 16:14:55 gandalf MailScanner[7102]: SEKCJE32.DBF > Mar 8 16:14:55 gandalf MailScanner[7102]: ST_KAR.CDX > Mar 8 16:14:55 gandalf MailScanner[7102]: ST_KAR.DBF > Mar 8 16:14:55 gandalf MailScanner[7102]: TE32.DBF > Mar 8 16:14:55 gandalf MailScanner[7102]: TERENY.CDX > Mar 8 16:14:55 gandalf MailScanner[7102]: TERENY.DBF > Mar 8 16:14:55 gandalf MailScanner[7102]: TR32.DBF > Mar 8 16:14:55 gandalf MailScanner[7102]: TR_PO32.DBF > Mar 8 16:14:55 gandalf MailScanner[7102]: TR_PU32.DBF > Mar 8 16:14:55 gandalf MailScanner[7102]: TRASY.DBF > Mar 8 16:14:55 gandalf MailScanner[7102]: WARI32.DBF > Mar 8 16:14:55 gandalf MailScanner[7102]: WARI9.CDX > Mar 8 16:14:55 gandalf MailScanner[7102]: WARI9.DBF > Mar 8 16:14:55 gandalf MailScanner[7102]: WARUN32.CDX > Mar 8 16:14:55 gandalf MailScanner[7102]: WARUN32.DBF > Mar 8 16:14:55 gandalf MailScanner[7102]: ZA32.CDX > Mar 8 16:14:55 gandalf MailScanner[7102]: ZA32.DBF > Mar 8 16:14:55 gandalf MailScanner[7102]: ZA_PO32.CDX > Mar 8 16:14:55 gandalf MailScanner[7102]: ZA_PO32.DBF > Mar 8 16:14:55 gandalf MailScanner[7102]: ZA_PU32.CDX > Mar 8 16:14:55 gandalf MailScanner[7102]: ZA_PU32.DBF > Mar 8 16:14:55 gandalf MailScanner[7102]: ZA_RAP32.CDX > Mar 8 16:14:55 gandalf MailScanner[7102]: ZA_RAP32.DBF > Mar 8 16:14:55 gandalf MailScanner[7102]: ZNAKI.DBF > Mar 8 16:15:45 gandalf MailScanner[7102]: Safepipe in Message.pm : > /usr/local/bin/unrar e -p- -idp > '/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DBF.EXE' > 'BIURA.DBF' 2>&1 > timed out! > Mar 8 16:15:45 gandalf MailScanner[7102]: Unrar : Encrypted Or > Extract Error > Creating 0 length > /var/spool/MailScanner/incoming/7102/j28FEnXB014797/BIURA4.DBF > Mar 8 16:15:45 gandalf MailScanner[7102]: Unrar : Encrypted Or > Extract Error > Creating 0 length > /var/spool/MailScanner/incoming/7102/j28FEnXB014797/DEC32.CDX > Mar 8 16:16:36 gandalf MailScanner[7102]: Safepipe in Message.pm : > /usr/local/bin/unrar e -p- -idp > '/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DBF.EXE' > 'DEC32.DBF' 2>&1 > timed out! > Mar 8 16:16:36 gandalf MailScanner[7102]: Unrar : Encrypted Or > Extract Error > Creating 0 length > /var/spool/MailScanner/incoming/7102/j28FEnXB014797/DEC321.DBF > Mar 8 16:16:36 gandalf MailScanner[7102]: Unrar : Encrypted Or > Extract Error > Creating 0 length > /var/spool/MailScanner/incoming/7102/j28FEnXB014797/DECYZJE.CDX > Mar 8 16:17:28 gandalf MailScanner[7102]: Safepipe in Message.pm : > /usr/local/bin/unrar e -p- -idp > '/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DBF.EXE' > 'DECYZJE.DBF' 2>&1 > timed out! > Mar 8 16:17:28 gandalf MailScanner[7102]: Unrar : Encrypted Or > Extract Error > Creating 0 length > /var/spool/MailScanner/incoming/7102/j28FEnXB014797/DECYZJE4.DBF > Mar 8 16:17:28 gandalf MailScanner[7102]: Unrar : Encrypted Or > Extract Error > Creating 0 length > /var/spool/MailScanner/incoming/7102/j28FEnXB014797/DR32.CDX > Mar 8 16:18:19 gandalf MailScanner[7102]: Safepipe in Message.pm : > /usr/local/bin/unrar e -p- -idp > '/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DBF.EXE' > 'DR32.DBF' 2>&1 > timed out! > Mar 8 16:18:19 gandalf MailScanner[7102]: Unrar : Encrypted Or > Extract Error > Creating 0 length > /var/spool/MailScanner/incoming/7102/j28FEnXB014797/DR321.DBF > Mar 8 16:18:19 gandalf MailScanner[7102]: Unrar : Encrypted Or > Extract Error > Creating 0 length > /var/spool/MailScanner/incoming/7102/j28FEnXB014797/DR_PO32.CDX > Mar 8 16:19:10 gandalf MailScanner[7102]: Safepipe in Message.pm : > /usr/local/bin/unrar e -p- -idp > '/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DBF.EXE' > 'DR_PO32.DBF' 2>&1 > timed out! > Mar 8 16:19:10 gandalf MailScanner[7102]: Unrar : Encrypted Or > Extract Error > Creating 0 length > /var/spool/MailScanner/incoming/7102/j28FEnXB014797/DR_PO321.DBF > Mar 8 16:19:10 gandalf MailScanner[7102]: Unrar : Encrypted Or > Extract Error > Creating 0 length > /var/spool/MailScanner/incoming/7102/j28FEnXB014797/DR_PU32.CDX > Mar 8 16:20:01 gandalf MailScanner[7102]: Safepipe in Message.pm : > /usr/local/bin/unrar e -p- -idp > '/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DBF.EXE' > 'DR_PU32.DBF' 2>&1 > timed out! > Mar 8 16:20:01 gandalf MailScanner[7102]: Unrar : Encrypted Or > Extract Error > Creating 0 length > /var/spool/MailScanner/incoming/7102/j28FEnXB014797/DR_PU321.DBF > Mar 8 16:20:53 gandalf MailScanner[7102]: Safepipe in Message.pm : > /usr/local/bin/unrar e -p- -idp > '/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DBF.EXE' > 'DR_RAP32.DBF' > 2>&1 timed out! > Mar 8 16:20:53 gandalf MailScanner[7102]: Unrar : Encrypted Or > Extract Error > Creating 0 length > /var/spool/MailScanner/incoming/7102/j28FEnXB014797/DR_RAP321.DBF > Mar 8 16:21:44 gandalf MailScanner[7102]: Safepipe in Message.pm : > /usr/local/bin/unrar e -p- -idp > '/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DBF.EXE' > 'DZU.DBF' 2>&1 > timed out! > Mar 8 16:21:44 gandalf MailScanner[7102]: Unrar : Encrypted Or > Extract Error > Creating 0 length > /var/spool/MailScanner/incoming/7102/j28FEnXB014797/DZU4.DBF > Mar 8 16:22:35 gandalf MailScanner[7102]: Safepipe in Message.pm : > /usr/local/bin/unrar e -p- -idp > '/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DBF.EXE' > 'EKD.DBF' 2>&1 > timed out! > Mar 8 16:22:35 gandalf MailScanner[7102]: Unrar : Encrypted Or > Extract Error > Creating 0 length > /var/spool/MailScanner/incoming/7102/j28FEnXB014797/EKD4.DBF > Mar 8 16:22:35 gandalf MailScanner[7102]: Unrar : Encrypted Or > Extract Error > Creating 0 length > /var/spool/MailScanner/incoming/7102/j28FEnXB014797/GDZIE32.CDX > Mar 8 16:23:26 gandalf MailScanner[7102]: Safepipe in Message.pm : > /usr/local/bin/unrar e -p- -idp > '/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DBF.EXE' > 'GDZIE32.DBF' 2>&1 > timed out! > Mar 8 16:23:26 gandalf MailScanner[7102]: Unrar : Encrypted Or > Extract Error > Creating 0 length > /var/spool/MailScanner/incoming/7102/j28FEnXB014797/GDZIE321.DBF > Mar 8 16:23:26 gandalf MailScanner[7102]: Unrar : Encrypted Or > Extract Error > Creating 0 length > /var/spool/MailScanner/incoming/7102/j28FEnXB014797/GMINA32.CDX > Mar 8 16:24:17 gandalf MailScanner[7102]: Safepipe in Message.pm : > /usr/local/bin/unrar e -p- -idp > '/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DBF.EXE' > 'GMINA32.DBF' 2>&1 > timed out! > Mar 8 16:24:17 gandalf MailScanner[7102]: Unrar : Encrypted Or > Extract Error > Creating 0 length > /var/spool/MailScanner/incoming/7102/j28FEnXB014797/GMINA321.DBF > Mar 8 16:24:18 gandalf MailScanner[7102]: Unrar : Encrypted Or > Extract Error > Creating 0 length > /var/spool/MailScanner/incoming/7102/j28FEnXB014797/GRAF.CDX > Mar 8 16:25:09 gandalf MailScanner[7102]: Safepipe in Message.pm : > /usr/local/bin/unrar e -p- -idp > '/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DBF.EXE' > 'GRAF.DBF' 2>&1 > timed out! > Mar 8 16:25:09 gandalf MailScanner[7102]: Unrar : Encrypted Or > Extract Error > Creating 0 length > /var/spool/MailScanner/incoming/7102/j28FEnXB014797/GRAF4.DBF > Mar 8 16:25:09 gandalf MailScanner[7102]: Unrar : Encrypted Or > Extract Error > Creating 0 length > /var/spool/MailScanner/incoming/7102/j28FEnXB014797/KAT_MA.CDX > Mar 8 16:26:00 gandalf MailScanner[7102]: Safepipe in Message.pm : > /usr/local/bin/unrar e -p- -idp > '/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DBF.EXE' > 'KAT_MA.DBF' 2>&1 > timed out! > Mar 8 16:26:00 gandalf MailScanner[7102]: Unrar : Encrypted Or > Extract Error > Creating 0 length > /var/spool/MailScanner/incoming/7102/j28FEnXB014797/KAT_MA3.DBF > Mar 8 16:26:51 gandalf MailScanner[7102]: Safepipe in Message.pm : > /usr/local/bin/unrar e -p- -idp > '/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DBF.EXE' > 'KO32.DBF' 2>&1 > timed out! > Mar 8 16:26:51 gandalf MailScanner[7102]: Unrar : Encrypted Or > Extract Error > Creating 0 length > /var/spool/MailScanner/incoming/7102/j28FEnXB014797/KO321.DBF > Mar 8 16:27:42 gandalf MailScanner[7102]: Safepipe in Message.pm : > /usr/local/bin/unrar e -p- -idp > '/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DBF.EXE' > 'KO_PO32.DBF' 2>&1 > timed out! > Mar 8 16:27:42 gandalf MailScanner[7102]: Unrar : Encrypted Or > Extract Error > Creating 0 length > /var/spool/MailScanner/incoming/7102/j28FEnXB014797/KO_PO321.DBF > Mar 8 16:28:34 gandalf MailScanner[7102]: Safepipe in Message.pm : > /usr/local/bin/unrar e -p- -idp > '/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DBF.EXE' > 'KO_PO50.DBF' 2>&1 > timed out! > Mar 8 16:28:34 gandalf MailScanner[7102]: Unrar : Encrypted Or > Extract Error > Creating 0 length > /var/spool/MailScanner/incoming/7102/j28FEnXB014797/KO_PO502.DBF > > > When i run 'strace -p 7102' i see: > > Process 7102 attached - interrupt to quit > read(10, "[R]ename, [Q]uit \n\nPOM32.DBF alr"..., 4096) = 696 > read(10, "[A]ll, n[E]ver, [R]ename, [Q]uit"..., 4096) = 261 > read(10, "[N]o, [A]ll, n[E]ver, [R]ename, "..., 4096) = 176 > read(10, ", [N]o, [A]ll, n[E]ver, [R]ename"..., 4096) = 130 > read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 161 > read(10, "[R]ename, [Q]uit \n\nPOM32.DBF alr"..., 4096) = 162 > read(10, "[A]ll, n[E]ver, [R]ename, [Q]uit"..., 4096) = 164 > read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 136 > read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 153 > read(10, "[E]ver, [R]ename, [Q]uit \n\nPOM32"..., 4096) = 164 > read(10, "[N]o, [A]ll, n[E]ver, [R]ename, "..., 4096) = 170 > read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 129 > read(10, "[Q]uit \n\nPOM32.DBF already exist"..., 4096) = 157 > read(10, ", n[E]ver, [R]ename, [Q]uit \n\nPO"..., 4096) = 160 > read(10, "[Y]es, [N]o, [A]ll, n[E]ver, [R]"..., 4096) = 135 > read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 161 > read(10, "[R]ename, [Q]uit \n\nPOM32.DBF alr"..., 4096) = 162 > read(10, "[A]ll, n[E]ver, [R]ename, [Q]uit"..., 4096) = 164 > read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 135 > read(10, " \n\nPOM32.DBF already exists. Ove"..., 4096) = 153 > read(10, "n[E]ver, [R]ename, [Q]uit \n\nPOM3"..., 4096) = 163 > read(10, ", [N]o, [A]ll, n[E]ver, [R]ename"..., 4096) = 130 > read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 161 > read(10, "[R]ename, [Q]uit \n\nPOM32.DBF alr"..., 4096) = 162 > read(10, "[A]ll, n[E]ver, [R]ename, [Q]uit"..., 4096) = 164 > read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 136 > read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 153 > read(10, "[E]ver, [R]ename, [Q]uit \n\nPOM32"..., 4096) = 164 > read(10, "[N]o, [A]ll, n[E]ver, [R]ename, "..., 4096) = 170 > read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 136 > read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 153 > read(10, "[E]ver, [R]ename, [Q]uit \n\nPOM32"..., 4096) = 164 > read(10, "[N]o, [A]ll, n[E]ver, [R]ename, "..., 4096) = 170 > read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 135 > read(10, " \n\nPOM32.DBF already exists. Ove"..., 4096) = 153 > read(10, "n[E]ver, [R]ename, [Q]uit \n\nPOM3"..., 4096) = 158 > read(10, "[Y]es, [N]o, [A]ll, n[E]ver, [R]"..., 4096) = 135 > read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 159 > read(10, ", [R]ename, [Q]uit \n\nPOM32.DBF a"..., 4096) = 162 > read(10, ", [A]ll, n[E]ver, [R]ename, [Q]u"..., 4096) = 166 > read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 136 > read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 153 > read(10, "[E]ver, [R]ename, [Q]uit \n\nPOM32"..., 4096) = 164 > read(10, "[N]o, [A]ll, n[E]ver, [R]ename, "..., 4096) = 170 > read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 135 > read(10, " \n\nPOM32.DBF already exists. Ove"..., 4096) = 153 > read(10, "n[E]ver, [R]ename, [Q]uit \n\nPOM3"..., 4096) = 163 > read(10, ", [N]o, [A]ll, n[E]ver, [R]ename"..., 4096) = 130 > read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 161 > read(10, "[R]ename, [Q]uit \n\nPOM32.DBF alr"..., 4096) = 162 > read(10, "[A]ll, n[E]ver, [R]ename, [Q]uit"..., 4096) = 164 > read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 136 > read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 153 > read(10, "[E]ver, [R]ename, [Q]uit \n\nPOM32"..., 4096) = 164 > read(10, "[N]o, [A]ll, n[E]ver, [R]ename, "..., 4096) = 170 > read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 136 > read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 153 > read(10, "[E]ver, [R]ename, [Q]uit \n\nPOM32"..., 4096) = 162 > read(10, ", [N]o, [A]ll, n[E]ver, [R]ename"..., 4096) = 130 > read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 159 > read(10, ", [R]ename, [Q]uit \n\nPOM32.DBF a"..., 4096) = 158 > read(10, "[N]o, [A]ll, n[E]ver, [R]ename, "..., 4096) = 128 > read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 161 > read(10, "[R]ename, [Q]uit \n\nPOM32.DBF alr"..., 4096) = 162 > read(10, "[A]ll, n[E]ver, [R]ename, [Q]uit"..., 4096) = 164 > read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 135 > read(10, " \n\nPOM32.DBF already exists. Ove"..., 4096) = 153 > read(10, "n[E]ver, [R]ename, [Q]uit \n\nPOM3"..., 4096) = 204 > read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 159 > read(10, ", [R]ename, [Q]uit \n\nPOM32.DBF a"..., 4096) = 158 > read(10, "[N]o, [A]ll, n[E]ver, [R]ename, "..., 4096) = 128 > read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 161 > read(10, "[R]ename, [Q]uit \n\nPOM32.DBF alr"..., 4096) = 162 > read(10, "[A]ll, n[E]ver, [R]ename, [Q]uit"..., 4096) = 164 > read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 119 > read(10, "[R]ename, [Q]uit \n\nPOM32.DBF alr"..., 4096) = 156 > read(10, "[N]o, [A]ll, n[E]ver, [R]ename, "..., 4096) = 128 > read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 169 > read(10, ", [Q]uit \n\nPOM32.DBF already exi"..., 4096) = 159 > read(10, ", n[E]ver, [R]ename, [Q]uit \n\nPO"..., 4096) = 160 > read(10, "[Y]es, [N]o, [A]ll, n[E]ver, [R]"..., 4096) = 135 > read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 161 > read(10, "[R]ename, [Q]uit \n\nPOM32.DBF alr"..., 4096) = 162 > read(10, "[A]ll, n[E]ver, [R]ename, [Q]uit"..., 4096) = 164 > read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 136 > read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 153 > read(10, "[E]ver, [R]ename, [Q]uit \n\nPOM32"..., 4096) = 164 > read(10, "[N]o, [A]ll, n[E]ver, [R]ename, "..., 4096) = 128 > read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 161 > read(10, "[R]ename, [Q]uit \n\nPOM32.DBF alr"..., 4096) = 162 > read(10, "[A]ll, n[E]ver, [R]ename, [Q]uit"..., 4096) = 164 > read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 136 > read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 153 > read(10, "[E]ver, [R]ename, [Q]uit \n\nPOM32"..., 4096) = 164 > read(10, "[N]o, [A]ll, n[E]ver, [R]ename, "..., 4096) = 170 > read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 129 > read(10, "[Q]uit \n\nPOM32.DBF already exist"..., 4096) = 152 > read(10, "[A]ll, n[E]ver, [R]ename, [Q]uit"..., 4096) = 164 > read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 136 > read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 153 > read(10, "[E]ver, [R]ename, [Q]uit \n\nPOM32"..., 4096) = 164 > read(10, "[N]o, [A]ll, n[E]ver, [R]ename, "..., 4096) = 128 > read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 161 > read(10, "[R]ename, [Q]uit \n\nPOM32.DBF alr"..., 4096) = 162 > read(10, "[A]ll, n[E]ver, [R]ename, [Q]uit"..., 4096) = 165 > read(10, "[Y]es, [N]o, [A]ll, n[E]ver, [R]"..., 4096) = 135 > read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 159 > read(10, ", [R]ename, [Q]uit \n\nPOM32.DBF a"..., 4096) = 162 > read(10, ", [A]ll, n[E]ver, [R]ename, [Q]u"..., 4096) = 167 > read(10, "[Y]es, [N]o, [A]ll, n[E]ver, [R]"..., 4096) = 135 > read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 159 > read(10, ", [R]ename, [Q]uit \n\nPOM32.DBF a"..., 4096) = 158 > read(10, "[N]o, [A]ll, n[E]ver, [R]ename, "..., 4096) = 128 > read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 161 > read(10, "[R]ename, [Q]uit \n\nPOM32.DBF alr"..., 4096) = 162 > read(10, "[A]ll, n[E]ver, [R]ename, [Q]uit"..., 4096) = 164 > read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 135 > read(10, " \n\nPOM32.DBF already exists. Ove"..., 4096) = 151 > read(10, ", n[E]ver, [R]ename, [Q]uit \n\nPO"..., 4096) = 160 > read(10, "[Y]es, [N]o, [A]ll, n[E]ver, [R]"..., 4096) = 135 > read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 159 > read(10, ", [R]ename, [Q]uit \n\nPOM32.DBF a"..., 4096) = 162 > read(10, ", [A]ll, n[E]ver, [R]ename, [Q]u"..., 4096) = 166 > read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 135 > read(10, " \n\nPOM32.DBF already exists. Ove"..., 4096) = 153 > read(10, "n[E]ver, [R]ename, [Q]uit \n\nPOM3"..., 4096) = 163 > read(10, ", [N]o, [A]ll, n[E]ver, [R]ename"..., 4096) = 130 > read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 161 > read(10, "[R]ename, [Q]uit \n\nPOM32.DBF alr"..., 4096) = 162 > read(10, "[A]ll, n[E]ver, [R]ename, [Q]uit"..., 4096) = 164 > read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 136 > read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 153 > read(10, "[E]ver, [R]ename, [Q]uit \n\nPOM32"..., 4096) = 164 > read(10, "[N]o, [A]ll, n[E]ver, [R]ename, "..., 4096) = 198 > read(10, ", [R]ename, [Q]uit \n\nPOM32.DBF a"..., 4096) = 169 > read(10, ", n[E]ver, [R]ename, [Q]uit \n\nPO"..., 4096) = 160 > read(10, "[Y]es, [N]o, [A]ll, n[E]ver, [R]"..., 4096) = 135 > read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 159 > read(10, ", [R]ename, [Q]uit \n\nPOM32.DBF a"..., 4096) = 162 > read(10, ", [A]ll, n[E]ver, [R]ename, [Q]u"..., 4096) = 166 > read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 135 > read(10, " \n\nPOM32.DBF already exists. Ove"..., 4096) = 153 > read(10, "n[E]ver, [R]ename, [Q]uit \n\nPOM3"..., 4096) = 158 > read(10, "[Y]es, [N]o, [A]ll, n[E]ver, [R]"..., 4096) = 135 > read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 161 > read(10, "[R]ename, [Q]uit \n\nPOM32.DBF alr"..., 4096) = 162 > read(10, "[A]ll, n[E]ver, [R]ename, [Q]uit"..., 4096) = 164 > read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 135 > read(10, " \n\nPOM32.DBF already exists. Ove"..., 4096) = 153 > read(10, "n[E]ver, [R]ename, [Q]uit \n\nPOM3"..., 4096) = 163 > read(10, ", [N]o, [A]ll, n[E]ver, [R]ename"..., 4096) = 130 > read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 161 > read(10, "[R]ename, [Q]uit \n\nPOM32.DBF alr"..., 4096) = 162 > read(10, "[A]ll, n[E]ver, [R]ename, [Q]uit"..., 4096) = 164 > read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 135 > read(10, " \n\nPOM32.DBF already exists. Ove"..., 4096) = 151 > read(10, ", n[E]ver, [R]ename, [Q]uit \n\nPO"..., 4096) = 160 > read(10, "[Y]es, [N]o, [A]ll, n[E]ver, [R]"..., 4096) = 135 > read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 161 > read(10, "[R]ename, [Q]uit \n\nPOM32.DBF alr"..., 4096) = 162 > read(10, "[A]ll, n[E]ver, [R]ename, [Q]uit"..., 4096) = 164 > read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 136 > read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 159 > read(10, ", [R]ename, [Q]uit \n\nPOM32.DBF a"..., 4096) = 162 > read(10, ", [A]ll, n[E]ver, [R]ename, [Q]u"..., 4096) = 166 > read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 136 > read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 145 > read(10, "[A]ll, n[E]ver, [R]ename, [Q]uit"..., 4096) = 164 > read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 135 > read(10, " \n\nPOM32.DBF already exists. Ove"..., 4096) = 153 > read(10, "n[E]ver, [R]ename, [Q]uit \n\nPOM3"..., 4096) = 163 > read(10, ", [N]o, [A]ll, n[E]ver, [R]ename"..., 4096) = 130 > read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 161 > read(10, "[R]ename, [Q]uit \n\nPOM32.DBF alr"..., 4096) = 160 > read(10, ", [A]ll, n[E]ver, [R]ename, [Q]u"..., 4096) = 166 > > (and so on...) > It looks like MS is trying to unpack files for a few times. > Strange is that MS is using 'unrar' for unpacking .zip ('file' shows: Zip > archive data, at least v2.0 to extract) > > I'm using clamavmodule, sophossavi and bitdefender. > > Any advice? > -- > Regards, > Marcin > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Wed Mar 9 03:25:01 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:28:54 2006 Subject: bug? using unrar Message-ID: [ The following text is in the "ISO-8859-2" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Marcin Ro¿ek > Sent: Tuesday, March 08, 2005 11:10 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: bug? using unrar > > > > Strange is that MS is using 'unrar' for unpacking .zip ('file' > shows: Zip > > archive data, at least v2.0 to extract) > oops, of course MS is trying to unpack DBF.EXE (rar > self-extracting archive), > which was (among else) included in that .zip file Ok that makes sense as a standard exe would return a null string to the unrar lb and UnPackRar would exit right then and there. But there is obviously an issue with the name being duplicated, that should not happen.. unless. Oops! That version doesn't have the revised handling of being unable to rename safe names. I think Julian has something coming that would prevent that from happening as well. I would still like to test that archive. Rick > > -- > Marcin > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From brad at BECKENHAUER.COM Wed Mar 9 03:39:31 2005 From: brad at BECKENHAUER.COM (Brad Beckenhauer) Date: Thu Jan 12 21:28:54 2006 Subject: CustomConfig.pm Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian, I'm trying out the IPBlock section of CustomConfig.pm and was curious why all the logging lines are commented out (Lines 756 & 904-910)? What User/Permissions does the IPBlock section of CustomConfig.pm run as/need to enable logging? I've un-commented the above lines and created the files and restart MS, but I've not been able to determine the appropiate owner/permissions combinations. The Lock file seems happy as shown below, but not the .log file. Since MS is running as user postfix and group postfix, I tired using those users/permissions first, but the log files keep saying that nothing can be written to the .log file. Mar 8 21:01:29 mail MailScanner[27106]: Initialising IP blocking Mar 8 21:01:29 mail MailScanner[27106]: Read 29 IP blocking whitelist entries from /etc/MailScanner/IPBlock.conf Mar 8 21:01:34 mail MailScanner[26721]: IPBlock: Cannot open /var/spool/MailScanner/IPBlock.log for writing ## Add this IP address to the log file. ## It is faster to always write it than to check if it needs to be written. my $LogH = new FileHandle; unless ($LogH->open(">+$LogFile")) { MailScanner::Log::WarnLog("IPBlock: Cannot open %s for writing", $LogFile); return 1; } print $LogH $ip . "\n"; $LogH->close; Current settings: ls -la /var/spool/MailScanner -rw-r--r-- 1 postfix postfix 12288 2005-03-08 21:20 IPBlock.db -rw-r--r-- 1 postfix postfix 0 2005-03-08 21:20 IPBlock.lock -rw-r--r-- 1 postfix postfix 0 2005-03-08 20:54 IPBlock.log Suggestions? thanks Brad ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ramprasad at NETCORE.CO.IN Wed Mar 9 05:57:21 2005 From: ramprasad at NETCORE.CO.IN (Ramprasad A Padmanabhan) Date: Thu Jan 12 21:28:54 2006 Subject: User-wise content parsing from rulesets in a database Message-ID: On Tue, 2005-03-08 at 19:56, Julian Field wrote: > Take a look in CustomConfig.pm, there are various examples in there, > some of which use DBI and persistent handles. > User rulesets from a database seems an obvious requirement I am surprised there is no add on which already does this. Thanks Ram ---------------------------------------------------------- Netcore Solutions Pvt. Ltd. Website: http://www.netcore.co.in Spamtraps: http://cleanmail.netcore.co.in/directory.html ---------------------------------------------------------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From sargastic at YAHOO.FR Wed Mar 9 08:16:03 2005 From: sargastic at YAHOO.FR (Violaine Grimly) Date: Thu Jan 12 21:28:54 2006 Subject: What does this mean ? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, I've been happily using MailScanner for some time, without much trouble. This morning, my maillog analysis tool found those lines : Mar 8 21:07:54 MailScanner[27812]: spam_buttons/ Mar 8 21:07:54 MailScanner[27812]: ProcessClamAVOutput: unrecognised line "spam_buttons/". Please contact the authors! Mar 8 21:07:54 MailScanner[27812]: spam_buttons/functions.php Mar 8 21:07:54 MailScanner[27812]: ProcessClamAVOutput: unrecognised line "spam_buttons/functions.php". Please contact the authors! Mar 8 21:07:54 MailScanner[27812]: spam_buttons/setup.php Mar 8 21:07:54 MailScanner[27812]: ProcessClamAVOutput: unrecognised line "spam_buttons/setup.php". Please contact the authors! Mar 8 21:07:54 MailScanner[27812]: spam_buttons/config.php.sample Mar 8 21:07:54 MailScanner[27812]: ProcessClamAVOutput: unrecognised line "spam_buttons/config.php.sample". Please contact the authors! (and some others, all of the same kind). What does this mean ? Obviously some kind of error, but is it a misconfiguration on my part ? You can just point me to some doc, of course. Sincerely, VG. Découvrez le nouveau Yahoo! Mail : 250 Mo d'espace de stockage pour vos mails ! Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Mar 9 08:32:45 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:54 2006 Subject: MailScanner setting score ALL_TRUSTED 0???!!!! Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Matt Kettler wrote: > At 12:45 PM 1/14/2005, Julian Field wrote: > >> - Added zero score for ALL_TRUSTED rule in SpamAssassin as it is >> known to >> cause problems. > > > Ok, I know I'm responding very late to a version update, but I just > now got > around to look at performing an upgrade. In doing so I read the > changelogs > and my jaw hit the floor. > > All I have to ask is: > > Are you completely out of your mind Julian? Someone remind me to add that to the list of "ways of getting Jules to ignore your email" :-) I added it in response to a conversation on the SA list some time ago. You know *far* more than I do about SpamAssassin, so I will remove the rule again. Thanks for the message. > Setting ALL_TRUSTED to zero > doesn't fix the problem, it covers up one of the early warning signs that > your system is misconfigured! This is like taking painkillers for a > case of > gangrene, the pain is your warning sign to get help before the infection > kills you. > > > The fundamental cause of ALL_TRUSTED misfiring is SA's trust path code > being confused by one of two things: > > 1) non RFC compliant Received: headers by the local MTA. All MTAs > supported by MailScanner default to using RFC compliant formats, but some > people modify them to be invalid. > > 2) A network with a NATed gateway MX. > > Case 1) needs to be fixed by un-breaking your MTA configuration. Case 2) > needs to be fixed by setting a correct trusted_netwoks value in your > local.cf. > > Setting the score to zero prevents the "ALL_TRUSTED" problem from showing > up, but you're actually inhibiting the warning signs of a much more > severe > problem that needs critical attention! > > If SA's trust path is incorrectly configured you can have MANY other > problems, ALL_TRUSTED mis-firing is just the first sign. The broken trust > path will cause FPs in the bonded sender tests in messages with forged > headers, FNs AND FPs in whitelist_from_rcvd, FPs in any dialup RBL. > Just to > name a few of the problems that crop up from this. > > The implications of a broken trust path are very severe. This is not a > problem that should be covered up one symptom at a time. It needs to be > fixed at the cause, or it's only going to get worse as SA makes more and > more use of the trust path code. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Wed Mar 9 08:33:36 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:54 2006 Subject: bayes expire tokens Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Brady Tucker wrote: > Peter... You are correct.. Before I got this under control my bayes_seen > was indeed growing at an insane pace... Upwards of 100 to 300 megs after a > week of fighting it and just running a job to delete the lock files and > ignore the problem for far too long :) > > Now all the boxes have stabilized around 20 megs for toks and 22 megs for > seen... Seems to be the average on all of them anyway... Other boxes I > manage for clients seem to run around 3 and 5 megs for each db respectively > on lower volume machines. But I meant that even though the expire run is successful I think that the bayes_seen file is growing too large. Is it reasonable to have a bayes_toks file of 5 MB and a bayes_seen file of 82 MB? The below is from a system that has not been running for that long, these are the only files, no expire files and it works well. I have seen bayes_seen files with 300-500 MB, does it have to dig through it every time? -rw------- 1 root other 3462 Mar 9 09:26 bayes.mutex -rw------- 1 root other 95256 Mar 9 09:26 bayes_journal -rw------- 1 root other 82214912 Mar 9 09:26 bayes_seen -rw------- 1 root other 5308416 Mar 9 09:26 bayes_toks -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Mar 9 08:43:45 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:54 2006 Subject: DNS wildcards used in new phishing attacks Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] "Phishing Net" is the name I have given to the email "phishing" fraud detector built into MailScanner. See www.phishingnet.info if you want to see some of the gory details. Peter Russell wrote: > Forgive me if this is a silly question - phishing net is using the > latest mailscanner? Is this a name given to a feature of MS? > > Pete > > Julian Field wrote: > >> As highlighted here on Slashdot: >> >> http://slashdot.org/articles/05/03/08/0052235.shtml >> >> which links to the full Netcraft article at >> >> http://news.netcraft.com/archives/2005/03/07/phishers_use_wildcard_dns_to_build_convincing_bait_urls.html >> >> >> >> I have just tested the examples given by Netcraft, and the current >> phishing net already traps these phishing attacks and needs no changes >> or improvements in this case. >> >> If you are running an old version of the phishing net, I strongly advise >> you to upgrade. You should at least test the 3 URLs given by Netcraft >> and ensure that you can catch them. Use an HTML segment like this: >> >> Barclays bank wildcard DNS attack here: >> > href="http://barclays.co.uk|snc9d8ynusktl2wpqxzn1anes89gi8z.dvdlinKs.at/pgcgc3p/">barclays.co.uk >> >> >> > href="http://barclays.co.uk|YJ3EMOHOqljQ8J5oW2ZKyTaRMQOahSWaxTrFTEQK9l9VVQj6jDtyq10d24r2h0bijh2">barclays.co.uk >> >> >> > href="http://barclays.co.uk|34fdcb4rvdnp9phxbahhvbs6l56a2uyx%2edivxmovies%2ea%74/41pvaw3/">barclays.co.uk >> >> >> >> Beware that the above paragraph should have 4 lines in it, in case my >> mail client messes with it. > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Mar 9 08:46:17 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:55 2006 Subject: bug? using unrar Message-ID: [ The following text is in the "ISO-8859-2" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] In the help for my version of unrar it is -y and not -Y. Can you confirm please? Rick Cooper wrote: >I am not sure how that could have gotten to unrar, oh.. I looked again it's >looking at an exe file. I am also a loss as to how come the safe name is a >duplicate though. In any event open Message.pm and look for unrar e -p- -idp >(lines 1635 and 1641) and change to unrar e -Y -p- -idp and that will stop >the looping trying to unpack a duplicate. Is this a self extracting exe? >Kind of looks like it must be. Any chance I get get a copy of the archive in >question? Or get it to Julian. > >Julian if you want to mail me off list about this I have a couple of ideas >on this, nothing too difficult I think > >Sorry it took so long to see this but I have been off line most of the >day/evening > >Rick > > > >>-----Original Message----- >>From: MailScanner mailing list >>[mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Marcin Ro¿ek >>Sent: Tuesday, March 08, 2005 10:55 AM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: bug? using unrar >> >> >>Hello, >>i've installed MS version 4.40.2. Today we've received 2 >>zip-files that are 100% >>not virused (i've checked them after pulling them from >>quarantine). They were >>quarantined because of containing .exe files). I've released them from >>quarantine using MailWatch but they didn't reach recipient. I've >>checked logs >>and i saw that one of instances of MS couldn't finish scanning >>released message. >> >>Mar 8 16:14:50 gandalf sendmail[14797]: j28FEnXB014797: >>from=, size=897208, class=0, nrcpts=1, >>msgid=<422DC260.6060703@ios.edu.pl>, proto=ESMTP, daemon=MTA, >>relay=[193.0.91.121] >>Mar 8 16:14:52 gandalf MailScanner[7102]: New Batch: Scanning 1 messages, >>897726 bytes >>Mar 8 16:14:55 gandalf MailScanner[7102]: Unrar : Archive >>Testing Completed On >>: BIURA.CDX >>Mar 8 16:14:55 gandalf MailScanner[7102]: BIURA.DBF >>Mar 8 16:14:55 gandalf MailScanner[7102]: DEC32.CDX >>Mar 8 16:14:55 gandalf MailScanner[7102]: DEC32.DBF >>Mar 8 16:14:55 gandalf MailScanner[7102]: DECYZJE.CDX >>Mar 8 16:14:55 gandalf MailScanner[7102]: DECYZJE.DBF >>Mar 8 16:14:55 gandalf MailScanner[7102]: DR32.CDX >>Mar 8 16:14:55 gandalf MailScanner[7102]: DR32.DBF >>Mar 8 16:14:55 gandalf MailScanner[7102]: DR_PO32.CDX >>Mar 8 16:14:55 gandalf MailScanner[7102]: DR_PO32.DBF >>Mar 8 16:14:55 gandalf MailScanner[7102]: DR_PU32.CDX >>Mar 8 16:14:55 gandalf MailScanner[7102]: DR_PU32.DBF >>Mar 8 16:14:55 gandalf MailScanner[7102]: DR_RAP32.DBF >>Mar 8 16:14:55 gandalf MailScanner[7102]: DZU.DBF >>Mar 8 16:14:55 gandalf MailScanner[7102]: EKD.DBF >>Mar 8 16:14:55 gandalf MailScanner[7102]: GDZIE32.CDX >>Mar 8 16:14:55 gandalf MailScanner[7102]: GDZIE32.DBF >>Mar 8 16:14:55 gandalf MailScanner[7102]: GMINA32.CDX >>Mar 8 16:14:55 gandalf MailScanner[7102]: GMINA32.DBF >>Mar 8 16:14:55 gandalf MailScanner[7102]: GRAF.CDX >>Mar 8 16:14:55 gandalf MailScanner[7102]: GRAF.DBF >>Mar 8 16:14:55 gandalf MailScanner[7102]: KAT_MA.CDX >>Mar 8 16:14:55 gandalf MailScanner[7102]: KAT_MA.DBF >>Mar 8 16:14:55 gandalf MailScanner[7102]: KO32.DBF >>Mar 8 16:14:55 gandalf MailScanner[7102]: KO_PO32.DBF >>Mar 8 16:14:55 gandalf MailScanner[7102]: KO_PO50.DBF >>Mar 8 16:14:55 gandalf MailScanner[7102]: KO_PU32.DBF >>Mar 8 16:14:55 gandalf MailScanner[7102]: KO_RAP32.DBF >>Mar 8 16:14:55 gandalf MailScanner[7102]: METODYKA.DBF >>Mar 8 16:14:55 gandalf MailScanner[7102]: NORMY.DBF >>Mar 8 16:14:55 gandalf MailScanner[7102]: OBSZAR32.CDX >>Mar 8 16:14:55 gandalf MailScanner[7102]: OBSZAR32.DBF >>Mar 8 16:14:55 gandalf MailScanner[7102]: OPH-02.DBF >>Mar 8 16:14:55 gandalf MailScanner[7102]: OPH-HLP.DBF >>Mar 8 16:14:55 gandalf MailScanner[7102]: OPHUSER.DBF >>Mar 8 16:14:55 gandalf MailScanner[7102]: POM32.CDX >>Mar 8 16:14:55 gandalf MailScanner[7102]: POM32.DBF >>Mar 8 16:14:55 gandalf MailScanner[7102]: PRZESZ32.DBF >>Mar 8 16:14:55 gandalf MailScanner[7102]: REJON32.CDX >>Mar 8 16:14:55 gandalf MailScanner[7102]: REJON32.DBF >>Mar 8 16:14:55 gandalf MailScanner[7102]: S_BRAN32.CDX >>Mar 8 16:14:55 gandalf MailScanner[7102]: S_BRAN32.DBF >>Mar 8 16:14:55 gandalf MailScanner[7102]: S_DZIA32.CDX >>Mar 8 16:14:55 gandalf MailScanner[7102]: S_DZIA32.DBF >>Mar 8 16:14:55 gandalf MailScanner[7102]: S_MASZ32.DBF >>Mar 8 16:14:55 gandalf MailScanner[7102]: SEKCJE32.DBF >>Mar 8 16:14:55 gandalf MailScanner[7102]: ST_KAR.CDX >>Mar 8 16:14:55 gandalf MailScanner[7102]: ST_KAR.DBF >>Mar 8 16:14:55 gandalf MailScanner[7102]: TE32.DBF >>Mar 8 16:14:55 gandalf MailScanner[7102]: TERENY.CDX >>Mar 8 16:14:55 gandalf MailScanner[7102]: TERENY.DBF >>Mar 8 16:14:55 gandalf MailScanner[7102]: TR32.DBF >>Mar 8 16:14:55 gandalf MailScanner[7102]: TR_PO32.DBF >>Mar 8 16:14:55 gandalf MailScanner[7102]: TR_PU32.DBF >>Mar 8 16:14:55 gandalf MailScanner[7102]: TRASY.DBF >>Mar 8 16:14:55 gandalf MailScanner[7102]: WARI32.DBF >>Mar 8 16:14:55 gandalf MailScanner[7102]: WARI9.CDX >>Mar 8 16:14:55 gandalf MailScanner[7102]: WARI9.DBF >>Mar 8 16:14:55 gandalf MailScanner[7102]: WARUN32.CDX >>Mar 8 16:14:55 gandalf MailScanner[7102]: WARUN32.DBF >>Mar 8 16:14:55 gandalf MailScanner[7102]: ZA32.CDX >>Mar 8 16:14:55 gandalf MailScanner[7102]: ZA32.DBF >>Mar 8 16:14:55 gandalf MailScanner[7102]: ZA_PO32.CDX >>Mar 8 16:14:55 gandalf MailScanner[7102]: ZA_PO32.DBF >>Mar 8 16:14:55 gandalf MailScanner[7102]: ZA_PU32.CDX >>Mar 8 16:14:55 gandalf MailScanner[7102]: ZA_PU32.DBF >>Mar 8 16:14:55 gandalf MailScanner[7102]: ZA_RAP32.CDX >>Mar 8 16:14:55 gandalf MailScanner[7102]: ZA_RAP32.DBF >>Mar 8 16:14:55 gandalf MailScanner[7102]: ZNAKI.DBF >>Mar 8 16:15:45 gandalf MailScanner[7102]: Safepipe in Message.pm : >>/usr/local/bin/unrar e -p- -idp >>'/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DBF.EXE' >>'BIURA.DBF' 2>&1 >>timed out! >>Mar 8 16:15:45 gandalf MailScanner[7102]: Unrar : Encrypted Or >>Extract Error >>Creating 0 length >>/var/spool/MailScanner/incoming/7102/j28FEnXB014797/BIURA4.DBF >>Mar 8 16:15:45 gandalf MailScanner[7102]: Unrar : Encrypted Or >>Extract Error >>Creating 0 length >>/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DEC32.CDX >>Mar 8 16:16:36 gandalf MailScanner[7102]: Safepipe in Message.pm : >>/usr/local/bin/unrar e -p- -idp >>'/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DBF.EXE' >>'DEC32.DBF' 2>&1 >>timed out! >>Mar 8 16:16:36 gandalf MailScanner[7102]: Unrar : Encrypted Or >>Extract Error >>Creating 0 length >>/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DEC321.DBF >>Mar 8 16:16:36 gandalf MailScanner[7102]: Unrar : Encrypted Or >>Extract Error >>Creating 0 length >>/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DECYZJE.CDX >>Mar 8 16:17:28 gandalf MailScanner[7102]: Safepipe in Message.pm : >>/usr/local/bin/unrar e -p- -idp >>'/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DBF.EXE' >>'DECYZJE.DBF' 2>&1 >>timed out! >>Mar 8 16:17:28 gandalf MailScanner[7102]: Unrar : Encrypted Or >>Extract Error >>Creating 0 length >>/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DECYZJE4.DBF >>Mar 8 16:17:28 gandalf MailScanner[7102]: Unrar : Encrypted Or >>Extract Error >>Creating 0 length >>/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DR32.CDX >>Mar 8 16:18:19 gandalf MailScanner[7102]: Safepipe in Message.pm : >>/usr/local/bin/unrar e -p- -idp >>'/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DBF.EXE' >>'DR32.DBF' 2>&1 >>timed out! >>Mar 8 16:18:19 gandalf MailScanner[7102]: Unrar : Encrypted Or >>Extract Error >>Creating 0 length >>/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DR321.DBF >>Mar 8 16:18:19 gandalf MailScanner[7102]: Unrar : Encrypted Or >>Extract Error >>Creating 0 length >>/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DR_PO32.CDX >>Mar 8 16:19:10 gandalf MailScanner[7102]: Safepipe in Message.pm : >>/usr/local/bin/unrar e -p- -idp >>'/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DBF.EXE' >>'DR_PO32.DBF' 2>&1 >>timed out! >>Mar 8 16:19:10 gandalf MailScanner[7102]: Unrar : Encrypted Or >>Extract Error >>Creating 0 length >>/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DR_PO321.DBF >>Mar 8 16:19:10 gandalf MailScanner[7102]: Unrar : Encrypted Or >>Extract Error >>Creating 0 length >>/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DR_PU32.CDX >>Mar 8 16:20:01 gandalf MailScanner[7102]: Safepipe in Message.pm : >>/usr/local/bin/unrar e -p- -idp >>'/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DBF.EXE' >>'DR_PU32.DBF' 2>&1 >>timed out! >>Mar 8 16:20:01 gandalf MailScanner[7102]: Unrar : Encrypted Or >>Extract Error >>Creating 0 length >>/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DR_PU321.DBF >>Mar 8 16:20:53 gandalf MailScanner[7102]: Safepipe in Message.pm : >>/usr/local/bin/unrar e -p- -idp >>'/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DBF.EXE' >>'DR_RAP32.DBF' >>2>&1 timed out! >>Mar 8 16:20:53 gandalf MailScanner[7102]: Unrar : Encrypted Or >>Extract Error >>Creating 0 length >>/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DR_RAP321.DBF >>Mar 8 16:21:44 gandalf MailScanner[7102]: Safepipe in Message.pm : >>/usr/local/bin/unrar e -p- -idp >>'/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DBF.EXE' >>'DZU.DBF' 2>&1 >>timed out! >>Mar 8 16:21:44 gandalf MailScanner[7102]: Unrar : Encrypted Or >>Extract Error >>Creating 0 length >>/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DZU4.DBF >>Mar 8 16:22:35 gandalf MailScanner[7102]: Safepipe in Message.pm : >>/usr/local/bin/unrar e -p- -idp >>'/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DBF.EXE' >>'EKD.DBF' 2>&1 >>timed out! >>Mar 8 16:22:35 gandalf MailScanner[7102]: Unrar : Encrypted Or >>Extract Error >>Creating 0 length >>/var/spool/MailScanner/incoming/7102/j28FEnXB014797/EKD4.DBF >>Mar 8 16:22:35 gandalf MailScanner[7102]: Unrar : Encrypted Or >>Extract Error >>Creating 0 length >>/var/spool/MailScanner/incoming/7102/j28FEnXB014797/GDZIE32.CDX >>Mar 8 16:23:26 gandalf MailScanner[7102]: Safepipe in Message.pm : >>/usr/local/bin/unrar e -p- -idp >>'/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DBF.EXE' >>'GDZIE32.DBF' 2>&1 >>timed out! >>Mar 8 16:23:26 gandalf MailScanner[7102]: Unrar : Encrypted Or >>Extract Error >>Creating 0 length >>/var/spool/MailScanner/incoming/7102/j28FEnXB014797/GDZIE321.DBF >>Mar 8 16:23:26 gandalf MailScanner[7102]: Unrar : Encrypted Or >>Extract Error >>Creating 0 length >>/var/spool/MailScanner/incoming/7102/j28FEnXB014797/GMINA32.CDX >>Mar 8 16:24:17 gandalf MailScanner[7102]: Safepipe in Message.pm : >>/usr/local/bin/unrar e -p- -idp >>'/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DBF.EXE' >>'GMINA32.DBF' 2>&1 >>timed out! >>Mar 8 16:24:17 gandalf MailScanner[7102]: Unrar : Encrypted Or >>Extract Error >>Creating 0 length >>/var/spool/MailScanner/incoming/7102/j28FEnXB014797/GMINA321.DBF >>Mar 8 16:24:18 gandalf MailScanner[7102]: Unrar : Encrypted Or >>Extract Error >>Creating 0 length >>/var/spool/MailScanner/incoming/7102/j28FEnXB014797/GRAF.CDX >>Mar 8 16:25:09 gandalf MailScanner[7102]: Safepipe in Message.pm : >>/usr/local/bin/unrar e -p- -idp >>'/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DBF.EXE' >>'GRAF.DBF' 2>&1 >>timed out! >>Mar 8 16:25:09 gandalf MailScanner[7102]: Unrar : Encrypted Or >>Extract Error >>Creating 0 length >>/var/spool/MailScanner/incoming/7102/j28FEnXB014797/GRAF4.DBF >>Mar 8 16:25:09 gandalf MailScanner[7102]: Unrar : Encrypted Or >>Extract Error >>Creating 0 length >>/var/spool/MailScanner/incoming/7102/j28FEnXB014797/KAT_MA.CDX >>Mar 8 16:26:00 gandalf MailScanner[7102]: Safepipe in Message.pm : >>/usr/local/bin/unrar e -p- -idp >>'/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DBF.EXE' >>'KAT_MA.DBF' 2>&1 >>timed out! >>Mar 8 16:26:00 gandalf MailScanner[7102]: Unrar : Encrypted Or >>Extract Error >>Creating 0 length >>/var/spool/MailScanner/incoming/7102/j28FEnXB014797/KAT_MA3.DBF >>Mar 8 16:26:51 gandalf MailScanner[7102]: Safepipe in Message.pm : >>/usr/local/bin/unrar e -p- -idp >>'/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DBF.EXE' >>'KO32.DBF' 2>&1 >>timed out! >>Mar 8 16:26:51 gandalf MailScanner[7102]: Unrar : Encrypted Or >>Extract Error >>Creating 0 length >>/var/spool/MailScanner/incoming/7102/j28FEnXB014797/KO321.DBF >>Mar 8 16:27:42 gandalf MailScanner[7102]: Safepipe in Message.pm : >>/usr/local/bin/unrar e -p- -idp >>'/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DBF.EXE' >>'KO_PO32.DBF' 2>&1 >>timed out! >>Mar 8 16:27:42 gandalf MailScanner[7102]: Unrar : Encrypted Or >>Extract Error >>Creating 0 length >>/var/spool/MailScanner/incoming/7102/j28FEnXB014797/KO_PO321.DBF >>Mar 8 16:28:34 gandalf MailScanner[7102]: Safepipe in Message.pm : >>/usr/local/bin/unrar e -p- -idp >>'/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DBF.EXE' >>'KO_PO50.DBF' 2>&1 >>timed out! >>Mar 8 16:28:34 gandalf MailScanner[7102]: Unrar : Encrypted Or >>Extract Error >>Creating 0 length >>/var/spool/MailScanner/incoming/7102/j28FEnXB014797/KO_PO502.DBF >> >> >>When i run 'strace -p 7102' i see: >> >>Process 7102 attached - interrupt to quit >>read(10, "[R]ename, [Q]uit \n\nPOM32.DBF alr"..., 4096) = 696 >>read(10, "[A]ll, n[E]ver, [R]ename, [Q]uit"..., 4096) = 261 >>read(10, "[N]o, [A]ll, n[E]ver, [R]ename, "..., 4096) = 176 >>read(10, ", [N]o, [A]ll, n[E]ver, [R]ename"..., 4096) = 130 >>read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 161 >>read(10, "[R]ename, [Q]uit \n\nPOM32.DBF alr"..., 4096) = 162 >>read(10, "[A]ll, n[E]ver, [R]ename, [Q]uit"..., 4096) = 164 >>read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 136 >>read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 153 >>read(10, "[E]ver, [R]ename, [Q]uit \n\nPOM32"..., 4096) = 164 >>read(10, "[N]o, [A]ll, n[E]ver, [R]ename, "..., 4096) = 170 >>read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 129 >>read(10, "[Q]uit \n\nPOM32.DBF already exist"..., 4096) = 157 >>read(10, ", n[E]ver, [R]ename, [Q]uit \n\nPO"..., 4096) = 160 >>read(10, "[Y]es, [N]o, [A]ll, n[E]ver, [R]"..., 4096) = 135 >>read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 161 >>read(10, "[R]ename, [Q]uit \n\nPOM32.DBF alr"..., 4096) = 162 >>read(10, "[A]ll, n[E]ver, [R]ename, [Q]uit"..., 4096) = 164 >>read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 135 >>read(10, " \n\nPOM32.DBF already exists. Ove"..., 4096) = 153 >>read(10, "n[E]ver, [R]ename, [Q]uit \n\nPOM3"..., 4096) = 163 >>read(10, ", [N]o, [A]ll, n[E]ver, [R]ename"..., 4096) = 130 >>read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 161 >>read(10, "[R]ename, [Q]uit \n\nPOM32.DBF alr"..., 4096) = 162 >>read(10, "[A]ll, n[E]ver, [R]ename, [Q]uit"..., 4096) = 164 >>read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 136 >>read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 153 >>read(10, "[E]ver, [R]ename, [Q]uit \n\nPOM32"..., 4096) = 164 >>read(10, "[N]o, [A]ll, n[E]ver, [R]ename, "..., 4096) = 170 >>read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 136 >>read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 153 >>read(10, "[E]ver, [R]ename, [Q]uit \n\nPOM32"..., 4096) = 164 >>read(10, "[N]o, [A]ll, n[E]ver, [R]ename, "..., 4096) = 170 >>read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 135 >>read(10, " \n\nPOM32.DBF already exists. Ove"..., 4096) = 153 >>read(10, "n[E]ver, [R]ename, [Q]uit \n\nPOM3"..., 4096) = 158 >>read(10, "[Y]es, [N]o, [A]ll, n[E]ver, [R]"..., 4096) = 135 >>read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 159 >>read(10, ", [R]ename, [Q]uit \n\nPOM32.DBF a"..., 4096) = 162 >>read(10, ", [A]ll, n[E]ver, [R]ename, [Q]u"..., 4096) = 166 >>read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 136 >>read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 153 >>read(10, "[E]ver, [R]ename, [Q]uit \n\nPOM32"..., 4096) = 164 >>read(10, "[N]o, [A]ll, n[E]ver, [R]ename, "..., 4096) = 170 >>read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 135 >>read(10, " \n\nPOM32.DBF already exists. Ove"..., 4096) = 153 >>read(10, "n[E]ver, [R]ename, [Q]uit \n\nPOM3"..., 4096) = 163 >>read(10, ", [N]o, [A]ll, n[E]ver, [R]ename"..., 4096) = 130 >>read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 161 >>read(10, "[R]ename, [Q]uit \n\nPOM32.DBF alr"..., 4096) = 162 >>read(10, "[A]ll, n[E]ver, [R]ename, [Q]uit"..., 4096) = 164 >>read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 136 >>read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 153 >>read(10, "[E]ver, [R]ename, [Q]uit \n\nPOM32"..., 4096) = 164 >>read(10, "[N]o, [A]ll, n[E]ver, [R]ename, "..., 4096) = 170 >>read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 136 >>read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 153 >>read(10, "[E]ver, [R]ename, [Q]uit \n\nPOM32"..., 4096) = 162 >>read(10, ", [N]o, [A]ll, n[E]ver, [R]ename"..., 4096) = 130 >>read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 159 >>read(10, ", [R]ename, [Q]uit \n\nPOM32.DBF a"..., 4096) = 158 >>read(10, "[N]o, [A]ll, n[E]ver, [R]ename, "..., 4096) = 128 >>read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 161 >>read(10, "[R]ename, [Q]uit \n\nPOM32.DBF alr"..., 4096) = 162 >>read(10, "[A]ll, n[E]ver, [R]ename, [Q]uit"..., 4096) = 164 >>read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 135 >>read(10, " \n\nPOM32.DBF already exists. Ove"..., 4096) = 153 >>read(10, "n[E]ver, [R]ename, [Q]uit \n\nPOM3"..., 4096) = 204 >>read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 159 >>read(10, ", [R]ename, [Q]uit \n\nPOM32.DBF a"..., 4096) = 158 >>read(10, "[N]o, [A]ll, n[E]ver, [R]ename, "..., 4096) = 128 >>read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 161 >>read(10, "[R]ename, [Q]uit \n\nPOM32.DBF alr"..., 4096) = 162 >>read(10, "[A]ll, n[E]ver, [R]ename, [Q]uit"..., 4096) = 164 >>read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 119 >>read(10, "[R]ename, [Q]uit \n\nPOM32.DBF alr"..., 4096) = 156 >>read(10, "[N]o, [A]ll, n[E]ver, [R]ename, "..., 4096) = 128 >>read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 169 >>read(10, ", [Q]uit \n\nPOM32.DBF already exi"..., 4096) = 159 >>read(10, ", n[E]ver, [R]ename, [Q]uit \n\nPO"..., 4096) = 160 >>read(10, "[Y]es, [N]o, [A]ll, n[E]ver, [R]"..., 4096) = 135 >>read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 161 >>read(10, "[R]ename, [Q]uit \n\nPOM32.DBF alr"..., 4096) = 162 >>read(10, "[A]ll, n[E]ver, [R]ename, [Q]uit"..., 4096) = 164 >>read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 136 >>read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 153 >>read(10, "[E]ver, [R]ename, [Q]uit \n\nPOM32"..., 4096) = 164 >>read(10, "[N]o, [A]ll, n[E]ver, [R]ename, "..., 4096) = 128 >>read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 161 >>read(10, "[R]ename, [Q]uit \n\nPOM32.DBF alr"..., 4096) = 162 >>read(10, "[A]ll, n[E]ver, [R]ename, [Q]uit"..., 4096) = 164 >>read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 136 >>read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 153 >>read(10, "[E]ver, [R]ename, [Q]uit \n\nPOM32"..., 4096) = 164 >>read(10, "[N]o, [A]ll, n[E]ver, [R]ename, "..., 4096) = 170 >>read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 129 >>read(10, "[Q]uit \n\nPOM32.DBF already exist"..., 4096) = 152 >>read(10, "[A]ll, n[E]ver, [R]ename, [Q]uit"..., 4096) = 164 >>read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 136 >>read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 153 >>read(10, "[E]ver, [R]ename, [Q]uit \n\nPOM32"..., 4096) = 164 >>read(10, "[N]o, [A]ll, n[E]ver, [R]ename, "..., 4096) = 128 >>read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 161 >>read(10, "[R]ename, [Q]uit \n\nPOM32.DBF alr"..., 4096) = 162 >>read(10, "[A]ll, n[E]ver, [R]ename, [Q]uit"..., 4096) = 165 >>read(10, "[Y]es, [N]o, [A]ll, n[E]ver, [R]"..., 4096) = 135 >>read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 159 >>read(10, ", [R]ename, [Q]uit \n\nPOM32.DBF a"..., 4096) = 162 >>read(10, ", [A]ll, n[E]ver, [R]ename, [Q]u"..., 4096) = 167 >>read(10, "[Y]es, [N]o, [A]ll, n[E]ver, [R]"..., 4096) = 135 >>read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 159 >>read(10, ", [R]ename, [Q]uit \n\nPOM32.DBF a"..., 4096) = 158 >>read(10, "[N]o, [A]ll, n[E]ver, [R]ename, "..., 4096) = 128 >>read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 161 >>read(10, "[R]ename, [Q]uit \n\nPOM32.DBF alr"..., 4096) = 162 >>read(10, "[A]ll, n[E]ver, [R]ename, [Q]uit"..., 4096) = 164 >>read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 135 >>read(10, " \n\nPOM32.DBF already exists. Ove"..., 4096) = 151 >>read(10, ", n[E]ver, [R]ename, [Q]uit \n\nPO"..., 4096) = 160 >>read(10, "[Y]es, [N]o, [A]ll, n[E]ver, [R]"..., 4096) = 135 >>read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 159 >>read(10, ", [R]ename, [Q]uit \n\nPOM32.DBF a"..., 4096) = 162 >>read(10, ", [A]ll, n[E]ver, [R]ename, [Q]u"..., 4096) = 166 >>read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 135 >>read(10, " \n\nPOM32.DBF already exists. Ove"..., 4096) = 153 >>read(10, "n[E]ver, [R]ename, [Q]uit \n\nPOM3"..., 4096) = 163 >>read(10, ", [N]o, [A]ll, n[E]ver, [R]ename"..., 4096) = 130 >>read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 161 >>read(10, "[R]ename, [Q]uit \n\nPOM32.DBF alr"..., 4096) = 162 >>read(10, "[A]ll, n[E]ver, [R]ename, [Q]uit"..., 4096) = 164 >>read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 136 >>read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 153 >>read(10, "[E]ver, [R]ename, [Q]uit \n\nPOM32"..., 4096) = 164 >>read(10, "[N]o, [A]ll, n[E]ver, [R]ename, "..., 4096) = 198 >>read(10, ", [R]ename, [Q]uit \n\nPOM32.DBF a"..., 4096) = 169 >>read(10, ", n[E]ver, [R]ename, [Q]uit \n\nPO"..., 4096) = 160 >>read(10, "[Y]es, [N]o, [A]ll, n[E]ver, [R]"..., 4096) = 135 >>read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 159 >>read(10, ", [R]ename, [Q]uit \n\nPOM32.DBF a"..., 4096) = 162 >>read(10, ", [A]ll, n[E]ver, [R]ename, [Q]u"..., 4096) = 166 >>read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 135 >>read(10, " \n\nPOM32.DBF already exists. Ove"..., 4096) = 153 >>read(10, "n[E]ver, [R]ename, [Q]uit \n\nPOM3"..., 4096) = 158 >>read(10, "[Y]es, [N]o, [A]ll, n[E]ver, [R]"..., 4096) = 135 >>read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 161 >>read(10, "[R]ename, [Q]uit \n\nPOM32.DBF alr"..., 4096) = 162 >>read(10, "[A]ll, n[E]ver, [R]ename, [Q]uit"..., 4096) = 164 >>read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 135 >>read(10, " \n\nPOM32.DBF already exists. Ove"..., 4096) = 153 >>read(10, "n[E]ver, [R]ename, [Q]uit \n\nPOM3"..., 4096) = 163 >>read(10, ", [N]o, [A]ll, n[E]ver, [R]ename"..., 4096) = 130 >>read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 161 >>read(10, "[R]ename, [Q]uit \n\nPOM32.DBF alr"..., 4096) = 162 >>read(10, "[A]ll, n[E]ver, [R]ename, [Q]uit"..., 4096) = 164 >>read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 135 >>read(10, " \n\nPOM32.DBF already exists. Ove"..., 4096) = 151 >>read(10, ", n[E]ver, [R]ename, [Q]uit \n\nPO"..., 4096) = 160 >>read(10, "[Y]es, [N]o, [A]ll, n[E]ver, [R]"..., 4096) = 135 >>read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 161 >>read(10, "[R]ename, [Q]uit \n\nPOM32.DBF alr"..., 4096) = 162 >>read(10, "[A]ll, n[E]ver, [R]ename, [Q]uit"..., 4096) = 164 >>read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 136 >>read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 159 >>read(10, ", [R]ename, [Q]uit \n\nPOM32.DBF a"..., 4096) = 162 >>read(10, ", [A]ll, n[E]ver, [R]ename, [Q]u"..., 4096) = 166 >>read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 136 >>read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 145 >>read(10, "[A]ll, n[E]ver, [R]ename, [Q]uit"..., 4096) = 164 >>read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 135 >>read(10, " \n\nPOM32.DBF already exists. Ove"..., 4096) = 153 >>read(10, "n[E]ver, [R]ename, [Q]uit \n\nPOM3"..., 4096) = 163 >>read(10, ", [N]o, [A]ll, n[E]ver, [R]ename"..., 4096) = 130 >>read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 161 >>read(10, "[R]ename, [Q]uit \n\nPOM32.DBF alr"..., 4096) = 160 >>read(10, ", [A]ll, n[E]ver, [R]ename, [Q]u"..., 4096) = 166 >> >>(and so on...) >>It looks like MS is trying to unpack files for a few times. >>Strange is that MS is using 'unrar' for unpacking .zip ('file' shows: Zip >>archive data, at least v2.0 to extract) >> >>I'm using clamavmodule, sophossavi and bitdefender. >> >>Any advice? >>-- >>Regards, >>Marcin >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >>-- >>This message has been scanned for viruses and >>dangerous content by MailScanner, and is >>believed to be clean. >> >> >> >> >> > > >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Mar 9 08:48:19 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:55 2006 Subject: What does this mean ? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Please post the output of "MailScanner -v" and tell us what version of ClamAV you are running. I suspect you just need to upgrade your MailScanner to get support for the latest ClamAV. Violaine Grimly wrote: >Hello, > >I've been happily using MailScanner for some time, >without much trouble. This morning, my maillog >analysis tool found those lines : > >Mar 8 21:07:54 MailScanner[27812]: spam_buttons/ >Mar 8 21:07:54 MailScanner[27812]: >ProcessClamAVOutput: unrecognised line >"spam_buttons/". Please contact the authors! >Mar 8 21:07:54 MailScanner[27812]: >spam_buttons/functions.php >Mar 8 21:07:54 MailScanner[27812]: >ProcessClamAVOutput: unrecognised line >"spam_buttons/functions.php". Please contact the >authors! >Mar 8 21:07:54 MailScanner[27812]: >spam_buttons/setup.php >Mar 8 21:07:54 MailScanner[27812]: >ProcessClamAVOutput: unrecognised line >"spam_buttons/setup.php". Please contact the authors! >Mar 8 21:07:54 MailScanner[27812]: >spam_buttons/config.php.sample >Mar 8 21:07:54 MailScanner[27812]: >ProcessClamAVOutput: unrecognised line >"spam_buttons/config.php.sample". Please contact the >authors! > >(and some others, all of the same kind). > >What does this mean ? Obviously some kind of error, >but is it a misconfiguration on my part ? You can just >point me to some doc, of course. > >Sincerely, > >VG. > > > > > > >Découvrez le nouveau Yahoo! Mail : 250 Mo d'espace de stockage pour vos mails ! >Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com/ > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcin.rozek at IOS.EDU.PL Wed Mar 9 09:07:02 2005 From: marcin.rozek at IOS.EDU.PL ([ISO-8859-2] Marcin Ro¿ek) Date: Thu Jan 12 21:28:55 2006 Subject: bug? using unrar Message-ID: [ The following text is in the "ISO-8859-2" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rick Cooper wrote: > Ok that makes sense as a standard exe would return a null string to the > unrar lb and UnPackRar would exit right then and there. But there is > obviously an issue with the name being duplicated, that should not happen.. > unless. Oops! That version doesn't have the revised handling of being unable > to rename safe names. I think Julian has something coming that would prevent > that from happening as well. I would still like to test that archive. Yes. The problem is that DBF.EXE is self-extracring rar archive which includes few files with the same names as other files in .zip archive. It is easy to reproduce. Make 3 text files and name them eg file1, file2, file3. Make .rar archive eg archive.rar and pack file2 and file3. Then, make .zip archive that includes file1, file2, file3 and archive.rar. When you send that .zip archive through MailScanner the problem will occure. > In the help for my version of unrar it is -y and not -Y. > Can you confirm please? If it is safe to overwrite already unpacked files (are they already scanned?) then -y can be a solution. -- Marcin ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Mar 9 09:23:54 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:55 2006 Subject: MailScanner setting score ALL_TRUSTED 0???!!!! Message-ID: Julian maybe a big comment in the spam.assassin.prefs.conf and updates to the doccy about this would be helpful. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Julian Field wrote: > Matt Kettler wrote: > >> At 12:45 PM 1/14/2005, Julian Field wrote: >> >>> - Added zero score for ALL_TRUSTED rule in SpamAssassin as it is >>> known to >>> cause problems. >> >> >> >> Ok, I know I'm responding very late to a version update, but I just >> now got >> around to look at performing an upgrade. In doing so I read the >> changelogs >> and my jaw hit the floor. >> >> All I have to ask is: >> >> Are you completely out of your mind Julian? > > > Someone remind me to add that to the list of "ways of getting Jules to > ignore your email" > :-) > > I added it in response to a conversation on the SA list some time ago. > You know *far* more than I do about SpamAssassin, so I will remove the > rule again. > > Thanks for the message. > >> Setting ALL_TRUSTED to zero >> doesn't fix the problem, it covers up one of the early warning signs that >> your system is misconfigured! This is like taking painkillers for a >> case of >> gangrene, the pain is your warning sign to get help before the infection >> kills you. >> >> >> The fundamental cause of ALL_TRUSTED misfiring is SA's trust path code >> being confused by one of two things: >> >> 1) non RFC compliant Received: headers by the local MTA. All MTAs >> supported by MailScanner default to using RFC compliant formats, but some >> people modify them to be invalid. >> >> 2) A network with a NATed gateway MX. >> >> Case 1) needs to be fixed by un-breaking your MTA configuration. Case 2) >> needs to be fixed by setting a correct trusted_netwoks value in your >> local.cf. >> >> Setting the score to zero prevents the "ALL_TRUSTED" problem from showing >> up, but you're actually inhibiting the warning signs of a much more >> severe >> problem that needs critical attention! >> >> If SA's trust path is incorrectly configured you can have MANY other >> problems, ALL_TRUSTED mis-firing is just the first sign. The broken trust >> path will cause FPs in the bonded sender tests in messages with forged >> headers, FNs AND FPs in whitelist_from_rcvd, FPs in any dialup RBL. >> Just to >> name a few of the problems that crop up from this. >> >> The implications of a broken trust path are very severe. This is not a >> problem that should be covered up one symptom at a time. It needs to be >> fixed at the cause, or it's only going to get worse as SA makes more and >> more use of the trust path code. >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Mar 9 09:44:41 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:55 2006 Subject: MailScanner setting score ALL_TRUSTED 0???!!!! Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] As someone who understands the trusted path system in SpamAssassin better than I do, any chance you could give me some wording for the comments? Martin Hepworth wrote: > Julian > > maybe a big comment in the spam.assassin.prefs.conf and updates to the > doccy about this would be helpful. > > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Julian Field wrote: > >> Matt Kettler wrote: >> >>> At 12:45 PM 1/14/2005, Julian Field wrote: >>> >>>> - Added zero score for ALL_TRUSTED rule in SpamAssassin as it is >>>> known to >>>> cause problems. >>> >>> >>> >>> >>> Ok, I know I'm responding very late to a version update, but I just >>> now got >>> around to look at performing an upgrade. In doing so I read the >>> changelogs >>> and my jaw hit the floor. >>> >>> All I have to ask is: >>> >>> Are you completely out of your mind Julian? >> >> >> >> Someone remind me to add that to the list of "ways of getting Jules to >> ignore your email" >> :-) >> >> I added it in response to a conversation on the SA list some time ago. >> You know *far* more than I do about SpamAssassin, so I will remove the >> rule again. >> >> Thanks for the message. >> >>> Setting ALL_TRUSTED to zero >>> doesn't fix the problem, it covers up one of the early warning signs >>> that >>> your system is misconfigured! This is like taking painkillers for a >>> case of >>> gangrene, the pain is your warning sign to get help before the >>> infection >>> kills you. >>> >>> >>> The fundamental cause of ALL_TRUSTED misfiring is SA's trust path code >>> being confused by one of two things: >>> >>> 1) non RFC compliant Received: headers by the local MTA. All >>> MTAs >>> supported by MailScanner default to using RFC compliant formats, but >>> some >>> people modify them to be invalid. >>> >>> 2) A network with a NATed gateway MX. >>> >>> Case 1) needs to be fixed by un-breaking your MTA configuration. >>> Case 2) >>> needs to be fixed by setting a correct trusted_netwoks value in your >>> local.cf. >>> >>> Setting the score to zero prevents the "ALL_TRUSTED" problem from >>> showing >>> up, but you're actually inhibiting the warning signs of a much more >>> severe >>> problem that needs critical attention! >>> >>> If SA's trust path is incorrectly configured you can have MANY other >>> problems, ALL_TRUSTED mis-firing is just the first sign. The broken >>> trust >>> path will cause FPs in the bonded sender tests in messages with forged >>> headers, FNs AND FPs in whitelist_from_rcvd, FPs in any dialup RBL. >>> Just to >>> name a few of the problems that crop up from this. >>> >>> The implications of a broken trust path are very severe. This is not a >>> problem that should be covered up one symptom at a time. It needs to be >>> fixed at the cause, or it's only going to get worse as SA makes more >>> and >>> more use of the trust path code. >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> -- >> Julian Field >> www.MailScanner.info >> MailScanner thanks transtec Computers for their support >> Buy the MailScanner book at www.MailScanner.info/store >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jens at JSCONSULT.DK Wed Mar 9 09:58:43 2005 From: jens at JSCONSULT.DK (Jens W. Skov - JS Consult) Date: Thu Jan 12 21:28:55 2006 Subject: Realeasing from quarantine Message-ID: Hi I'm using mailscanner with mailwatch, and when I try yo release a file fom quarantine I get at mail marked with {Filename?} and with the attached files replaced with warning. The message itself seems to be attached as a queue file. In the quarantine I have a folder with the message and the attached files. I also archive to queue files. When I try to do a sendmail -toi Julian Matt's probably they guy for this (given his comments on the SA list), but something like in the SA docs...bit of mouthful, but covers it nicely. internal_networks ip.add.re.ss[/mask] ... (default: none) What networks or hosts are 'internal' in your setup. Internal means that relay hosts on these networks are considered to be MXes for your domain(s), or internal relays. This uses the same format as trusted_networks, above. This value is used when checking 'dial-up' or dynamic IP address blocklists, in order to detect direct-to-MX spamming. Trusted relays that accept mail directly from dial-up connections should not be listed in internal_networks. List them only in trusted_networks. If trusted_networks is set and internal_networks is not, the value of trusted_networks will be used for this parameter. If neither trusted_networks or internal_networks is set, no addresses will be considered local; in other words, any relays past the machine where SpamAssassin is running will be considered external. and point them at.. http://spamassassin.apache.org/full/3.0.x/dist/doc/Mail_SpamAssassin_Conf.html#network_test_options -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Julian Field wrote: > As someone who understands the trusted path system in SpamAssassin > better than I do, any chance you could give me some wording for the > comments? > > Martin Hepworth wrote: > >> Julian >> >> maybe a big comment in the spam.assassin.prefs.conf and updates to the >> doccy about this would be helpful. >> >> >> >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >> >> Julian Field wrote: >> >>> Matt Kettler wrote: >>> >>>> At 12:45 PM 1/14/2005, Julian Field wrote: >>>> >>>>> - Added zero score for ALL_TRUSTED rule in SpamAssassin as it is >>>>> known to >>>>> cause problems. >>>> >>>> >>>> >>>> >>>> >>>> Ok, I know I'm responding very late to a version update, but I just >>>> now got >>>> around to look at performing an upgrade. In doing so I read the >>>> changelogs >>>> and my jaw hit the floor. >>>> >>>> All I have to ask is: >>>> >>>> Are you completely out of your mind Julian? >>> >>> >>> >>> >>> Someone remind me to add that to the list of "ways of getting Jules to >>> ignore your email" >>> :-) >>> >>> I added it in response to a conversation on the SA list some time ago. >>> You know *far* more than I do about SpamAssassin, so I will remove the >>> rule again. >>> >>> Thanks for the message. >>> >>>> Setting ALL_TRUSTED to zero >>>> doesn't fix the problem, it covers up one of the early warning signs >>>> that >>>> your system is misconfigured! This is like taking painkillers for a >>>> case of >>>> gangrene, the pain is your warning sign to get help before the >>>> infection >>>> kills you. >>>> >>>> >>>> The fundamental cause of ALL_TRUSTED misfiring is SA's trust path code >>>> being confused by one of two things: >>>> >>>> 1) non RFC compliant Received: headers by the local MTA. All >>>> MTAs >>>> supported by MailScanner default to using RFC compliant formats, but >>>> some >>>> people modify them to be invalid. >>>> >>>> 2) A network with a NATed gateway MX. >>>> >>>> Case 1) needs to be fixed by un-breaking your MTA configuration. >>>> Case 2) >>>> needs to be fixed by setting a correct trusted_netwoks value in your >>>> local.cf. >>>> >>>> Setting the score to zero prevents the "ALL_TRUSTED" problem from >>>> showing >>>> up, but you're actually inhibiting the warning signs of a much more >>>> severe >>>> problem that needs critical attention! >>>> >>>> If SA's trust path is incorrectly configured you can have MANY other >>>> problems, ALL_TRUSTED mis-firing is just the first sign. The broken >>>> trust >>>> path will cause FPs in the bonded sender tests in messages with forged >>>> headers, FNs AND FPs in whitelist_from_rcvd, FPs in any dialup RBL. >>>> Just to >>>> name a few of the problems that crop up from this. >>>> >>>> The implications of a broken trust path are very severe. This is not a >>>> problem that should be covered up one symptom at a time. It needs to be >>>> fixed at the cause, or it's only going to get worse as SA makes more >>>> and >>>> more use of the trust path code. >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>> >>> -- >>> Julian Field >>> www.MailScanner.info >>> MailScanner thanks transtec Computers for their support >>> Buy the MailScanner book at www.MailScanner.info/store >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >> >> >> >> ********************************************************************** >> >> This email and any files transmitted with it are confidential and >> intended solely for the use of the individual or entity to whom they >> are addressed. If you have received this email in error please notify >> the system manager. >> >> This footnote confirms that this email message has been swept >> for the presence of computer viruses and is believed to be clean. >> >> ********************************************************************** >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From t.d.lee at DURHAM.AC.UK Wed Mar 9 10:04:39 2005 From: t.d.lee at DURHAM.AC.UK (David Lee) Date: Thu Jan 12 21:28:55 2006 Subject: bayes expire tokens Message-ID: On Tue, 8 Mar 2005, Julian Field wrote: > Looks like I need to take another look at this again. > One process doing a Bayes rebuild should lock out all the other > processes from trying to use SA, or it should make them wait. > What is the value of your "Wait For Bayes Rebuild" setting? > > It may be a little while until I manage to fix this, but it is top of > the list of problems to be resolved. Thanks, Julian. That would be appreciated by many people. A bit more detail, in the hope that it helps understand the problem. This problem used to plague us. I massively reduced, but not eliminated, it a few months ago. I know that various folk on the list suggest switching off the MS-driving of this procedure (change "Rebuild Bayes Every" from 3600 to 0 and instead use a cron job). But this always felt suboptimal (to me, in our context). Our settings had been: SpamAssassin Timeout = 40 Wait During Bayes Rebuild = yes and we got bucketloads of these part-built "expire" files every day. At the suggestion of various folk, I increased "SpamAssassin Timeout" to 120 (two minutes), and the number of these orphaned files dramatically fell (although not quite to zero). As an interim workaround, this latter (increase "SpamAssassin Timeout"), though imperfect, felt better (to me, in our context) than the former (external, bolt-on agency of "cron") in that it was using MailScanner as intended. But a proper fix would be wonderful! (I'd offer to dabble in the code myself, but I don't know it well enough. But I'd be happy to test any proposed fixes you might have.) Hope that helps. -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : University of Durham : : http://www.dur.ac.uk/t.d.lee/ South Road : : Durham : : Phone: +44 191 334 2752 U.K. : ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Mar 9 10:06:07 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:55 2006 Subject: Realeasing from quarantine Message-ID: Jens ok looks like you have the queue files in the quarantine, not message files. In that case just copy the queue files (both are needed for the message) into the outgoing queue and sendmail should deliver them for you. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Jens W. Skov - JS Consult wrote: > Hi > > I'm using mailscanner with mailwatch, and when I try yo release a file > fom quarantine I get at mail marked with {Filename?} and with the > attached files replaced with warning. The message itself seems to be > attached as a queue file. > > In the quarantine I have a folder with the message and the attached files. > > I also archive to queue files. When I try to do a sendmail -toi > from the root user on the mailscanner server. > > Can someone help me find out what I'm doing wrong? > > > Jens > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jens at JSCONSULT.DK Wed Mar 9 10:12:08 2005 From: jens at JSCONSULT.DK (Jens W. Skov - JS Consult) Date: Thu Jan 12 21:28:55 2006 Subject: SV: Realeasing from quarantine Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I should add that I'm on postfix :-) mvh. Jens W. Skov - JS Consult Rævehøjparken 58 2800 Kgs. Lyngby jens@jsconsult.dk - http://www.jsconsult.dk Telefon: +45 45884077 Mobil : +45 23254077 > -----Oprindelig meddelelse----- > Fra: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] På vegne af Martin Hepworth > Sendt: 9. marts 2005 11:06 > Til: MAILSCANNER@JISCMAIL.AC.UK > Emne: Re: Realeasing from quarantine > > Jens > > ok looks like you have the queue files in the quarantine, not > message files. > > In that case just copy the queue files (both are needed for > the message) > into the outgoing queue and sendmail should deliver them for you. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Jens W. Skov - JS Consult wrote: > > Hi > > > > I'm using mailscanner with mailwatch, and when I try yo > release a file > > fom quarantine I get at mail marked with {Filename?} and with the > > attached files replaced with warning. The message itself > seems to be > > attached as a queue file. > > > > In the quarantine I have a folder with the message and the > attached files. > > > > I also archive to queue files. When I try to do a sendmail -toi > > > body from the root user on the mailscanner server. > > > > Can someone help me find out what I'm doing wrong? > > > > > > Jens > > ------------------------ MailScanner list > ------------------------ To > > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and the > > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > *Support MailScanner development - buy the book off the website!* > > ********************************************************************** > > This email and any files transmitted with it are confidential > and intended solely for the use of the individual or entity > to whom they are addressed. If you have received this email > in error please notify the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From sargastic at YAHOO.FR Wed Mar 9 10:24:31 2005 From: sargastic at YAHOO.FR (Violaine Grimly) Date: Thu Jan 12 21:28:55 2006 Subject: What does this mean ? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, --- Julian Field wrote: > Please post the output of "MailScanner -v" and tell > us what version of ClamAV you are running. Here it is (attached). We are using ClamAV 0.83. > I suspect you just need to upgrade your MailScanner > to get support for the latest ClamAV. Tia, VG. Découvrez le nouveau Yahoo! Mail : 250 Mo d'espace de stockage pour vos mails ! Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2: "ms.txt" ] Running on Linux 2.4.23 #7 Tue Jun 29 20:33:26 CEST 2004 i686 i686 i386 GNU/Linux This is Perl version 5.008000 (5.8.0) This is MailScanner version 4.39.5 Module versions are: 1.00 AnyDBM_File 1.14 Archive::Zip 1.01 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.04 Fcntl 2.71 File::Basename 2.05 File::Copy 2.01 FileHandle 1.05 File::Path 0.13 File::Temp 1.29 HTML::Entities 3.45 HTML::Parser 2.30 HTML::TokeParser 1.20 IO 1.09 IO::File 1.122 IO::Pipe 1.62 Mail::Header 3.05 MIME::Base64 5.417 MIME::Decoder 5.417 MIME::Decoder::UU 5.417 MIME::Head 5.417 MIME::Parser 3.03 MIME::QuotedPrint 5.417 MIME::Tools 0.10 Net::CIDR 1.05 POSIX 1.75 Socket 0.03 Sys::Syslog 1.02 Time::localtime Optional module versions are: 1.807 DB_File 1.05 Digest 1.01 Digest::HMAC 2.20 Digest::MD5 2.07 Digest::SHA1 missing Inline missing Mail::ClamAV 3.000001 Mail::SpamAssassin 1.997 Mail::SPF::Query 0.15 Net::CIDR::Lite 0.48 Net::DNS missing Net::LDAP missing Parse::RecDescent missing SAVI 1.2 Sys::Hostname::Long 2.26 Test::Harness 0.45 Test::Simple 1.89 Text::Balanced 1.35 URI ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Wed Mar 9 11:13:14 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:28:55 2006 Subject: Antivirus Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I run MailScanner with clamavmodule, mcafee and bitdefender. Since I upgraded to MailScanner 4.40-2.1 (monday) only bitdefender is found and autoupdated. The scanning is working fine with the 3 products... No message showing anything about the proplem in maillog. Until 4.39.6-1 it found the 3 products, and autoupdated all of them. Any clues? Roger Jochem ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Mar 9 11:29:21 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:55 2006 Subject: Antivirus Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Check your /etc/MailScanner/virus.scanners.conf file and make sure it is pointing to all the right places. Roger Jochem wrote: > I run MailScanner with clamavmodule, mcafee and bitdefender. Since I > upgraded to MailScanner 4.40-2.1 (monday) only bitdefender is found > and autoupdated. The scanning is working fine with the 3 products... > > No message showing anything about the proplem in maillog. Until > 4.39.6-1 it found the 3 products, and autoupdated all of them. > > Any clues? > > Roger Jochem > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Mar 9 11:28:38 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:55 2006 Subject: What does this mean ? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Can you try switching from clamav to clamavmodule, as that should cure the problem. You will need to download and install my "install ClamAV and SA" package from http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz so that all the required perl modules are installed for you. If you don't want it to touch your ClamAV installation (which I would quite understand) then just edit the INSTALL-tar.sh script, it's fairly obvious what you will need to delete. Let it upgrade all the Perl modules, just comment out the bit near the top that actually builds Clam. Read the "echo" commands and you will get the idea. It's very easy, don't worry. Violaine Grimly wrote: >Hello, > >--- Julian Field wrote: > > > >>Please post the output of "MailScanner -v" and tell >>us what version of ClamAV you are running. >> >> > >Here it is (attached). We are using ClamAV 0.83. > > > >>I suspect you just need to upgrade your MailScanner >>to get support for the latest ClamAV. >> >> > >Tia, > >VG. > > > > > > >Découvrez le nouveau Yahoo! Mail : 250 Mo d'espace de stockage pour vos mails ! >Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com/ > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >------------------------------------------------------------------------ > >Running on >Linux 2.4.23 #7 Tue Jun 29 20:33:26 CEST 2004 i686 i686 i386 GNU/Linux >This is Perl version 5.008000 (5.8.0) > >This is MailScanner version 4.39.5 >Module versions are: >1.00 AnyDBM_File >1.14 Archive::Zip >1.01 Carp >1.119 Convert::BinHex >1.00 DirHandle >1.04 Fcntl >2.71 File::Basename >2.05 File::Copy >2.01 FileHandle >1.05 File::Path >0.13 File::Temp >1.29 HTML::Entities >3.45 HTML::Parser >2.30 HTML::TokeParser >1.20 IO >1.09 IO::File >1.122 IO::Pipe >1.62 Mail::Header >3.05 MIME::Base64 >5.417 MIME::Decoder >5.417 MIME::Decoder::UU >5.417 MIME::Head >5.417 MIME::Parser >3.03 MIME::QuotedPrint >5.417 MIME::Tools >0.10 Net::CIDR >1.05 POSIX >1.75 Socket >0.03 Sys::Syslog >1.02 Time::localtime > >Optional module versions are: >1.807 DB_File >1.05 Digest >1.01 Digest::HMAC >2.20 Digest::MD5 >2.07 Digest::SHA1 >missing Inline >missing Mail::ClamAV >3.000001 Mail::SpamAssassin >1.997 Mail::SPF::Query >0.15 Net::CIDR::Lite >0.48 Net::DNS >missing Net::LDAP >missing Parse::RecDescent >missing SAVI >1.2 Sys::Hostname::Long >2.26 Test::Harness >0.45 Test::Simple >1.89 Text::Balanced >1.35 URI > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Wed Mar 9 11:38:52 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:28:55 2006 Subject: Antivirus Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] The virus.scanners.conf seems fine... And I tested the tree products as sugested in the virus.scanners.conf and all worked. Bitdefender is the first of the tree in my virus.scanners.conf file. Could there be some kind of problem in this new version that only updates the first antivirus found in the virus.scanners.conf file? ----- Original Message ----- From: "Julian Field" To: Sent: Wednesday, March 09, 2005 8:29 AM Subject: Re: Antivirus > Check your /etc/MailScanner/virus.scanners.conf file and make sure it is > pointing to all the right places. > > Roger Jochem wrote: > > > I run MailScanner with clamavmodule, mcafee and bitdefender. Since I > > upgraded to MailScanner 4.40-2.1 (monday) only bitdefender is found > > and autoupdated. The scanning is working fine with the 3 products... > > > > No message showing anything about the proplem in maillog. Until > > 4.39.6-1 it found the 3 products, and autoupdated all of them. > > > > Any clues? > > > > Roger Jochem > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > *Support MailScanner development - buy the book off the website!* > > > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From anders.andersson at LTKALMAR.SE Wed Mar 9 11:53:45 2005 From: anders.andersson at LTKALMAR.SE (Anders Andersson, IT) Date: Thu Jan 12 21:28:55 2006 Subject: Non encoded 8-bit dat in header? Message-ID: I recently got a return response from another server saying: < mgw2.securitas.se #5.6.0 smtp; 554 5.6.0 Message with invalid header rejected, id=17654-02 - Non-encoded 8-bit data (char E4 hex) in message header 'X-ns1_ltkalmar_se-MailScanner-SpamCheck'> I guess it might be the _ but since this is the first time Ive seen it I thought I should check with the pro's :) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From john at TRADOC.FR Wed Mar 9 12:07:26 2005 From: john at TRADOC.FR (John Wilcock) Date: Thu Jan 12 21:28:55 2006 Subject: Non encoded 8-bit dat in header? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Anders Andersson, IT wrote: > I recently got a return response from another server saying: > > < mgw2.securitas.se #5.6.0 smtp; 554 5.6.0 Message with invalid header > rejected, id=17654-02 - Non-encoded 8-bit data (char E4 hex) in message > header 'X-ns1_ltkalmar_se-MailScanner-SpamCheck'> > > I guess it might be the _ but since this is the first time Ive seen it I > thought I should check with the pro's :) Character E4 hex is an a-umlaut (ä), and sure enough your message posted to the list contains an ä in that header, in the word godkänd. You need to either encode the word (as =?ISO-8859-1?Q?godk=E4nd=) or otherwise change the Swedish translation in your languages.conf file. Julian - can you correct this in the distributed Swedish languages.conf too please... John. -- -- Over 2500 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Wed Mar 9 12:10:08 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:55 2006 Subject: Non encoded 8-bit dat in header? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Anders Andersson, IT > Sent: den 9 mars 2005 12:54 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Non encoded 8-bit dat in header? > > > I recently got a return response from another server saying: > > < mgw2.securitas.se #5.6.0 smtp; 554 5.6.0 Message with invalid header > rejected, id=17654-02 - Non-encoded 8-bit data (char E4 hex) > in message > header 'X-ns1_ltkalmar_se-MailScanner-SpamCheck'> AFAICS the E4 is the latin-1 letter "ä" so... Perhaps an ä has snuck into the header somehow? Ah, looking at the mail I'm replying to, you have X-ns1_ltkalmar_se-MailScanner-SpamCheck: ej spam (godkänd), So, there it is;) Either don't use the Swedish locale stuff (I for one use the en things, mostly due to some strange language bits... "Swenglish" mostly:-), or see to it that the string is coded correctly (quoted printable perhaps?). Lycka till -- Glenn > > I guess it might be the _ but since this is the first time > Ive seen it I > thought I should check with the pro's :) > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From anders.andersson at LTKALMAR.SE Wed Mar 9 12:24:22 2005 From: anders.andersson at LTKALMAR.SE (Anders Andersson, IT) Date: Thu Jan 12 21:28:55 2006 Subject: Non encoded 8-bit dat in header? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Damn, that mean I just have to change the files and resend Julian the new version. Strange i havent seen this before but there havent been any changes to the report files in a long time. Better fix it then and send tha updated file to Julian. Unless Im a totally wrong it should only be the languages.conf that need to be changed? So I guess all > -----Ursprungligt meddelande----- > Från: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] För > Steen, Glenn > Skickat: den 9 mars 2005 13:10 > Till: MAILSCANNER@JISCMAIL.AC.UK > Ämne: Re: Non encoded 8-bit dat in header? > > > -----Original Message----- > > From: MailScanner mailing list > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Anders Andersson, IT > > Sent: den 9 mars 2005 12:54 > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Non encoded 8-bit dat in header? > > > > > > I recently got a return response from another server saying: > > > > < mgw2.securitas.se #5.6.0 smtp; 554 5.6.0 Message with invalid header > > rejected, id=17654-02 - Non-encoded 8-bit data (char E4 hex) > > in message > > header 'X-ns1_ltkalmar_se-MailScanner-SpamCheck'> > > AFAICS the E4 is the latin-1 letter "ä" so... Perhaps an ä has snuck into > the header somehow? Ah, looking at the mail I'm replying to, you have > > X-ns1_ltkalmar_se-MailScanner-SpamCheck: ej spam (godkänd), > > So, there it is;) > Either don't use the Swedish locale stuff (I for one use the en things, > mostly due to some strange language bits... "Swenglish" mostly:-), or > see to it that the string is coded correctly (quoted printable > perhaps?). > > Lycka till > -- Glenn > > > > I guess it might be the _ but since this is the first time > > Ive seen it I > > thought I should check with the pro's :) > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Wed Mar 9 12:29:40 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:55 2006 Subject: Non encoded 8-bit dat in header? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Anders Andersson, IT > Sent: den 9 mars 2005 13:24 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Non encoded 8-bit dat in header? > > > Damn, that mean I just have to change the files and resend > Julian the new version. Strange i havent seen this before but > there havent been any changes to the report files in a long > time. Better fix it then and send tha updated file to Julian. Not that strange, most modern MTAs are very capable of handling 8-bit headers, so most don't configure them to gripe about it. This just happened to be the first you've seen;). > > Unless Im a totally wrong it should only be the > languages.conf that need to be changed? AFAICS. -- Glenn > > So I guess all > > > -----Ursprungligt meddelande----- > > Från: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] För > > Steen, Glenn > > Skickat: den 9 mars 2005 13:10 > > Till: MAILSCANNER@JISCMAIL.AC.UK > > Ämne: Re: Non encoded 8-bit dat in header? > > > > > -----Original Message----- > > > From: MailScanner mailing list > > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Anders > Andersson, IT > > > Sent: den 9 mars 2005 12:54 > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > Subject: Non encoded 8-bit dat in header? > > > > > > > > > I recently got a return response from another server saying: > > > > > > < mgw2.securitas.se #5.6.0 smtp; 554 5.6.0 Message with > invalid header > > > rejected, id=17654-02 - Non-encoded 8-bit data (char E4 hex) > > > in message > > > header 'X-ns1_ltkalmar_se-MailScanner-SpamCheck'> > > > > AFAICS the E4 is the latin-1 letter "ä" so... Perhaps an ä > has snuck into > > the header somehow? Ah, looking at the mail I'm replying > to, you have > > > > X-ns1_ltkalmar_se-MailScanner-SpamCheck: ej spam (godkänd), > > > > So, there it is;) > > Either don't use the Swedish locale stuff (I for one use > the en things, > > mostly due to some strange language bits... "Swenglish" > mostly:-), or > > see to it that the string is coded correctly (quoted printable > > perhaps?). > > > > Lycka till > > -- Glenn > > > > > > I guess it might be the _ but since this is the first time > > > Ive seen it I > > > thought I should check with the pro's :) > > > > > > ------------------------ MailScanner list ------------------------ > > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > > 'leave mailscanner' in the body of the email. > > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Wed Mar 9 12:31:28 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:28:55 2006 Subject: bayes expire tokens Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] David Lee wrote on Wed, 9 Mar 2005 10:04:39 +0000: > Thanks, Julian. That would be appreciated by many people. > I don't see that Julian can do much or even little about this. The problem happens because the bayes_expiry takes too long. This can only happen on a corrupted db or a large db. If you get quite a few messages (I think it should be at least a few 10.000 per day, I don't have such a system, I can't compare) running thru your system the latter is likely the case. There are two options then: stop bayes_expiry at all (which will keep it growing, but may work out) or do it on a scheduled basis. You can also tweak the db size either to be very small (reducing the amount of time it takes to expire) or rather large (so that the automatic expiry is unlikely to happen). But this is all SA-related, not MS. Please go over to the SA list and talk about your problems. If people just keep whining here, nothing will change, since the developers don't know that it happens so frequently. And if the problem is not related to what I think the SA list is better suited for that anyway. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Wed Mar 9 12:54:28 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:28:55 2006 Subject: bug? using unrar Message-ID: [ The following text is in the "ISO-8859-2" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Julian Field > Sent: Wednesday, March 09, 2005 3:46 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: bug? using unrar > > > In the help for my version of unrar it is -y and not -Y. Actually it appears to take both -y and -Y , but it should have been lower case :-[ Rick > Can you confirm please? > > Rick Cooper wrote: > > >I am not sure how that could have gotten to unrar, oh.. I looked > again it's > >looking at an exe file. I am also a loss as to how come the safe > name is a > >duplicate though. In any event open Message.pm and look for > unrar e -p- -idp > >(lines 1635 and 1641) and change to unrar e -Y -p- -idp and that > will stop > >the looping trying to unpack a duplicate. Is this a self extracting exe? > >Kind of looks like it must be. Any chance I get get a copy of > the archive in > >question? Or get it to Julian. > > > >Julian if you want to mail me off list about this I have a > couple of ideas > >on this, nothing too difficult I think > > > >Sorry it took so long to see this but I have been off line most of the > >day/evening > > > >Rick > > > > > > > >>-----Original Message----- > >>From: MailScanner mailing list > >>[mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Marcin Ro¿ek > >>Sent: Tuesday, March 08, 2005 10:55 AM > >>To: MAILSCANNER@JISCMAIL.AC.UK > >>Subject: bug? using unrar > >> > >> > >>Hello, > >>i've installed MS version 4.40.2. Today we've received 2 > >>zip-files that are 100% > >>not virused (i've checked them after pulling them from > >>quarantine). They were > >>quarantined because of containing .exe files). I've released them from > >>quarantine using MailWatch but they didn't reach recipient. I've > >>checked logs > >>and i saw that one of instances of MS couldn't finish scanning > >>released message. > >> > >>Mar 8 16:14:50 gandalf sendmail[14797]: j28FEnXB014797: > >>from=, size=897208, class=0, nrcpts=1, > >>msgid=<422DC260.6060703@ios.edu.pl>, proto=ESMTP, daemon=MTA, > >>relay=[193.0.91.121] > >>Mar 8 16:14:52 gandalf MailScanner[7102]: New Batch: Scanning > 1 messages, > >>897726 bytes > >>Mar 8 16:14:55 gandalf MailScanner[7102]: Unrar : Archive > >>Testing Completed On > >>: BIURA.CDX > >>Mar 8 16:14:55 gandalf MailScanner[7102]: BIURA.DBF > >>Mar 8 16:14:55 gandalf MailScanner[7102]: DEC32.CDX > >>Mar 8 16:14:55 gandalf MailScanner[7102]: DEC32.DBF > >>Mar 8 16:14:55 gandalf MailScanner[7102]: DECYZJE.CDX > >>Mar 8 16:14:55 gandalf MailScanner[7102]: DECYZJE.DBF > >>Mar 8 16:14:55 gandalf MailScanner[7102]: DR32.CDX > >>Mar 8 16:14:55 gandalf MailScanner[7102]: DR32.DBF > >>Mar 8 16:14:55 gandalf MailScanner[7102]: DR_PO32.CDX > >>Mar 8 16:14:55 gandalf MailScanner[7102]: DR_PO32.DBF > >>Mar 8 16:14:55 gandalf MailScanner[7102]: DR_PU32.CDX > >>Mar 8 16:14:55 gandalf MailScanner[7102]: DR_PU32.DBF > >>Mar 8 16:14:55 gandalf MailScanner[7102]: DR_RAP32.DBF > >>Mar 8 16:14:55 gandalf MailScanner[7102]: DZU.DBF > >>Mar 8 16:14:55 gandalf MailScanner[7102]: EKD.DBF > >>Mar 8 16:14:55 gandalf MailScanner[7102]: GDZIE32.CDX > >>Mar 8 16:14:55 gandalf MailScanner[7102]: GDZIE32.DBF > >>Mar 8 16:14:55 gandalf MailScanner[7102]: GMINA32.CDX > >>Mar 8 16:14:55 gandalf MailScanner[7102]: GMINA32.DBF > >>Mar 8 16:14:55 gandalf MailScanner[7102]: GRAF.CDX > >>Mar 8 16:14:55 gandalf MailScanner[7102]: GRAF.DBF > >>Mar 8 16:14:55 gandalf MailScanner[7102]: KAT_MA.CDX > >>Mar 8 16:14:55 gandalf MailScanner[7102]: KAT_MA.DBF > >>Mar 8 16:14:55 gandalf MailScanner[7102]: KO32.DBF > >>Mar 8 16:14:55 gandalf MailScanner[7102]: KO_PO32.DBF > >>Mar 8 16:14:55 gandalf MailScanner[7102]: KO_PO50.DBF > >>Mar 8 16:14:55 gandalf MailScanner[7102]: KO_PU32.DBF > >>Mar 8 16:14:55 gandalf MailScanner[7102]: KO_RAP32.DBF > >>Mar 8 16:14:55 gandalf MailScanner[7102]: METODYKA.DBF > >>Mar 8 16:14:55 gandalf MailScanner[7102]: NORMY.DBF > >>Mar 8 16:14:55 gandalf MailScanner[7102]: OBSZAR32.CDX > >>Mar 8 16:14:55 gandalf MailScanner[7102]: OBSZAR32.DBF > >>Mar 8 16:14:55 gandalf MailScanner[7102]: OPH-02.DBF > >>Mar 8 16:14:55 gandalf MailScanner[7102]: OPH-HLP.DBF > >>Mar 8 16:14:55 gandalf MailScanner[7102]: OPHUSER.DBF > >>Mar 8 16:14:55 gandalf MailScanner[7102]: POM32.CDX > >>Mar 8 16:14:55 gandalf MailScanner[7102]: POM32.DBF > >>Mar 8 16:14:55 gandalf MailScanner[7102]: PRZESZ32.DBF > >>Mar 8 16:14:55 gandalf MailScanner[7102]: REJON32.CDX > >>Mar 8 16:14:55 gandalf MailScanner[7102]: REJON32.DBF > >>Mar 8 16:14:55 gandalf MailScanner[7102]: S_BRAN32.CDX > >>Mar 8 16:14:55 gandalf MailScanner[7102]: S_BRAN32.DBF > >>Mar 8 16:14:55 gandalf MailScanner[7102]: S_DZIA32.CDX > >>Mar 8 16:14:55 gandalf MailScanner[7102]: S_DZIA32.DBF > >>Mar 8 16:14:55 gandalf MailScanner[7102]: S_MASZ32.DBF > >>Mar 8 16:14:55 gandalf MailScanner[7102]: SEKCJE32.DBF > >>Mar 8 16:14:55 gandalf MailScanner[7102]: ST_KAR.CDX > >>Mar 8 16:14:55 gandalf MailScanner[7102]: ST_KAR.DBF > >>Mar 8 16:14:55 gandalf MailScanner[7102]: TE32.DBF > >>Mar 8 16:14:55 gandalf MailScanner[7102]: TERENY.CDX > >>Mar 8 16:14:55 gandalf MailScanner[7102]: TERENY.DBF > >>Mar 8 16:14:55 gandalf MailScanner[7102]: TR32.DBF > >>Mar 8 16:14:55 gandalf MailScanner[7102]: TR_PO32.DBF > >>Mar 8 16:14:55 gandalf MailScanner[7102]: TR_PU32.DBF > >>Mar 8 16:14:55 gandalf MailScanner[7102]: TRASY.DBF > >>Mar 8 16:14:55 gandalf MailScanner[7102]: WARI32.DBF > >>Mar 8 16:14:55 gandalf MailScanner[7102]: WARI9.CDX > >>Mar 8 16:14:55 gandalf MailScanner[7102]: WARI9.DBF > >>Mar 8 16:14:55 gandalf MailScanner[7102]: WARUN32.CDX > >>Mar 8 16:14:55 gandalf MailScanner[7102]: WARUN32.DBF > >>Mar 8 16:14:55 gandalf MailScanner[7102]: ZA32.CDX > >>Mar 8 16:14:55 gandalf MailScanner[7102]: ZA32.DBF > >>Mar 8 16:14:55 gandalf MailScanner[7102]: ZA_PO32.CDX > >>Mar 8 16:14:55 gandalf MailScanner[7102]: ZA_PO32.DBF > >>Mar 8 16:14:55 gandalf MailScanner[7102]: ZA_PU32.CDX > >>Mar 8 16:14:55 gandalf MailScanner[7102]: ZA_PU32.DBF > >>Mar 8 16:14:55 gandalf MailScanner[7102]: ZA_RAP32.CDX > >>Mar 8 16:14:55 gandalf MailScanner[7102]: ZA_RAP32.DBF > >>Mar 8 16:14:55 gandalf MailScanner[7102]: ZNAKI.DBF > >>Mar 8 16:15:45 gandalf MailScanner[7102]: Safepipe in Message.pm : > >>/usr/local/bin/unrar e -p- -idp > >>'/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DBF.EXE' > >>'BIURA.DBF' 2>&1 > >>timed out! > >>Mar 8 16:15:45 gandalf MailScanner[7102]: Unrar : Encrypted Or > >>Extract Error > >>Creating 0 length > >>/var/spool/MailScanner/incoming/7102/j28FEnXB014797/BIURA4.DBF > >>Mar 8 16:15:45 gandalf MailScanner[7102]: Unrar : Encrypted Or > >>Extract Error > >>Creating 0 length > >>/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DEC32.CDX > >>Mar 8 16:16:36 gandalf MailScanner[7102]: Safepipe in Message.pm : > >>/usr/local/bin/unrar e -p- -idp > >>'/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DBF.EXE' > >>'DEC32.DBF' 2>&1 > >>timed out! > >>Mar 8 16:16:36 gandalf MailScanner[7102]: Unrar : Encrypted Or > >>Extract Error > >>Creating 0 length > >>/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DEC321.DBF > >>Mar 8 16:16:36 gandalf MailScanner[7102]: Unrar : Encrypted Or > >>Extract Error > >>Creating 0 length > >>/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DECYZJE.CDX > >>Mar 8 16:17:28 gandalf MailScanner[7102]: Safepipe in Message.pm : > >>/usr/local/bin/unrar e -p- -idp > >>'/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DBF.EXE' > >>'DECYZJE.DBF' 2>&1 > >>timed out! > >>Mar 8 16:17:28 gandalf MailScanner[7102]: Unrar : Encrypted Or > >>Extract Error > >>Creating 0 length > >>/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DECYZJE4.DBF > >>Mar 8 16:17:28 gandalf MailScanner[7102]: Unrar : Encrypted Or > >>Extract Error > >>Creating 0 length > >>/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DR32.CDX > >>Mar 8 16:18:19 gandalf MailScanner[7102]: Safepipe in Message.pm : > >>/usr/local/bin/unrar e -p- -idp > >>'/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DBF.EXE' > >>'DR32.DBF' 2>&1 > >>timed out! > >>Mar 8 16:18:19 gandalf MailScanner[7102]: Unrar : Encrypted Or > >>Extract Error > >>Creating 0 length > >>/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DR321.DBF > >>Mar 8 16:18:19 gandalf MailScanner[7102]: Unrar : Encrypted Or > >>Extract Error > >>Creating 0 length > >>/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DR_PO32.CDX > >>Mar 8 16:19:10 gandalf MailScanner[7102]: Safepipe in Message.pm : > >>/usr/local/bin/unrar e -p- -idp > >>'/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DBF.EXE' > >>'DR_PO32.DBF' 2>&1 > >>timed out! > >>Mar 8 16:19:10 gandalf MailScanner[7102]: Unrar : Encrypted Or > >>Extract Error > >>Creating 0 length > >>/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DR_PO321.DBF > >>Mar 8 16:19:10 gandalf MailScanner[7102]: Unrar : Encrypted Or > >>Extract Error > >>Creating 0 length > >>/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DR_PU32.CDX > >>Mar 8 16:20:01 gandalf MailScanner[7102]: Safepipe in Message.pm : > >>/usr/local/bin/unrar e -p- -idp > >>'/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DBF.EXE' > >>'DR_PU32.DBF' 2>&1 > >>timed out! > >>Mar 8 16:20:01 gandalf MailScanner[7102]: Unrar : Encrypted Or > >>Extract Error > >>Creating 0 length > >>/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DR_PU321.DBF > >>Mar 8 16:20:53 gandalf MailScanner[7102]: Safepipe in Message.pm : > >>/usr/local/bin/unrar e -p- -idp > >>'/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DBF.EXE' > >>'DR_RAP32.DBF' > >>2>&1 timed out! > >>Mar 8 16:20:53 gandalf MailScanner[7102]: Unrar : Encrypted Or > >>Extract Error > >>Creating 0 length > >>/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DR_RAP321.DBF > >>Mar 8 16:21:44 gandalf MailScanner[7102]: Safepipe in Message.pm : > >>/usr/local/bin/unrar e -p- -idp > >>'/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DBF.EXE' > >>'DZU.DBF' 2>&1 > >>timed out! > >>Mar 8 16:21:44 gandalf MailScanner[7102]: Unrar : Encrypted Or > >>Extract Error > >>Creating 0 length > >>/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DZU4.DBF > >>Mar 8 16:22:35 gandalf MailScanner[7102]: Safepipe in Message.pm : > >>/usr/local/bin/unrar e -p- -idp > >>'/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DBF.EXE' > >>'EKD.DBF' 2>&1 > >>timed out! > >>Mar 8 16:22:35 gandalf MailScanner[7102]: Unrar : Encrypted Or > >>Extract Error > >>Creating 0 length > >>/var/spool/MailScanner/incoming/7102/j28FEnXB014797/EKD4.DBF > >>Mar 8 16:22:35 gandalf MailScanner[7102]: Unrar : Encrypted Or > >>Extract Error > >>Creating 0 length > >>/var/spool/MailScanner/incoming/7102/j28FEnXB014797/GDZIE32.CDX > >>Mar 8 16:23:26 gandalf MailScanner[7102]: Safepipe in Message.pm : > >>/usr/local/bin/unrar e -p- -idp > >>'/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DBF.EXE' > >>'GDZIE32.DBF' 2>&1 > >>timed out! > >>Mar 8 16:23:26 gandalf MailScanner[7102]: Unrar : Encrypted Or > >>Extract Error > >>Creating 0 length > >>/var/spool/MailScanner/incoming/7102/j28FEnXB014797/GDZIE321.DBF > >>Mar 8 16:23:26 gandalf MailScanner[7102]: Unrar : Encrypted Or > >>Extract Error > >>Creating 0 length > >>/var/spool/MailScanner/incoming/7102/j28FEnXB014797/GMINA32.CDX > >>Mar 8 16:24:17 gandalf MailScanner[7102]: Safepipe in Message.pm : > >>/usr/local/bin/unrar e -p- -idp > >>'/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DBF.EXE' > >>'GMINA32.DBF' 2>&1 > >>timed out! > >>Mar 8 16:24:17 gandalf MailScanner[7102]: Unrar : Encrypted Or > >>Extract Error > >>Creating 0 length > >>/var/spool/MailScanner/incoming/7102/j28FEnXB014797/GMINA321.DBF > >>Mar 8 16:24:18 gandalf MailScanner[7102]: Unrar : Encrypted Or > >>Extract Error > >>Creating 0 length > >>/var/spool/MailScanner/incoming/7102/j28FEnXB014797/GRAF.CDX > >>Mar 8 16:25:09 gandalf MailScanner[7102]: Safepipe in Message.pm : > >>/usr/local/bin/unrar e -p- -idp > >>'/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DBF.EXE' > >>'GRAF.DBF' 2>&1 > >>timed out! > >>Mar 8 16:25:09 gandalf MailScanner[7102]: Unrar : Encrypted Or > >>Extract Error > >>Creating 0 length > >>/var/spool/MailScanner/incoming/7102/j28FEnXB014797/GRAF4.DBF > >>Mar 8 16:25:09 gandalf MailScanner[7102]: Unrar : Encrypted Or > >>Extract Error > >>Creating 0 length > >>/var/spool/MailScanner/incoming/7102/j28FEnXB014797/KAT_MA.CDX > >>Mar 8 16:26:00 gandalf MailScanner[7102]: Safepipe in Message.pm : > >>/usr/local/bin/unrar e -p- -idp > >>'/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DBF.EXE' > >>'KAT_MA.DBF' 2>&1 > >>timed out! > >>Mar 8 16:26:00 gandalf MailScanner[7102]: Unrar : Encrypted Or > >>Extract Error > >>Creating 0 length > >>/var/spool/MailScanner/incoming/7102/j28FEnXB014797/KAT_MA3.DBF > >>Mar 8 16:26:51 gandalf MailScanner[7102]: Safepipe in Message.pm : > >>/usr/local/bin/unrar e -p- -idp > >>'/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DBF.EXE' > >>'KO32.DBF' 2>&1 > >>timed out! > >>Mar 8 16:26:51 gandalf MailScanner[7102]: Unrar : Encrypted Or > >>Extract Error > >>Creating 0 length > >>/var/spool/MailScanner/incoming/7102/j28FEnXB014797/KO321.DBF > >>Mar 8 16:27:42 gandalf MailScanner[7102]: Safepipe in Message.pm : > >>/usr/local/bin/unrar e -p- -idp > >>'/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DBF.EXE' > >>'KO_PO32.DBF' 2>&1 > >>timed out! > >>Mar 8 16:27:42 gandalf MailScanner[7102]: Unrar : Encrypted Or > >>Extract Error > >>Creating 0 length > >>/var/spool/MailScanner/incoming/7102/j28FEnXB014797/KO_PO321.DBF > >>Mar 8 16:28:34 gandalf MailScanner[7102]: Safepipe in Message.pm : > >>/usr/local/bin/unrar e -p- -idp > >>'/var/spool/MailScanner/incoming/7102/j28FEnXB014797/DBF.EXE' > >>'KO_PO50.DBF' 2>&1 > >>timed out! > >>Mar 8 16:28:34 gandalf MailScanner[7102]: Unrar : Encrypted Or > >>Extract Error > >>Creating 0 length > >>/var/spool/MailScanner/incoming/7102/j28FEnXB014797/KO_PO502.DBF > >> > >> > >>When i run 'strace -p 7102' i see: > >> > >>Process 7102 attached - interrupt to quit > >>read(10, "[R]ename, [Q]uit \n\nPOM32.DBF alr"..., 4096) = 696 > >>read(10, "[A]ll, n[E]ver, [R]ename, [Q]uit"..., 4096) = 261 > >>read(10, "[N]o, [A]ll, n[E]ver, [R]ename, "..., 4096) = 176 > >>read(10, ", [N]o, [A]ll, n[E]ver, [R]ename"..., 4096) = 130 > >>read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 161 > >>read(10, "[R]ename, [Q]uit \n\nPOM32.DBF alr"..., 4096) = 162 > >>read(10, "[A]ll, n[E]ver, [R]ename, [Q]uit"..., 4096) = 164 > >>read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 136 > >>read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 153 > >>read(10, "[E]ver, [R]ename, [Q]uit \n\nPOM32"..., 4096) = 164 > >>read(10, "[N]o, [A]ll, n[E]ver, [R]ename, "..., 4096) = 170 > >>read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 129 > >>read(10, "[Q]uit \n\nPOM32.DBF already exist"..., 4096) = 157 > >>read(10, ", n[E]ver, [R]ename, [Q]uit \n\nPO"..., 4096) = 160 > >>read(10, "[Y]es, [N]o, [A]ll, n[E]ver, [R]"..., 4096) = 135 > >>read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 161 > >>read(10, "[R]ename, [Q]uit \n\nPOM32.DBF alr"..., 4096) = 162 > >>read(10, "[A]ll, n[E]ver, [R]ename, [Q]uit"..., 4096) = 164 > >>read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 135 > >>read(10, " \n\nPOM32.DBF already exists. Ove"..., 4096) = 153 > >>read(10, "n[E]ver, [R]ename, [Q]uit \n\nPOM3"..., 4096) = 163 > >>read(10, ", [N]o, [A]ll, n[E]ver, [R]ename"..., 4096) = 130 > >>read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 161 > >>read(10, "[R]ename, [Q]uit \n\nPOM32.DBF alr"..., 4096) = 162 > >>read(10, "[A]ll, n[E]ver, [R]ename, [Q]uit"..., 4096) = 164 > >>read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 136 > >>read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 153 > >>read(10, "[E]ver, [R]ename, [Q]uit \n\nPOM32"..., 4096) = 164 > >>read(10, "[N]o, [A]ll, n[E]ver, [R]ename, "..., 4096) = 170 > >>read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 136 > >>read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 153 > >>read(10, "[E]ver, [R]ename, [Q]uit \n\nPOM32"..., 4096) = 164 > >>read(10, "[N]o, [A]ll, n[E]ver, [R]ename, "..., 4096) = 170 > >>read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 135 > >>read(10, " \n\nPOM32.DBF already exists. Ove"..., 4096) = 153 > >>read(10, "n[E]ver, [R]ename, [Q]uit \n\nPOM3"..., 4096) = 158 > >>read(10, "[Y]es, [N]o, [A]ll, n[E]ver, [R]"..., 4096) = 135 > >>read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 159 > >>read(10, ", [R]ename, [Q]uit \n\nPOM32.DBF a"..., 4096) = 162 > >>read(10, ", [A]ll, n[E]ver, [R]ename, [Q]u"..., 4096) = 166 > >>read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 136 > >>read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 153 > >>read(10, "[E]ver, [R]ename, [Q]uit \n\nPOM32"..., 4096) = 164 > >>read(10, "[N]o, [A]ll, n[E]ver, [R]ename, "..., 4096) = 170 > >>read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 135 > >>read(10, " \n\nPOM32.DBF already exists. Ove"..., 4096) = 153 > >>read(10, "n[E]ver, [R]ename, [Q]uit \n\nPOM3"..., 4096) = 163 > >>read(10, ", [N]o, [A]ll, n[E]ver, [R]ename"..., 4096) = 130 > >>read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 161 > >>read(10, "[R]ename, [Q]uit \n\nPOM32.DBF alr"..., 4096) = 162 > >>read(10, "[A]ll, n[E]ver, [R]ename, [Q]uit"..., 4096) = 164 > >>read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 136 > >>read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 153 > >>read(10, "[E]ver, [R]ename, [Q]uit \n\nPOM32"..., 4096) = 164 > >>read(10, "[N]o, [A]ll, n[E]ver, [R]ename, "..., 4096) = 170 > >>read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 136 > >>read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 153 > >>read(10, "[E]ver, [R]ename, [Q]uit \n\nPOM32"..., 4096) = 162 > >>read(10, ", [N]o, [A]ll, n[E]ver, [R]ename"..., 4096) = 130 > >>read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 159 > >>read(10, ", [R]ename, [Q]uit \n\nPOM32.DBF a"..., 4096) = 158 > >>read(10, "[N]o, [A]ll, n[E]ver, [R]ename, "..., 4096) = 128 > >>read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 161 > >>read(10, "[R]ename, [Q]uit \n\nPOM32.DBF alr"..., 4096) = 162 > >>read(10, "[A]ll, n[E]ver, [R]ename, [Q]uit"..., 4096) = 164 > >>read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 135 > >>read(10, " \n\nPOM32.DBF already exists. Ove"..., 4096) = 153 > >>read(10, "n[E]ver, [R]ename, [Q]uit \n\nPOM3"..., 4096) = 204 > >>read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 159 > >>read(10, ", [R]ename, [Q]uit \n\nPOM32.DBF a"..., 4096) = 158 > >>read(10, "[N]o, [A]ll, n[E]ver, [R]ename, "..., 4096) = 128 > >>read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 161 > >>read(10, "[R]ename, [Q]uit \n\nPOM32.DBF alr"..., 4096) = 162 > >>read(10, "[A]ll, n[E]ver, [R]ename, [Q]uit"..., 4096) = 164 > >>read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 119 > >>read(10, "[R]ename, [Q]uit \n\nPOM32.DBF alr"..., 4096) = 156 > >>read(10, "[N]o, [A]ll, n[E]ver, [R]ename, "..., 4096) = 128 > >>read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 169 > >>read(10, ", [Q]uit \n\nPOM32.DBF already exi"..., 4096) = 159 > >>read(10, ", n[E]ver, [R]ename, [Q]uit \n\nPO"..., 4096) = 160 > >>read(10, "[Y]es, [N]o, [A]ll, n[E]ver, [R]"..., 4096) = 135 > >>read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 161 > >>read(10, "[R]ename, [Q]uit \n\nPOM32.DBF alr"..., 4096) = 162 > >>read(10, "[A]ll, n[E]ver, [R]ename, [Q]uit"..., 4096) = 164 > >>read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 136 > >>read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 153 > >>read(10, "[E]ver, [R]ename, [Q]uit \n\nPOM32"..., 4096) = 164 > >>read(10, "[N]o, [A]ll, n[E]ver, [R]ename, "..., 4096) = 128 > >>read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 161 > >>read(10, "[R]ename, [Q]uit \n\nPOM32.DBF alr"..., 4096) = 162 > >>read(10, "[A]ll, n[E]ver, [R]ename, [Q]uit"..., 4096) = 164 > >>read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 136 > >>read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 153 > >>read(10, "[E]ver, [R]ename, [Q]uit \n\nPOM32"..., 4096) = 164 > >>read(10, "[N]o, [A]ll, n[E]ver, [R]ename, "..., 4096) = 170 > >>read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 129 > >>read(10, "[Q]uit \n\nPOM32.DBF already exist"..., 4096) = 152 > >>read(10, "[A]ll, n[E]ver, [R]ename, [Q]uit"..., 4096) = 164 > >>read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 136 > >>read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 153 > >>read(10, "[E]ver, [R]ename, [Q]uit \n\nPOM32"..., 4096) = 164 > >>read(10, "[N]o, [A]ll, n[E]ver, [R]ename, "..., 4096) = 128 > >>read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 161 > >>read(10, "[R]ename, [Q]uit \n\nPOM32.DBF alr"..., 4096) = 162 > >>read(10, "[A]ll, n[E]ver, [R]ename, [Q]uit"..., 4096) = 165 > >>read(10, "[Y]es, [N]o, [A]ll, n[E]ver, [R]"..., 4096) = 135 > >>read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 159 > >>read(10, ", [R]ename, [Q]uit \n\nPOM32.DBF a"..., 4096) = 162 > >>read(10, ", [A]ll, n[E]ver, [R]ename, [Q]u"..., 4096) = 167 > >>read(10, "[Y]es, [N]o, [A]ll, n[E]ver, [R]"..., 4096) = 135 > >>read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 159 > >>read(10, ", [R]ename, [Q]uit \n\nPOM32.DBF a"..., 4096) = 158 > >>read(10, "[N]o, [A]ll, n[E]ver, [R]ename, "..., 4096) = 128 > >>read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 161 > >>read(10, "[R]ename, [Q]uit \n\nPOM32.DBF alr"..., 4096) = 162 > >>read(10, "[A]ll, n[E]ver, [R]ename, [Q]uit"..., 4096) = 164 > >>read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 135 > >>read(10, " \n\nPOM32.DBF already exists. Ove"..., 4096) = 151 > >>read(10, ", n[E]ver, [R]ename, [Q]uit \n\nPO"..., 4096) = 160 > >>read(10, "[Y]es, [N]o, [A]ll, n[E]ver, [R]"..., 4096) = 135 > >>read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 159 > >>read(10, ", [R]ename, [Q]uit \n\nPOM32.DBF a"..., 4096) = 162 > >>read(10, ", [A]ll, n[E]ver, [R]ename, [Q]u"..., 4096) = 166 > >>read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 135 > >>read(10, " \n\nPOM32.DBF already exists. Ove"..., 4096) = 153 > >>read(10, "n[E]ver, [R]ename, [Q]uit \n\nPOM3"..., 4096) = 163 > >>read(10, ", [N]o, [A]ll, n[E]ver, [R]ename"..., 4096) = 130 > >>read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 161 > >>read(10, "[R]ename, [Q]uit \n\nPOM32.DBF alr"..., 4096) = 162 > >>read(10, "[A]ll, n[E]ver, [R]ename, [Q]uit"..., 4096) = 164 > >>read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 136 > >>read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 153 > >>read(10, "[E]ver, [R]ename, [Q]uit \n\nPOM32"..., 4096) = 164 > >>read(10, "[N]o, [A]ll, n[E]ver, [R]ename, "..., 4096) = 198 > >>read(10, ", [R]ename, [Q]uit \n\nPOM32.DBF a"..., 4096) = 169 > >>read(10, ", n[E]ver, [R]ename, [Q]uit \n\nPO"..., 4096) = 160 > >>read(10, "[Y]es, [N]o, [A]ll, n[E]ver, [R]"..., 4096) = 135 > >>read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 159 > >>read(10, ", [R]ename, [Q]uit \n\nPOM32.DBF a"..., 4096) = 162 > >>read(10, ", [A]ll, n[E]ver, [R]ename, [Q]u"..., 4096) = 166 > >>read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 135 > >>read(10, " \n\nPOM32.DBF already exists. Ove"..., 4096) = 153 > >>read(10, "n[E]ver, [R]ename, [Q]uit \n\nPOM3"..., 4096) = 158 > >>read(10, "[Y]es, [N]o, [A]ll, n[E]ver, [R]"..., 4096) = 135 > >>read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 161 > >>read(10, "[R]ename, [Q]uit \n\nPOM32.DBF alr"..., 4096) = 162 > >>read(10, "[A]ll, n[E]ver, [R]ename, [Q]uit"..., 4096) = 164 > >>read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 135 > >>read(10, " \n\nPOM32.DBF already exists. Ove"..., 4096) = 153 > >>read(10, "n[E]ver, [R]ename, [Q]uit \n\nPOM3"..., 4096) = 163 > >>read(10, ", [N]o, [A]ll, n[E]ver, [R]ename"..., 4096) = 130 > >>read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 161 > >>read(10, "[R]ename, [Q]uit \n\nPOM32.DBF alr"..., 4096) = 162 > >>read(10, "[A]ll, n[E]ver, [R]ename, [Q]uit"..., 4096) = 164 > >>read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 135 > >>read(10, " \n\nPOM32.DBF already exists. Ove"..., 4096) = 151 > >>read(10, ", n[E]ver, [R]ename, [Q]uit \n\nPO"..., 4096) = 160 > >>read(10, "[Y]es, [N]o, [A]ll, n[E]ver, [R]"..., 4096) = 135 > >>read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 161 > >>read(10, "[R]ename, [Q]uit \n\nPOM32.DBF alr"..., 4096) = 162 > >>read(10, "[A]ll, n[E]ver, [R]ename, [Q]uit"..., 4096) = 164 > >>read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 136 > >>read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 159 > >>read(10, ", [R]ename, [Q]uit \n\nPOM32.DBF a"..., 4096) = 162 > >>read(10, ", [A]ll, n[E]ver, [R]ename, [Q]u"..., 4096) = 166 > >>read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 136 > >>read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 145 > >>read(10, "[A]ll, n[E]ver, [R]ename, [Q]uit"..., 4096) = 164 > >>read(10, "\n[Y]es, [N]o, [A]ll, n[E]ver, [R"..., 4096) = 135 > >>read(10, " \n\nPOM32.DBF already exists. Ove"..., 4096) = 153 > >>read(10, "n[E]ver, [R]ename, [Q]uit \n\nPOM3"..., 4096) = 163 > >>read(10, ", [N]o, [A]ll, n[E]ver, [R]ename"..., 4096) = 130 > >>read(10, "\n\nPOM32.DBF already exists. Over"..., 4096) = 161 > >>read(10, "[R]ename, [Q]uit \n\nPOM32.DBF alr"..., 4096) = 160 > >>read(10, ", [A]ll, n[E]ver, [R]ename, [Q]u"..., 4096) = 166 > >> > >>(and so on...) > >>It looks like MS is trying to unpack files for a few times. > >>Strange is that MS is using 'unrar' for unpacking .zip ('file' > shows: Zip > >>archive data, at least v2.0 to extract) > >> > >>I'm using clamavmodule, sophossavi and bitdefender. > >> > >>Any advice? > >>-- > >>Regards, > >>Marcin > >> > >>------------------------ MailScanner list ------------------------ > >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>'leave mailscanner' in the body of the email. > >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> > >>Support MailScanner development - buy the book off the website! > >> > >>-- > >>This message has been scanned for viruses and > >>dangerous content by MailScanner, and is > >>believed to be clean. > >> > >> > >> > >> > >> > > > > > >-- > >This message has been scanned for viruses and > >dangerous content by MailScanner, and is > >believed to be clean. > > > >------------------------ MailScanner list ------------------------ > >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >'leave mailscanner' in the body of the email. > >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > >Support MailScanner development - buy the book off the website! > > > > > > > > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at ICNET.NET Wed Mar 9 12:55:50 2005 From: mailscanner at ICNET.NET (Brady Tucker) Date: Thu Jan 12 21:28:55 2006 Subject: bayes expire tokens Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] You may be right in that Julian may not be able to do anything... However, if the problem is that the expiry process is getting interrupted --- and he can keep MS from trying add to the db or interrupt the expiry process then it would finish properly even if it took an excessive time, right ? The problem is that I'm not clear on what is stopping the expiry process in the first place... Is SA is timing out because it thinks it's taking to long -- or if MS is 'no longer stopping to wait during expiry' because it was taking to long and interrupting a long expiry process.... The other solution presented here to set SA to timeout at 120 seconds didn't work for me... And I wasn't getting SA timeouts in the log anyway -- was/is everybody else having timeouts with this same problem ? In the meantime... Forcing expire 3 times a day from a cron job fixes the problem. No whining... Just finding a solution that doesn't take up a gig+ in dead lock files/day. Haven't had a dead lock file in months. Brady A. Tucker batucker@icnet.net Internet Complete! w w w . i c n e t . n e t -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Kai Schaetzl Sent: Wednesday, March 09, 2005 6:31 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: bayes expire tokens David Lee wrote on Wed, 9 Mar 2005 10:04:39 +0000: > Thanks, Julian. That would be appreciated by many people. > I don't see that Julian can do much or even little about this. The problem happens because the bayes_expiry takes too long. This can only happen on a corrupted db or a large db. If you get quite a few messages (I think it should be at least a few 10.000 per day, I don't have such a system, I can't compare) running thru your system the latter is likely the case. There are two options then: stop bayes_expiry at all (which will keep it growing, but may work out) or do it on a scheduled basis. You can also tweak the db size either to be very small (reducing the amount of time it takes to expire) or rather large (so that the automatic expiry is unlikely to happen). But this is all SA-related, not MS. Please go over to the SA list and talk about your problems. If people just keep whining here, nothing will change, since the developers don't know that it happens so frequently. And if the problem is not related to what I think the SA list is better suited for that anyway. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Wed Mar 9 12:56:28 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:55 2006 Subject: Realeasing from quarantine Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Jens W. Skov > - JS Consult > Sent: den 9 mars 2005 11:12 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: SV: Realeasing from quarantine > > > I should add that I'm on postfix :-) Look at http://article.gmane.org/gmane.mail.virus.mailscanner/23097 For the woes of releasing postfix queue files;). As you mention that you use MailWatch, let me remind you that you should _not_ be quarantining queue files, as per the MW install instructions. Both the quarantine relase and sa-learn features (and viewing of "non-dangerous" quarantine entries) rely on them being "decoded" to an rfc822 test format. Besides, the envelope info (in the queue file) is already stored in the MW database, so... You really don't need them as queue files... Amend your MailScanner.conf file with Quarantine Whole Message = yes Quarantine Whole Message As Queue Files = no -- Glenn > > mvh. > > Jens W. Skov - JS Consult > Rævehøjparken 58 > 2800 Kgs. Lyngby > jens@jsconsult.dk - http://www.jsconsult.dk > Telefon: +45 45884077 > Mobil : +45 23254077 > > > > > > > > -----Oprindelig meddelelse----- > > Fra: MailScanner mailing list > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] På vegne af Martin Hepworth > > Sendt: 9. marts 2005 11:06 > > Til: MAILSCANNER@JISCMAIL.AC.UK > > Emne: Re: Realeasing from quarantine > > > > Jens > > > > ok looks like you have the queue files in the quarantine, not > > message files. > > > > In that case just copy the queue files (both are needed for > > the message) > > into the outgoing queue and sendmail should deliver them for you. > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > > > Jens W. Skov - JS Consult wrote: > > > Hi > > > > > > I'm using mailscanner with mailwatch, and when I try yo > > release a file > > > fom quarantine I get at mail marked with {Filename?} and with the > > > attached files replaced with warning. The message itself > > seems to be > > > attached as a queue file. > > > > > > In the quarantine I have a folder with the message and the > > attached files. > > > > > > I also archive to queue files. When I try to do a sendmail -toi > > > in the mail > > > body from the root user on the mailscanner server. > > > > > > Can someone help me find out what I'm doing wrong? > > > > > > > > > Jens > > > ------------------------ MailScanner list > > ------------------------ To > > > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > > 'leave mailscanner' in the body of the email. > > > Before posting, read the MAQ > > (http://www.mailscanner.biz/maq/) and the > > > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > > > *Support MailScanner development - buy the book off the website!* > > > > > ********************************************************************** > > > > This email and any files transmitted with it are confidential > > and intended solely for the use of the individual or entity > > to whom they are addressed. If you have received this email > > in error please notify the system manager. > > > > This footnote confirms that this email message has been swept > > for the presence of computer viruses and is believed to be clean. > > > > > ********************************************************************** > > > > ------------------------ MailScanner list > > ------------------------ To unsubscribe, email > > jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ > > (http://www.mailscanner.biz/maq/) and the archives > > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rgreen at TRAYERPRODUCTS.COM Wed Mar 9 13:02:33 2005 From: rgreen at TRAYERPRODUCTS.COM (Rodney Green) Date: Thu Jan 12 21:28:55 2006 Subject: User unknown in virtual alias table Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Martin, Any ideas on what the problem might be? Thanks again, Rodney Rodney Green wrote: > Martin, > > The MX record resolves to mail2.trayerproducts.com. > mail2.trayerproducts.com resolves to the same IP address as > mail4.trayerproducts.com. Really odd that it's bouncing mail to my > address when it's delivered normally when it's not spam. I just don't > get it. > > Thanks for your help, > Rodney > > > Martin Hepworth wrote: > >> Rodney >> >> what does the MS machine think the MX record for trayerproducts.com is? >> It looks like its routing the forward to itself, and not finding >> rgreen@trayerproducts.com and producing the bounce then. >> >> >> >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >> >> Rodney Green wrote: >> >>> Martin, Derek, >>> >>> I did suspect that maybe there was a problem with the forward I use in >>> the spam and high scoring spam actions. I simply used my e-mail address, >>> rgreen@trayerproducts.com. I just did a test by setting the actions to >>> deliver and the bounce problem went away. I just set the action to >>> forward again and this time I modified my e-mail address to be >>> rgreen@mail4.trayerproducts.com and it's working okay now. Here are my >>> logs (below message), and they do show that it is a postfix problem. Any >>> ideas on what I might have configured incorrectly? >>> >>> Thanks for your help, >>> Rod >>> >>> Mar 8 08:43:50 proxy MailScanner[16793]: Message 97DF93132C.95381 from >>> 206.190.38.213 (reason1000@yahoo.com) to >>> trayerproducts.com,mail4.trayerproducts.com is spam, SpamAssassin >>> (score=997.401, required 5, autolearn=not spam, BAYES_00 -2.60, GTUBE >>> 1000.00) >>> Mar 8 08:43:52 proxy MailScanner[16793]: Spam Checks: Found 1 spam >>> messages >>> Mar 8 08:43:52 proxy MailScanner[16793]: Spam Actions: message >>> 97DF93132C.95381 actions are store,forward,rgreen@trayerproducts.com >>> Mar 8 08:43:52 proxy MailScanner[16793]: Virus and Content Scanning: >>> Starting >>> Mar 8 08:43:52 proxy MailScanner[16793]: Requeue: 97DF93132C.95381 to >>> 832783132D >>> Mar 8 08:43:52 proxy postfix/qmgr[16765]: 832783132D: >>> from=, size=1640, nrcpt=1 (queue active) >>> Mar 8 08:43:53 proxy MailScanner[16793]: Uninfected: Delivered 1 >>> messages >>> Mar 8 08:43:53 proxy postfix/error[17012]: 832783132D: >>> to=, orig_to=, relay=none, delay=6, >>> status=bounced (user unknown in virtual alias table) >>> >>> >>> Martin Hepworth wrote: >>> >>>> Rodney >>>> >>>> anything in the log files for this test message? Like is MS processing >>>> it at all or is PF rejecting it? >>>> >>>> -- >>>> Martin Hepworth >>>> Snr Systems Administrator >>>> Solid State Logic >>>> Tel: +44 (0)1865 842300 >>>> >>>> >>>> Rodney Green wrote: >>>> >>>>> MailScanner 4.37.7-1 >>>>> SpamAssassin 3.0.2 >>>>> Postfix 2.0.20 >>>>> >>>>> Hello, >>>>> >>>>> I've just moved mail services from a server running older versions of >>>>> the above software to the newer versions listed. In testing, I've >>>>> noticed something that seems odd to me. When I send a message to my >>>>> address from yahoo with the gtube spam testing string, my mail server >>>>> sends back an error message saying "user unknown in virtual alias >>>>> table." The user (myself) is definitely in the virtual alias table and >>>>> receiving mail just fine. When I send normal mail from my yahoo >>>>> account >>>>> it is delivered without any problems. >>>>> >>>>> Anyone have any idea what's happening here? Is there some kind of >>>>> feature in MS or SA that is sending back a "user unknown" error to >>>>> trick >>>>> spammers into taking the address of their list? >>>>> >>>>> Thanks! >>>>> Rod >>>>> >>>>> ------------------------ MailScanner list ------------------------ >>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>> 'leave mailscanner' in the body of the email. >>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>>> >>>> >>>> >>>> ********************************************************************** >>>> >>>> This email and any files transmitted with it are confidential and >>>> intended solely for the use of the individual or entity to whom they >>>> are addressed. If you have received this email in error please notify >>>> the system manager. >>>> >>>> This footnote confirms that this email message has been swept >>>> for the presence of computer viruses and is believed to be clean. >>>> >>>> ********************************************************************** >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>> >>> -- >>> Rodney Green >>> Network/Security Administrator >>> Trayer Products, Inc. >>> E-Mail: rgreen@trayerproducts.com >>> Phone: 607-734-8124 Ext. 343 >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >> >> >> >> ********************************************************************** >> >> This email and any files transmitted with it are confidential and >> intended solely for the use of the individual or entity to whom they >> are addressed. If you have received this email in error please notify >> the system manager. >> >> This footnote confirms that this email message has been swept >> for the presence of computer viruses and is believed to be clean. >> >> ********************************************************************** >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > -- > Rodney Green > Network/Security Administrator > Trayer Products, Inc. > E-Mail: rgreen@trayerproducts.com > Phone: 607-734-8124 Ext. 343 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Rodney Green Network/Security Administrator Trayer Products, Inc. E-Mail: rgreen@trayerproducts.com Phone: 607-734-8124 Ext. 343 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Wed Mar 9 13:06:31 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:28:55 2006 Subject: bug? using unrar Message-ID: [ The following text is in the "ISO-8859-2" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Marcin Ro¿ek > Sent: Wednesday, March 09, 2005 4:07 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: bug? using unrar > > > Rick Cooper wrote: > > > Ok that makes sense as a standard exe would return a null string to the > > unrar lb and UnPackRar would exit right then and there. But there is > > obviously an issue with the name being duplicated, that should > not happen.. > > unless. Oops! That version doesn't have the revised handling of > being unable > > to rename safe names. I think Julian has something coming that > would prevent > > that from happening as well. I would still like to test that archive. > Yes. The problem is that DBF.EXE is self-extracring rar archive > which includes > few files with the same names as other files in .zip archive. It > is easy to > reproduce. Make 3 text files and name them eg file1, file2, > file3. Make .rar > archive eg archive.rar and pack file2 and file3. Then, make .zip > archive that > includes file1, file2, file3 and archive.rar. When you send that > .zip archive The problem is that before each file is extracted the file name *shouldbe/is* checked to make sure a file of that name does not already exist (among other things) in the working directory. If it does it's modified prior to extraction. so file.exe would become something like 01file.exe. However if there is a problem with the archive and the file could not be renamed then the file should be skipped rather than blindly extracted (which should be the behavior in the next releasenow) and I was curious as to why the file could not be renamed. The function has already been tested with dups, in fact I had a test file that contained two archives each containing three directories with the same file in them, which appears to MS as all duplicates > through MailScanner the problem will occure. > > > In the help for my version of unrar it is -y and not -Y. > > Can you confirm please? > If it is safe to overwrite already unpacked files (are they > already scanned?) > then -y can be a solution. > They have not been scanned so this isn't ideal, but neither is having MS looping on that file name. The parent archive will be scanned as a whole however. While working on this function Julian had mentioned it would take a particularly oddly broken file to hit that section so it would be hard to test. If you can get him a copy of the exact file that would be a help as to trying to determine what went wrong with the rename in the first place. I believe in debug mode you should see a message saying it is renaming a file in the archive from filenameone to filenametwo if it's possible to still test that message in debug mode Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Mar 9 13:15:37 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:55 2006 Subject: User unknown in virtual alias table Message-ID: Rodney I'm no postfix person so I declined to answer from this point as I had little to contribute, but i guess the workaround is to fully specify the forward email address.. :-( -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Rodney Green wrote: > Martin, > > Any ideas on what the problem might be? > > Thanks again, > Rodney > > Rodney Green wrote: > >> Martin, >> >> The MX record resolves to mail2.trayerproducts.com. >> mail2.trayerproducts.com resolves to the same IP address as >> mail4.trayerproducts.com. Really odd that it's bouncing mail to my >> address when it's delivered normally when it's not spam. I just don't >> get it. >> >> Thanks for your help, >> Rodney >> >> >> Martin Hepworth wrote: >> >>> Rodney >>> >>> what does the MS machine think the MX record for trayerproducts.com is? >>> It looks like its routing the forward to itself, and not finding >>> rgreen@trayerproducts.com and producing the bounce then. >>> >>> >>> >>> -- >>> Martin Hepworth >>> Snr Systems Administrator >>> Solid State Logic >>> Tel: +44 (0)1865 842300 >>> >>> >>> Rodney Green wrote: >>> >>>> Martin, Derek, >>>> >>>> I did suspect that maybe there was a problem with the forward I use in >>>> the spam and high scoring spam actions. I simply used my e-mail >>>> address, >>>> rgreen@trayerproducts.com. I just did a test by setting the actions to >>>> deliver and the bounce problem went away. I just set the action to >>>> forward again and this time I modified my e-mail address to be >>>> rgreen@mail4.trayerproducts.com and it's working okay now. Here are my >>>> logs (below message), and they do show that it is a postfix problem. >>>> Any >>>> ideas on what I might have configured incorrectly? >>>> >>>> Thanks for your help, >>>> Rod >>>> >>>> Mar 8 08:43:50 proxy MailScanner[16793]: Message 97DF93132C.95381 from >>>> 206.190.38.213 (reason1000@yahoo.com) to >>>> trayerproducts.com,mail4.trayerproducts.com is spam, SpamAssassin >>>> (score=997.401, required 5, autolearn=not spam, BAYES_00 -2.60, GTUBE >>>> 1000.00) >>>> Mar 8 08:43:52 proxy MailScanner[16793]: Spam Checks: Found 1 spam >>>> messages >>>> Mar 8 08:43:52 proxy MailScanner[16793]: Spam Actions: message >>>> 97DF93132C.95381 actions are store,forward,rgreen@trayerproducts.com >>>> Mar 8 08:43:52 proxy MailScanner[16793]: Virus and Content Scanning: >>>> Starting >>>> Mar 8 08:43:52 proxy MailScanner[16793]: Requeue: 97DF93132C.95381 to >>>> 832783132D >>>> Mar 8 08:43:52 proxy postfix/qmgr[16765]: 832783132D: >>>> from=, size=1640, nrcpt=1 (queue active) >>>> Mar 8 08:43:53 proxy MailScanner[16793]: Uninfected: Delivered 1 >>>> messages >>>> Mar 8 08:43:53 proxy postfix/error[17012]: 832783132D: >>>> to=, orig_to=, relay=none, delay=6, >>>> status=bounced (user unknown in virtual alias table) >>>> >>>> >>>> Martin Hepworth wrote: >>>> >>>>> Rodney >>>>> >>>>> anything in the log files for this test message? Like is MS processing >>>>> it at all or is PF rejecting it? >>>>> >>>>> -- >>>>> Martin Hepworth >>>>> Snr Systems Administrator >>>>> Solid State Logic >>>>> Tel: +44 (0)1865 842300 >>>>> >>>>> >>>>> Rodney Green wrote: >>>>> >>>>>> MailScanner 4.37.7-1 >>>>>> SpamAssassin 3.0.2 >>>>>> Postfix 2.0.20 >>>>>> >>>>>> Hello, >>>>>> >>>>>> I've just moved mail services from a server running older versions of >>>>>> the above software to the newer versions listed. In testing, I've >>>>>> noticed something that seems odd to me. When I send a message to my >>>>>> address from yahoo with the gtube spam testing string, my mail server >>>>>> sends back an error message saying "user unknown in virtual alias >>>>>> table." The user (myself) is definitely in the virtual alias table >>>>>> and >>>>>> receiving mail just fine. When I send normal mail from my yahoo >>>>>> account >>>>>> it is delivered without any problems. >>>>>> >>>>>> Anyone have any idea what's happening here? Is there some kind of >>>>>> feature in MS or SA that is sending back a "user unknown" error to >>>>>> trick >>>>>> spammers into taking the address of their list? >>>>>> >>>>>> Thanks! >>>>>> Rod >>>>>> >>>>>> ------------------------ MailScanner list ------------------------ >>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>> 'leave mailscanner' in the body of the email. >>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>> >>>>>> Support MailScanner development - buy the book off the website! >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> ********************************************************************** >>>>> >>>>> This email and any files transmitted with it are confidential and >>>>> intended solely for the use of the individual or entity to whom they >>>>> are addressed. If you have received this email in error please notify >>>>> the system manager. >>>>> >>>>> This footnote confirms that this email message has been swept >>>>> for the presence of computer viruses and is believed to be clean. >>>>> >>>>> ********************************************************************** >>>>> >>>>> ------------------------ MailScanner list ------------------------ >>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>> 'leave mailscanner' in the body of the email. >>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>>> >>>> >>>> -- >>>> Rodney Green >>>> Network/Security Administrator >>>> Trayer Products, Inc. >>>> E-Mail: rgreen@trayerproducts.com >>>> Phone: 607-734-8124 Ext. 343 >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>> >>> >>> >>> >>> ********************************************************************** >>> >>> This email and any files transmitted with it are confidential and >>> intended solely for the use of the individual or entity to whom they >>> are addressed. If you have received this email in error please notify >>> the system manager. >>> >>> This footnote confirms that this email message has been swept >>> for the presence of computer viruses and is believed to be clean. >>> >>> ********************************************************************** >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> -- >> Rodney Green >> Network/Security Administrator >> Trayer Products, Inc. >> E-Mail: rgreen@trayerproducts.com >> Phone: 607-734-8124 Ext. 343 >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > -- > Rodney Green > Network/Security Administrator > Trayer Products, Inc. > E-Mail: rgreen@trayerproducts.com > Phone: 607-734-8124 Ext. 343 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Wed Mar 9 13:33:49 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:28:55 2006 Subject: User unknown in virtual alias table Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rodney Green wrote: Hi Rodney Just glancing at your log, it looks like a delivery bounce error as opposed to a bounce from smtpd. Could you post me some logs of a successful delivery (Just a normal mail message) and some more of this error (Including the submission part). Sorry, I've cut the rest of your message in an attempt to clear my already addled mind! Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Wed Mar 9 14:04:39 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:28:55 2006 Subject: 4.40.2-1 - good news to report! Message-ID: Julian After the problems we encountered at this site with some of the 4.39.* releases, it is heartening to observe that your BETA 4.40.2-1 release is running without problems on one of our production mail gateways (they are all RH AS 3 + Sendmail + SpamAssassin 3.0.2 + Sophos + McAfee). Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Wed Mar 9 14:22:08 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:28:55 2006 Subject: Antivirus Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Could anyone else running 4.40-2.1 with more antivirus products check in maillog if all of them are being updated? I did't found the problem in my configuration yet... ----- Original Message ----- From: "Roger Jochem" To: Sent: Wednesday, March 09, 2005 8:38 AM Subject: Re: Antivirus > The virus.scanners.conf seems fine... And I tested the tree products as > sugested in the virus.scanners.conf and all worked. > > Bitdefender is the first of the tree in my virus.scanners.conf file. Could > there be some kind of problem in this new version that only updates the > first antivirus found in the virus.scanners.conf file? > > ----- Original Message ----- > From: "Julian Field" > To: > Sent: Wednesday, March 09, 2005 8:29 AM > Subject: Re: Antivirus > > > > Check your /etc/MailScanner/virus.scanners.conf file and make sure it is > > pointing to all the right places. > > > > Roger Jochem wrote: > > > > > I run MailScanner with clamavmodule, mcafee and bitdefender. Since I > > > upgraded to MailScanner 4.40-2.1 (monday) only bitdefender is found > > > and autoupdated. The scanning is working fine with the 3 products... > > > > > > No message showing anything about the proplem in maillog. Until > > > 4.39.6-1 it found the 3 products, and autoupdated all of them. > > > > > > Any clues? > > > > > > Roger Jochem > > > ------------------------ MailScanner list ------------------------ > > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > > 'leave mailscanner' in the body of the email. > > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > > > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > > > *Support MailScanner development - buy the book off the website!* > > > > > > -- > > Julian Field > > www.MailScanner.info > > MailScanner thanks transtec Computers for their support > > Buy the MailScanner book at www.MailScanner.info/store > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rgreen at TRAYERPRODUCTS.COM Wed Mar 9 14:24:35 2005 From: rgreen at TRAYERPRODUCTS.COM (Rodney Green) Date: Thu Jan 12 21:28:55 2006 Subject: User unknown in virtual alias table Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks for you help Martin. Martin Hepworth wrote: > Rodney > > I'm no postfix person so I declined to answer from this point as I had > little to contribute, but i guess the workaround is to fully specify the > forward email address.. :-( > > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Rodney Green wrote: > >> Martin, >> >> Any ideas on what the problem might be? >> >> Thanks again, >> Rodney >> >> Rodney Green wrote: >> >>> Martin, >>> >>> The MX record resolves to mail2.trayerproducts.com. >>> mail2.trayerproducts.com resolves to the same IP address as >>> mail4.trayerproducts.com. Really odd that it's bouncing mail to my >>> address when it's delivered normally when it's not spam. I just don't >>> get it. >>> >>> Thanks for your help, >>> Rodney >>> >>> >>> Martin Hepworth wrote: >>> >>>> Rodney >>>> >>>> what does the MS machine think the MX record for trayerproducts.com is? >>>> It looks like its routing the forward to itself, and not finding >>>> rgreen@trayerproducts.com and producing the bounce then. >>>> >>>> >>>> >>>> -- >>>> Martin Hepworth >>>> Snr Systems Administrator >>>> Solid State Logic >>>> Tel: +44 (0)1865 842300 >>>> >>>> >>>> Rodney Green wrote: >>>> >>>>> Martin, Derek, >>>>> >>>>> I did suspect that maybe there was a problem with the forward I use in >>>>> the spam and high scoring spam actions. I simply used my e-mail >>>>> address, >>>>> rgreen@trayerproducts.com. I just did a test by setting the actions to >>>>> deliver and the bounce problem went away. I just set the action to >>>>> forward again and this time I modified my e-mail address to be >>>>> rgreen@mail4.trayerproducts.com and it's working okay now. Here are my >>>>> logs (below message), and they do show that it is a postfix problem. >>>>> Any >>>>> ideas on what I might have configured incorrectly? >>>>> >>>>> Thanks for your help, >>>>> Rod >>>>> >>>>> Mar 8 08:43:50 proxy MailScanner[16793]: Message 97DF93132C.95381 >>>>> from >>>>> 206.190.38.213 (reason1000@yahoo.com) to >>>>> trayerproducts.com,mail4.trayerproducts.com is spam, SpamAssassin >>>>> (score=997.401, required 5, autolearn=not spam, BAYES_00 -2.60, GTUBE >>>>> 1000.00) >>>>> Mar 8 08:43:52 proxy MailScanner[16793]: Spam Checks: Found 1 spam >>>>> messages >>>>> Mar 8 08:43:52 proxy MailScanner[16793]: Spam Actions: message >>>>> 97DF93132C.95381 actions are store,forward,rgreen@trayerproducts.com >>>>> Mar 8 08:43:52 proxy MailScanner[16793]: Virus and Content Scanning: >>>>> Starting >>>>> Mar 8 08:43:52 proxy MailScanner[16793]: Requeue: 97DF93132C.95381 to >>>>> 832783132D >>>>> Mar 8 08:43:52 proxy postfix/qmgr[16765]: 832783132D: >>>>> from=, size=1640, nrcpt=1 (queue active) >>>>> Mar 8 08:43:53 proxy MailScanner[16793]: Uninfected: Delivered 1 >>>>> messages >>>>> Mar 8 08:43:53 proxy postfix/error[17012]: 832783132D: >>>>> to=, orig_to=, relay=none, >>>>> delay=6, >>>>> status=bounced (user unknown in virtual alias table) >>>>> >>>>> >>>>> Martin Hepworth wrote: >>>>> >>>>>> Rodney >>>>>> >>>>>> anything in the log files for this test message? Like is MS >>>>>> processing >>>>>> it at all or is PF rejecting it? >>>>>> >>>>>> -- >>>>>> Martin Hepworth >>>>>> Snr Systems Administrator >>>>>> Solid State Logic >>>>>> Tel: +44 (0)1865 842300 >>>>>> >>>>>> >>>>>> Rodney Green wrote: >>>>>> >>>>>>> MailScanner 4.37.7-1 >>>>>>> SpamAssassin 3.0.2 >>>>>>> Postfix 2.0.20 >>>>>>> >>>>>>> Hello, >>>>>>> >>>>>>> I've just moved mail services from a server running older >>>>>>> versions of >>>>>>> the above software to the newer versions listed. In testing, I've >>>>>>> noticed something that seems odd to me. When I send a message to my >>>>>>> address from yahoo with the gtube spam testing string, my mail >>>>>>> server >>>>>>> sends back an error message saying "user unknown in virtual alias >>>>>>> table." The user (myself) is definitely in the virtual alias table >>>>>>> and >>>>>>> receiving mail just fine. When I send normal mail from my yahoo >>>>>>> account >>>>>>> it is delivered without any problems. >>>>>>> >>>>>>> Anyone have any idea what's happening here? Is there some kind of >>>>>>> feature in MS or SA that is sending back a "user unknown" error to >>>>>>> trick >>>>>>> spammers into taking the address of their list? >>>>>>> >>>>>>> Thanks! >>>>>>> Rod >>>>>>> >>>>>>> ------------------------ MailScanner list ------------------------ >>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>> 'leave mailscanner' in the body of the email. >>>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>> >>>>>>> Support MailScanner development - buy the book off the website! >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> ********************************************************************** >>>>>> >>>>>> >>>>>> This email and any files transmitted with it are confidential and >>>>>> intended solely for the use of the individual or entity to whom they >>>>>> are addressed. If you have received this email in error please notify >>>>>> the system manager. >>>>>> >>>>>> This footnote confirms that this email message has been swept >>>>>> for the presence of computer viruses and is believed to be clean. >>>>>> >>>>>> ********************************************************************** >>>>>> >>>>>> >>>>>> ------------------------ MailScanner list ------------------------ >>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>> 'leave mailscanner' in the body of the email. >>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>> >>>>>> Support MailScanner development - buy the book off the website! >>>>>> >>>>> >>>>> -- >>>>> Rodney Green >>>>> Network/Security Administrator >>>>> Trayer Products, Inc. >>>>> E-Mail: rgreen@trayerproducts.com >>>>> Phone: 607-734-8124 Ext. 343 >>>>> >>>>> ------------------------ MailScanner list ------------------------ >>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>> 'leave mailscanner' in the body of the email. >>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>>> >>>> >>>> >>>> ********************************************************************** >>>> >>>> This email and any files transmitted with it are confidential and >>>> intended solely for the use of the individual or entity to whom they >>>> are addressed. If you have received this email in error please notify >>>> the system manager. >>>> >>>> This footnote confirms that this email message has been swept >>>> for the presence of computer viruses and is believed to be clean. >>>> >>>> ********************************************************************** >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>> >>> -- >>> Rodney Green >>> Network/Security Administrator >>> Trayer Products, Inc. >>> E-Mail: rgreen@trayerproducts.com >>> Phone: 607-734-8124 Ext. 343 >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> -- >> Rodney Green >> Network/Security Administrator >> Trayer Products, Inc. >> E-Mail: rgreen@trayerproducts.com >> Phone: 607-734-8124 Ext. 343 >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Rodney Green Network/Security Administrator Trayer Products, Inc. E-Mail: rgreen@trayerproducts.com Phone: 607-734-8124 Ext. 343 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rgreen at TRAYERPRODUCTS.COM Wed Mar 9 14:29:39 2005 From: rgreen at TRAYERPRODUCTS.COM (Rodney Green) Date: Thu Jan 12 21:28:55 2006 Subject: User unknown in virtual alias table Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello Drew, Here are some logs (see text file attached). With the spam actions forward set to rgreen@mail4.trayerproducts.com I sent two messages, one from hotmail and one from gmail. I then set the forward to rgreen@trayerproducts.com and sent two messages again, from the same e-mail accounts. When the forward address in MailScanner.conf is set to rgreen@trayerproducts.com, any mail marked as spam is bounced. Thanks for your help, Rodney Drew Marshall wrote: > Rodney Green wrote: > > Hi Rodney > > Just glancing at your log, it looks like a delivery bounce error as > opposed to a bounce from smtpd. Could you post me some logs of a > successful delivery (Just a normal mail message) and some more of this > error (Including the submission part). > > Sorry, I've cut the rest of your message in an attempt to clear my > already addled mind! > > Drew > > -- > In line with our policy, this message has > been scanned for viruses and dangerous > content by MailScanner, and is believed to be clean. > www.themarshalls.co.uk/policy > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Rodney Green Network/Security Administrator Trayer Products, Inc. E-Mail: rgreen@trayerproducts.com Phone: 607-734-8124 Ext. 343 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2: "Attached Text" ] --------------------------------------------------------------------------------- Normal Message deliver from Gmail.com --------------------------------------------------------------------------------- Mar 9 08:48:03 proxy postfix/smtpd[5278]: connect from rproxy.gmail.com[64.233.170.199] Mar 9 08:48:03 proxy postfix/smtpd[5278]: 436B93135E: client=rproxy.gmail.com[64.233.170.199] Mar 9 08:48:03 proxy postfix/cleanup[5280]: 436B93135E: hold: header Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.199])??by mail4.trayerproducts.com (Postfix) with ESMTP id 436B93135E??for ; Wed, 9 Mar 2005 08:48:03 -0500 (E from rproxy.gmail.com[64.233.170.199]; from= to= proto=ESMTP helo= Mar 9 08:48:03 proxy postfix/cleanup[5280]: 436B93135E: hold: header Received: by rproxy.gmail.com with SMTP id 34so210348rns? for ; Wed, 09 Mar 2005 05:47:56 -0800 (PST) from rproxy.gmail.com[64.233.170.199]; from= to= proto=ESMTP helo= Mar 9 08:48:03 proxy postfix/cleanup[5280]: 436B93135E: hold: header Received: by 10.38.179.14 with SMTP id b14mr454146rnf;? Wed, 09 Mar 2005 05:47:56 -0800 (PST) from rproxy.gmail.com[64.233.170.199]; from= to= proto=ESMTP helo= Mar 9 08:48:03 proxy postfix/cleanup[5280]: 436B93135E: hold: header Received: by 10.38.8.61 with HTTP; Wed, 9 Mar 2005 05:47:56 -0800 (PST) from rproxy.gmail.com[64.233.170.199]; from= to= proto=ESMTP helo= Mar 9 08:48:03 proxy postfix/cleanup[5280]: 436B93135E: message-id=<31e7748d0503090547115583ac@mail.gmail.com> Mar 9 08:48:03 proxy postfix/smtpd[5278]: disconnect from rproxy.gmail.com[64.233.170.199] Mar 9 08:48:04 proxy MailScanner[4377]: New Batch: Scanning 1 messages, 1755 bytes Mar 9 08:48:04 proxy MailScanner[4377]: Spam Checks: Starting Mar 9 08:48:10 proxy MailScanner[4377]: Virus and Content Scanning: Starting Mar 9 08:48:11 proxy MailScanner[4377]: Requeue: 436B93135E.E0D6C to 099953136C Mar 9 08:48:11 proxy postfix/qmgr[27727]: 099953136C: from=, size=1515, nrcpt=2 (queue active) Mar 9 08:48:11 proxy MailScanner[4377]: Uninfected: Delivered 1 messages Mar 9 08:48:11 proxy postfix/local[5287]: 099953136C: to=, orig_to=, relay=local, delay=8, status=sent (mailbox) Mar 9 08:48:11 proxy postfix/local[5303]: 099953136C: to=, orig_to=, relay=local, delay=8, status=sent (mailbox) --------------------------------------------------------------------------------- Normal Message deliver from hotmail.com --------------------------------------------------------------------------------- Mar 9 08:52:26 proxy postfix/smtpd[5364]: connect from bay23-f2.bay23.hotmail.com[64.4.22.52] Mar 9 08:52:26 proxy postfix/smtpd[5364]: B706F3136F: client=bay23-f2.bay23.hotmail.com[64.4.22.52] Mar 9 08:52:27 proxy postfix/cleanup[5366]: B706F3136F: hold: header Received: from hotmail.com (bay23-f2.bay23.hotmail.com [64.4.22.52])??by mail4.trayerproducts.com (Postfix) with ESMTP id B706F3136F??for ; Wed, 9 Mar 2005 08:52:26 -0500 ( from bay23-f2.bay23.hotmail.com[64.4.22.52]; from= to= proto=ESMTP helo= Mar 9 08:52:27 proxy postfix/cleanup[5366]: B706F3136F: hold: header Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;?? Wed, 9 Mar 2005 05:52:18 -0800 from bay23-f2.bay23.hotmail.com[64.4.22.52]; from= to= proto=ESMTP helo= Mar 9 08:52:27 proxy postfix/cleanup[5366]: B706F3136F: message-id= Mar 9 08:52:27 proxy postfix/cleanup[5366]: B706F3136F: hold: header Received: from 12.33.96.149 by by23fd.bay23.hotmail.msn.com with HTTP;??Wed, 09 Mar 2005 13:52:18 GMT from bay23-f2.bay23.hotmail.com[64.4.22.52]; from= to= proto=ESMTP helo= Mar 9 08:52:27 proxy postfix/smtpd[5364]: disconnect from bay23-f2.bay23.hotmail.com[64.4.22.52] Mar 9 08:52:27 proxy postfix/smtpd[5364]: connect from unknown[220.85.185.155] Mar 9 08:52:28 proxy MailScanner[4377]: New Batch: Scanning 1 messages, 1527 bytes Mar 9 08:52:28 proxy MailScanner[4377]: Spam Checks: Starting Mar 9 08:52:29 proxy postfix/smtpd[5364]: ABCFD31371: client=unknown[220.85.185.155] Mar 9 08:52:32 proxy postfix/cleanup[5366]: ABCFD31371: hold: header Received: from 12.33.96.154 (unknown [220.85.185.155])??by mail4.trayerproducts.com (Postfix) with SMTP??id ABCFD31371; Wed, 9 Mar 2005 08:52:29 -0500 (EST) from unknown[220.85.185.155]; from= to= proto=SMTP helo=<12.33.96.154> Mar 9 08:52:32 proxy postfix/cleanup[5366]: ABCFD31371: hold: header Received: from kindred.wwwbc.com ([212.100.234.102])? by breccia.gamewood.net? (Sun Java System Messaging Server 6.1 HotFix 0.07 (built Aug 24 2004))? with SMTP id <0ICD00HGMY1D01Q0@breccia.gamewood.n from unknown[220.85.185.155]; from= to= proto=SMTP helo=<12.33.96.154> Mar 9 08:52:32 proxy postfix/cleanup[5366]: ABCFD31371: hold: header Received: (qmail 85850 invoked from network); Wed, 09 Mar 2005 12:51:20 -0100 from unknown[220.85.185.155]; from= to= proto=SMTP helo=<12.33.96.154> Mar 9 08:52:32 proxy postfix/cleanup[5366]: ABCFD31371: hold: header Received: from unknown (HELO titus.flashmail.net) (168.75.97.211)? by server-7.somewhere-85.wwwbc.com with SMTP; Wed, 09 Mar 2005 19:51:20 +0600 from unknown[220.85.185.155]; from= to= proto=SMTP helo=<12.33.96.154> Mar 9 08:52:32 proxy postfix/cleanup[5366]: ABCFD31371: hold: header Received: by titus with Internet Mail Service (5.5.8923.78)??id ; Wed, 09 Mar 2005 09:48:20 -0400??Date: Wed, 09 Mar 2005 08:52:20 -0500 from unknown[220.85.185.155]; from= to= proto=SMTP helo=<12.33.96.154> Mar 9 08:52:32 proxy postfix/cleanup[5366]: ABCFD31371: message-id=<579952437875.RWE98848@france.com> Mar 9 08:52:34 proxy MailScanner[4377]: Virus and Content Scanning: Starting Mar 9 08:52:34 proxy postfix/smtpd[5364]: disconnect from unknown[220.85.185.155] Mar 9 08:52:34 proxy MailScanner[4377]: Requeue: B706F3136F.CB6F5 to A4C8131372 Mar 9 08:52:34 proxy postfix/qmgr[27727]: A4C8131372: from=, size=1274, nrcpt=2 (queue active) Mar 9 08:52:34 proxy MailScanner[4377]: Uninfected: Delivered 1 messages Mar 9 08:52:35 proxy MailScanner[4377]: New Batch: Scanning 1 messages, 4821 bytes Mar 9 08:52:35 proxy MailScanner[4377]: Spam Checks: Starting Mar 9 08:52:34 proxy postfix/local[5357]: A4C8131372: to=, orig_to=, relay=local, delay=8, status=sent (mailbox) Mar 9 08:52:34 proxy postfix/local[5370]: A4C8131372: to=, orig_to=, relay=local, delay=8, status=sent (mailbox) Mar 9 08:52:37 proxy postfix/cleanup[5322]: 3ED3C3135E: hold: header Received: from n17a.bulk.scd.yahoo.com (n17a.bulk.scd.yahoo.com [66.94.237.46])??by mail4.trayerproducts.com (Postfix) with SMTP id 3ED3C3135E??for ; Wed, 9 Mar 2005 08:52 from n17a.bulk.scd.yahoo.com[66.94.237.46]; from= to= proto=SMTP helo= Mar 9 08:52:37 proxy postfix/cleanup[5322]: 3ED3C3135E: hold: header Received: from [66.218.66.58] by n17.bulk.scd.yahoo.com with NNFMP; 09 Mar 2005 13:51:46 -0000 from n17a.bulk.scd.yahoo.com[66.94.237.46]; from= to= proto=SMTP helo= Mar 9 08:52:37 proxy postfix/cleanup[5322]: 3ED3C3135E: hold: header Received: from [66.218.66.30] by mailer7.bulk.scd.yahoo.com with NNFMP; 09 Mar 2005 13:51:25 -0000 from n17a.bulk.scd.yahoo.com[66.94.237.46]; from= to= proto=SMTP helo= Mar 9 08:52:37 proxy postfix/cleanup[5322]: 3ED3C3135E: hold: header Received: (qmail 63752 invoked from network); 9 Mar 2005 13:51:18 -0000 from n17a.bulk.scd.yahoo.com[66.94.237.46]; from= to= proto=SMTP helo= Mar 9 08:52:37 proxy postfix/cleanup[5322]: 3ED3C3135E: hold: header Received: from unknown (66.218.66.167)? by m24.grp.scd.yahoo.com with QMQP; 9 Mar 2005 13:51:17 -0000 from n17a.bulk.scd.yahoo.com[66.94.237.46]; from= to= proto=SMTP helo= Mar 9 08:52:37 proxy postfix/cleanup[5322]: 3ED3C3135E: hold: header Received: from unknown (HELO xcgca812.northgrum.com) (208.12.122.38)? by mta6.grp.scd.yahoo.com with SMTP; 9 Mar 2005 13:51:13 -0000 from n17a.bulk.scd.yahoo.com[66.94.237.46]; from= to= proto=SMTP helo= Mar 9 08:52:37 proxy postfix/cleanup[5322]: 3ED3C3135E: hold: header Received: from xcgca802.northgrum.com ([157.127.103.21]) by xcgca812.northgrum.com with InterScan Messaging Security Suite; Wed, 09 Mar 2005 05:50:48 -0800 from n17a.bulk.scd.yahoo.com[66.94.237.46]; from= to= proto=SMTP helo= Mar 9 08:52:37 proxy postfix/cleanup[5322]: 3ED3C3135E: hold: header Received: from xcgc3000.northgrum.com ([129.4.42.81]) by xcgca802.northgrum.com with Microsoft SMTPSVC(6.0.3790.211);?? Wed, 9 Mar 2005 05:50:47 -0800 from n17a.bulk.scd.yahoo.com[66.94.237.46]; from= to= proto=SMTP helo= Mar 9 08:52:37 proxy postfix/cleanup[5322]: 3ED3C3135E: hold: header Received: from XCGC3005.northgrum.com ([129.4.42.61]) by xcgc3000.northgrum.com with Microsoft SMTPSVC(6.0.3790.211);?? Wed, 9 Mar 2005 05:50:47 -0800 from n17a.bulk.scd.yahoo.com[66.94.237.46]; from= to= proto=SMTP helo= Mar 9 08:52:37 proxy postfix/cleanup[5322]: 3ED3C3135E: message-id= Mar 9 08:52:39 proxy postfix/smtpd[5321]: disconnect from n17a.bulk.scd.yahoo.com[66.94.237.46] Mar 9 08:52:42 proxy MailScanner[4377]: Message ABCFD31371.9BD92 from 220.85.185.155 (enxoyzjjvjq@dreamer.com.tw) to trayerproducts.com,mail4.trayerproducts.com is spam, SpamAssassin (score=58.564, required 5, autolearn=spam, BAYES_50 0.00, DRUGS_ANXIETY 0.01, DRUGS_ANXIETY_EREC 1.00, DRUGS_ANXIETY_OBFU 1.00, DRUGS_DEPRESSION 0.01, DRUGS_DEPR_EREC 1.00, DRUGS_DIET 0.01, DRUGS_DIET_EREC 1.00, DRUGS_DIET_OBFU 1.00, DRUGS_ERECTILE 1.00, DRUGS_ERECTILE_OBFU 1.50, DRUGS_MANYKINDS 1.00, DRUGS_MUSCLE 0.01, DRUGS_SLEEP 0.01, DRUGS_SLEEP_EREC 0.50, FB_CAT1ON 0.55, FS_GAPPY_2 0.41, GAPPY_SUBJECT 1.34, HTML_50_60 0.09, HTML_MESSAGE 0.00, J_CHICKENPOX_12 0.60, J_CHICKENPOX_13 0.60, J_CHICKENPOX_22 0.60, J_CHICKENPOX_23 0.60, J_CHICKENPOX_72 0.60, MANGLED_AMBIEN 2.50, MANGLED_LVITRA 2.50, MANGLED_MEDCTN 2.30, MANGLED_MRIDIA 2.50, MANGLED_PAIN 2.30, MANGLED_PHENTR 2.50, MANGLED_PILL 2.30, MANGLED_PROZAC 2.50, MANGLED_SHPPNG 2.30, MANGLED_SOMA 2.50, MANGLED_VALIUM 2.50, MANGLED_VIAGRA 2.50, MANY_EXCLAMATIONS 0.00, RCVD_HELO_IP_MISMATCH 2. Mar 9 08:52:43 proxy MailScanner[4377]: Spam Checks: Found 1 spam messages Mar 9 08:52:43 proxy MailScanner[4377]: Spam Actions: message ABCFD31371.9BD92 actions are rgreen@mail4.trayerproducts.com,store,forward Mar 9 08:52:43 proxy MailScanner[4377]: Virus and Content Scanning: Starting Mar 9 08:52:44 proxy MailScanner[4377]: Content Checks: Detected and will disarm HTML message in ABCFD31371.9BD92 Mar 9 08:52:44 proxy MailScanner[4377]: Requeue: ABCFD31371.9BD92 to 9623D31372 Mar 9 08:52:44 proxy postfix/qmgr[27727]: 9623D31372: from=, size=5761, nrcpt=1 (queue active) Mar 9 08:52:45 proxy MailScanner[4377]: Uninfected: Delivered 1 messages Mar 9 08:52:45 proxy MailScanner[4377]: New Batch: Scanning 1 messages, 4305 bytes Mar 9 08:52:45 proxy MailScanner[4377]: Spam Checks: Starting Mar 9 08:52:44 proxy postfix/local[5357]: 9623D31372: to=, orig_to=, relay=local, delay=15, status=sent (mailbox) Mar 9 08:52:51 proxy MailScanner[4377]: Virus and Content Scanning: Starting Mar 9 08:52:52 proxy MailScanner[4377]: Requeue: 3ED3C3135E.62818 to B736131372 Mar 9 08:52:52 proxy postfix/qmgr[27727]: B736131372: from=, size=4043, nrcpt=1 (queue active) Mar 9 08:52:52 proxy MailScanner[4377]: Uninfected: Delivered 1 messages Mar 9 08:52:52 proxy postfix/local[5370]: B736131372: to=, orig_to=, relay=local, delay=41, status=sent (mailbox) --------------------------------------------------------------------------------- Error when sending from hotmail.com Address --------------------------------------------------------------------------------- Mar 9 09:03:39 proxy postfix/smtpd[5710]: connect from bay23-f32.bay23.hotmail.com[64.4.22.82] Mar 9 09:03:39 proxy postfix/smtpd[5710]: 5CB0231325: client=bay23-f32.bay23.hotmail.com[64.4.22.82] Mar 9 09:03:39 proxy postfix/cleanup[5712]: 5CB0231325: hold: header Received: from hotmail.com (bay23-f32.bay23.hotmail.com [64.4.22.82])??by mail4.trayerproducts.com (Postfix) with ESMTP id 5CB0231325??for ; Wed, 9 Mar 2005 09:03:39 -0500 from bay23-f32.bay23.hotmail.com[64.4.22.82]; from= to= proto=ESMTP helo= Mar 9 09:03:39 proxy postfix/cleanup[5712]: 5CB0231325: hold: header Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;?? Wed, 9 Mar 2005 06:03:31 -0800 from bay23-f32.bay23.hotmail.com[64.4.22.82]; from= to= proto=ESMTP helo= Mar 9 09:03:39 proxy postfix/cleanup[5712]: 5CB0231325: message-id= Mar 9 09:03:39 proxy postfix/cleanup[5712]: 5CB0231325: hold: header Received: from 12.33.96.149 by by23fd.bay23.hotmail.msn.com with HTTP;??Wed, 09 Mar 2005 14:03:31 GMT from bay23-f32.bay23.hotmail.com[64.4.22.82]; from= to= proto=ESMTP helo= Mar 9 09:03:39 proxy postfix/smtpd[5710]: disconnect from bay23-f32.bay23.hotmail.com[64.4.22.82] Mar 9 09:03:40 proxy MailScanner[5699]: New Batch: Scanning 1 messages, 1602 bytes Mar 9 09:03:40 proxy MailScanner[5699]: Spam Checks: Starting Mar 9 09:03:43 proxy MailScanner[5699]: Message 5CB0231325.83317 from 64.4.22.82 (reasoning100@hotmail.com) to trayerproducts.com,mail4.trayerproducts.com is spam, SpamAssassin (score=997.455, required 5, autolearn=not spam, BAYES_00 -2.60, GTUBE 1000.00, MSGID_FROM_MTA_HEADER 0.05) Mar 9 09:03:44 proxy MailScanner[5699]: Spam Checks: Found 1 spam messages Mar 9 09:03:44 proxy MailScanner[5699]: Spam Actions: message 5CB0231325.83317 actions are store,forward,rgreen@trayerproducts.com Mar 9 09:03:44 proxy MailScanner[5699]: Virus and Content Scanning: Starting Mar 9 09:03:44 proxy MailScanner[5699]: Requeue: 5CB0231325.83317 to C0C4431327 Mar 9 09:03:44 proxy postfix/qmgr[5687]: C0C4431327: from=, size=1616, nrcpt=1 (queue active) Mar 9 09:03:45 proxy MailScanner[5699]: Uninfected: Delivered 1 messages Mar 9 09:03:45 proxy postfix/error[5718]: C0C4431327: to=, orig_to=, relay=none, delay=6, status=bounced (user unknown in virtual alias table) Mar 9 09:03:45 proxy postfix/cleanup[5712]: 35A1F31325: message-id=<20050309140345.35A1F31325@mail4.trayerproducts.com> Mar 9 09:03:45 proxy postfix/qmgr[5687]: 35A1F31325: from=<>, size=3291, nrcpt=1 (queue active) Mar 9 09:03:46 proxy postfix/smtp[5720]: 35A1F31325: to=, relay=mx3.hotmail.com[65.54.253.99], delay=1, status=sent (250 <20050309140345.35A1F31325@mail4.trayerproducts.com> Queued mail for delivery) --------------------------------------------------------------------------------- Error when sending from Gmail.com Address --------------------------------------------------------------------------------- Mar 9 09:04:51 proxy postfix/smtpd[5710]: connect from rproxy.gmail.com[64.233.170.195] Mar 9 09:04:51 proxy postfix/smtpd[5710]: 5644131325: client=rproxy.gmail.com[64.233.170.195] Mar 9 09:04:51 proxy postfix/cleanup[5712]: 5644131325: hold: header Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.195])??by mail4.trayerproducts.com (Postfix) with ESMTP id 5644131325??for ; Wed, 9 Mar 2005 09:04:51 -0500 (E from rproxy.gmail.com[64.233.170.195]; from= to= proto=ESMTP helo= Mar 9 09:04:51 proxy postfix/cleanup[5712]: 5644131325: hold: header Received: by rproxy.gmail.com with SMTP id 34so211958rns? for ; Wed, 09 Mar 2005 06:04:44 -0800 (PST) from rproxy.gmail.com[64.233.170.195]; from= to= proto=ESMTP helo= Mar 9 09:04:51 proxy postfix/cleanup[5712]: 5644131325: hold: header Received: by 10.38.179.2 with SMTP id b2mr457811rnf;? Wed, 09 Mar 2005 06:04:44 -0800 (PST) from rproxy.gmail.com[64.233.170.195]; from= to= proto=ESMTP helo= Mar 9 09:04:51 proxy postfix/cleanup[5712]: 5644131325: hold: header Received: by 10.38.8.61 with HTTP; Wed, 9 Mar 2005 06:04:44 -0800 (PST) from rproxy.gmail.com[64.233.170.195]; from= to= proto=ESMTP helo= Mar 9 09:04:51 proxy postfix/cleanup[5712]: 5644131325: message-id=<31e7748d05030906043c8b0720@mail.gmail.com> Mar 9 09:04:51 proxy postfix/smtpd[5710]: disconnect from rproxy.gmail.com[64.233.170.195] Mar 9 09:04:52 proxy MailScanner[5699]: New Batch: Scanning 1 messages, 1816 bytes Mar 9 09:04:52 proxy MailScanner[5699]: Spam Checks: Starting Mar 9 09:04:56 proxy MailScanner[5699]: Message 5644131325.9D182 from 64.233.170.195 (rodgreen@gmail.com) to trayerproducts.com,mail4.trayerproducts.com is spam, SpamAssassin (score=997.468, required 5, autolearn=not spam, BAYES_00 -2.60, GTUBE 1000.00, RCVD_BY_IP 0.07) Mar 9 09:04:58 proxy MailScanner[5699]: Spam Checks: Found 1 spam messages Mar 9 09:04:58 proxy MailScanner[5699]: Spam Actions: message 5644131325.9D182 actions are store,forward,rgreen@trayerproducts.com Mar 9 09:04:58 proxy MailScanner[5699]: Virus and Content Scanning: Starting Mar 9 09:04:59 proxy MailScanner[5699]: Requeue: 5644131325.9D182 to 6DEA63132A Mar 9 09:04:59 proxy postfix/qmgr[5687]: 6DEA63132A: from=, size=1834, nrcpt=1 (queue active) Mar 9 09:04:59 proxy MailScanner[5699]: Uninfected: Delivered 1 messages Mar 9 09:04:59 proxy postfix/error[5718]: 6DEA63132A: to=, orig_to=, relay=none, delay=8, status=bounced (user unknown in virtual alias table) Mar 9 09:04:59 proxy postfix/cleanup[5712]: 827D231325: message-id=<20050309140459.827D231325@mail4.trayerproducts.com> Mar 9 09:04:59 proxy postfix/qmgr[5687]: 827D231325: from=<>, size=3503, nrcpt=1 (queue active) Mar 9 09:05:04 proxy postfix/smtp[5720]: 827D231325: to=, relay=gsmtp185.google.com[64.233.185.27], delay=5, status=sent (250 2.0.0 OK 1110377097) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Mar 9 14:31:29 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:55 2006 Subject: Antivirus Message-ID: Roger I'm running clamav and Sophos. log from earlier today reports things OK for both and I can the updated configs for both.. Mar 9 00:14:00 myhost update.virus.scanners: Found clamav installed Mar 9 00:14:00 myhost update.virus.scanners: Running autoupdate for clamav Mar 9 00:14:00 myhost ClamAV-autoupdate[26496]: ClamAV did not need updating Mar 9 00:14:01 myhost update.virus.scanners: Found sophos installed Mar 9 00:14:01 myhost update.virus.scanners: Running autoupdate for sophos Mar 9 00:14:01 myhost Sophos-autoupdate[26582]: Sophos successfully updated in /usr/local/Sophos/391.200503090014 -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Roger Jochem wrote: > Could anyone else running 4.40-2.1 with more antivirus products check in > maillog if all of them are being updated? I did't found the problem in my > configuration yet... > > ----- Original Message ----- > From: "Roger Jochem" > To: > Sent: Wednesday, March 09, 2005 8:38 AM > Subject: Re: Antivirus > > > >>The virus.scanners.conf seems fine... And I tested the tree products as >>sugested in the virus.scanners.conf and all worked. >> >>Bitdefender is the first of the tree in my virus.scanners.conf file. Could >>there be some kind of problem in this new version that only updates the >>first antivirus found in the virus.scanners.conf file? >> >>----- Original Message ----- >>From: "Julian Field" >>To: >>Sent: Wednesday, March 09, 2005 8:29 AM >>Subject: Re: Antivirus >> >> >> >>>Check your /etc/MailScanner/virus.scanners.conf file and make sure it is >>>pointing to all the right places. >>> >>>Roger Jochem wrote: >>> >>> >>>>I run MailScanner with clamavmodule, mcafee and bitdefender. Since I >>>>upgraded to MailScanner 4.40-2.1 (monday) only bitdefender is found >>>>and autoupdated. The scanning is working fine with the 3 products... >>>> >>>>No message showing anything about the proplem in maillog. Until >>>>4.39.6-1 it found the 3 products, and autoupdated all of them. >>>> >>>>Any clues? >>>> >>>>Roger Jochem >>>>------------------------ MailScanner list ------------------------ >>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>'leave mailscanner' in the body of the email. >>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) >>>>and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>>*Support MailScanner development - buy the book off the website!* >>> >>> >>>-- >>>Julian Field >>>www.MailScanner.info >>>MailScanner thanks transtec Computers for their support >>>Buy the MailScanner book at www.MailScanner.info/store >>> >>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>>------------------------ MailScanner list ------------------------ >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>'leave mailscanner' in the body of the email. >>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>Support MailScanner development - buy the book off the website! >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rgreen at TRAYERPRODUCTS.COM Wed Mar 9 14:37:05 2005 From: rgreen at TRAYERPRODUCTS.COM (Rodney Green) Date: Thu Jan 12 21:28:55 2006 Subject: User unknown in virtual alias table Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Also, here is the message I received at hotmail and gmail from postfix... This is the Postfix program at host mail4.trayerproducts.com. I'm sorry to have to inform you that the message returned below could not be delivered to one or more destinations. For further assistance, please send mail to If you do so, please include this problem report. You can delete your own text from the message returned below. The Postfix program : user unknown in virtual alias table Final-Recipient: rfc822; rgreen@trayerproducts.com Action: failed Status: 5.0.0 Diagnostic-Code: X-Postfix; user unknown in virtual alias table Rodney Green wrote: > Hello Drew, > > Here are some logs (see text file attached). With the spam actions > forward set to rgreen@mail4.trayerproducts.com I sent two messages, one > from hotmail and one from gmail. I then set the forward to > rgreen@trayerproducts.com and sent two messages again, from the same > e-mail accounts. When the forward address in MailScanner.conf is set to > rgreen@trayerproducts.com, any mail marked as spam is bounced. > > Thanks for your help, > Rodney > > > > Drew Marshall wrote: > >> Rodney Green wrote: >> >> Hi Rodney >> >> Just glancing at your log, it looks like a delivery bounce error as >> opposed to a bounce from smtpd. Could you post me some logs of a >> successful delivery (Just a normal mail message) and some more of this >> error (Including the submission part). >> >> Sorry, I've cut the rest of your message in an attempt to clear my >> already addled mind! >> >> Drew >> >> -- >> In line with our policy, this message has >> been scanned for viruses and dangerous >> content by MailScanner, and is believed to be clean. >> www.themarshalls.co.uk/policy >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > -- > Rodney Green > Network/Security Administrator > Trayer Products, Inc. > E-Mail: rgreen@trayerproducts.com > Phone: 607-734-8124 Ext. 343 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------------------------------------------------------ > > --------------------------------------------------------------------------------- > Normal Message deliver from Gmail.com > --------------------------------------------------------------------------------- > > > Mar 9 08:48:03 proxy postfix/smtpd[5278]: connect from rproxy.gmail.com[64.233.170.199] > Mar 9 08:48:03 proxy postfix/smtpd[5278]: 436B93135E: client=rproxy.gmail.com[64.233.170.199] > Mar 9 08:48:03 proxy postfix/cleanup[5280]: 436B93135E: hold: header Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.199])??by mail4.trayerproducts.com (Postfix) with ESMTP id 436B93135E??for ; Wed, 9 Mar 2005 08:48:03 -0500 (E from rproxy.gmail.com[64.233.170.199]; from= to= proto=ESMTP helo= > Mar 9 08:48:03 proxy postfix/cleanup[5280]: 436B93135E: hold: header Received: by rproxy.gmail.com with SMTP id 34so210348rns? for ; Wed, 09 Mar 2005 05:47:56 -0800 (PST) from rproxy.gmail.com[64.233.170.199]; from= to= proto=ESMTP helo= > Mar 9 08:48:03 proxy postfix/cleanup[5280]: 436B93135E: hold: header Received: by 10.38.179.14 with SMTP id b14mr454146rnf;? Wed, 09 Mar 2005 05:47:56 -0800 (PST) from rproxy.gmail.com[64.233.170.199]; from= to= proto=ESMTP helo= > Mar 9 08:48:03 proxy postfix/cleanup[5280]: 436B93135E: hold: header Received: by 10.38.8.61 with HTTP; Wed, 9 Mar 2005 05:47:56 -0800 (PST) from rproxy.gmail.com[64.233.170.199]; from= to= proto=ESMTP helo= > Mar 9 08:48:03 proxy postfix/cleanup[5280]: 436B93135E: message-id=<31e7748d0503090547115583ac@mail.gmail.com> > Mar 9 08:48:03 proxy postfix/smtpd[5278]: disconnect from rproxy.gmail.com[64.233.170.199] > Mar 9 08:48:04 proxy MailScanner[4377]: New Batch: Scanning 1 messages, 1755 bytes > Mar 9 08:48:04 proxy MailScanner[4377]: Spam Checks: Starting > Mar 9 08:48:10 proxy MailScanner[4377]: Virus and Content Scanning: Starting > Mar 9 08:48:11 proxy MailScanner[4377]: Requeue: 436B93135E.E0D6C to 099953136C > Mar 9 08:48:11 proxy postfix/qmgr[27727]: 099953136C: from=, size=1515, nrcpt=2 (queue active) > Mar 9 08:48:11 proxy MailScanner[4377]: Uninfected: Delivered 1 messages > Mar 9 08:48:11 proxy postfix/local[5287]: 099953136C: to=, orig_to=, relay=local, delay=8, status=sent (mailbox) > Mar 9 08:48:11 proxy postfix/local[5303]: 099953136C: to=, orig_to=, relay=local, delay=8, status=sent (mailbox) > > --------------------------------------------------------------------------------- > Normal Message deliver from hotmail.com > --------------------------------------------------------------------------------- > > Mar 9 08:52:26 proxy postfix/smtpd[5364]: connect from bay23-f2.bay23.hotmail.com[64.4.22.52] > Mar 9 08:52:26 proxy postfix/smtpd[5364]: B706F3136F: client=bay23-f2.bay23.hotmail.com[64.4.22.52] > Mar 9 08:52:27 proxy postfix/cleanup[5366]: B706F3136F: hold: header Received: from hotmail.com (bay23-f2.bay23.hotmail.com [64.4.22.52])??by mail4.trayerproducts.com (Postfix) with ESMTP id B706F3136F??for ; Wed, 9 Mar 2005 08:52:26 -0500 ( from bay23-f2.bay23.hotmail.com[64.4.22.52]; from= to= proto=ESMTP helo= > Mar 9 08:52:27 proxy postfix/cleanup[5366]: B706F3136F: hold: header Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;?? Wed, 9 Mar 2005 05:52:18 -0800 from bay23-f2.bay23.hotmail.com[64.4.22.52]; from= to= proto=ESMTP helo= > Mar 9 08:52:27 proxy postfix/cleanup[5366]: B706F3136F: message-id= > Mar 9 08:52:27 proxy postfix/cleanup[5366]: B706F3136F: hold: header Received: from 12.33.96.149 by by23fd.bay23.hotmail.msn.com with HTTP;??Wed, 09 Mar 2005 13:52:18 GMT from bay23-f2.bay23.hotmail.com[64.4.22.52]; from= to= proto=ESMTP helo= > Mar 9 08:52:27 proxy postfix/smtpd[5364]: disconnect from bay23-f2.bay23.hotmail.com[64.4.22.52] > Mar 9 08:52:27 proxy postfix/smtpd[5364]: connect from unknown[220.85.185.155] > Mar 9 08:52:28 proxy MailScanner[4377]: New Batch: Scanning 1 messages, 1527 bytes > Mar 9 08:52:28 proxy MailScanner[4377]: Spam Checks: Starting > Mar 9 08:52:29 proxy postfix/smtpd[5364]: ABCFD31371: client=unknown[220.85.185.155] > Mar 9 08:52:32 proxy postfix/cleanup[5366]: ABCFD31371: hold: header Received: from 12.33.96.154 (unknown [220.85.185.155])??by mail4.trayerproducts.com (Postfix) with SMTP??id ABCFD31371; Wed, 9 Mar 2005 08:52:29 -0500 (EST) from unknown[220.85.185.155]; from= to= proto=SMTP helo=<12.33.96.154> > Mar 9 08:52:32 proxy postfix/cleanup[5366]: ABCFD31371: hold: header Received: from kindred.wwwbc.com ([212.100.234.102])? by breccia.gamewood.net? (Sun Java System Messaging Server 6.1 HotFix 0.07 (built Aug 24 2004))? with SMTP id <0ICD00HGMY1D01Q0@breccia.gamewood.n from unknown[220.85.185.155]; from= to= proto=SMTP helo=<12.33.96.154> > Mar 9 08:52:32 proxy postfix/cleanup[5366]: ABCFD31371: hold: header Received: (qmail 85850 invoked from network); Wed, 09 Mar 2005 12:51:20 -0100 from unknown[220.85.185.155]; from= to= proto=SMTP helo=<12.33.96.154> > Mar 9 08:52:32 proxy postfix/cleanup[5366]: ABCFD31371: hold: header Received: from unknown (HELO titus.flashmail.net) (168.75.97.211)? by server-7.somewhere-85.wwwbc.com with SMTP; Wed, 09 Mar 2005 19:51:20 +0600 from unknown[220.85.185.155]; from= to= proto=SMTP helo=<12.33.96.154> > Mar 9 08:52:32 proxy postfix/cleanup[5366]: ABCFD31371: hold: header Received: by titus with Internet Mail Service (5.5.8923.78)??id ; Wed, 09 Mar 2005 09:48:20 -0400??Date: Wed, 09 Mar 2005 08:52:20 -0500 from unknown[220.85.185.155]; from= to= proto=SMTP helo=<12.33.96.154> > Mar 9 08:52:32 proxy postfix/cleanup[5366]: ABCFD31371: message-id=<579952437875.RWE98848@france.com> > Mar 9 08:52:34 proxy MailScanner[4377]: Virus and Content Scanning: Starting > Mar 9 08:52:34 proxy postfix/smtpd[5364]: disconnect from unknown[220.85.185.155] > Mar 9 08:52:34 proxy MailScanner[4377]: Requeue: B706F3136F.CB6F5 to A4C8131372 > Mar 9 08:52:34 proxy postfix/qmgr[27727]: A4C8131372: from=, size=1274, nrcpt=2 (queue active) > Mar 9 08:52:34 proxy MailScanner[4377]: Uninfected: Delivered 1 messages > Mar 9 08:52:35 proxy MailScanner[4377]: New Batch: Scanning 1 messages, 4821 bytes > Mar 9 08:52:35 proxy MailScanner[4377]: Spam Checks: Starting > Mar 9 08:52:34 proxy postfix/local[5357]: A4C8131372: to=, orig_to=, relay=local, delay=8, status=sent (mailbox) > Mar 9 08:52:34 proxy postfix/local[5370]: A4C8131372: to=, orig_to=, relay=local, delay=8, status=sent (mailbox) > Mar 9 08:52:37 proxy postfix/cleanup[5322]: 3ED3C3135E: hold: header Received: from n17a.bulk.scd.yahoo.com (n17a.bulk.scd.yahoo.com [66.94.237.46])??by mail4.trayerproducts.com (Postfix) with SMTP id 3ED3C3135E??for ; Wed, 9 Mar 2005 08:52 from n17a.bulk.scd.yahoo.com[66.94.237.46]; from= to= proto=SMTP helo= > Mar 9 08:52:37 proxy postfix/cleanup[5322]: 3ED3C3135E: hold: header Received: from [66.218.66.58] by n17.bulk.scd.yahoo.com with NNFMP; 09 Mar 2005 13:51:46 -0000 from n17a.bulk.scd.yahoo.com[66.94.237.46]; from= to= proto=SMTP helo= > Mar 9 08:52:37 proxy postfix/cleanup[5322]: 3ED3C3135E: hold: header Received: from [66.218.66.30] by mailer7.bulk.scd.yahoo.com with NNFMP; 09 Mar 2005 13:51:25 -0000 from n17a.bulk.scd.yahoo.com[66.94.237.46]; from= to= proto=SMTP helo= > Mar 9 08:52:37 proxy postfix/cleanup[5322]: 3ED3C3135E: hold: header Received: (qmail 63752 invoked from network); 9 Mar 2005 13:51:18 -0000 from n17a.bulk.scd.yahoo.com[66.94.237.46]; from= to= proto=SMTP helo= > Mar 9 08:52:37 proxy postfix/cleanup[5322]: 3ED3C3135E: hold: header Received: from unknown (66.218.66.167)? by m24.grp.scd.yahoo.com with QMQP; 9 Mar 2005 13:51:17 -0000 from n17a.bulk.scd.yahoo.com[66.94.237.46]; from= to= proto=SMTP helo= > Mar 9 08:52:37 proxy postfix/cleanup[5322]: 3ED3C3135E: hold: header Received: from unknown (HELO xcgca812.northgrum.com) (208.12.122.38)? by mta6.grp.scd.yahoo.com with SMTP; 9 Mar 2005 13:51:13 -0000 from n17a.bulk.scd.yahoo.com[66.94.237.46]; from= to= proto=SMTP helo= > Mar 9 08:52:37 proxy postfix/cleanup[5322]: 3ED3C3135E: hold: header Received: from xcgca802.northgrum.com ([157.127.103.21]) by xcgca812.northgrum.com with InterScan Messaging Security Suite; Wed, 09 Mar 2005 05:50:48 -0800 from n17a.bulk.scd.yahoo.com[66.94.237.46]; from= to= proto=SMTP helo= > Mar 9 08:52:37 proxy postfix/cleanup[5322]: 3ED3C3135E: hold: header Received: from xcgc3000.northgrum.com ([129.4.42.81]) by xcgca802.northgrum.com with Microsoft SMTPSVC(6.0.3790.211);?? Wed, 9 Mar 2005 05:50:47 -0800 from n17a.bulk.scd.yahoo.com[66.94.237.46]; from= to= proto=SMTP helo= > Mar 9 08:52:37 proxy postfix/cleanup[5322]: 3ED3C3135E: hold: header Received: from XCGC3005.northgrum.com ([129.4.42.61]) by xcgc3000.northgrum.com with Microsoft SMTPSVC(6.0.3790.211);?? Wed, 9 Mar 2005 05:50:47 -0800 from n17a.bulk.scd.yahoo.com[66.94.237.46]; from= to= proto=SMTP helo= > Mar 9 08:52:37 proxy postfix/cleanup[5322]: 3ED3C3135E: message-id= > Mar 9 08:52:39 proxy postfix/smtpd[5321]: disconnect from n17a.bulk.scd.yahoo.com[66.94.237.46] > Mar 9 08:52:42 proxy MailScanner[4377]: Message ABCFD31371.9BD92 from 220.85.185.155 (enxoyzjjvjq@dreamer.com.tw) to trayerproducts.com,mail4.trayerproducts.com is spam, SpamAssassin (score=58.564, required 5, autolearn=spam, BAYES_50 0.00, DRUGS_ANXIETY 0.01, DRUGS_ANXIETY_EREC 1.00, DRUGS_ANXIETY_OBFU 1.00, DRUGS_DEPRESSION 0.01, DRUGS_DEPR_EREC 1.00, DRUGS_DIET 0.01, DRUGS_DIET_EREC 1.00, DRUGS_DIET_OBFU 1.00, DRUGS_ERECTILE 1.00, DRUGS_ERECTILE_OBFU 1.50, DRUGS_MANYKINDS 1.00, DRUGS_MUSCLE 0.01, DRUGS_SLEEP 0.01, DRUGS_SLEEP_EREC 0.50, FB_CAT1ON 0.55, FS_GAPPY_2 0.41, GAPPY_SUBJECT 1.34, HTML_50_60 0.09, HTML_MESSAGE 0.00, J_CHICKENPOX_12 0.60, J_CHICKENPOX_13 0.60, J_CHICKENPOX_22 0.60, J_CHICKENPOX_23 0.60, J_CHICKENPOX_72 0.60, MANGLED_AMBIEN 2.50, MANGLED_LVITRA 2.50, MANGLED_MEDCTN 2.30, MANGLED_MRIDIA 2.50, MANGLED_PAIN 2.30, MANGLED_PHENTR 2.50, MANGLED_PILL 2.30, MANGLED_PROZAC 2.50, MANGLED_SHPPNG 2.30, MANGLED_SOMA 2.50, MANGLED_VALIUM 2.50, MANGLED_VIAGRA 2 .50, MANY_EXCLAMATIONS 0.00, RCVD_HELO_IP_MISMATCH 2. > Mar 9 08:52:43 proxy MailScanner[4377]: Spam Checks: Found 1 spam messages > Mar 9 08:52:43 proxy MailScanner[4377]: Spam Actions: message ABCFD31371.9BD92 actions are rgreen@mail4.trayerproducts.com,store,forward > Mar 9 08:52:43 proxy MailScanner[4377]: Virus and Content Scanning: Starting > Mar 9 08:52:44 proxy MailScanner[4377]: Content Checks: Detected and will disarm HTML message in ABCFD31371.9BD92 > Mar 9 08:52:44 proxy MailScanner[4377]: Requeue: ABCFD31371.9BD92 to 9623D31372 > Mar 9 08:52:44 proxy postfix/qmgr[27727]: 9623D31372: from=, size=5761, nrcpt=1 (queue active) > Mar 9 08:52:45 proxy MailScanner[4377]: Uninfected: Delivered 1 messages > Mar 9 08:52:45 proxy MailScanner[4377]: New Batch: Scanning 1 messages, 4305 bytes > Mar 9 08:52:45 proxy MailScanner[4377]: Spam Checks: Starting > Mar 9 08:52:44 proxy postfix/local[5357]: 9623D31372: to=, orig_to=, relay=local, delay=15, status=sent (mailbox) > Mar 9 08:52:51 proxy MailScanner[4377]: Virus and Content Scanning: Starting > Mar 9 08:52:52 proxy MailScanner[4377]: Requeue: 3ED3C3135E.62818 to B736131372 > Mar 9 08:52:52 proxy postfix/qmgr[27727]: B736131372: from=, size=4043, nrcpt=1 (queue active) > Mar 9 08:52:52 proxy MailScanner[4377]: Uninfected: Delivered 1 messages > Mar 9 08:52:52 proxy postfix/local[5370]: B736131372: to=, orig_to=, relay=local, delay=41, status=sent (mailbox) > > --------------------------------------------------------------------------------- > Error when sending from hotmail.com Address > --------------------------------------------------------------------------------- > > Mar 9 09:03:39 proxy postfix/smtpd[5710]: connect from bay23-f32.bay23.hotmail.com[64.4.22.82] > Mar 9 09:03:39 proxy postfix/smtpd[5710]: 5CB0231325: client=bay23-f32.bay23.hotmail.com[64.4.22.82] > Mar 9 09:03:39 proxy postfix/cleanup[5712]: 5CB0231325: hold: header Received: from hotmail.com (bay23-f32.bay23.hotmail.com [64.4.22.82])??by mail4.trayerproducts.com (Postfix) with ESMTP id 5CB0231325??for ; Wed, 9 Mar 2005 09:03:39 -0500 from bay23-f32.bay23.hotmail.com[64.4.22.82]; from= to= proto=ESMTP helo= > Mar 9 09:03:39 proxy postfix/cleanup[5712]: 5CB0231325: hold: header Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;?? Wed, 9 Mar 2005 06:03:31 -0800 from bay23-f32.bay23.hotmail.com[64.4.22.82]; from= to= proto=ESMTP helo= > Mar 9 09:03:39 proxy postfix/cleanup[5712]: 5CB0231325: message-id= > Mar 9 09:03:39 proxy postfix/cleanup[5712]: 5CB0231325: hold: header Received: from 12.33.96.149 by by23fd.bay23.hotmail.msn.com with HTTP;??Wed, 09 Mar 2005 14:03:31 GMT from bay23-f32.bay23.hotmail.com[64.4.22.82]; from= to= proto=ESMTP helo= > Mar 9 09:03:39 proxy postfix/smtpd[5710]: disconnect from bay23-f32.bay23.hotmail.com[64.4.22.82] > Mar 9 09:03:40 proxy MailScanner[5699]: New Batch: Scanning 1 messages, 1602 bytes > Mar 9 09:03:40 proxy MailScanner[5699]: Spam Checks: Starting > Mar 9 09:03:43 proxy MailScanner[5699]: Message 5CB0231325.83317 from 64.4.22.82 (reasoning100@hotmail.com) to trayerproducts.com,mail4.trayerproducts.com is spam, SpamAssassin (score=997.455, required 5, autolearn=not spam, BAYES_00 -2.60, GTUBE 1000.00, MSGID_FROM_MTA_HEADER 0.05) > Mar 9 09:03:44 proxy MailScanner[5699]: Spam Checks: Found 1 spam messages > Mar 9 09:03:44 proxy MailScanner[5699]: Spam Actions: message 5CB0231325.83317 actions are store,forward,rgreen@trayerproducts.com > Mar 9 09:03:44 proxy MailScanner[5699]: Virus and Content Scanning: Starting > Mar 9 09:03:44 proxy MailScanner[5699]: Requeue: 5CB0231325.83317 to C0C4431327 > Mar 9 09:03:44 proxy postfix/qmgr[5687]: C0C4431327: from=, size=1616, nrcpt=1 (queue active) > Mar 9 09:03:45 proxy MailScanner[5699]: Uninfected: Delivered 1 messages > Mar 9 09:03:45 proxy postfix/error[5718]: C0C4431327: to=, orig_to=, relay=none, delay=6, status=bounced (user unknown in virtual alias table) > Mar 9 09:03:45 proxy postfix/cleanup[5712]: 35A1F31325: message-id=<20050309140345.35A1F31325@mail4.trayerproducts.com> > Mar 9 09:03:45 proxy postfix/qmgr[5687]: 35A1F31325: from=<>, size=3291, nrcpt=1 (queue active) > Mar 9 09:03:46 proxy postfix/smtp[5720]: 35A1F31325: to=, relay=mx3.hotmail.com[65.54.253.99], delay=1, status=sent (250 <20050309140345.35A1F31325@mail4.trayerproducts.com> Queued mail for delivery) > > --------------------------------------------------------------------------------- > Error when sending from Gmail.com Address > --------------------------------------------------------------------------------- > > Mar 9 09:04:51 proxy postfix/smtpd[5710]: connect from rproxy.gmail.com[64.233.170.195] > Mar 9 09:04:51 proxy postfix/smtpd[5710]: 5644131325: client=rproxy.gmail.com[64.233.170.195] > Mar 9 09:04:51 proxy postfix/cleanup[5712]: 5644131325: hold: header Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.195])??by mail4.trayerproducts.com (Postfix) with ESMTP id 5644131325??for ; Wed, 9 Mar 2005 09:04:51 -0500 (E from rproxy.gmail.com[64.233.170.195]; from= to= proto=ESMTP helo= > Mar 9 09:04:51 proxy postfix/cleanup[5712]: 5644131325: hold: header Received: by rproxy.gmail.com with SMTP id 34so211958rns? for ; Wed, 09 Mar 2005 06:04:44 -0800 (PST) from rproxy.gmail.com[64.233.170.195]; from= to= proto=ESMTP helo= > Mar 9 09:04:51 proxy postfix/cleanup[5712]: 5644131325: hold: header Received: by 10.38.179.2 with SMTP id b2mr457811rnf;? Wed, 09 Mar 2005 06:04:44 -0800 (PST) from rproxy.gmail.com[64.233.170.195]; from= to= proto=ESMTP helo= > Mar 9 09:04:51 proxy postfix/cleanup[5712]: 5644131325: hold: header Received: by 10.38.8.61 with HTTP; Wed, 9 Mar 2005 06:04:44 -0800 (PST) from rproxy.gmail.com[64.233.170.195]; from= to= proto=ESMTP helo= > Mar 9 09:04:51 proxy postfix/cleanup[5712]: 5644131325: message-id=<31e7748d05030906043c8b0720@mail.gmail.com> > Mar 9 09:04:51 proxy postfix/smtpd[5710]: disconnect from rproxy.gmail.com[64.233.170.195] > Mar 9 09:04:52 proxy MailScanner[5699]: New Batch: Scanning 1 messages, 1816 bytes > Mar 9 09:04:52 proxy MailScanner[5699]: Spam Checks: Starting > Mar 9 09:04:56 proxy MailScanner[5699]: Message 5644131325.9D182 from 64.233.170.195 (rodgreen@gmail.com) to trayerproducts.com,mail4.trayerproducts.com is spam, SpamAssassin (score=997.468, required 5, autolearn=not spam, BAYES_00 -2.60, GTUBE 1000.00, RCVD_BY_IP 0.07) > Mar 9 09:04:58 proxy MailScanner[5699]: Spam Checks: Found 1 spam messages > Mar 9 09:04:58 proxy MailScanner[5699]: Spam Actions: message 5644131325.9D182 actions are store,forward,rgreen@trayerproducts.com > Mar 9 09:04:58 proxy MailScanner[5699]: Virus and Content Scanning: Starting > Mar 9 09:04:59 proxy MailScanner[5699]: Requeue: 5644131325.9D182 to 6DEA63132A > Mar 9 09:04:59 proxy postfix/qmgr[5687]: 6DEA63132A: from=, size=1834, nrcpt=1 (queue active) > Mar 9 09:04:59 proxy MailScanner[5699]: Uninfected: Delivered 1 messages > Mar 9 09:04:59 proxy postfix/error[5718]: 6DEA63132A: to=, orig_to=, relay=none, delay=8, status=bounced (user unknown in virtual alias table) > Mar 9 09:04:59 proxy postfix/cleanup[5712]: 827D231325: message-id=<20050309140459.827D231325@mail4.trayerproducts.com> > Mar 9 09:04:59 proxy postfix/qmgr[5687]: 827D231325: from=<>, size=3503, nrcpt=1 (queue active) > Mar 9 09:05:04 proxy postfix/smtp[5720]: 827D231325: to=, relay=gsmtp185.google.com[64.233.185.27], delay=5, status=sent (250 2.0.0 OK 1110377097) > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- Rodney Green Network/Security Administrator Trayer Products, Inc. E-Mail: rgreen@trayerproducts.com Phone: 607-734-8124 Ext. 343 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Mar 9 14:46:14 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:55 2006 Subject: 4.40.2-1 - good news to report! Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Yay! Thankyou for the good news! :-) Quentin Campbell wrote: >Julian > >After the problems we encountered at this site with some of the 4.39.* >releases, it is heartening to observe that your BETA 4.40.2-1 release is >running without problems on one of our production mail gateways (they >are all RH AS 3 + Sendmail + SpamAssassin 3.0.2 + Sophos + McAfee). > >Quentin >--- >PHONE: +44 191 222 8209 Information Systems and Services (ISS), > University of Newcastle, > Newcastle upon Tyne, >FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >------------------------------------------------------------------------ >"Any opinion expressed above is mine. The University can get its own." > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dickenson at CFMC.COM Wed Mar 9 14:56:24 2005 From: dickenson at CFMC.COM (Jim Dickenson) Date: Thu Jan 12 21:28:55 2006 Subject: User unknown in virtual alias table Message-ID: Have you tried sending email to @mail2.trayerproducts.com and @mail4.trayerproducts.com to make sure that gets delivered correctly? -- Jim Dickenson mailto:dickenson@cfmc.com CfMC http://www.cfmc.com/ > From: Rodney Green > Reply-To: MailScanner mailing list > Date: Wed, 9 Mar 2005 08:02:33 -0500 > To: > Subject: Re: User unknown in virtual alias table > > Martin, > > Any ideas on what the problem might be? > > Thanks again, > Rodney > > Rodney Green wrote: >> Martin, >> >> The MX record resolves to mail2.trayerproducts.com. >> mail2.trayerproducts.com resolves to the same IP address as >> mail4.trayerproducts.com. Really odd that it's bouncing mail to my >> address when it's delivered normally when it's not spam. I just don't >> get it. >> >> Thanks for your help, >> Rodney >> >> >> Martin Hepworth wrote: >> >>> Rodney >>> >>> what does the MS machine think the MX record for trayerproducts.com is? >>> It looks like its routing the forward to itself, and not finding >>> rgreen@trayerproducts.com and producing the bounce then. >>> >>> >>> >>> -- >>> Martin Hepworth >>> Snr Systems Administrator >>> Solid State Logic >>> Tel: +44 (0)1865 842300 >>> >>> >>> Rodney Green wrote: >>> >>>> Martin, Derek, >>>> >>>> I did suspect that maybe there was a problem with the forward I use in >>>> the spam and high scoring spam actions. I simply used my e-mail address, >>>> rgreen@trayerproducts.com. I just did a test by setting the actions to >>>> deliver and the bounce problem went away. I just set the action to >>>> forward again and this time I modified my e-mail address to be >>>> rgreen@mail4.trayerproducts.com and it's working okay now. Here are my >>>> logs (below message), and they do show that it is a postfix problem. Any >>>> ideas on what I might have configured incorrectly? >>>> >>>> Thanks for your help, >>>> Rod >>>> >>>> Mar 8 08:43:50 proxy MailScanner[16793]: Message 97DF93132C.95381 from >>>> 206.190.38.213 (reason1000@yahoo.com) to >>>> trayerproducts.com,mail4.trayerproducts.com is spam, SpamAssassin >>>> (score=997.401, required 5, autolearn=not spam, BAYES_00 -2.60, GTUBE >>>> 1000.00) >>>> Mar 8 08:43:52 proxy MailScanner[16793]: Spam Checks: Found 1 spam >>>> messages >>>> Mar 8 08:43:52 proxy MailScanner[16793]: Spam Actions: message >>>> 97DF93132C.95381 actions are store,forward,rgreen@trayerproducts.com >>>> Mar 8 08:43:52 proxy MailScanner[16793]: Virus and Content Scanning: >>>> Starting >>>> Mar 8 08:43:52 proxy MailScanner[16793]: Requeue: 97DF93132C.95381 to >>>> 832783132D >>>> Mar 8 08:43:52 proxy postfix/qmgr[16765]: 832783132D: >>>> from=, size=1640, nrcpt=1 (queue active) >>>> Mar 8 08:43:53 proxy MailScanner[16793]: Uninfected: Delivered 1 >>>> messages >>>> Mar 8 08:43:53 proxy postfix/error[17012]: 832783132D: >>>> to=, orig_to=, relay=none, delay=6, >>>> status=bounced (user unknown in virtual alias table) >>>> >>>> >>>> Martin Hepworth wrote: >>>> >>>>> Rodney >>>>> >>>>> anything in the log files for this test message? Like is MS processing >>>>> it at all or is PF rejecting it? >>>>> >>>>> -- >>>>> Martin Hepworth >>>>> Snr Systems Administrator >>>>> Solid State Logic >>>>> Tel: +44 (0)1865 842300 >>>>> >>>>> >>>>> Rodney Green wrote: >>>>> >>>>>> MailScanner 4.37.7-1 >>>>>> SpamAssassin 3.0.2 >>>>>> Postfix 2.0.20 >>>>>> >>>>>> Hello, >>>>>> >>>>>> I've just moved mail services from a server running older versions of >>>>>> the above software to the newer versions listed. In testing, I've >>>>>> noticed something that seems odd to me. When I send a message to my >>>>>> address from yahoo with the gtube spam testing string, my mail server >>>>>> sends back an error message saying "user unknown in virtual alias >>>>>> table." The user (myself) is definitely in the virtual alias table and >>>>>> receiving mail just fine. When I send normal mail from my yahoo >>>>>> account >>>>>> it is delivered without any problems. >>>>>> >>>>>> Anyone have any idea what's happening here? Is there some kind of >>>>>> feature in MS or SA that is sending back a "user unknown" error to >>>>>> trick >>>>>> spammers into taking the address of their list? >>>>>> >>>>>> Thanks! >>>>>> Rod >>>>>> >>>>>> ------------------------ MailScanner list ------------------------ >>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>> 'leave mailscanner' in the body of the email. >>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>> >>>>>> Support MailScanner development - buy the book off the website! >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> ********************************************************************** >>>>> >>>>> This email and any files transmitted with it are confidential and >>>>> intended solely for the use of the individual or entity to whom they >>>>> are addressed. If you have received this email in error please notify >>>>> the system manager. >>>>> >>>>> This footnote confirms that this email message has been swept >>>>> for the presence of computer viruses and is believed to be clean. >>>>> >>>>> ********************************************************************** >>>>> >>>>> ------------------------ MailScanner list ------------------------ >>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>> 'leave mailscanner' in the body of the email. >>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>>> >>>> >>>> -- >>>> Rodney Green >>>> Network/Security Administrator >>>> Trayer Products, Inc. >>>> E-Mail: rgreen@trayerproducts.com >>>> Phone: 607-734-8124 Ext. 343 >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>> >>> >>> >>> ********************************************************************** >>> >>> This email and any files transmitted with it are confidential and >>> intended solely for the use of the individual or entity to whom they >>> are addressed. If you have received this email in error please notify >>> the system manager. >>> >>> This footnote confirms that this email message has been swept >>> for the presence of computer viruses and is believed to be clean. >>> >>> ********************************************************************** >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> -- >> Rodney Green >> Network/Security Administrator >> Trayer Products, Inc. >> E-Mail: rgreen@trayerproducts.com >> Phone: 607-734-8124 Ext. 343 >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > -- > Rodney Green > Network/Security Administrator > Trayer Products, Inc. > E-Mail: rgreen@trayerproducts.com > Phone: 607-734-8124 Ext. 343 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rgreen at TRAYERPRODUCTS.COM Wed Mar 9 15:05:29 2005 From: rgreen at TRAYERPRODUCTS.COM (Rodney Green) Date: Thu Jan 12 21:28:55 2006 Subject: User unknown in virtual alias table Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I just tried this and both messages were delivered, no problem. Thanks Jim. Jim Dickenson wrote: > Have you tried sending email to @mail2.trayerproducts.com and > @mail4.trayerproducts.com to make sure that gets delivered correctly? > -- > Jim Dickenson > mailto:dickenson@cfmc.com > > CfMC > http://www.cfmc.com/ > > > > >>From: Rodney Green >>Reply-To: MailScanner mailing list >>Date: Wed, 9 Mar 2005 08:02:33 -0500 >>To: >>Subject: Re: User unknown in virtual alias table >> >>Martin, >> >>Any ideas on what the problem might be? >> >>Thanks again, >>Rodney >> >>Rodney Green wrote: >> >>>Martin, >>> >>>The MX record resolves to mail2.trayerproducts.com. >>>mail2.trayerproducts.com resolves to the same IP address as >>>mail4.trayerproducts.com. Really odd that it's bouncing mail to my >>>address when it's delivered normally when it's not spam. I just don't >>>get it. >>> >>>Thanks for your help, >>>Rodney >>> >>> >>>Martin Hepworth wrote: >>> >>> >>>>Rodney >>>> >>>>what does the MS machine think the MX record for trayerproducts.com is? >>>>It looks like its routing the forward to itself, and not finding >>>>rgreen@trayerproducts.com and producing the bounce then. >>>> >>>> >>>> >>>>-- >>>>Martin Hepworth >>>>Snr Systems Administrator >>>>Solid State Logic >>>>Tel: +44 (0)1865 842300 >>>> >>>> >>>>Rodney Green wrote: >>>> >>>> >>>>>Martin, Derek, >>>>> >>>>>I did suspect that maybe there was a problem with the forward I use in >>>>>the spam and high scoring spam actions. I simply used my e-mail address, >>>>>rgreen@trayerproducts.com. I just did a test by setting the actions to >>>>>deliver and the bounce problem went away. I just set the action to >>>>>forward again and this time I modified my e-mail address to be >>>>>rgreen@mail4.trayerproducts.com and it's working okay now. Here are my >>>>>logs (below message), and they do show that it is a postfix problem. Any >>>>>ideas on what I might have configured incorrectly? >>>>> >>>>>Thanks for your help, >>>>>Rod >>>>> >>>>>Mar 8 08:43:50 proxy MailScanner[16793]: Message 97DF93132C.95381 from >>>>>206.190.38.213 (reason1000@yahoo.com) to >>>>>trayerproducts.com,mail4.trayerproducts.com is spam, SpamAssassin >>>>>(score=997.401, required 5, autolearn=not spam, BAYES_00 -2.60, GTUBE >>>>>1000.00) >>>>>Mar 8 08:43:52 proxy MailScanner[16793]: Spam Checks: Found 1 spam >>>>>messages >>>>>Mar 8 08:43:52 proxy MailScanner[16793]: Spam Actions: message >>>>>97DF93132C.95381 actions are store,forward,rgreen@trayerproducts.com >>>>>Mar 8 08:43:52 proxy MailScanner[16793]: Virus and Content Scanning: >>>>>Starting >>>>>Mar 8 08:43:52 proxy MailScanner[16793]: Requeue: 97DF93132C.95381 to >>>>>832783132D >>>>>Mar 8 08:43:52 proxy postfix/qmgr[16765]: 832783132D: >>>>>from=, size=1640, nrcpt=1 (queue active) >>>>>Mar 8 08:43:53 proxy MailScanner[16793]: Uninfected: Delivered 1 >>>>>messages >>>>>Mar 8 08:43:53 proxy postfix/error[17012]: 832783132D: >>>>>to=, orig_to=, relay=none, delay=6, >>>>>status=bounced (user unknown in virtual alias table) >>>>> >>>>> >>>>>Martin Hepworth wrote: >>>>> >>>>> >>>>>>Rodney >>>>>> >>>>>>anything in the log files for this test message? Like is MS processing >>>>>>it at all or is PF rejecting it? >>>>>> >>>>>>-- >>>>>>Martin Hepworth >>>>>>Snr Systems Administrator >>>>>>Solid State Logic >>>>>>Tel: +44 (0)1865 842300 >>>>>> >>>>>> >>>>>>Rodney Green wrote: >>>>>> >>>>>> >>>>>>>MailScanner 4.37.7-1 >>>>>>>SpamAssassin 3.0.2 >>>>>>>Postfix 2.0.20 >>>>>>> >>>>>>>Hello, >>>>>>> >>>>>>>I've just moved mail services from a server running older versions of >>>>>>>the above software to the newer versions listed. In testing, I've >>>>>>>noticed something that seems odd to me. When I send a message to my >>>>>>>address from yahoo with the gtube spam testing string, my mail server >>>>>>>sends back an error message saying "user unknown in virtual alias >>>>>>>table." The user (myself) is definitely in the virtual alias table and >>>>>>>receiving mail just fine. When I send normal mail from my yahoo >>>>>>>account >>>>>>>it is delivered without any problems. >>>>>>> >>>>>>>Anyone have any idea what's happening here? Is there some kind of >>>>>>>feature in MS or SA that is sending back a "user unknown" error to >>>>>>>trick >>>>>>>spammers into taking the address of their list? >>>>>>> >>>>>>>Thanks! >>>>>>>Rod >>>>>>> >>>>>>>------------------------ MailScanner list ------------------------ >>>>>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>>'leave mailscanner' in the body of the email. >>>>>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>> >>>>>>>Support MailScanner development - buy the book off the website! >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>********************************************************************** >>>>>> >>>>>>This email and any files transmitted with it are confidential and >>>>>>intended solely for the use of the individual or entity to whom they >>>>>>are addressed. If you have received this email in error please notify >>>>>>the system manager. >>>>>> >>>>>>This footnote confirms that this email message has been swept >>>>>>for the presence of computer viruses and is believed to be clean. >>>>>> >>>>>>********************************************************************** >>>>>> >>>>>>------------------------ MailScanner list ------------------------ >>>>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>'leave mailscanner' in the body of the email. >>>>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>> >>>>>>Support MailScanner development - buy the book off the website! >>>>>> >>>>> >>>>>-- >>>>>Rodney Green >>>>>Network/Security Administrator >>>>>Trayer Products, Inc. >>>>>E-Mail: rgreen@trayerproducts.com >>>>>Phone: 607-734-8124 Ext. 343 >>>>> >>>>>------------------------ MailScanner list ------------------------ >>>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>'leave mailscanner' in the body of the email. >>>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>> >>>>>Support MailScanner development - buy the book off the website! >>>> >>>> >>>> >>>>********************************************************************** >>>> >>>>This email and any files transmitted with it are confidential and >>>>intended solely for the use of the individual or entity to whom they >>>>are addressed. If you have received this email in error please notify >>>>the system manager. >>>> >>>>This footnote confirms that this email message has been swept >>>>for the presence of computer viruses and is believed to be clean. >>>> >>>>********************************************************************** >>>> >>>>------------------------ MailScanner list ------------------------ >>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>'leave mailscanner' in the body of the email. >>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>>Support MailScanner development - buy the book off the website! >>>> >>> >>>-- >>>Rodney Green >>>Network/Security Administrator >>>Trayer Products, Inc. >>>E-Mail: rgreen@trayerproducts.com >>>Phone: 607-734-8124 Ext. 343 >>> >>>------------------------ MailScanner list ------------------------ >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>'leave mailscanner' in the body of the email. >>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>Support MailScanner development - buy the book off the website! >>> >> >>-- >>Rodney Green >>Network/Security Administrator >>Trayer Products, Inc. >>E-Mail: rgreen@trayerproducts.com >>Phone: 607-734-8124 Ext. 343 >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Rodney Green Network/Security Administrator Trayer Products, Inc. E-Mail: rgreen@trayerproducts.com Phone: 607-734-8124 Ext. 343 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Wed Mar 9 15:15:53 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:28:55 2006 Subject: User unknown in virtual alias table Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rodney Green wrote: >> Hello Drew, >> >> Here are some logs (see text file attached). With the spam actions >> forward set to rgreen@mail4.trayerproducts.com I sent two messages, one >> from hotmail and one from gmail. I then set the forward to >> rgreen@trayerproducts.com and sent two messages again, from the same >> e-mail accounts. When the forward address in MailScanner.conf is set to >> rgreen@trayerproducts.com, any mail marked as spam is bounced. > Rodney Could you also send a log of a normal message to yourself? I want to compare the relay logs as I think that's where the problem lies. How have you mapped trayerproducts.com to forward to your mailboxes (I assume you have a MailScanner relay box forwarding to Exchange or similar?)? Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rgreen at TRAYERPRODUCTS.COM Wed Mar 9 15:26:19 2005 From: rgreen at TRAYERPRODUCTS.COM (Rodney Green) Date: Thu Jan 12 21:28:55 2006 Subject: User unknown in virtual alias table Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Drew, The logs I sent included normal messages sent to myself from hotmail and gmail. We have only one mail server and it is running Postfix. So, when mail is received by our smtp server it is delivered locally to user accounts on that server. I have a virtual alias mapping file that maps trayerproducts.com addresses to local accounts. If you need any clarification or anything else, let me know. Thanks again, Rod Drew Marshall wrote: > Rodney Green wrote: > >>> Hello Drew, >>> >>> Here are some logs (see text file attached). With the spam actions >>> forward set to rgreen@mail4.trayerproducts.com I sent two messages, one >>> from hotmail and one from gmail. I then set the forward to >>> rgreen@trayerproducts.com and sent two messages again, from the same >>> e-mail accounts. When the forward address in MailScanner.conf is set to >>> rgreen@trayerproducts.com, any mail marked as spam is bounced. >> >> > Rodney > > Could you also send a log of a normal message to yourself? I want to > compare the relay logs as I think that's where the problem lies. How > have you mapped trayerproducts.com to forward to your mailboxes (I > assume you have a MailScanner relay box forwarding to Exchange or > similar?)? > > Drew > > -- > In line with our policy, this message has > been scanned for viruses and dangerous > content by MailScanner, and is believed to be clean. > www.themarshalls.co.uk/policy > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Rodney Green Network/Security Administrator Trayer Products, Inc. E-Mail: rgreen@trayerproducts.com Phone: 607-734-8124 Ext. 343 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cconn at ABACOM.COM Wed Mar 9 15:28:15 2005 From: cconn at ABACOM.COM (Chris Conn) Date: Thu Jan 12 21:28:55 2006 Subject: bayes expire tokens Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Kai Schaetzl wrote: > David Lee wrote on Wed, 9 Mar 2005 10:04:39 +0000: > > >>Thanks, Julian. That would be appreciated by many people. >> > > > I don't see that Julian can do much or even little about this. The problem > happens because the bayes_expiry takes too long. This can only happen on a > corrupted db or a large db. If you get quite a few messages (I think it > should be at least a few 10.000 per day, I don't have such a system, I > can't compare) running thru your system the latter is likely the case. > There are two options then: stop bayes_expiry at all (which will keep it > growing, but may work out) or do it on a scheduled basis. You can also > tweak the db size either to be very small (reducing the amount of time it > takes to expire) or rather large (so that the automatic expiry is unlikely > to happen). But this is all SA-related, not MS. Please go over to the SA > list and talk about your problems. If people just keep whining here, > nothing will change, since the developers don't know that it happens so > frequently. And if the problem is not related to what I think the SA list > is better suited for that anyway. Hello and thank you for your helpful perspective...Have you read what Mr Field has replied to me? I believe you are missing the point: Here is the quote: " Looks like I need to take another look at this again. One process doing a Bayes rebuild should lock out all the other processes from trying to use SA, or it should make them wait. What is the value of your "Wait For Bayes Rebuild" setting? " The logs I sent show that another MailScanner child process is still analyzing mail during a rebuild. Now I don't see anyone whining here, other than your own flame. I have a cron job that deletes expire files older than 2 days, so I don't personally care if this is resolved in a distant future. We are reporting factual events. And I disagree that this is SA-related as you claim, since the process actually calling expiry is MailScanner. Don't get me wrong, I think MailScanner does an excellent job. But what I and some others are pointing out, is that bayes use occurs even when MailScanner is expiring; even if it takes an hour to expire, the configuration of MailScanner (not SA) suggests you can pause MailScanner while this happens. To me and to others, including Mr Field, this is not exactly what happens. Chris ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ebruce at HPMICH.COM Wed Mar 9 15:36:44 2005 From: ebruce at HPMICH.COM (Ed Bruce) Date: Thu Jan 12 21:28:55 2006 Subject: Outstanding feature/fix requests? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > From: /etc/MailScanner/from.addresses and To: > /etc/MailScanner/to.addresses yes > > should work. So if I had 5 patterns in from.addresses and 6 patterns in to.addresses how many patterns would MS be testing? Five, six, or thirty? -- This message has been scanned for viruses and dangerous content by Secure Resource, and is believed to be clean. MailScanner thanks transtec Computers for their support. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Text/X-VCARD (charset: UTF-8 "Internet-standard Unicode") ] [ (Name: "ebruce.vcf") 15 lines. ] [ Unable to print this part. ] From cconn at ABACOM.COM Wed Mar 9 15:45:31 2005 From: cconn at ABACOM.COM (Chris Conn) Date: Thu Jan 12 21:28:55 2006 Subject: bayes expire tokens Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Kai Schaetzl wrote: > Chris, simply run a "sa-learn --force-expire" and see what you get as an > output. If it has a problem rebuilding it may hang for quite a while, just > let it run, it will eventually finish. When it says it could not rebuild > then you have a (known) problem. You can then either throw the db away or > dig (long) in the spamassassin mailing list archives for help. From your > explanation it looks like your db is quite old and you probably added much > more spam in its early time than later on. Then it's likely that SA cannot > create a good delta for expiring (because it would expire much more tokens > than it is supposed to do) and goes in a trial loop to find one. However, > in most cases it won't find a good one. Those expire files are from such > attempts. They took so long that the MS timeout was reached and the > process called off. This is not a MailScanner problem, it's due to the > expiry algorithm used in SA. > > Kai > sa-learn works fine: synced Bayes databases from journal in 1 seconds: 2720 unique entries (4235 total entries) ................................................................................ ................................................................................ ................................................................................ ................................................................................ ................................................................................ ................................................................................ ................................................................................ ...........................................expired old Bayes database entries in 114 seconds 228547 entries kept, 375363 deleted token frequency: 1-occurence tokens: 63.13% token frequency: less than 8 occurrences: 20.49% 114 seconds. Even while MailScanner was running, no timeouts, no expire dead files. ============ What I find curious as well is that in the logs, MailScanner claims to have finished the rebuild: Mar 8 21:59:59 mx2 MailScanner[23057]: SpamAssassin Bayes database rebuild completed HOWEVER all of these expire toks files are created AFTER the expiry is supposedly finished. And, each file is created _after_ a logged: Mar 8 22:10:57 mx2 MailScanner[23057]: SpamAssassin timed out and was killed, failure 0 of 20 Mar 8 22:16:14 mx2 MailScanner[23057]: SpamAssassin timed out and was killed, failure 0 of 20 Mar 8 22:21:38 mx2 MailScanner[23057]: SpamAssassin timed out and was killed, failure 0 of 20 Mar 8 22:26:38 mx2 MailScanner[23057]: SpamAssassin timed out and was killed, failure 0 of 20 Mar 8 22:32:08 mx2 MailScanner[23057]: SpamAssassin timed out and was killed, failure 0 of 20 Mar 8 22:53:34 mx2 MailScanner[23057]: SpamAssassin timed out and was killed, failure 0 of 20 Mar 8 22:59:11 mx2 MailScanner[23057]: SpamAssassin timed out and was killed, failure 0 of 20 Mar 8 23:04:11 mx2 MailScanner[23057]: SpamAssassin timed out and was killed, failure 0 of 20 Mar 8 23:09:47 mx2 MailScanner[23057]: SpamAssassin timed out and was killed, failure 0 of 20 Mar 8 23:19:49 mx2 MailScanner[23057]: SpamAssassin timed out and was killed, failure 0 of 20 Mar 8 23:25:32 mx2 MailScanner[23057]: SpamAssassin timed out and was killed, failure 0 of 20 Mar 8 23:30:39 mx2 MailScanner[23057]: SpamAssassin timed out and was killed, failure 0 of 20 Mar 8 23:41:18 mx2 MailScanner[23057]: SpamAssassin timed out and was killed, failure 0 of 20 Mar 8 23:46:28 mx2 MailScanner[23057]: SpamAssassin timed out and was killed, failure 0 of 20 Mar 9 00:07:16 mx2 MailScanner[23057]: SpamAssassin timed out and was killed, failure 0 of 20 Mar 9 00:12:26 mx2 MailScanner[23057]: SpamAssassin timed out and was killed, failure 0 of 20 Mar 9 00:17:31 mx2 MailScanner[23057]: SpamAssassin timed out and was killed, failure 0 of 20 Mar 9 00:22:36 mx2 MailScanner[23057]: SpamAssassin timed out and was killed, failure 0 of 20 Mar 9 00:28:11 mx2 MailScanner[23057]: SpamAssassin timed out and was killed, failure 0 of 20 Mar 9 00:33:42 mx2 MailScanner[23057]: SpamAssassin timed out and was killed, failure 0 of 20 Mar 9 00:39:04 mx2 MailScanner[23057]: SpamAssassin timed out and was killed, failure 0 of 20 Mar 9 00:45:03 mx2 MailScanner[23057]: SpamAssassin timed out and was killed, failure 0 of 20 Mar 9 00:50:10 mx2 MailScanner[23057]: SpamAssassin timed out and was killed, failure 0 of 20 Mar 9 00:55:31 mx2 MailScanner[23057]: SpamAssassin timed out and was killed, failure 0 of 20 Mar 9 01:01:05 mx2 MailScanner[23057]: SpamAssassin timed out and was killed, failure 0 of 20 Mar 9 01:06:36 mx2 MailScanner[23057]: SpamAssassin timed out and was killed, failure 0 of 20 Mar 9 01:11:45 mx2 MailScanner[23057]: SpamAssassin timed out and was killed, failure 0 of 20 Mar 9 01:17:26 mx2 MailScanner[23057]: SpamAssassin timed out and was killed, failure 0 of 20 Mar 9 01:37:39 mx2 MailScanner[23057]: SpamAssassin timed out and was killed, failure 0 of 20 Mar 9 01:42:51 mx2 MailScanner[23057]: SpamAssassin timed out and was killed, failure 0 of 20 Mar 9 01:48:37 mx2 MailScanner[23057]: SpamAssassin timed out and was killed, failure 0 of 20 Mar 9 01:53:44 mx2 MailScanner[23057]: SpamAssassin timed out and was killed, failure 0 of 20 Mar 9 01:58:50 mx2 MailScanner[23057]: SpamAssassin timed out and was killed, failure 0 of 20 My MailScanner-induced expiry ran for a total of 1.5 minutes and ENDED AT 10pm, yet these files are still being created 3 hours later??? And then it eventually stops. Until the next day. Chris ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Wed Mar 9 15:57:40 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:28:55 2006 Subject: question about spam store option Message-ID: Julian, Setup: MS 4.39.6, Solaris 9, SA 3.0.2. I just added "store" to my options for spam and high spam, because I wanted to take a look at what I was flagging as spam: Spam Actions = store deliver High Scoring Spam Actions = store delete Quarantine Infections = yes Quarantine Silent Viruses = no Quarantine Whole Message = yes Quarantine Whole Messages As Queue Files = yes So I looked at some of the stored samples (thank you for creating a spam subdir in quarantine!) and realized that MS stores the virgin message, no MS headers added. So I have to grep thru my syslog to find out what MS really thought of the message in terms of SA scoring, phishing, html disarming, etc. For spam storage, any chance this info could be scribbled into a file in quarantine spam subdir somehow? Jeff Earickson Colby College ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Wed Mar 9 16:10:23 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:55 2006 Subject: question about spam store option Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jeff A. Earickson wrote: > High Scoring Spam Actions = store delete You can drop the delete action there for improved clarity. > So I looked at some of the stored samples (thank you for creating > a spam subdir in quarantine!) and realized that MS stores the virgin > message, no MS headers added. So I have to grep thru my syslog to > find out what MS really thought of the message in terms of SA scoring, > phishing, html disarming, etc. For spam storage, any chance this > info could be scribbled into a file in quarantine spam subdir somehow? That's the way it is for both archive and quarantine, I have never had a problem with it since I always end up in the quarantine after checking the logs anyway. -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Wed Mar 9 16:28:25 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:28:56 2006 Subject: Antivirus Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Solved my problem. For some reason I didn't figured out, there where a lot of bitdefender autoupdate scripts running in the machine (maybe 50 or more). When I kill those processes, all returned to normality, and all the visus scanners are being updated again... ----- Original Message ----- From: "Martin Hepworth" To: Sent: Wednesday, March 09, 2005 11:31 AM Subject: Re: Antivirus > Roger > > I'm running clamav and Sophos. log from earlier today reports things OK > for both and I can the updated configs for both.. > > > Mar 9 00:14:00 myhost update.virus.scanners: Found clamav installed > Mar 9 00:14:00 myhost update.virus.scanners: Running autoupdate for clamav > Mar 9 00:14:00 myhost ClamAV-autoupdate[26496]: ClamAV did not need > updating > Mar 9 00:14:01 myhost update.virus.scanners: Found sophos installed > Mar 9 00:14:01 myhost update.virus.scanners: Running autoupdate for sophos > Mar 9 00:14:01 myhost Sophos-autoupdate[26582]: Sophos successfully > updated in > /usr/local/Sophos/391.200503090014 > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Roger Jochem wrote: > > Could anyone else running 4.40-2.1 with more antivirus products check in > > maillog if all of them are being updated? I did't found the problem in my > > configuration yet... > > > > ----- Original Message ----- > > From: "Roger Jochem" > > To: > > Sent: Wednesday, March 09, 2005 8:38 AM > > Subject: Re: Antivirus > > > > > > > >>The virus.scanners.conf seems fine... And I tested the tree products as > >>sugested in the virus.scanners.conf and all worked. > >> > >>Bitdefender is the first of the tree in my virus.scanners.conf file. Could > >>there be some kind of problem in this new version that only updates the > >>first antivirus found in the virus.scanners.conf file? > >> > >>----- Original Message ----- > >>From: "Julian Field" > >>To: > >>Sent: Wednesday, March 09, 2005 8:29 AM > >>Subject: Re: Antivirus > >> > >> > >> > >>>Check your /etc/MailScanner/virus.scanners.conf file and make sure it is > >>>pointing to all the right places. > >>> > >>>Roger Jochem wrote: > >>> > >>> > >>>>I run MailScanner with clamavmodule, mcafee and bitdefender. Since I > >>>>upgraded to MailScanner 4.40-2.1 (monday) only bitdefender is found > >>>>and autoupdated. The scanning is working fine with the 3 products... > >>>> > >>>>No message showing anything about the proplem in maillog. Until > >>>>4.39.6-1 it found the 3 products, and autoupdated all of them. > >>>> > >>>>Any clues? > >>>> > >>>>Roger Jochem > >>>>------------------------ MailScanner list ------------------------ > >>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>>>'leave mailscanner' in the body of the email. > >>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > >>>>and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >>>> > >>>>*Support MailScanner development - buy the book off the website!* > >>> > >>> > >>>-- > >>>Julian Field > >>>www.MailScanner.info > >>>MailScanner thanks transtec Computers for their support > >>>Buy the MailScanner book at www.MailScanner.info/store > >>> > >>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >>> > >>>------------------------ MailScanner list ------------------------ > >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>>'leave mailscanner' in the body of the email. > >>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >>> > >>>Support MailScanner development - buy the book off the website! > >> > >>------------------------ MailScanner list ------------------------ > >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>'leave mailscanner' in the body of the email. > >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> > >>Support MailScanner development - buy the book off the website! > > > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Wed Mar 9 16:31:47 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:56 2006 Subject: Panda not working Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Paul Welsh > Sent: den 8 mars 2005 22:47 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Panda not working > > > > -----Original Message----- > > From: MailScanner mailing list > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Steen, Glenn > > Sent: 08 March 2005 11:56 > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: Panda not working > > > > > > Interresting.... I'm testing with the "free" version rpm. > > > > Some info and runs: > > # rpm -qi pavcl > > Name : pavcl Relocations: (not > > relocatable) > > Version : 7.01.00 Vendor: (none) > > Release : 1 Build Date: ons > > 11 aug 2004 13.37.00 > > Install Date: mån 7 mar 2005 15.24.09 Build Host: spd > > Group : Applications/System Source RPM: > > pavcl-7.01.00-1.src.rpm > > Size : 8964781 License: Panda > > Sowftware International > > Signature : (none) > > Summary : Panda Antivirus for Linux 7.01.00.0004 > > Here's the "current" version of pavcl from the registered > users section of > Panda's site > http://enterprises.pandasoftware.com/acs/software/secure/pavcl > /pavcl_linux_i > 386.rpm > > # rpm -qi pavcl > Name : pavcl Relocations: (not relocateable) > Version : 7.0 Vendor: (none) > Release : 1 Build Date: Tue 01 Jul 2003 > 07:57:05 BST > Install Date: Tue 08 Mar 2005 20:47:22 GMT Build Host: spd > Group : Applications/System Source RPM: pavcl-7.0-1.src.rpm > Size : 5145014 License: Panda Sowftware > International > Signature : (none) > Summary : Panda Antivirus for Linux 7.0 So the "free" version is newer than the "eval" or "buy" version. Go figure... > > Anyow, it doesn't work with MailScanner. No viruses were found by Panda > today. F-Prot and Bitdefender found 126 each and ClamAV 133. Is this with the orinal panda-wrapper, or with my kludge? Is it with the latest sigs? My kludge wouldn't work, since ProcessPandaOutput assumes a lot about the output from panda-wrapper, and ... well, it might be wrong:-). The old wrapper-script _should_ work within MS (Test it out with an Eicar). > > One other point. Yesterday you advised testing it with the -HEU option in > order to "Activate heuristic detection method". I delete viruses so isn't > using heuristic detection a bit dangerous? Oh, sorry. I quarantine, so didn't think of the possibility. > > I must say, I'm getting rather tired of Panda... Wellcome to the club:-). I'm been tinkering a bit with the old script, to make it able to function outside MS (both /path/to/file_or_dir and ../path_or_file), but it's not quite ready yet. Should be sometime tomorrow, if my brain unsnarls ...:) -- Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Wed Mar 9 16:50:24 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:56 2006 Subject: MailScanner setting score ALL_TRUSTED 0???!!!! Message-ID: At 03:32 AM 3/9/2005, Julian Field wrote: > > Are you completely out of your mind Julian? > >Someone remind me to add that to the list of "ways of getting Jules to >ignore your email" >:-) Sorry Julian.. I just saw it and my jaw hit the floor. I know you're a smart guy so I assumed you must have been overcome by temporary insanity... :) Martin wrote: >Matt's probably they guy for this (given his comments on the SA list), >but something like in the SA docs...bit of mouthful, but covers it nicely. Martin... the bit you suggested is about internal_networks, and not trusted_networks.. While SA defaults to considering nothing but localhost to be internal, it DOES default to trying to guess at trusted_networks. That's the crux of the problem... It guesses poorly in some cases. "If you're running with DNS checks enabled, SpamAssassin includes code to infer your trusted networks on the fly, so this may not be necessary. (Thanks to Scott Banister and Andrew Flury for the inspiration for this algorithm.) This inference works as follows: " And the inference algorithm works poorly if you have a NATed mailserver. SA's algorithm winds up trusting all reserved IP's (ie: any NATed host), plus the one non-reserved IP that delivered to a reserved IP. This works great for NAT networks with a normally addressed MX. It works poorly for a network where everything is NATed. Unfortunately, no algorithm can tell which of the two cases is going on, and trusting too few hosts is just as bad as trusting too many, so there's not much that can be done better on an automatic basis. Julian: Might I suggest this comment: If you have problems where ALL_TRUSTED is matching external email, including spam, then SpamAssassin has become confused about which hosts are a part of your trusted_networks. The most common cause of this is having a gateway mail exchanger that has a reserved IP and gets NATed by your firewall. Fortunately the problem is easy to fix by manually declaring a trusted_networks setting. See man Mail::SpamAssassin::Conf for details. Once manually set, SA won't try to guess. If that does not fix your problem, the other possibility is you have an MTA that generates malformed Received: headers. If you've modified your Received: header format, please put it back to the standard format. SpamAssassin is quite tolerant of deviations from the RFC 2822 format, but there are some combinations it can't handle. If the malformed headers are being made by some form of network appliance that you can't fix, report a bug to your vendor, and as a short-term fix set the score of ALL_TRUSTED to 0. However, realize that other problems may occur as a result of the mis-parsed headers and the root cause does need fixing. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Wed Mar 9 17:21:55 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:28:56 2006 Subject: User unknown in virtual alias table Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rodney Green wrote: > Drew, > > The logs I sent included normal messages sent to myself from hotmail and > gmail. We have only one mail server and it is running Postfix. So, when > mail is received by our smtp server it is delivered locally to user > accounts on that server. I have a virtual alias mapping file that maps > trayerproducts.com addresses to local accounts. Ahh, I see. Thanks for explaining that. Why are you using virtual tables then if your accounts are actually local? A better option may be to set mydestination to trayerproducts.com, and myorigin = $mydomain ensuring that you have specified the full host name in myhostname. Then just alias the users in the /etc/alias file (Or where ever yours is). Don't forget to 'newaliases' after the changes. If you prefer to stick with the virtual domain, then I could do with the details you have for mydestination and virtual_alias_domains. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Mar 9 17:39:11 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:56 2006 Subject: Outstanding feature/fix requests? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ed Bruce wrote: > Julian Field wrote: > >> From: /etc/MailScanner/from.addresses and To: >> /etc/MailScanner/to.addresses yes >> >> should work. > > > So if I had 5 patterns in from.addresses and 6 patterns in to.addresses > how many patterns would MS be testing? Five, six, or thirty? 30, I hope. But I haven't tried this, so your mileage may vary... -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Mar 9 17:38:33 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:56 2006 Subject: bayes expire tokens Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Chris Conn wrote: > Kai Schaetzl wrote: > >> David Lee wrote on Wed, 9 Mar 2005 10:04:39 +0000: >> >> >>> Thanks, Julian. That would be appreciated by many people. >>> >> >> >> I don't see that Julian can do much or even little about this. The >> problem >> happens because the bayes_expiry takes too long. This can only happen >> on a >> corrupted db or a large db. If you get quite a few messages (I think it >> should be at least a few 10.000 per day, I don't have such a system, I >> can't compare) running thru your system the latter is likely the case. >> There are two options then: stop bayes_expiry at all (which will keep it >> growing, but may work out) or do it on a scheduled basis. You can also >> tweak the db size either to be very small (reducing the amount of >> time it >> takes to expire) or rather large (so that the automatic expiry is >> unlikely >> to happen). But this is all SA-related, not MS. Please go over to the SA >> list and talk about your problems. If people just keep whining here, >> nothing will change, since the developers don't know that it happens so >> frequently. And if the problem is not related to what I think the SA >> list >> is better suited for that anyway. > > > Hello and thank you for your helpful perspective...Have you read what Mr > Field has replied to me? I believe you are missing the point: > > Here is the quote: > > " > Looks like I need to take another look at this again. > One process doing a Bayes rebuild should lock out all the other > processes from trying to use SA, or it should make them wait. > What is the value of your "Wait For Bayes Rebuild" setting? > " Yes, this is definitely a bug. It should disable SpamAssassin and wait quietly while the bayes rebuild is done, if that is how it is configured (which your system is). Obviously the file lockout I am using is not working as I intended. I hope to have a chance to look at this soon. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Mar 9 17:40:40 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:56 2006 Subject: question about spam store option Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Peter Bonivart wrote: > Jeff A. Earickson wrote: > >> High Scoring Spam Actions = store delete > > > You can drop the delete action there for improved clarity. > >> So I looked at some of the stored samples (thank you for creating >> a spam subdir in quarantine!) and realized that MS stores the virgin >> message, no MS headers added. So I have to grep thru my syslog to >> find out what MS really thought of the message in terms of SA scoring, >> phishing, html disarming, etc. For spam storage, any chance this >> info could be scribbled into a file in quarantine spam subdir somehow? > > > That's the way it is for both archive and quarantine, I have never had a > problem with it since I always end up in the quarantine after checking > the logs anyway. I intentionally leave the quarantined messages as close to the original message as I possibly can. I don't plan on changing that any time soon, it actually makes life quite awkward for me to change this. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rgreen at TRAYERPRODUCTS.COM Wed Mar 9 17:42:09 2005 From: rgreen at TRAYERPRODUCTS.COM (Rodney Green) Date: Thu Jan 12 21:28:56 2006 Subject: User unknown in virtual alias table Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > If you prefer to stick with the virtual domain, then I could do with the > details you have for mydestination and virtual_alias_domains. mydestination is set as below: mydestination = localhost.$mydomain, $myhostname, mail2.trayerproducts.com The variable $myhostname is set as mail4.trayerproducts.com The variable $mydomain is set as trayerproducts.com virtual_alias_domains is not set. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Mar 9 17:44:55 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:56 2006 Subject: MailScanner setting score ALL_TRUSTED 0???!!!! Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Matt Kettler wrote: > At 03:32 AM 3/9/2005, Julian Field wrote: > >> > Are you completely out of your mind Julian? >> >> Someone remind me to add that to the list of "ways of getting Jules to >> ignore your email" >> :-) > > > Sorry Julian.. I just saw it and my jaw hit the floor. I know you're a > smart guy You're too kind :) > so I assumed you must have been overcome by temporary insanity... :) Wibble.... what's my name again? Where am I? > Martin wrote: > >> Matt's probably they guy for this (given his comments on the SA list), >> but something like in the SA docs...bit of mouthful, but covers it >> nicely. > > > > Martin... the bit you suggested is about internal_networks, and not > trusted_networks.. While SA defaults to considering nothing but localhost > to be internal, it DOES default to trying to guess at trusted_networks. > That's the crux of the problem... It guesses poorly in some cases. > > "If you're running with DNS checks enabled, SpamAssassin includes code to > infer your trusted networks on the fly, so this may not be necessary. > (Thanks to Scott Banister and Andrew Flury for the inspiration for this > algorithm.) This inference works as follows: " > > And the inference algorithm works poorly if you have a NATed mailserver. > SA's algorithm winds up trusting all reserved IP's (ie: any NATed host), > plus the one non-reserved IP that delivered to a reserved IP. This works > great for NAT networks with a normally addressed MX. It works poorly > for a > network where everything is NATed. Unfortunately, no algorithm can tell > which of the two cases is going on, and trusting too few hosts is just as > bad as trusting too many, so there's not much that can be done better > on an > automatic basis. > > Julian: Might I suggest this comment: > > If you have problems where ALL_TRUSTED is matching external email, > including spam, then SpamAssassin has become confused about which > hosts are > a part of your trusted_networks. The most common cause of this is > having a > gateway mail exchanger that has a reserved IP and gets NATed by your > firewall. Fortunately the problem is easy to fix by manually declaring a > trusted_networks setting. See man Mail::SpamAssassin::Conf for details. > Once manually set, SA won't try to guess. > > If that does not fix your problem, the other possibility is you have > an MTA > that generates malformed Received: headers. If you've modified your > Received: header format, please put it back to the standard format. > SpamAssassin is quite tolerant of deviations from the RFC 2822 format, > but > there are some combinations it can't handle. If the malformed headers are > being made by some form of network appliance that you can't fix, report a > bug to your vendor, and as a short-term fix set the score of > ALL_TRUSTED to > 0. However, realize that other problems may occur as a result of the > mis-parsed headers and the root cause does need fixing. That text sounds very good. I'll get it into the file I distribute. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Wed Mar 9 17:56:58 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:56 2006 Subject: Panda not working Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Paul, could you try this panda-wrapper? Think I got something right this time, although it still is a terrible kludge:). Testing on my system got hold of Eicar at least...:). -- Glenn > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Steen, Glenn > Sent: den 9 mars 2005 17:32 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Panda not working > > > > -----Original Message----- > > From: MailScanner mailing list > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Paul Welsh > > Sent: den 8 mars 2005 22:47 > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: Panda not working > > > > > > > -----Original Message----- > > > From: MailScanner mailing list > > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Steen, Glenn > > > Sent: 08 March 2005 11:56 > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > Subject: Re: Panda not working > > > > > > > > > Interresting.... I'm testing with the "free" version rpm. > > > > > > Some info and runs: > > > # rpm -qi pavcl > > > Name : pavcl Relocations: (not > > > relocatable) > > > Version : 7.01.00 Vendor: (none) > > > Release : 1 Build Date: ons > > > 11 aug 2004 13.37.00 > > > Install Date: mån 7 mar 2005 15.24.09 Build Host: spd > > > Group : Applications/System Source RPM: > > > pavcl-7.01.00-1.src.rpm > > > Size : 8964781 License: Panda > > > Sowftware International > > > Signature : (none) > > > Summary : Panda Antivirus for Linux 7.01.00.0004 > > > > Here's the "current" version of pavcl from the registered > > users section of > > Panda's site > > http://enterprises.pandasoftware.com/acs/software/secure/pavcl > > /pavcl_linux_i > > 386.rpm > > > > # rpm -qi pavcl > > Name : pavcl Relocations: > (not relocateable) > > Version : 7.0 Vendor: (none) > > Release : 1 Build Date: Tue > 01 Jul 2003 > > 07:57:05 BST > > Install Date: Tue 08 Mar 2005 20:47:22 GMT Build Host: spd > > Group : Applications/System Source RPM: > pavcl-7.0-1.src.rpm > > Size : 5145014 License: > Panda Sowftware > > International > > Signature : (none) > > Summary : Panda Antivirus for Linux 7.0 > So the "free" version is newer than the "eval" or "buy" version. > Go figure... > > > > > Anyow, it doesn't work with MailScanner. No viruses were > found by Panda > > today. F-Prot and Bitdefender found 126 each and ClamAV 133. > Is this with the orinal panda-wrapper, or with my kludge? Is > it with the > latest sigs? > My kludge wouldn't work, since ProcessPandaOutput assumes a > lot about the > output from panda-wrapper, and ... well, it might be wrong:-). > > The old wrapper-script _should_ work within MS (Test it out > with an Eicar). > > > > > One other point. Yesterday you advised testing it with the > -HEU option in > > order to "Activate heuristic detection method". I delete > viruses so isn't > > using heuristic detection a bit dangerous? > Oh, sorry. I quarantine, so didn't think of the possibility. > > > > > I must say, I'm getting rather tired of Panda... > Wellcome to the club:-). > > I'm been tinkering a bit with the old script, to make it able > to function > outside MS (both /path/to/file_or_dir and ../path_or_file), > but it's not > quite ready yet. Should be sometime tomorrow, if my brain > unsnarls ...:) > > -- Glenn > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "panda-wrapper" Application/OCTET-STREAM (Name: ] [ "panda-wrapper") 2.7KB. ] [ Unable to print this part. ] From waldner at WALDNER.PRIV.AT Wed Mar 9 17:56:58 2005 From: waldner at WALDNER.PRIV.AT (Robert Waldner) Date: Thu Jan 12 21:28:56 2006 Subject: Problem with MailScanner, postfix and corrupt mails Message-ID: On Mon, 07 Mar 2005 18:04:06 +0100, Robert Waldner writes: >On Mon, 07 Mar 2005 16:46:50 GMT, Julian Field writes: >>In PFDiskStore.pm, around line 271, there is a chunk of code that looks >>like this: >>Let me know if this makes any difference. I am pretty sure it is a perl >>problem, as what is happening is that a variable called $predata is >>being written twice, regardless of the fact that there is only one >>print($predata) call. >I'll know in a couple days and will report. After a day of calm, there are now 2 new corrupt messages, the "structure" is exactly the same as before. Any more ideas for that? cheers, &rw -- -- I still think the fastest way to get wholesale IPv6 adoption -- is to write a pr0n server that serves thumbnails over IPv[46] -- and full-size images over IPv6 *only*. - Ingvar ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/PGP-SIGNATURE 196bytes. ] [ Unable to print this part. ] From MailScanner at ecs.soton.ac.uk Wed Mar 9 18:10:09 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:56 2006 Subject: Problem with MailScanner, postfix and corrupt mails Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Robert Waldner wrote: >On Mon, 07 Mar 2005 18:04:06 +0100, Robert Waldner writes: > > >>On Mon, 07 Mar 2005 16:46:50 GMT, Julian Field writes: >> >> >>>In PFDiskStore.pm, around line 271, there is a chunk of code that looks >>>like this: >>> >>> > > > >>>Let me know if this makes any difference. I am pretty sure it is a perl >>>problem, as what is happening is that a variable called $predata is >>>being written twice, regardless of the fact that there is only one >>>print($predata) call. >>> >>> > > > >>I'll know in a couple days and will report. >> >> > >After a day of calm, there are now 2 new corrupt messages, the > "structure" is exactly the same as before. > >Any more ideas for that? > > Bother :-( This is totally unreproduceable. Can you send me one of the corrups messages, I want to check all the checksums and pointers in the message structure to see if I can glean anything from it. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Wed Mar 9 18:17:13 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:56 2006 Subject: question about spam store option Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > I intentionally leave the quarantined messages as close to the original > message as I possibly can. I don't plan on changing that any time soon, > it actually makes life quite awkward for me to change this. I'm fine with that. I have started to use the archive function to intercept mail for debugging reasons, it's nice to see how they entered the server. When someone gets a messed up mail they usually think of MS/SA being the cause but I can often easily prove that the mail entered the server in that state already. It's almost always a Windows application server pushing mail via ASPemail or something similar that is not configured properly and messes up the character set. -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From waldner at WALDNER.PRIV.AT Wed Mar 9 18:25:43 2005 From: waldner at WALDNER.PRIV.AT (Robert Waldner) Date: Thu Jan 12 21:28:56 2006 Subject: Problem with MailScanner, postfix and corrupt mails Message-ID: On Wed, 09 Mar 2005 18:10:09 GMT, Julian Field writes: >>After a day of calm, there are now 2 new corrupt messages, the >> "structure" is exactly the same as before. >> >>Any more ideas for that? >Bother :-( >This is totally unreproduceable. Can you send me one of the corrups >messages, I want to check all the checksums and pointers in the message >structure to see if I can glean anything from it. Is per PM to MailScanner@ECS.SOTON.AC.UK ok? It doesn't contain really confidential information, but I'd rather not have it archived all over the world. Also, do you only want one from the machine with the fix, or one (or some) from the other, too? cheers, &rw -- -- sometimes transcode changes or adds new -- features while your are encoding. -- - Thomas Oestreich ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/PGP-SIGNATURE 196bytes. ] [ Unable to print this part. ] From rzewnickie at RFA.ORG Wed Mar 9 18:49:03 2005 From: rzewnickie at RFA.ORG (Eric Dantan Rzewnicki) Date: Thu Jan 12 21:28:56 2006 Subject: Outstanding feature/fix requests? Message-ID: On Mon, Mar 07, 2005 at 12:24:53AM +0100, Peter Bonivart wrote: > Dan Hollis wrote: > >Yes, all our users are on the MS box. So you're saying it shouldn't be an > >option even for those MS installations which do have all accounts on the > >box? Because everyone doesn't have exactly the same setup, nobody should > >have the option? > > I'm not in a position to either grant or deny you anything but I do > think you belong to a minority to have a setup like that. > > -- > /Peter Bonivart Peter, I just want to say that while those of you who are full time mail admins at large sites have more time to participate in the MailScanner community, there are many of us, I think, who have everything on one box and only have time to drop in here when MailScanner needs upgrading. Some of us have many other duties outside of mail. Just because we can't spend as much time here doesn't mean we aren't using MailScanner. -- Eric Dantan Rzewnicki | Systems Administrator Technical Operations Division | Radio Free Asia 2025 M Street, NW | Washington, DC 20036 | 202-530-4900 CONFIDENTIAL COMMUNICATION This e-mail message is intended only for the use of the addressee and may contain information that is privileged and confidential. Any unauthorized dissemination, distribution, or copying is strictly prohibited. If you receive this transmission in error, please contact network@rfa.org. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Wed Mar 9 19:02:58 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:28:56 2006 Subject: User unknown in virtual alias table Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rodney Green wrote: >> If you prefer to stick with the virtual domain, then I could do with the >> details you have for mydestination and virtual_alias_domains. > > > mydestination is set as below: > > mydestination = localhost.$mydomain, $myhostname, > mail2.trayerproducts.com What is mail2? Is that an alias for mail4? (i.e. they are the same machine) > > The variable $myhostname is set as mail4.trayerproducts.com > The variable $mydomain is set as trayerproducts.com > > virtual_alias_domains is not set. So your virtual user database will be queried by smtpd to ensure a user is listed, the address rewritten by trivial-rewrite but not delivered against by the virtual agent as it doesn't have any virtual domains. You get away with this with SMTP mail as the smtpd process gets the trivial-rewrite to add the aliased address and the delivery agent will use that. MailScanner uses the sendmail command (Queue injection) so won't have that rewrite process. Looks like your main.cf is set-up partially for local and partially for virtual domains. Which way would you like to go, virtual or local? Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Mar 9 19:34:21 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:56 2006 Subject: Problem with MailScanner, postfix and corrupt mails Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Robert Waldner wrote: >On Wed, 09 Mar 2005 18:10:09 GMT, Julian Field writes: > > >>>After a day of calm, there are now 2 new corrupt messages, the >>>"structure" is exactly the same as before. >>> >>>Any more ideas for that? >>> >>> > > > >>Bother :-( >>This is totally unreproduceable. Can you send me one of the corrups >>messages, I want to check all the checksums and pointers in the message >>structure to see if I can glean anything from it. >> >> > >Is per PM to MailScanner@ECS.SOTON.AC.UK ok? It doesn't contain really > confidential information, but I'd rather not have it archived all over > the world. > > Sure. Don't worry, it won't go anywhere. >Also, do you only want one from the machine with the fix, or one (or > some) from the other, too? > > Both, why not :-) >cheers, >&rw >-- >-- sometimes transcode changes or adds new >-- features while your are encoding. >-- - Thomas Oestreich > > > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Mar 9 19:36:09 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:56 2006 Subject: Outstanding feature/fix requests? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Eric Dantan Rzewnicki wrote: >On Mon, Mar 07, 2005 at 12:24:53AM +0100, Peter Bonivart wrote: > > >>Dan Hollis wrote: >> >> >>>Yes, all our users are on the MS box. So you're saying it shouldn't be an >>>option even for those MS installations which do have all accounts on the >>>box? Because everyone doesn't have exactly the same setup, nobody should >>>have the option? >>> >>> >>I'm not in a position to either grant or deny you anything but I do >>think you belong to a minority to have a setup like that. >> >>-- >>/Peter Bonivart >> >> > >Peter, > >I just want to say that while those of you who are full time mail admins >at large sites have more time to participate in the MailScanner >community, there are many of us, I think, who have everything on one box >and only have time to drop in here when MailScanner needs upgrading. >Some of us have many other duties outside of mail. Just because we can't >spend as much time here doesn't mean we aren't using MailScanner. > Come on guys, be nice to each other now. There are lots of different types of MailScanner users, everything from home Linux hobbyists to multi-site international full time mail admins. There is no "usual" or "unusual" type of MailScanner setup, believe me! :-) -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Wed Mar 9 19:57:42 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:56 2006 Subject: User unknown in virtual alias table Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Drew Marshall > Sent: den 9 mars 2005 20:03 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: User unknown in virtual alias table > > > Rodney Green wrote: > > >> If you prefer to stick with the virtual domain, then I > could do with the > >> details you have for mydestination and virtual_alias_domains. > > > > > > mydestination is set as below: > > > > mydestination = localhost.$mydomain, $myhostname, > > mail2.trayerproducts.com > > What is mail2? Is that an alias for mail4? (i.e. they are the > same machine) > > > > > The variable $myhostname is set as mail4.trayerproducts.com > > The variable $mydomain is set as trayerproducts.com > > > > virtual_alias_domains is not set. > > So your virtual user database will be queried by smtpd to > ensure a user > is listed, the address rewritten by trivial-rewrite but not delivered > against by the virtual agent as it doesn't have any virtual > domains. You > get away with this with SMTP mail as the smtpd process gets the > trivial-rewrite to add the aliased address and the delivery agent will > use that. MailScanner uses the sendmail command (Queue injection) so > won't have that rewrite process. Looks like your main.cf is set-up > partially for local and partially for virtual domains. > > Which way would you like to go, virtual or local? > > Drew Yes... Perhaps a stupid question for you Drew, but... Couldn't one use the virtual mailbox feature (as in "man virtual" to do what Rodney seems to want to do? Perhaps a bit backwards:) -- Glenn > > -- > In line with our policy, this message has > been scanned for viruses and dangerous > content by MailScanner, and is believed to be clean. > www.themarshalls.co.uk/policy > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Wed Mar 9 20:05:15 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:56 2006 Subject: Outstanding feature/fix requests? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Eric Dantan Rzewnicki wrote: > On Mon, Mar 07, 2005 at 12:24:53AM +0100, Peter Bonivart wrote: > >>Dan Hollis wrote: >> >>>Yes, all our users are on the MS box. So you're saying it shouldn't be an >>>option even for those MS installations which do have all accounts on the >>>box? Because everyone doesn't have exactly the same setup, nobody should >>>have the option? >> >>I'm not in a position to either grant or deny you anything but I do >>think you belong to a minority to have a setup like that. >> >>-- >>/Peter Bonivart > > Peter, > > I just want to say that while those of you who are full time mail admins > at large sites have more time to participate in the MailScanner > community, there are many of us, I think, who have everything on one box > and only have time to drop in here when MailScanner needs upgrading. > Some of us have many other duties outside of mail. Just because we can't > spend as much time here doesn't mean we aren't using MailScanner. I'm not a full time mail admin either, I try hard to find time for both MS and the rest of the stuff I'm supposed to do. It's just that dealing with MS is so gratifying because users can really notice the difference it makes in such an important tool that e-mail is today. Therefor I spend my "free" time here on the list since it's not consider proper for me to post from my company address. Regarding the above issue Dan got a little hot but it's a non issue now since Julian has already implemented his wish, minority or not. Christmas comes early for some. :-) -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Wed Mar 9 19:52:09 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:28:56 2006 Subject: Outstanding feature/fix requests? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > Eric Dantan Rzewnicki wrote: > >> On Mon, Mar 07, 2005 at 12:24:53AM +0100, Peter Bonivart wrote: >> >> >>> Dan Hollis wrote: >>> >>> >>>> Yes, all our users are on the MS box. So you're saying it shouldn't >>>> be an >>>> option even for those MS installations which do have all accounts on >>>> the >>>> box? Because everyone doesn't have exactly the same setup, nobody >>>> should >>>> have the option? >>>> >>>> >>> I'm not in a position to either grant or deny you anything but I do >>> think you belong to a minority to have a setup like that. >>> >>> -- >>> /Peter Bonivart >>> >>> >> >> Peter, >> >> I just want to say that while those of you who are full time mail admins >> at large sites have more time to participate in the MailScanner >> community, there are many of us, I think, who have everything on one box >> and only have time to drop in here when MailScanner needs upgrading. >> Some of us have many other duties outside of mail. Just because we can't >> spend as much time here doesn't mean we aren't using MailScanner. >> > Come on guys, be nice to each other now. > There are lots of different types of MailScanner users, everything from > home Linux hobbyists to multi-site international full time mail admins. > There is no "usual" or "unusual" type of MailScanner setup, believe me! > :-) > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > I second that emotion! I would hate to see this list turn into another flamewars list. It is just too valuable a resource!!! -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rgreen at TRAYERPRODUCTS.COM Wed Mar 9 20:17:56 2005 From: rgreen at TRAYERPRODUCTS.COM (Rodney Green) Date: Thu Jan 12 21:28:56 2006 Subject: User unknown in virtual alias table Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > What is mail2? Is that an alias for mail4? (i.e. they are the same machine) mail2 is an alias for mail4.. they both point to the same machine. > > Which way would you like to go, virtual or local? > I think virtual for no other reason then I have used it for a long time now and have scripts that use it. Thanks for your help Drew! Rodney ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at TC3NET.COM Wed Mar 9 20:45:30 2005 From: mike at TC3NET.COM (Michael Baird) Date: Thu Jan 12 21:28:56 2006 Subject: Graphic Based Spams Message-ID: Heh guys, this may not be a problem directly related to MailScanner, but I'm having issues with spams that are just graphics (Viagra Cheap), they score very low and make it through. What is the best way to handle these types of spam, tweak the spamassassin scores a bit? Update to the latest spamassassin? Just looking for advice on the subject. Regards Michael Baird ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Wed Mar 9 21:12:11 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:56 2006 Subject: Graphic Based Spams Message-ID: At 03:45 PM 3/9/2005, Michael Baird wrote: >Heh guys, this may not be a problem directly related to MailScanner, but >I'm having issues with spams that are just graphics (Viagra Cheap), they >score very low and make it through. What is the best way to handle these >types of spam, tweak the spamassassin scores a bit? Update to the latest >spamassassin? Just looking for advice on the subject Are they img tags that point to an external server? If so, use SA 3.0, or 2.64 with the Mail::SpamCopURI add on so you can do SURBL queries. Also consider razor for this. If the images are embedded attachments, razor and dcc are your best tools. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at TC3NET.COM Wed Mar 9 21:21:31 2005 From: mike at TC3NET.COM (Michael Baird) Date: Thu Jan 12 21:28:56 2006 Subject: Graphic Based Spams Message-ID: On Wed, 2005-03-09 at 16:12 -0500, Matt Kettler wrote: > At 03:45 PM 3/9/2005, Michael Baird wrote: > >Heh guys, this may not be a problem directly related to MailScanner, but > >I'm having issues with spams that are just graphics (Viagra Cheap), they > >score very low and make it through. What is the best way to handle these > >types of spam, tweak the spamassassin scores a bit? Update to the latest > >spamassassin? Just looking for advice on the subject > > Are they img tags that point to an external server? The score on these messages is reflected as the following from the header. SpamAssassin (score=1.573, required 10, autolearn=disabled, HTML_20_30 0.50, HTML_FONT_INVISIBLE 0.07, HTML_IMAGE_ONLY_24 1.00, HTML_MESSAGE 0.00) > If so, use SA 3.0, or 2.64 with the Mail::SpamCopURI add on so you can do > SURBL queries. > Also consider razor for this. > If the images are embedded attachments, razor and dcc are your best tools. > It is an HTML message with the image included, I do run razor and dcc, I'm using the latest 2.6.x spamassassin variant, I don't believe I'm using the Mail::SpamCopURI module (although I use spamcop in my spamlist). Regards Michael Baird ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From james at grayonline.id.au Wed Mar 9 21:23:01 2005 From: james at grayonline.id.au (James Gray) Date: Thu Jan 12 21:28:56 2006 Subject: Graphic Based Spams Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Thu, 10 Mar 2005 07:45 am, Michael Baird wrote: > Heh guys, this may not be a problem directly related to MailScanner, but > I'm having issues with spams that are just graphics (Viagra Cheap), they > score very low and make it through. What is the best way to handle these > types of spam, tweak the spamassassin scores a bit? Update to the latest > spamassassin? Just looking for advice on the subject. > > Regards > Michael Baird I have a few "RAWBODY" rules that look for MIME boundaries that describe embedded graphics. They score around the 0.9 mark. Then I have some other RAWBODY rules that look for the first few bytes (in BASE64) of each of the graphics. I've found these spammers send the *same* embedded GIF with a picture of 4 pills - the graphic is identical making the BASE64 detection easy :) I've also increased the score of some of the standard SA rules which catch base64 encoded content too. Have a look at raw message and grab the strings that match what you're seeing. Alternatively, post a copy of the message on a website somewhere and I can grok it for you and post back here the rules I derive from it :) Cheers, James -- An effective way to deal with predators is to taste terrible. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Wed Mar 9 21:24:45 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:28:56 2006 Subject: MailScanner setting score ALL_TRUSTED 0???!!!! Message-ID: Gang, Wait a minute here... Once this thread started up, I said "Ok, this is bad, I'll comment it out in my spam.assassin.prefs.conf". I searched my syslogs and didn't find any previous reference to ALL_TRUSTED, so I figured this was ok. Later I grep again, and find spam getting its score lowered because of this change: Mar 9 15:32:44 basalt <22>MailScanner[23467]: Message j29KWXqK021827 from 72.9.241.18 (aw-confimer@ebay.com) to colby.edu is spam, SpamAssassin (score=7.07, required 5, ALL_TRUSTED -3.30, BAYES_50 0.00, DCC_CHECK 2.17, ... This IP sure isn't anything I trust. Referring to Matt Kettler's message about the two reasons for bogus trust, I wondered what my issue is. I run sendmail 8.13.3, so it should be RFC compliant. I don't know what the network guy has done with NATing on our edge routers. But our domain (137.146.0.0/16) only has one (real) MX and one machine I trust -- our mail server at 137.146.210.56. I wouldn't expect NATing with a resolvable IP number, right? If the defaults for SA internal_networks and trusted_networks are "none", then I don't really understand my problem here. How did 72.9.241.18 get trusted by SA? What I *did* do in my spam.assassin.prefs.conf was: score ALL_TRUSTED 0 0 -0.01 -0.01 trusted_networks 127.0.0.1 trusted_networks 137.146.210.56 ie, only give a slight change to the score because of trust and then specify the IP numbers I will trust. Maybe the trusted_networks and internal_networks parameters of SA need to be spelled out in MailScanner's files someplace? (Yuck). I'm starting to think that "score ALL_TRUSTED 0" wasn't such a bad idea after all. Jeff Earickson Colby College On Wed, 9 Mar 2005, Martin Hepworth wrote: > Date: Wed, 9 Mar 2005 10:04:00 +0000 > From: Martin Hepworth > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: MailScanner setting score ALL_TRUSTED 0???!!!! > > Julian > > Matt's probably they guy for this (given his comments on the SA list), > but something like in the SA docs...bit of mouthful, but covers it nicely. > > internal_networks ip.add.re.ss[/mask] ... (default: none) > What networks or hosts are 'internal' in your setup. Internal means > that relay hosts on these networks are considered to be MXes for your > domain(s), or internal relays. This uses the same format as > trusted_networks, above. > > This value is used when checking 'dial-up' or dynamic IP address > blocklists, in order to detect direct-to-MX spamming. Trusted relays > that accept mail directly from dial-up connections should not be listed > in internal_networks. List them only in trusted_networks. > > If trusted_networks is set and internal_networks is not, the value > of trusted_networks will be used for this parameter. > > If neither trusted_networks or internal_networks is set, no > addresses will be considered local; in other words, any relays past the > machine where SpamAssassin is running will be considered external. > > > and point them at.. > http://spamassassin.apache.org/full/3.0.x/dist/doc/Mail_SpamAssassin_Conf.html#network_test_options > > > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Julian Field wrote: >> As someone who understands the trusted path system in SpamAssassin >> better than I do, any chance you could give me some wording for the >> comments? >> >> Martin Hepworth wrote: >> >>> Julian >>> >>> maybe a big comment in the spam.assassin.prefs.conf and updates to the >>> doccy about this would be helpful. >>> >>> >>> >>> -- >>> Martin Hepworth >>> Snr Systems Administrator >>> Solid State Logic >>> Tel: +44 (0)1865 842300 >>> >>> >>> Julian Field wrote: >>> >>>> Matt Kettler wrote: >>>> >>>>> At 12:45 PM 1/14/2005, Julian Field wrote: >>>>> >>>>>> - Added zero score for ALL_TRUSTED rule in SpamAssassin as it is >>>>>> known to >>>>>> cause problems. >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> Ok, I know I'm responding very late to a version update, but I just >>>>> now got >>>>> around to look at performing an upgrade. In doing so I read the >>>>> changelogs >>>>> and my jaw hit the floor. >>>>> >>>>> All I have to ask is: >>>>> >>>>> Are you completely out of your mind Julian? >>>> >>>> >>>> >>>> >>>> Someone remind me to add that to the list of "ways of getting Jules to >>>> ignore your email" >>>> :-) >>>> >>>> I added it in response to a conversation on the SA list some time ago. >>>> You know *far* more than I do about SpamAssassin, so I will remove the >>>> rule again. >>>> >>>> Thanks for the message. >>>> >>>>> Setting ALL_TRUSTED to zero >>>>> doesn't fix the problem, it covers up one of the early warning signs >>>>> that >>>>> your system is misconfigured! This is like taking painkillers for a >>>>> case of >>>>> gangrene, the pain is your warning sign to get help before the >>>>> infection >>>>> kills you. >>>>> >>>>> >>>>> The fundamental cause of ALL_TRUSTED misfiring is SA's trust path code >>>>> being confused by one of two things: >>>>> >>>>> 1) non RFC compliant Received: headers by the local MTA. All >>>>> MTAs >>>>> supported by MailScanner default to using RFC compliant formats, but >>>>> some >>>>> people modify them to be invalid. >>>>> >>>>> 2) A network with a NATed gateway MX. >>>>> >>>>> Case 1) needs to be fixed by un-breaking your MTA configuration. >>>>> Case 2) >>>>> needs to be fixed by setting a correct trusted_netwoks value in your >>>>> local.cf. >>>>> >>>>> Setting the score to zero prevents the "ALL_TRUSTED" problem from >>>>> showing >>>>> up, but you're actually inhibiting the warning signs of a much more >>>>> severe >>>>> problem that needs critical attention! >>>>> >>>>> If SA's trust path is incorrectly configured you can have MANY other >>>>> problems, ALL_TRUSTED mis-firing is just the first sign. The broken >>>>> trust >>>>> path will cause FPs in the bonded sender tests in messages with forged >>>>> headers, FNs AND FPs in whitelist_from_rcvd, FPs in any dialup RBL. >>>>> Just to >>>>> name a few of the problems that crop up from this. >>>>> >>>>> The implications of a broken trust path are very severe. This is not a >>>>> problem that should be covered up one symptom at a time. It needs to be >>>>> fixed at the cause, or it's only going to get worse as SA makes more >>>>> and >>>>> more use of the trust path code. >>>>> >>>>> ------------------------ MailScanner list ------------------------ >>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>> 'leave mailscanner' in the body of the email. >>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>>> >>>> >>>> -- >>>> Julian Field >>>> www.MailScanner.info >>>> MailScanner thanks transtec Computers for their support >>>> Buy the MailScanner book at www.MailScanner.info/store >>>> >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>> >>> >>> >>> ********************************************************************** >>> >>> This email and any files transmitted with it are confidential and >>> intended solely for the use of the individual or entity to whom they >>> are addressed. If you have received this email in error please notify >>> the system manager. >>> >>> This footnote confirms that this email message has been swept >>> for the presence of computer viruses and is believed to be clean. >>> >>> ********************************************************************** >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> -- >> Julian Field >> www.MailScanner.info >> MailScanner thanks transtec Computers for their support >> Buy the MailScanner book at www.MailScanner.info/store >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Wed Mar 9 21:34:26 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:56 2006 Subject: MailScanner setting score ALL_TRUSTED 0???!!!! Message-ID: At 04:24 PM 3/9/2005, Jeff A. Earickson wrote: >Wait a minute here... Once this thread started up, I said "Ok, >this is bad, I'll comment it out in my spam.assassin.prefs.conf". I >searched my syslogs and didn't find any previous reference to ALL_TRUSTED, >so I figured this was ok. Later I grep again, and find spam getting >its score lowered because of this change: > >Mar 9 15:32:44 basalt <22>MailScanner[23467]: Message j29KWXqK021827 from >72.9.241.18 (aw-confimer@ebay.com) to colby.edu is spam, SpamAssassin >(score=7.07, required 5, ALL_TRUSTED -3.30, BAYES_50 0.00, DCC_CHECK 2.17, ... > >This IP sure isn't anything I trust. Referring to Matt Kettler's message >about the two reasons for bogus trust, I wondered what my issue is. >I run sendmail 8.13.3, so it should be RFC compliant. I don't know >what the network guy has done with NATing on our edge routers. But our >domain (137.146.0.0/16) only has one (real) MX and one machine I >trust -- our mail server at 137.146.210.56. I wouldn't expect NATing >with a resolvable IP number, right? That depends.. how does the machine running SA resolve basalt.colby.edu? Just because it's resolvable as a public IP in one palace doesn't mean it's a public IP everywhere. For example, you would resolve xanadu.evi-inc.com as 208.39.141.94... But if xanadu or any internal host here at EVI resolves it, they get a 192.168.* IP address.. How? split dns. Xanadu is actualy a NATed mailserver, and the DNS records published by the outside DNS server list the public IP, while the inside DNS server lists the reserved IP. Thus, I myself fall into a case where I need to define a trusted_networks manually, although that may not be obvious to the outside observer. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Wed Mar 9 21:40:45 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:28:56 2006 Subject: bayes expire tokens Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Chris Conn wrote on Wed, 9 Mar 2005 10:45:31 -0500: from yoru first posting: > in /etc/mail/spamassassin/local.cf I have: > in /etc/MailScanner/spam.assassin.prefs.conf I have: > SA will use whatever file has been configured as the SA conf in mailscanner.conf. If that is /etc/MailScanner/spam.assassin.prefs.conf your sa-learn run did use a *different* config file (local.cf) and possibly a different bayes file, too! I always recommend using only the local.cf and change it in mailscanner.conf accordingly. That way you *always* use the same SA setup. > 228547 entries kept, 375363 deleted > wow! look at this, it expires more than half of the db! If that happens daily it means the usefulness of the db will diminish drastically. You should consider upping the limit quite a bit. (I haven't seen any ill effects with 1 mio. token dbs.) > 114 seconds. > > Even while MailScanner was running, no timeouts, no expire dead files. Look at the time! 114 seconds! default timeouts is 120 secs. It's obvious that you are so near that limit that you hit it often enough. Each time you hit the limit the expiry process is called off and tried again with the next message. How much mail do you get thru the system? It seems to me that you can just do this via cron once a day during the night and you are fine. Shut it off in MS and go this way. There's absolutely no reason why you shouldn't be allowed to do this. It's also much cleaner and less ressource intensive since you can choose the time. > > ============ > > What I find curious as well is that in the logs, MailScanner claims to > have finished the rebuild: I agree that's weird. Maybe I misinterpret your situation. How many mail is actually running thru your system? Per second or per minute? > My MailScanner-induced expiry ran for a total of 1.5 minutes and ENDED > AT 10pm, yet these files are still being created 3 hours later??? Run another force-expire and look if it still expires or not. But make sure you use the same config file and bayes db as the MS setup. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Wed Mar 9 21:40:45 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:28:56 2006 Subject: bayes expire tokens Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote on Wed, 9 Mar 2005 17:38:33 +0000: > Yes, this is definitely a bug. It should disable SpamAssassin and wait > quietly while the bayes rebuild is done, if that is how it is configured > (which your system is). Obviously the file lockout I am using is not > working as I intended. I hope to have a chance to look at this soon. > Julian, I don't know how you do it. But I assume that if the timeout is reached you call off SA. That stops the expiry. Next time it all starts over. Since you use SA as a library I suppose you can't simply keep it "running" by itself (which would be dangerous, anyway). So, I suppose what you need is add a new function which gets called after MS "feels" SA is failing to expire and trigger an expiry run of its own which doesn't get called off. And I think you just hit the same problem here: timeouts. You have to put a timeout in, so that you don't have it running endlessly (which can happen!). There is no reason why people which have a high mail flux could not just sync/expire once or a few times a day via cron. That's much cleaner than have it happen "suddenly". Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Wed Mar 9 21:42:51 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:28:56 2006 Subject: Mail-ClamAV-0.17 out Message-ID: Gang, A new version of the ClamAV perl module is out. The make test failures realted to scanbuff int the test file are now fixed (the scanbuff call vanished). No updates to the Changes file though. Installed and working on my system (Solaris 9). Jeff Earickson Colby College ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Wed Mar 9 21:49:32 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:28:56 2006 Subject: Mail-ClamAV-0.17 out Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Still fails on RHEL4 Checking if your kit is complete... Looks good Writing Makefile for Mail::ClamAV /usr/bin/perl -Mblib -MInline=NOISY,_INSTALL_ -MMail::ClamAV -e1 0.17 blib/arch Can't locate Mail/ClamAV.pm in @INC (@INC contains: /root/.cpan/build/Mail-ClamAV-0.17/blib/arch /root/.cpan/build/Mail-ClamAV-0.17/blib/lib /usr/lib/perl5/5.8.5/i386-linux-thread-multi /usr/lib/perl5/5.8.5 /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.4/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.2/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.1/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.5 /usr/lib/perl5/site_perl/5.8.4 /usr/lib/perl5/site_perl/5.8.3 /usr/lib/perl5/site_perl/5.8.2 /usr/lib/perl5/site_perl/5.8.1 /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.4/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.2/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.1/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.5 /usr/lib/perl5/vendor_perl/5.8.4 /usr/lib/perl5/vendor_perl/5.8.3 /usr/lib/perl5/vendor_perl/5.8.2 /usr/lib/perl5/vendor_perl/5.8.1 /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl .). BEGIN failed--compilation aborted. make: *** [ClamAV.inl] Error 2 make: *** Waiting for unfinished jobs.... make: *** Waiting for unfinished jobs.... cp ClamAV.pm blib/lib/Mail/ClamAV.pm /usr/bin/make -j3 -- NOT OK Running make test Can't test without successful make Running make install make had returned bad status, install seems impossible Jeff A. Earickson wrote: > Gang, > > A new version of the ClamAV perl module is out. The make test > failures realted to scanbuff int the test file are now fixed > (the scanbuff call vanished). No updates to the Changes file > though. Installed and working on my system (Solaris 9). > > Jeff Earickson > Colby College > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > . > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Wed Mar 9 21:58:07 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:28:56 2006 Subject: Mail-ClamAV-0.17 out Message-ID: Try doing the make without the "-j3". I find that sometimes the parallel make feature in GNU make jams up, but a make on one CPU works just fine. Is your ClamAV installed in a default location? Mine isn't (I install in /opt/clamav), so I have to tweak with Makefile.PL before doing "perl Makefile.PL". My modifications: diff Makefile.PL.orig Makefile.PL 9c9 < $inc = '-I/usr/include'; --- > $inc = '-I/opt/clamav/include -I/usr/include'; 23c23 < $libs .= " -lclamav"; --- > $libs .= " -L/opt/clamav/lib -lclamav"; Jeff Earickson Colby College On Thu, 10 Mar 2005, Peter Russell wrote: > Date: Thu, 10 Mar 2005 08:49:32 +1100 > From: Peter Russell > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Mail-ClamAV-0.17 out > > Still fails on RHEL4 > > Checking if your kit is complete... > Looks good > Writing Makefile for Mail::ClamAV > /usr/bin/perl -Mblib -MInline=NOISY,_INSTALL_ -MMail::ClamAV -e1 0.17 > blib/arch > Can't locate Mail/ClamAV.pm in @INC (@INC contains: > /root/.cpan/build/Mail-ClamAV-0.17/blib/arch > /root/.cpan/build/Mail-ClamAV-0.17/blib/lib > /usr/lib/perl5/5.8.5/i386-linux-thread-multi /usr/lib/perl5/5.8.5 > /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5.8.4/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5.8.2/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5.8.1/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5.8.5 /usr/lib/perl5/site_perl/5.8.4 > /usr/lib/perl5/site_perl/5.8.3 /usr/lib/perl5/site_perl/5.8.2 > /usr/lib/perl5/site_perl/5.8.1 /usr/lib/perl5/site_perl/5.8.0 > /usr/lib/perl5/site_perl > /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8.4/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8.2/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8.1/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8.5 /usr/lib/perl5/vendor_perl/5.8.4 > /usr/lib/perl5/vendor_perl/5.8.3 /usr/lib/perl5/vendor_perl/5.8.2 > /usr/lib/perl5/vendor_perl/5.8.1 /usr/lib/perl5/vendor_perl/5.8.0 > /usr/lib/perl5/vendor_perl .). > BEGIN failed--compilation aborted. > make: *** [ClamAV.inl] Error 2 > make: *** Waiting for unfinished jobs.... > make: *** Waiting for unfinished jobs.... > cp ClamAV.pm blib/lib/Mail/ClamAV.pm > /usr/bin/make -j3 -- NOT OK > Running make test > Can't test without successful make > Running make install > make had returned bad status, install seems impossible > > > > > Jeff A. Earickson wrote: >> Gang, >> >> A new version of the ClamAV perl module is out. The make test >> failures realted to scanbuff int the test file are now fixed >> (the scanbuff call vanished). No updates to the Changes file >> though. Installed and working on my system (Solaris 9). >> >> Jeff Earickson >> Colby College >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> >> . >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Wed Mar 9 21:58:21 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:28:56 2006 Subject: Mail-ClamAV-0.17 out Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] and on another rhel4 (what i tjhought was identical machine) Writing /root/.cpan/build/Mail-ClamAV-0.17/blib/arch/auto/Mail/ClamAV/.packlist make[1]: Leaving directory `/root/.cpan/build/Mail-ClamAV-0.17/_Inline/build/Mail/ClamAV' Finished "make install" Stage Starting Cleaning Up Stage Finished Cleaning Up Stage Finished Build Compile Stage Manifying blib/man3/Mail::ClamAV.3pm /usr/bin/make -- OK Running make test PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t t/Mail-ClamAV....# Failed test (t/Mail-ClamAV.t at line 9) # Tried to use 'Mail::ClamAV'. # Error: Had problems bootstrapping Inline module 'Mail::ClamAV' # # Can't load '/root/.cpan/build/Mail-ClamAV-0.17/blib/arch/auto/Mail/ClamAV/ClamAV.so' for module Mail::ClamAV: libclamav.so.1: cannot open shared object file: No such file or directory at /usr/lib/perl5/5.8.5/i386-linux-thread-multi/DynaLoader.pm line 230. # at /usr/lib/perl5/site_perl/5.8.5/Inline.pm line 500 # # # at /root/.cpan/build/Mail-ClamAV-0.17/blib/lib/Mail/ClamAV.pm line 188 # BEGIN failed--compilation aborted at /root/.cpan/build/Mail-ClamAV-0.17/blib/lib/Mail/ClamAV.pm line 532. # Compilation failed in require at (eval 1) line 2. t/Mail-ClamAV....NOK 1"all" is not defined in %Mail::ClamAV::EXPORT_TAGS at t/Mail-ClamAV.t line 11 Can't continue after import errors at t/Mail-ClamAV.t line 11 # Looks like you planned 10 tests but only ran 1. t/Mail-ClamAV....dubious Test returned status 10 (wstat 2560, 0xa00) DIED. FAILED tests 1-10 Failed 10/10 tests, 0.00% okay Failed Test Stat Wstat Total Fail Failed List of Failed ------------------------------------------------------------------------------- t/Mail-ClamAV.t 10 2560 10 19 190.00% 1-10 Failed 1/1 test scripts, 0.00% okay. 10/10 subtests failed, 0.00% okay. make: *** [test_dynamic] Error 2 /usr/bin/make test -- NOT OK Running make install make test had returned bad status, won't install without force Peter Russell wrote: > Still fails on RHEL4 > > Checking if your kit is complete... > Looks good > Writing Makefile for Mail::ClamAV > /usr/bin/perl -Mblib -MInline=NOISY,_INSTALL_ -MMail::ClamAV -e1 0.17 > blib/arch > Can't locate Mail/ClamAV.pm in @INC (@INC contains: > /root/.cpan/build/Mail-ClamAV-0.17/blib/arch > /root/.cpan/build/Mail-ClamAV-0.17/blib/lib > /usr/lib/perl5/5.8.5/i386-linux-thread-multi /usr/lib/perl5/5.8.5 > /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5.8.4/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5.8.2/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5.8.1/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5.8.5 /usr/lib/perl5/site_perl/5.8.4 > /usr/lib/perl5/site_perl/5.8.3 /usr/lib/perl5/site_perl/5.8.2 > /usr/lib/perl5/site_perl/5.8.1 /usr/lib/perl5/site_perl/5.8.0 > /usr/lib/perl5/site_perl > /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8.4/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8.2/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8.1/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8.5 /usr/lib/perl5/vendor_perl/5.8.4 > /usr/lib/perl5/vendor_perl/5.8.3 /usr/lib/perl5/vendor_perl/5.8.2 > /usr/lib/perl5/vendor_perl/5.8.1 /usr/lib/perl5/vendor_perl/5.8.0 > /usr/lib/perl5/vendor_perl .). > BEGIN failed--compilation aborted. > make: *** [ClamAV.inl] Error 2 > make: *** Waiting for unfinished jobs.... > make: *** Waiting for unfinished jobs.... > cp ClamAV.pm blib/lib/Mail/ClamAV.pm > /usr/bin/make -j3 -- NOT OK > Running make test > Can't test without successful make > Running make install > make had returned bad status, install seems impossible > > > > > Jeff A. Earickson wrote: > >> Gang, >> >> A new version of the ClamAV perl module is out. The make test >> failures realted to scanbuff int the test file are now fixed >> (the scanbuff call vanished). No updates to the Changes file >> though. Installed and working on my system (Solaris 9). >> >> Jeff Earickson >> Colby College >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> >> . >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Mar 9 22:02:36 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:56 2006 Subject: Mail-ClamAV-0.17 out Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I had this one this afternoon. I edited the Makefile.PL to add "-L /usr/local/lib" in the setting that puts in the -I in there. Also, I added /usr/local/lib to /etc/ld.so.conf and ran ldconfig to reload the cache. Peter Russell wrote: > and on another rhel4 (what i tjhought was identical machine) > > Writing > /root/.cpan/build/Mail-ClamAV-0.17/blib/arch/auto/Mail/ClamAV/.packlist > make[1]: Leaving directory > `/root/.cpan/build/Mail-ClamAV-0.17/_Inline/build/Mail/ClamAV' > Finished "make install" Stage > > Starting Cleaning Up Stage > Finished Cleaning Up Stage > > Finished Build Compile Stage > > Manifying blib/man3/Mail::ClamAV.3pm > /usr/bin/make -- OK > Running make test > PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" > "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t > t/Mail-ClamAV....# Failed test (t/Mail-ClamAV.t at line 9) > # Tried to use 'Mail::ClamAV'. > # Error: Had problems bootstrapping Inline module 'Mail::ClamAV' > # > # Can't load > '/root/.cpan/build/Mail-ClamAV-0.17/blib/arch/auto/Mail/ClamAV/ClamAV.so' > for module Mail::ClamAV: libclamav.so.1: cannot open shared object file: > No such file or directory at > /usr/lib/perl5/5.8.5/i386-linux-thread-multi/DynaLoader.pm line 230. > # at /usr/lib/perl5/site_perl/5.8.5/Inline.pm line 500 > # > # > # at /root/.cpan/build/Mail-ClamAV-0.17/blib/lib/Mail/ClamAV.pm line 188 > # BEGIN failed--compilation aborted at > /root/.cpan/build/Mail-ClamAV-0.17/blib/lib/Mail/ClamAV.pm line 532. > # Compilation failed in require at (eval 1) line 2. > t/Mail-ClamAV....NOK 1"all" is not defined in %Mail::ClamAV::EXPORT_TAGS > at t/Mail-ClamAV.t line 11 > Can't continue after import errors at t/Mail-ClamAV.t line 11 > # Looks like you planned 10 tests but only ran 1. > t/Mail-ClamAV....dubious > > Test returned status 10 (wstat 2560, 0xa00) > DIED. FAILED tests 1-10 > Failed 10/10 tests, 0.00% okay > Failed Test Stat Wstat Total Fail Failed List of Failed > ------------------------------------------------------------------------------- > > t/Mail-ClamAV.t 10 2560 10 19 190.00% 1-10 > Failed 1/1 test scripts, 0.00% okay. 10/10 subtests failed, 0.00% okay. > make: *** [test_dynamic] Error 2 > /usr/bin/make test -- NOT OK > Running make install > make test had returned bad status, won't install without force > > > > > Peter Russell wrote: > >> Still fails on RHEL4 >> >> Checking if your kit is complete... >> Looks good >> Writing Makefile for Mail::ClamAV >> /usr/bin/perl -Mblib -MInline=NOISY,_INSTALL_ -MMail::ClamAV -e1 0.17 >> blib/arch >> Can't locate Mail/ClamAV.pm in @INC (@INC contains: >> /root/.cpan/build/Mail-ClamAV-0.17/blib/arch >> /root/.cpan/build/Mail-ClamAV-0.17/blib/lib >> /usr/lib/perl5/5.8.5/i386-linux-thread-multi /usr/lib/perl5/5.8.5 >> /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi >> /usr/lib/perl5/site_perl/5.8.4/i386-linux-thread-multi >> /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi >> /usr/lib/perl5/site_perl/5.8.2/i386-linux-thread-multi >> /usr/lib/perl5/site_perl/5.8.1/i386-linux-thread-multi >> /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi >> /usr/lib/perl5/site_perl/5.8.5 /usr/lib/perl5/site_perl/5.8.4 >> /usr/lib/perl5/site_perl/5.8.3 /usr/lib/perl5/site_perl/5.8.2 >> /usr/lib/perl5/site_perl/5.8.1 /usr/lib/perl5/site_perl/5.8.0 >> /usr/lib/perl5/site_perl >> /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi >> /usr/lib/perl5/vendor_perl/5.8.4/i386-linux-thread-multi >> /usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi >> /usr/lib/perl5/vendor_perl/5.8.2/i386-linux-thread-multi >> /usr/lib/perl5/vendor_perl/5.8.1/i386-linux-thread-multi >> /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi >> /usr/lib/perl5/vendor_perl/5.8.5 /usr/lib/perl5/vendor_perl/5.8.4 >> /usr/lib/perl5/vendor_perl/5.8.3 /usr/lib/perl5/vendor_perl/5.8.2 >> /usr/lib/perl5/vendor_perl/5.8.1 /usr/lib/perl5/vendor_perl/5.8.0 >> /usr/lib/perl5/vendor_perl .). >> BEGIN failed--compilation aborted. >> make: *** [ClamAV.inl] Error 2 >> make: *** Waiting for unfinished jobs.... >> make: *** Waiting for unfinished jobs.... >> cp ClamAV.pm blib/lib/Mail/ClamAV.pm >> /usr/bin/make -j3 -- NOT OK >> Running make test >> Can't test without successful make >> Running make install >> make had returned bad status, install seems impossible >> >> >> >> >> Jeff A. Earickson wrote: >> >>> Gang, >>> >>> A new version of the ClamAV perl module is out. The make test >>> failures realted to scanbuff int the test file are now fixed >>> (the scanbuff call vanished). No updates to the Changes file >>> though. Installed and working on my system (Solaris 9). >>> >>> Jeff Earickson >>> Colby College >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >>> . >>> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rzewnickie at RFA.ORG Wed Mar 9 22:26:22 2005 From: rzewnickie at RFA.ORG (Eric Dantan Rzewnicki) Date: Thu Jan 12 21:28:56 2006 Subject: Outstanding feature/fix requests? Message-ID: On Wed, Mar 09, 2005 at 07:36:09PM +0000, Julian Field wrote: > Eric Dantan Rzewnicki wrote: > >On Mon, Mar 07, 2005 at 12:24:53AM +0100, Peter Bonivart wrote: > >>Dan Hollis wrote: > >>>Yes, all our users are on the MS box. So you're saying it shouldn't be an > >>>option even for those MS installations which do have all accounts on the > >>>box? Because everyone doesn't have exactly the same setup, nobody should > >>>have the option? > >>I'm not in a position to either grant or deny you anything but I do > >>think you belong to a minority to have a setup like that. > >>-- > >>/Peter Bonivart > >Peter, > >I just want to say that while those of you who are full time mail admins > >at large sites have more time to participate in the MailScanner > >community, there are many of us, I think, who have everything on one box > >and only have time to drop in here when MailScanner needs upgrading. > >Some of us have many other duties outside of mail. Just because we can't > >spend as much time here doesn't mean we aren't using MailScanner. > Come on guys, be nice to each other now. > There are lots of different types of MailScanner users, everything from > home Linux hobbyists to multi-site international full time mail admins. > There is no "usual" or "unusual" type of MailScanner setup, believe me! > :-) I apologize if my post appeared grumpy or anything. I didn't mean it like that. -- Eric Dantan Rzewnicki | Systems Administrator Technical Operations Division | Radio Free Asia 2025 M Street, NW | Washington, DC 20036 | 202-530-4900 CONFIDENTIAL COMMUNICATION This e-mail message is intended only for the use of the addressee and may contain information that is privileged and confidential. Any unauthorized dissemination, distribution, or copying is strictly prohibited. If you receive this transmission in error, please contact network@rfa.org. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rzewnickie at RFA.ORG Wed Mar 9 22:27:30 2005 From: rzewnickie at RFA.ORG (Eric Dantan Rzewnicki) Date: Thu Jan 12 21:28:56 2006 Subject: Outstanding feature/fix requests? Message-ID: On Wed, Mar 09, 2005 at 11:52:09AM -0800, Scott Silva wrote: > Julian Field wrote: > > Eric Dantan Rzewnicki wrote: > >> On Mon, Mar 07, 2005 at 12:24:53AM +0100, Peter Bonivart wrote: > >>> Dan Hollis wrote: > >>>> Yes, all our users are on the MS box. So you're saying it shouldn't > >>>> be an > >>>> option even for those MS installations which do have all accounts on > >>>> the > >>>> box? Because everyone doesn't have exactly the same setup, nobody > >>>> should > >>>> have the option? > >>> I'm not in a position to either grant or deny you anything but I do > >>> think you belong to a minority to have a setup like that. > >> Peter, > >> I just want to say that while those of you who are full time mail admins > >> at large sites have more time to participate in the MailScanner > >> community, there are many of us, I think, who have everything on one box > >> and only have time to drop in here when MailScanner needs upgrading. > >> Some of us have many other duties outside of mail. Just because we can't > >> spend as much time here doesn't mean we aren't using MailScanner. > > Come on guys, be nice to each other now. > > There are lots of different types of MailScanner users, everything from > > home Linux hobbyists to multi-site international full time mail admins. > > There is no "usual" or "unusual" type of MailScanner setup, believe me! > I second that emotion! > I would hate to see this list turn into another flamewars list. > It is just too valuable a resource!!! Certainly, certainly. I didn't mean to flame at all. -- Eric Dantan Rzewnicki | Systems Administrator Technical Operations Division | Radio Free Asia 2025 M Street, NW | Washington, DC 20036 | 202-530-4900 CONFIDENTIAL COMMUNICATION This e-mail message is intended only for the use of the addressee and may contain information that is privileged and confidential. Any unauthorized dissemination, distribution, or copying is strictly prohibited. If you receive this transmission in error, please contact network@rfa.org. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Wed Mar 9 22:31:33 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:28:56 2006 Subject: bayes expire tokens Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Brady Tucker wrote on Tue, 8 Mar 2005 18:35:00 -0600: > I'm assuming that the bayes > DB gets so big that doing the expire job only once/day it takes to long to > finish and it gives up and tries again repeatedly ? Exactly, that's the problem. Additionally, if your db builds up over a long time and expiry eventually kicks in it's quite possible that it cannot find a good expiry delta because of the algorithm they use for this. That can extend the run to several minutes and can even fail completely to expire. Running the expiry regularly prohibits building up of token data which could spoil the expiry. (The algorithm for expiry takes time of last run, last delta, expected reduction and one or two other things into account and if it doesn't produce a sensible figure which could match the expected expiry maximum SA will try to go thru ten trial loops which can quite often fail.) (even when running in > tmpfs)???? I don't know why.. There's a timeout for SA in mailscanner.conf. As I understand if that occurs the operation gets called off. Which means expiry also gets called off in the middle of operation. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Wed Mar 9 22:31:33 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:28:56 2006 Subject: bayes expire tokens Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Peter Bonivart wrote on Wed, 9 Mar 2005 09:33:36 +0100: > Is it reasonable to have a > bayes_toks file of 5 MB and a bayes_seen file of 82 MB? > How much mail does the system get? Have a look at how long it takes to build up such a big file. F.i. if you sync it away and let it run for a day, how big is it? Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Wed Mar 9 22:31:33 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:28:56 2006 Subject: bayes expire tokens Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Brady Tucker wrote on Wed, 9 Mar 2005 06:55:50 -0600: > You may be right in that Julian may not be able to do anything... However, > if the problem is that the expiry process is getting interrupted --- and he > can keep MS from trying add to the db or interrupt the expiry process then > it would finish properly even if it took an excessive time, right ? No. It seems when the timeout is reached the process gets called off. Finito. > > The problem is that I'm not clear on what is stopping the expiry process in > the first place... Ok, if I misinterpret the cause for that stopping my arguments are wrong, agreed :-) > Is SA is timing out because it thinks it's taking to long if "it" is "MS", then yes. > -- or if MS is 'no longer stopping to wait during expiry' because it was > taking to long and interrupting a long expiry process.... I always interpreted that setting that it means that MS will obey this if a rebuild is in progress. F.i. via sa-learn or MS thru the SA lib. However, the SA run gets stopped when MS reaches its internal SA timeout. There's no separate SA process which could keep running. > > The other solution presented here to set SA to timeout at 120 seconds didn't > work for me... because it was too short! > In the meantime... Forcing expire 3 times a day from a cron job fixes the > problem. Yes, and if you set the timeout to ten minutes it will work as well (NO, don't do it!). However, forcing an expire regularly is much cleaner and preferrable in my eyes :-) That you have to expire three days a time just proves that you have so many mail running thru your system that any fewer runs would make it take too long for the 120 sec timeout. You might consider upping the token count in your bayes dbs as well. Not much sense in slashing half of your db each day. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rzewnickie at RFA.ORG Wed Mar 9 22:31:05 2005 From: rzewnickie at RFA.ORG (Eric Dantan Rzewnicki) Date: Thu Jan 12 21:28:56 2006 Subject: Outstanding feature/fix requests? Message-ID: On Wed, Mar 09, 2005 at 09:05:15PM +0100, Peter Bonivart wrote: > Eric Dantan Rzewnicki wrote: > >On Mon, Mar 07, 2005 at 12:24:53AM +0100, Peter Bonivart wrote: > >>Dan Hollis wrote: > >>>Yes, all our users are on the MS box. So you're saying it shouldn't be an > >>>option even for those MS installations which do have all accounts on the > >>>box? Because everyone doesn't have exactly the same setup, nobody should > >>>have the option? > >>I'm not in a position to either grant or deny you anything but I do > >>think you belong to a minority to have a setup like that. > >I just want to say that while those of you who are full time mail admins > >at large sites have more time to participate in the MailScanner > >community, there are many of us, I think, who have everything on one box > >and only have time to drop in here when MailScanner needs upgrading. > >Some of us have many other duties outside of mail. Just because we can't > >spend as much time here doesn't mean we aren't using MailScanner. > I'm not a full time mail admin either, I try hard to find time for both > MS and the rest of the stuff I'm supposed to do. It's just that dealing > with MS is so gratifying because users can really notice the difference > it makes in such an important tool that e-mail is today. Therefor I > spend my "free" time here on the list since it's not consider proper for > me to post from my company address. Cool. I spend my free time on linux audio lists for similar reasons. :) I don't know if I could get my job done if I weren't allowed to post to lists from work. > Regarding the above issue Dan got a little hot but it's a non issue now > since Julian has already implemented his wish, minority or not. > Christmas comes early for some. :-) All's well that ends well. :) /me returns to lurk mode -- Eric Dantan Rzewnicki | Systems Administrator Technical Operations Division | Radio Free Asia 2025 M Street, NW | Washington, DC 20036 | 202-530-4900 CONFIDENTIAL COMMUNICATION This e-mail message is intended only for the use of the addressee and may contain information that is privileged and confidential. Any unauthorized dissemination, distribution, or copying is strictly prohibited. If you receive this transmission in error, please contact network@rfa.org. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Wed Mar 9 21:39:54 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:56 2006 Subject: Graphic Based Spams Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Michael Baird wrote: > It is an HTML message with the image included, I do run razor and dcc, > I'm using the latest 2.6.x spamassassin variant, I don't believe I'm > using the Mail::SpamCopURI module (although I use spamcop in my > spamlist). I would highly recommend an upgrade to SA 3.0.2, then you get SURBL support built in (that's what the SpamCopURI module is for in SA 2.6x) and I find SURBL to be the best spam protection right now. -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Wed Mar 9 23:11:47 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:56 2006 Subject: bayes expire tokens Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Kai Schaetzl wrote: > Peter Bonivart wrote on Wed, 9 Mar 2005 09:33:36 +0100: >>Is it reasonable to have a >>bayes_toks file of 5 MB and a bayes_seen file of 82 MB? > > How much mail does the system get? Have a look at how long it takes to > build up such a big file. F.i. if you sync it away and let it run for a > day, how big is it? But it seems to me that the bayes_seen is not touched by the expire process, it just keeps growing. Am I wrong about that? When I read the man page it just mentions the bayes_toks file as well. I will start keeping track of these files tomorrow. Thanks for responding. -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cconn at ABACOM.COM Wed Mar 9 23:44:21 2005 From: cconn at ABACOM.COM (Chris Conn) Date: Thu Jan 12 21:28:56 2006 Subject: bayes expire tokens Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Kai Schaetzl wrote: >>228547 entries kept, 375363 deleted >> > > > wow! look at this, it expires more than half of the db! If that happens > daily it means the usefulness of the db will diminish drastically. You > should consider upping the limit quite a bit. (I haven't seen any ill > effects with 1 mio. token dbs.) Hello, Could you educate me as to how to increase the token limit? Appreciated, Chris ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Thu Mar 10 00:10:35 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:28:56 2006 Subject: Mail-ClamAV-0.17 out Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Perfect thank you :) Nah i rarely insall to non defaults, i need to follow instructions and guides too often so try not to make it any harder on my self :) Jeff A. Earickson wrote: > Try doing the make without the "-j3". I find that sometimes the > parallel make feature in GNU make jams up, but a make on one CPU > works just fine. Is your ClamAV installed in a default location? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Thu Mar 10 00:31:35 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:28:56 2006 Subject: bayes expire tokens Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Peter Bonivart wrote on Thu, 10 Mar 2005 00:11:47 +0100: > But it seems to me that the bayes_seen is not touched by the expire > process, it just keeps growing. Am I wrong about that? > You are absolutely right, yes. Sorry. It's not touched by sync or expire. I thought it would get synced to the db, but it's apparently a separate db. It stores information about which tokens matched when (last atime). Having it in a separate file reduces writes to bayes_toks. If that file is so big this indicates that a lot of matching tokens are in it. Could be a lot of reasons: very high mail flux, lots of tokens in the db, lots of spam coming in and matching ... Considering the problem with expiry it's also possible that the db is so big because it carries lots of matching information for old tokens which should have been expired (and their respective bayes_seen record wiped away as well). However, if I remember correctly you got the expiry fixed by scheduling it, didn't you? Then I think it can't be the cause. Still quite unusual to have such a big file, there's no logic in that file having a bigger size than the toks file itself. Unless the tokens are all extremely small so that the information about them takes more space than the actual token (don't know if this is possible, speculating). If that is possible and nearly all of your tokens get matched between each expiry (because your db spans only over a few days), yes, I think then this would theoretically be possible. Again, how much mail gets thru? And what does --dump magic say about your token structure? Really, you should carry this over to the SA list, it doesn't have anything to do with MS unless the MS usage causes some kind of corruption in this file. But still, the best way is to ask SA developers for help identifying the problem. This is definitely a problem that needs resolving, such a big file probably slows writes to it quite a bit. I think I even remember some threads about big bayes_seen files and what caused them, in which I participated, but I don't remember anything. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Thu Mar 10 00:40:06 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:28:56 2006 Subject: bayes expire tokens Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Chris Conn wrote on Wed, 9 Mar 2005 18:44:21 -0500: > Could you educate me as to how to increase the token limit? > this line does it: bayes_expiry_max_db_size 1000000 That's the no. of tokens which gets used. If I remember correctly it tries expiring when 75% of that is reached. You shouldn't put it up too drastically in one jump, because that can spoil the expiry algorithm when it later kicks in. Still, I would be interested to see some answers to the few questions I had in my earlier posting. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Thu Mar 10 01:02:40 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:28:56 2006 Subject: Mail-ClamAV-0.17 out - oops Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Well not perfect :( It installs but fails to work - i see the following in the logs. MailScanner[20430]: ClamAV Perl module not found, did you install it? Peter Russell wrote: > Perfect thank you :) > > Nah i rarely insall to non defaults, i need to follow instructions and > guides too often so try not to make it any harder on my self :) > > Jeff A. Earickson wrote: > >> Try doing the make without the "-j3". I find that sometimes the >> parallel make feature in GNU make jams up, but a make on one CPU >> works just fine. Is your ClamAV installed in a default location? > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Thu Mar 10 04:53:24 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:28:56 2006 Subject: Mail-ClamAV-0.17 out - oops Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Peter Russell wrote: > Well not perfect :( > > It installs but fails to work - i see the following in the logs. > > MailScanner[20430]: ClamAV Perl module not found, did you install it? > I am using CentOS 4 (i386), not only installs cleanly but also works fine without any changes. - dhawal cpan> install D/DC/DCONWAY/Parse-RecDescent-1.94.tar.gz - snip - cpan> install I/IN/INGY/Inline-0.44.tar.gz - snip - cpan> install S/SA/SABECK/Mail-ClamAV-0.17.tar.gz Running make for S/SA/SABECK/Mail-ClamAV-0.17.tar.gz Fetching with LWP: ftp://archive.progeny.com/CPAN/authors/id/S/SA/SABECK/Mail-ClamAV-0.17.tar.gz Fetching with LWP: ftp://archive.progeny.com/CPAN/authors/id/S/SA/SABECK/CHECKSUMS Checksum for /root/.cpan/sources/authors/id/S/SA/SABECK/Mail-ClamAV-0.17.tar.gz ok Mail-ClamAV-0.17/ Mail-ClamAV-0.17/Inline/ Mail-ClamAV-0.17/Inline/MakeMaker.pm Mail-ClamAV-0.17/Makefile.PL Mail-ClamAV-0.17/README Mail-ClamAV-0.17/t/ Mail-ClamAV-0.17/t/Mail-ClamAV.t Mail-ClamAV-0.17/t/eicarcom2.zip Mail-ClamAV-0.17/t/virus.eml Mail-ClamAV-0.17/config.pl Mail-ClamAV-0.17/MANIFEST Mail-ClamAV-0.17/INSTALL Mail-ClamAV-0.17/ClamAV.pm Mail-ClamAV-0.17/META.yml Mail-ClamAV-0.17/Changes CPAN.pm: Going to build S/SA/SABECK/Mail-ClamAV-0.17.tar.gz Checking if your kit is complete... Looks good Writing Makefile for Mail::ClamAV cp ClamAV.pm blib/lib/Mail/ClamAV.pm /usr/bin/perl -Mblib -MInline=NOISY,_INSTALL_ -MMail::ClamAV -e1 0.17 blib/arch Starting Build Prepocess Stage Finished Build Prepocess Stage Starting Build Parse Stage Finished Build Parse Stage Starting Build Glue 1 Stage Finished Build Glue 1 Stage Starting Build Glue 2 Stage Finished Build Glue 2 Stage Starting Build Glue 3 Stage Finished Build Glue 3 Stage Starting Build Compile Stage Starting "perl Makefile.PL" Stage Writing Makefile for Mail::ClamAV Finished "perl Makefile.PL" Stage Starting "make" Stage make[1]: Entering directory `/root/.cpan/build/Mail-ClamAV-0.17/_Inline/build/Mail/ClamAV' /usr/bin/perl /usr/lib/perl5/5.8.5/ExtUtils/xsubpp -typemap /usr/lib/perl5/5.8.5/ExtUtils/typemap ClamAV.xs > ClamAV.xsc && mv ClamAV.xsc ClamAV.c gcc -c -I/root/.cpan/build/Mail-ClamAV-0.17 -I/usr/include -D_REENTRANT -D_GNU_SOURCE -fno-strict-aliasing -pipe -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -pipe -m32 -march=i386 -mtune=pentium4 -DVERSION=\"0.17\" -DXS_VERSION=\"0.17\" -fPIC "-I/usr/lib/perl5/5.8.5/i386-linux-thread-multi/CORE" ClamAV.c Running Mkbootstrap for Mail::ClamAV () chmod 644 ClamAV.bs rm -f blib/arch/auto/Mail/ClamAV/ClamAV.so gcc -shared -L/usr/local/lib ClamAV.o -o blib/arch/auto/Mail/ClamAV/ClamAV.so -L/usr/lib -lz -lbz2 -lgmp -L/usr/lib -lcurl -lssl -lcrypto -lgssapi_krb5 -lkrb5 -lcom_err -lk5crypto -lresolv -ldl -lz -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err -lresolv -lidn -lssl -lcrypto -lssl -lcrypto -lgssapi_krb5 -lkrb5 -lcom_err -lk5crypto -lresolv -ldl -lz -lz -lpthread -lclamav chmod 755 blib/arch/auto/Mail/ClamAV/ClamAV.so cp ClamAV.bs blib/arch/auto/Mail/ClamAV/ClamAV.bs chmod 644 blib/arch/auto/Mail/ClamAV/ClamAV.bs make[1]: Leaving directory `/root/.cpan/build/Mail-ClamAV-0.17/_Inline/build/Mail/ClamAV' Finished "make" Stage Starting "make install" Stage make[1]: Entering directory `/root/.cpan/build/Mail-ClamAV-0.17/_Inline/build/Mail/ClamAV' Installing /root/.cpan/build/Mail-ClamAV-0.17/blib/arch/auto/Mail/ClamAV/ClamAV.so Installing /root/.cpan/build/Mail-ClamAV-0.17/blib/arch/auto/Mail/ClamAV/ClamAV.bs Files found in blib/arch: installing files in blib/lib into architecture dependent library tree Writing /root/.cpan/build/Mail-ClamAV-0.17/blib/arch/auto/Mail/ClamAV/.packlist make[1]: Leaving directory `/root/.cpan/build/Mail-ClamAV-0.17/_Inline/build/Mail/ClamAV' Finished "make install" Stage Starting Cleaning Up Stage Finished Cleaning Up Stage Finished Build Compile Stage Manifying blib/man3/Mail::ClamAV.3pm /usr/bin/make -- OK Running make test PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t t/Mail-ClamAV....ok All tests successful. Files=1, Tests=10, 0 wallclock secs ( 0.47 cusr + 0.06 csys = 0.53 CPU) /usr/bin/make test -- OK Running make install Installing /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/auto/Mail/ClamAV/ClamAV.so Installing /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/auto/Mail/ClamAV/ClamAV.bs Files found in blib/arch: installing files in blib/lib into architecture dependent library tree Installing /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/Mail/ClamAV.pm Installing /usr/share/man/man3/Mail::ClamAV.3pm Writing /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/auto/Mail/ClamAV/.packlist Appending installation info to /usr/lib/perl5/5.8.5/i386-linux-thread-multi/perllocal.pod /usr/bin/make install -- OK From the maillog ClamAVModule::INFECTED:: Eicar-Test-Signature:: ./18352D382F8.BF2CB/msg-10988-1.txt ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From isi at DAGGERSDEN.NET Thu Mar 10 05:23:15 2005 From: isi at DAGGERSDEN.NET (Isi Lawson) Date: Thu Jan 12 21:28:56 2006 Subject: Problem releasing a message Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] This might be off topic but I think my problem is related to mailscanner. I have post this also on the mailwatch list and am awaiting feedback there as well I am using mailwatch to manage my quarantine but get an error in my /var/log/maillog when i try to release a message. I am guessing that i have munged a config setting somewhere but cannot locate which one. Any help is appreciated. Mar 10 00:06:38 abaddon postfix/smtpd[13340]: connect from localhost.localdomain[127.0.0.1] Mar 10 00:06:38 abaddon postfix/smtpd[13340]: NOQUEUE: reject: RCPT from localhost.localdomain[127.0.0.1]: 504 : Helo command rejected: need fully-qualified hostname; from= to= proto=ESMTP helo= Mar 10 00:06:38 abaddon postfix/smtpd[13340]: lost connection after RCPT from localhost.localdomain[127.0.0.1] Mar 10 00:06:38 abaddon postfix/smtpd[13340]: disconnect from localhost.localdomain[127.0.0.1] Thanks, Isi ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From tony.johansson at SVENSKAKYRKAN.SE Thu Mar 10 08:31:48 2005 From: tony.johansson at SVENSKAKYRKAN.SE (Tony Johansson) Date: Thu Jan 12 21:28:56 2006 Subject: Outstanding feature/fix requests? Message-ID: I would like a feature where you could forwarded matching filenames, extensions or filetypes to a specific mailbox instead of just blocking them. I do not want to quarantine viruses, just forward non-infected files that we normally block. /Tony ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu Mar 10 09:02:22 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:56 2006 Subject: Graphic Based Spams Message-ID: Michael if you can drop the email somewhere I can pick it up (ftp or http site and save the email as a .txt with ALL the header info), I can run it on my 3.02 system which also has lots of the SARE and other rules as extras. If the html has the pictures embedded within the message (rather than a call to a URL to get them) then the URL-RBL (spamcop plugin for subl.org URI-RBL's) won't help much. Anyway if you can let me have the mesg I can advise better, -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Michael Baird wrote: > Heh guys, this may not be a problem directly related to MailScanner, but > I'm having issues with spams that are just graphics (Viagra Cheap), they > score very low and make it through. What is the best way to handle these > types of spam, tweak the spamassassin scores a bit? Update to the latest > spamassassin? Just looking for advice on the subject. > > Regards > Michael Baird > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Mar 10 09:03:12 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:56 2006 Subject: bayes expire tokens Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Kai Schaetzl wrote: >Brady Tucker wrote on Tue, 8 Mar 2005 18:35:00 -0600: > > > >>I'm assuming that the bayes >>DB gets so big that doing the expire job only once/day it takes to long to >>finish and it gives up and tries again repeatedly ? >> >> > >Exactly, that's the problem. Additionally, if your db builds up over a long >time and expiry eventually kicks in it's quite possible that it cannot find a >good expiry delta because of the algorithm they use for this. That can extend >the run to several minutes and can even fail completely to expire. Running the >expiry regularly prohibits building up of token data which could spoil the >expiry. (The algorithm for expiry takes time of last run, last delta, expected >reduction and one or two other things into account and if it doesn't produce a >sensible figure which could match the expected expiry maximum SA will try to go >thru ten trial loops which can quite often fail.) > > (even when running in > > >>tmpfs)???? I don't know why.. >> >> > >There's a timeout for SA in mailscanner.conf. As I understand if that occurs >the operation gets called off. Which means expiry also gets called off in the >middle of operation. > > No, the expiry is handled quite separately. Or it is supposed to be :) -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Thu Mar 10 09:07:30 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:28:56 2006 Subject: bayes expire tokens Message-ID: Hi! >>> I'm assuming that the bayes >>> DB gets so big that doing the expire job only once/day it takes to long to >>> finish and it gives up and tries again repeatedly ? > No, the expiry is handled quite separately. Or it is supposed to be :) But if they get rather large it can cause timeouts. If a machine can barely handle the load, the expire of a 400 meg bayes database can cause some heavy disk i/o... So at those moments it can be interfering with the regular scanning process. Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Thu Mar 10 09:40:48 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:56 2006 Subject: Problem releasing a message Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Isi Lawson > Sent: den 10 mars 2005 06:23 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Problem releasing a message > > > This might be off topic but I think my problem is related to > mailscanner. I have post this also on the mailwatch list and am > awaiting feedback there as well Same "answerer" in both...:-). Too bad you didn't include the logs "over there". In this case you are rejecting "non-FQDN HELOs/EHLOs", which is IMO a good thing. You do this at MTA(postfix) level. Fine. Making the changes to MailWatch so that you can specify define(QUARANTINE_MAIL_HOST, 'abaddon.'); in conf.php will cure your problem (think it's in cvs and will be in the (hopefully) imminent 0.6 release... Or look for messages by me around Feb 07 on the MW list... Really minor change, so you might as well do it "by hand"). -- Glenn > > I am using mailwatch to manage my quarantine but get an error in my > /var/log/maillog when i try to release a message. > > I am guessing that i have munged a config setting somewhere but cannot > locate which one. Any help is appreciated. > > Mar 10 00:06:38 abaddon postfix/smtpd[13340]: connect from > localhost.localdomain[127.0.0.1] > Mar 10 00:06:38 abaddon postfix/smtpd[13340]: NOQUEUE: > reject: RCPT from > localhost.localdomain[127.0.0.1]: 504 : Helo command > rejected: need fully-qualified hostname; from= > to= proto=ESMTP helo= > Mar 10 00:06:38 abaddon postfix/smtpd[13340]: lost connection > after RCPT > from localhost.localdomain[127.0.0.1] > Mar 10 00:06:38 abaddon postfix/smtpd[13340]: disconnect from > localhost.localdomain[127.0.0.1] > > Thanks, > > Isi > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From t.d.lee at DURHAM.AC.UK Thu Mar 10 09:53:40 2005 From: t.d.lee at DURHAM.AC.UK (David Lee) Date: Thu Jan 12 21:28:56 2006 Subject: Mail-ClamAV-0.17 out Message-ID: On Wed, 9 Mar 2005, Jeff A. Earickson wrote: > A new version of the ClamAV perl module is out. The make test > failures realted to scanbuff int the test file are now fixed > (the scanbuff call vanished). No updates to the Changes file > though. Installed and working on my system (Solaris 9). Thanks. (Behind the scenes for the last few days, I've been encouraging Scott Beck, the module's maintainer, to fix both the sets of problems in the test suite that have been discussed on the list. 0.16 fixed the first set, 0.17 the second set.) To confirm: 0.17 builds and tests itself cleanly on systems (Solaris 9 and Fedora Core 3) at my site. It looks sound. (In production on FC3 we've been successfully running 0.16 for a few days. A "diff -r" between that (0.16) and the brand new 0.17 indicates that the only change is the removal of the "scanbuff" tests within the test suite itself (so no differences in what gets installed). P.S. The difficulties encountered by Peter Russell are different, and look like being related to his installation, rather than to the module. I, too, trip over just such problems as his (failing to compile, then when that's fixed "make test" giving "Error: Had problems bootstrapping Inline module 'Mail::ClamAV'"). But these are because I use slightly non-default locations, so need to adjust PATH (and, in the case of FC3, LD_RUN_PATH) locally here. Hope that helps. -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : University of Durham : : http://www.dur.ac.uk/t.d.lee/ South Road : : Durham : : Phone: +44 191 334 2752 U.K. : ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Mar 10 10:25:30 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:56 2006 Subject: Problem with MailScanner, postfix and corrupt mails Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Please try the attached patches for Postfix.pm and PFDiskStore.pm. I *may* have found the problem. Robert Waldner wrote: >On Wed, 09 Mar 2005 19:34:21 GMT, Julian Field writes: > > >>>>Bother :-( >>>>This is totally unreproduceable. Can you send me one of the corrups >>>>messages, I want to check all the checksums and pointers in the message >>>>structure to see if I can glean anything from it. >>>> >>>> > > > >>>Is per PM to MailScanner@ECS.SOTON.AC.UK ok? It doesn't contain really >>>confidential information, but I'd rather not have it archived all over >>>the world. >>> >>> > > > >>Sure. Don't worry, it won't go anywhere. >> >> > >Ok, E9E9C73735 is the one from the machine with the patch applied, > 039E34FEE0 is an older one from the other box for reference. > >I have a couple hundred more if you need them. > >cheers, >&rw > > >------------------------------------------------------------------------ > >-- "No one ever lost money underestimating the intelligence >-- of the American public." - unknown > > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/X-GZIP 546bytes. ] [ Unable to print this part. ] [ Part 3, Application/X-GZIP 522bytes. ] [ Unable to print this part. ] From ramprasad at NETCORE.CO.IN Thu Mar 10 11:15:15 2005 From: ramprasad at NETCORE.CO.IN (Ramprasad A Padmanabhan) Date: Thu Jan 12 21:28:56 2006 Subject: Sending SIG HUP to Mailscanner Message-ID: Hi, I am trying to create a Custom function in CustomConfig.pm use DB_File. I would like Mailscanner to refresh the Tied hash whenever the datafile changes. Mailscanner is running multiple processes on my machine , to which process can I safely send a HUP signal so that the Custom Init function is called again. Thanks Ram ---------------------------------------------------------- Netcore Solutions Pvt. Ltd. Website: http://www.netcore.co.in Spamtraps: http://cleanmail.netcore.co.in/directory.html ---------------------------------------------------------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From stef at L5NET.NET Thu Mar 10 11:16:46 2005 From: stef at L5NET.NET (Stef Morrell) Date: Thu Jan 12 21:28:56 2006 Subject: Problem with MailScanner, postfix and corrupt mails Message-ID: Hi Julian, > Please try the attached patches for Postfix.pm and PFDiskStore.pm. > I *may* have found the problem. Should we revert the change you suggested on the 7th before applying these patches? Stef ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From stef at L5NET.NET Thu Mar 10 11:19:57 2005 From: stef at L5NET.NET (Stef Morrell) Date: Thu Jan 12 21:28:56 2006 Subject: Sending SIG HUP to Mailscanner Message-ID: MS maintains a pid file, which you can look at. On my setup it's in /opt/MailScanner/var/MailScanner.pid, or you might look in /var/run for it. Stef > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Ramprasad A > Padmanabhan > Sent: 10 March 2005 11:15 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Sending SIG HUP to Mailscanner > > Hi, > > I am trying to create a Custom function in CustomConfig.pm > use DB_File. I would like Mailscanner to refresh the Tied > hash whenever the datafile changes. > Mailscanner is running multiple processes on my machine , > to which process can I safely send a HUP signal so that the > Custom Init function is called again. > > Thanks > Ram > > > > ---------------------------------------------------------- > Netcore Solutions Pvt. Ltd. > Website: http://www.netcore.co.in > Spamtraps: http://cleanmail.netcore.co.in/directory.html > ---------------------------------------------------------- > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- > This email has been scanned by Level 5 Internet for viruses, > spam and dangerous content. > For more information please visit http://www.l5net.net > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Mar 10 11:38:01 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:56 2006 Subject: Problem with MailScanner, postfix and corrupt mails Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Stef Morrell wrote: >Hi Julian, > > > >>Please try the attached patches for Postfix.pm and PFDiskStore.pm. >>I *may* have found the problem. >> >> > >Should we revert the change you suggested on the 7th before applying >these patches? > > No, keep that patch in place, it may help. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Thu Mar 10 12:14:06 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:28:56 2006 Subject: Mail-ClamAV-0.17 out Message-ID: I too gave Scott Beck a poke on the scanbuff issue, since it seemed to bite both Linux and Solaris people. Too bad he didn't update the Changes file to say what he did. Jeff Earickson Colby College On Thu, 10 Mar 2005, David Lee wrote: > Date: Thu, 10 Mar 2005 09:53:40 +0000 > From: David Lee > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Mail-ClamAV-0.17 out > > On Wed, 9 Mar 2005, Jeff A. Earickson wrote: > >> A new version of the ClamAV perl module is out. The make test >> failures realted to scanbuff int the test file are now fixed >> (the scanbuff call vanished). No updates to the Changes file >> though. Installed and working on my system (Solaris 9). > > Thanks. (Behind the scenes for the last few days, I've been encouraging > Scott Beck, the module's maintainer, to fix both the sets of problems in > the test suite that have been discussed on the list. 0.16 fixed the first > set, 0.17 the second set.) > > To confirm: 0.17 builds and tests itself cleanly on systems (Solaris 9 > and Fedora Core 3) at my site. It looks sound. (In production on FC3 > we've been successfully running 0.16 for a few days. A "diff -r" between > that (0.16) and the brand new 0.17 indicates that the only change is the > removal of the "scanbuff" tests within the test suite itself (so no > differences in what gets installed). > > P.S. The difficulties encountered by Peter Russell are different, and look > like being related to his installation, rather than to the module. I, > too, trip over just such problems as his (failing to compile, then when > that's fixed "make test" giving "Error: Had problems bootstrapping Inline > module 'Mail::ClamAV'"). But these are because I use slightly non-default > locations, so need to adjust PATH (and, in the case of FC3, LD_RUN_PATH) > locally here. > > Hope that helps. > > > -- > > : David Lee I.T. Service : > : Senior Systems Programmer Computer Centre : > : University of Durham : > : http://www.dur.ac.uk/t.d.lee/ South Road : > : Durham : > : Phone: +44 191 334 2752 U.K. : > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Thu Mar 10 12:31:50 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:28:56 2006 Subject: bayes expire tokens Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote on Thu, 10 Mar 2005 09:03:12 +0000: > No, the expiry is handled quite separately. Or it is supposed to be :) > I have MS seen hickupping over expiry problems already a year ago. If SA sees fit for an expiry do you dedicate one MS process to it to carry it out "until the end" or what do you do? I haven't ever seen it doing this. My experience is that when the base expiry takes too long MS simply times out and next message it starts over. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Thu Mar 10 12:31:50 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:28:56 2006 Subject: Problem releasing a message Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Isi Lawson wrote on Thu, 10 Mar 2005 00:23:15 -0500: > This might be off topic but I think my problem is related to > mailscanner. > Possible. But please be so kind as to post a NEW message next time, thanks. You may not know this and unfortunately many people nowadays don't know it, but each time you reply to a message your mail client will indicate in the header that it is a reply. So, any decent mail client will handle it as a reply and thread it in the existing thread. So, please, if you send a new question press "New message" or whatever it says in your mail program and don't just change the subject. Subjects are not for threading. Thanks. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Thu Mar 10 12:39:34 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:28:56 2006 Subject: MailScanner setting score ALL_TRUSTED 0???!!!! - SA trust paths; doing it correctly? Message-ID: Julian I thought it might be appropriate to start a thread here that will help clarify the issues arising from Matt Kettler's comments about ALL_TRUSTED. I believe what I have done now correctly specifies and exploits the SA "trust path" features. I have removed "score ALL_TRUSTED 0" from /etc/MailScanner/spam.assassin.prefs.conf. This line is replaced by two sets of new SA preferences in that file: 1. A block of "trusted_networks ..." lines. These are simply the network IP blocks that I already define in the "Spam Checks = %rules-dir%/Spam_Checks.rules" file and which have "no" as the action. That is to say I don't want MS treating mail fromn these sources as spam and I don't want SA to do DNSBL checks on them. I "trust" them because they are all within our campus network. 2. A block of "internal_networks ..." lines. There is an "internal_networks ..." record for the IP address of each of the 8 mail relays that host our 50+ mail domains. Note that these addresses are also included in the trusted_networks address blocks specified above. It is important (as I understand it) that I exclude from the "internal_networks ..." records the one mail relay we allow our external/peripatetic users to specify as their SMTP host in POP, etc, mailers. If I include the IP address of this host in the list then any connections to it from hosts listed in the DYNABLOCK RBL would have a HELO_DYNAMIC_* score added to their SA total scores. Note that you might already be seeing contributions from HELO_DYNAMIC_* SA rules because in the absence of _both_ "trusted_networks" and "internal_networks" definitions, SA will try to infer what are the "trusted" hosts in your network. However it is not always possible to do this automatically. If SA gets its guesses wrong this can lead to an increase in both FNs and FPs. Hence it is safer to do it explicitly as above. I hope I have understood things correctly. If not would someone who understands this part of SA better let me know immediately - I am running with the above setup in "spam.assassin.prefs.conf" now!! Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." >-----Original Message----- >From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >Sent: 09 March 2005 17:45 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: MailScanner setting score ALL_TRUSTED 0???!!!! > >Matt Kettler wrote: > >> At 03:32 AM 3/9/2005, Julian Field wrote: >> >>> > Are you completely out of your mind Julian? >>> >>> Someone remind me to add that to the list of "ways of >getting Jules to >>> ignore your email" >>> :-) >> >> >> Sorry Julian.. I just saw it and my jaw hit the floor. I >know you're a >> smart guy > >You're too kind :) > >> so I assumed you must have been overcome by temporary insanity... :) > >Wibble.... what's my name again? Where am I? > >> Martin wrote: >> >>> Matt's probably they guy for this (given his comments on >the SA list), >>> but something like in the SA docs...bit of mouthful, but covers it >>> nicely. >> >> >> >> Martin... the bit you suggested is about internal_networks, and not >> trusted_networks.. While SA defaults to considering nothing >but localhost >> to be internal, it DOES default to trying to guess at >trusted_networks. >> That's the crux of the problem... It guesses poorly in some cases. >> >> "If you're running with DNS checks enabled, SpamAssassin >includes code to >> infer your trusted networks on the fly, so this may not be necessary. >> (Thanks to Scott Banister and Andrew Flury for the >inspiration for this >> algorithm.) This inference works as follows: " >> >> And the inference algorithm works poorly if you have a NATed >mailserver. >> SA's algorithm winds up trusting all reserved IP's (ie: any >NATed host), >> plus the one non-reserved IP that delivered to a reserved >IP. This works >> great for NAT networks with a normally addressed MX. It works poorly >> for a >> network where everything is NATed. Unfortunately, no >algorithm can tell >> which of the two cases is going on, and trusting too few >hosts is just as >> bad as trusting too many, so there's not much that can be done better >> on an >> automatic basis. >> >> Julian: Might I suggest this comment: >> >> If you have problems where ALL_TRUSTED is matching external email, >> including spam, then SpamAssassin has become confused about which >> hosts are >> a part of your trusted_networks. The most common cause of this is >> having a >> gateway mail exchanger that has a reserved IP and gets NATed by your >> firewall. Fortunately the problem is easy to fix by manually >declaring a >> trusted_networks setting. See man Mail::SpamAssassin::Conf >for details. >> Once manually set, SA won't try to guess. >> >> If that does not fix your problem, the other possibility is you have >> an MTA >> that generates malformed Received: headers. If you've modified your >> Received: header format, please put it back to the standard format. >> SpamAssassin is quite tolerant of deviations from the RFC >2822 format, >> but >> there are some combinations it can't handle. If the >malformed headers are >> being made by some form of network appliance that you can't >fix, report a >> bug to your vendor, and as a short-term fix set the score of >> ALL_TRUSTED to >> 0. However, realize that other problems may occur as a result of the >> mis-parsed headers and the root cause does need fixing. > >That text sounds very good. I'll get it into the file I distribute. > >-- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Mar 10 14:02:26 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:56 2006 Subject: bayes expire tokens Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Kai Schaetzl wrote: >Julian Field wrote on Thu, 10 Mar 2005 09:03:12 +0000: > > > >>No, the expiry is handled quite separately. Or it is supposed to be :) >> >> > >I have MS seen hickupping over expiry problems already a year ago. If SA >sees fit for an expiry do you dedicate one MS process to it to carry it >out "until the end" or what do you do? I haven't ever seen it doing this. >My experience is that when the base expiry takes too long MS simply times >out and next message it starts over. > > It is supposed to do it until it finishes, and not use SpamAssassin at all while this is going on. It shouldn't time out at all. The bit that is broken is the lockout signal from the process that is doing the rebuild, which should tell the other child processes that a Bayes rebuild is in progress and they should not attempt to use it at all until the lock is cancelled when the Bayes rebuild has finished. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at TC3NET.COM Thu Mar 10 14:12:24 2005 From: mike at TC3NET.COM (Michael Baird) Date: Thu Jan 12 21:28:56 2006 Subject: Graphic Based Spams Message-ID: Thanks Martin, I've put an example up at http://linux.tc3net.com/drwho/viagraspam.tar.gz, if you want to run it through SA 3.02 Regards Michael Baird > Michael > > if you can drop the email somewhere I can pick it up (ftp or http site > and save the email as a .txt with ALL the header info), I can run it on > my 3.02 system which also has lots of the SARE and other rules as extras. > > If the html has the pictures embedded within the message (rather than a > call to a URL to get them) then the URL-RBL (spamcop plugin for subl.org > URI-RBL's) won't help much. > > Anyway if you can let me have the mesg I can advise better, > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Michael Baird wrote: > > Heh guys, this may not be a problem directly related to MailScanner, but > > I'm having issues with spams that are just graphics (Viagra Cheap), they > > score very low and make it through. What is the best way to handle these > > types of spam, tweak the spamassassin scores a bit? Update to the latest > > spamassassin? Just looking for advice on the subject. > > > > Regards > > Michael Baird > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Thu Mar 10 14:13:48 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:28:57 2006 Subject: MailScanner setting score ALL_TRUSTED 0???!!!! - SA trust paths; doing it correctly? Message-ID: Gang, I have done roughly the same thing, per email with Matt and the discussion on the list. The *only* IP addresses that I listed as trusted_networks are 127.0.0.1/32 and the IP of my own mail server. I don't trust any other machine in my own class-B network, because we are a college with student machines that sometimes have spambots. I am unclear as to what the difference between trusted_networks and internal_networks is. Do I need to specify internal_networks, if I don't trust anything except my own mail server? Or will trusted_networks do it? Jeff Earickson Colby College On Thu, 10 Mar 2005, Quentin Campbell wrote: > Date: Thu, 10 Mar 2005 12:39:34 -0000 > From: Quentin Campbell > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: MailScanner setting score ALL_TRUSTED 0???!!!! - SA trust paths; > doing it correctly? > > Julian > > I thought it might be appropriate to start a thread here that will help > clarify the issues arising from Matt Kettler's comments about > ALL_TRUSTED. > > I believe what I have done now correctly specifies and exploits the SA > "trust path" features. > > I have removed "score ALL_TRUSTED 0" from > /etc/MailScanner/spam.assassin.prefs.conf. > > This line is replaced by two sets of new SA preferences in that file: > > 1. A block of "trusted_networks ..." lines. > > These are simply the network IP blocks that I already define in the > "Spam Checks = %rules-dir%/Spam_Checks.rules" file and which have "no" > as the action. That is to say I don't want MS treating mail fromn these > sources as spam and I don't want SA to do DNSBL checks on them. I > "trust" them because they are all within our campus network. > > 2. A block of "internal_networks ..." lines. > > There is an "internal_networks ..." record for the IP address of each of > the 8 mail relays that host our 50+ mail domains. Note that these > addresses are also included in the trusted_networks address blocks > specified above. > > It is important (as I understand it) that I exclude from the > "internal_networks ..." records the one mail relay we allow our > external/peripatetic users to specify as their SMTP host in POP, etc, > mailers. If I include the IP address of this host in the list then any > connections to it from hosts listed in the DYNABLOCK RBL would have a > HELO_DYNAMIC_* score added to their SA total scores. > > Note that you might already be seeing contributions from HELO_DYNAMIC_* > SA rules because in the absence of _both_ "trusted_networks" and > "internal_networks" definitions, SA will try to infer what are the > "trusted" hosts in your network. However it is not always possible to do > this automatically. If SA gets its guesses wrong this can lead to an > increase in both FNs and FPs. Hence it is safer to do it explicitly as > above. > > I hope I have understood things correctly. If not would someone who > understands this part of SA better let me know immediately - I am > running with the above setup in "spam.assassin.prefs.conf" now!! > > > Quentin > --- > PHONE: +44 191 222 8209 Information Systems and Services (ISS), > University of Newcastle, > Newcastle upon Tyne, > FAX: +44 191 222 8765 United Kingdom, NE1 7RU. > ------------------------------------------------------------------------ > "Any opinion expressed above is mine. The University can get its own." > >> -----Original Message----- >> From: MailScanner mailing list >> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >> Sent: 09 March 2005 17:45 >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: MailScanner setting score ALL_TRUSTED 0???!!!! >> >> Matt Kettler wrote: >> >>> At 03:32 AM 3/9/2005, Julian Field wrote: >>> >>>>> Are you completely out of your mind Julian? >>>> >>>> Someone remind me to add that to the list of "ways of >> getting Jules to >>>> ignore your email" >>>> :-) >>> >>> >>> Sorry Julian.. I just saw it and my jaw hit the floor. I >> know you're a >>> smart guy >> >> You're too kind :) >> >>> so I assumed you must have been overcome by temporary insanity... :) >> >> Wibble.... what's my name again? Where am I? >> >>> Martin wrote: >>> >>>> Matt's probably they guy for this (given his comments on >> the SA list), >>>> but something like in the SA docs...bit of mouthful, but covers it >>>> nicely. >>> >>> >>> >>> Martin... the bit you suggested is about internal_networks, and not >>> trusted_networks.. While SA defaults to considering nothing >> but localhost >>> to be internal, it DOES default to trying to guess at >> trusted_networks. >>> That's the crux of the problem... It guesses poorly in some cases. >>> >>> "If you're running with DNS checks enabled, SpamAssassin >> includes code to >>> infer your trusted networks on the fly, so this may not be necessary. >>> (Thanks to Scott Banister and Andrew Flury for the >> inspiration for this >>> algorithm.) This inference works as follows: " >>> >>> And the inference algorithm works poorly if you have a NATed >> mailserver. >>> SA's algorithm winds up trusting all reserved IP's (ie: any >> NATed host), >>> plus the one non-reserved IP that delivered to a reserved >> IP. This works >>> great for NAT networks with a normally addressed MX. It works poorly >>> for a >>> network where everything is NATed. Unfortunately, no >> algorithm can tell >>> which of the two cases is going on, and trusting too few >> hosts is just as >>> bad as trusting too many, so there's not much that can be done better >>> on an >>> automatic basis. >>> >>> Julian: Might I suggest this comment: >>> >>> If you have problems where ALL_TRUSTED is matching external email, >>> including spam, then SpamAssassin has become confused about which >>> hosts are >>> a part of your trusted_networks. The most common cause of this is >>> having a >>> gateway mail exchanger that has a reserved IP and gets NATed by your >>> firewall. Fortunately the problem is easy to fix by manually >> declaring a >>> trusted_networks setting. See man Mail::SpamAssassin::Conf >> for details. >>> Once manually set, SA won't try to guess. >>> >>> If that does not fix your problem, the other possibility is you have >>> an MTA >>> that generates malformed Received: headers. If you've modified your >>> Received: header format, please put it back to the standard format. >>> SpamAssassin is quite tolerant of deviations from the RFC >> 2822 format, >>> but >>> there are some combinations it can't handle. If the >> malformed headers are >>> being made by some form of network appliance that you can't >> fix, report a >>> bug to your vendor, and as a short-term fix set the score of >>> ALL_TRUSTED to >>> 0. However, realize that other problems may occur as a result of the >>> mis-parsed headers and the root cause does need fixing. >> >> That text sounds very good. I'll get it into the file I distribute. >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rgreen at TRAYERPRODUCTS.COM Thu Mar 10 14:19:19 2005 From: rgreen at TRAYERPRODUCTS.COM (Rodney Green) Date: Thu Jan 12 21:28:57 2006 Subject: Razor Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, I haven't used Razor to date. What are the benefits of adding it to my mail server? Thanks, Rod ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From stef at L5NET.NET Thu Mar 10 14:26:39 2005 From: stef at L5NET.NET (Stef Morrell) Date: Thu Jan 12 21:28:57 2006 Subject: Razor Message-ID: Hi Rod, > I haven't used Razor to date. What are the benefits of adding > it to my mail server? Razor is a collaborative system. The idea is that if a person reports an email as spam, then every other user who receives the same email knows that it is spam. In practical terms, it plugs into SpamAssassin. SpamAssassin checks the Razor database as part of it's spam checks and gives additional score to those emails which match existing entries. My advice is to use it, along with Pyzor and DCC, which work in similar fashion. SpamAssassin has rules which match all three services and further rules to account for times when a given email matches in multiple databases. Stef ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu Mar 10 14:29:12 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:57 2006 Subject: Graphic Based Spams Message-ID: Michael ok here's what I got.. tests=FR_HEAD_EMPTY,HTML_20_30, HTML_FONT_INVISIBLE,HTML_IMAGE_ONLY_24,HTML_MESSAGE, RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_XBL,SARE_HTML_HEAD_EMPTY score of 8.6, which in my case would tag the subject the deliver (scores over 10 don't get delivered). AS I thought the URI-RBL's didn;t trigger as the email has all the images etc inline. BUT the XBL and spamcop RBL's did fire (the only two RBL's I use). Also the HTML rules fired some rules inbuilt into sa 3 (HTML_*)and some from www.rulesemporium.com (SARE_* and FR_*). So it maybe worth you while upgrading to SA 3.02...as well as putting in Fred's rules and the SARE rules from www.rulesemporium.com/rules.htm -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Michael Baird wrote: > Thanks Martin, I've put an example up at > http://linux.tc3net.com/drwho/viagraspam.tar.gz, if you want to run it > through SA 3.02 > > Regards > Michael Baird > > >>Michael >> >>if you can drop the email somewhere I can pick it up (ftp or http site >>and save the email as a .txt with ALL the header info), I can run it on >>my 3.02 system which also has lots of the SARE and other rules as extras. >> >>If the html has the pictures embedded within the message (rather than a >>call to a URL to get them) then the URL-RBL (spamcop plugin for subl.org >>URI-RBL's) won't help much. >> >>Anyway if you can let me have the mesg I can advise better, >> >>-- >>Martin Hepworth >>Snr Systems Administrator >>Solid State Logic >>Tel: +44 (0)1865 842300 >> >> >>Michael Baird wrote: >> >>>Heh guys, this may not be a problem directly related to MailScanner, but >>>I'm having issues with spams that are just graphics (Viagra Cheap), they >>>score very low and make it through. What is the best way to handle these >>>types of spam, tweak the spamassassin scores a bit? Update to the latest >>>spamassassin? Just looking for advice on the subject. >>> >>>Regards >>>Michael Baird >>> >>>------------------------ MailScanner list ------------------------ >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>'leave mailscanner' in the body of the email. >>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>Support MailScanner development - buy the book off the website! >> >>********************************************************************** >> >>This email and any files transmitted with it are confidential and >>intended solely for the use of the individual or entity to whom they >>are addressed. If you have received this email in error please notify >>the system manager. >> >>This footnote confirms that this email message has been swept >>for the presence of computer viruses and is believed to be clean. >> >>********************************************************************** >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at TC3NET.COM Thu Mar 10 14:34:32 2005 From: mike at TC3NET.COM (Michael Baird) Date: Thu Jan 12 21:28:57 2006 Subject: Graphic Based Spams Message-ID: Ok, great, sounds like upgrading to the latest spamassassin is going to help. Regards Michael Baird > Michael > > ok here's what I got.. > > tests=FR_HEAD_EMPTY,HTML_20_30, > HTML_FONT_INVISIBLE,HTML_IMAGE_ONLY_24,HTML_MESSAGE, > RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_XBL,SARE_HTML_HEAD_EMPTY > > score of 8.6, which in my case would tag the subject the deliver (scores > over 10 don't get delivered). > > AS I thought the URI-RBL's didn;t trigger as the email has all the > images etc inline. BUT the XBL and spamcop RBL's did fire (the only two > RBL's I use). Also the HTML rules fired some rules inbuilt into sa 3 > (HTML_*)and some from www.rulesemporium.com (SARE_* and FR_*). > > So it maybe worth you while upgrading to SA 3.02...as well as putting in > Fred's rules and the SARE rules from www.rulesemporium.com/rules.htm > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Michael Baird wrote: > > Thanks Martin, I've put an example up at > > http://linux.tc3net.com/drwho/viagraspam.tar.gz, if you want to run it > > through SA 3.02 > > > > Regards > > Michael Baird > > > > > >>Michael > >> > >>if you can drop the email somewhere I can pick it up (ftp or http site > >>and save the email as a .txt with ALL the header info), I can run it on > >>my 3.02 system which also has lots of the SARE and other rules as extras. > >> > >>If the html has the pictures embedded within the message (rather than a > >>call to a URL to get them) then the URL-RBL (spamcop plugin for subl.org > >>URI-RBL's) won't help much. > >> > >>Anyway if you can let me have the mesg I can advise better, > >> > >>-- > >>Martin Hepworth > >>Snr Systems Administrator > >>Solid State Logic > >>Tel: +44 (0)1865 842300 > >> > >> > >>Michael Baird wrote: > >> > >>>Heh guys, this may not be a problem directly related to MailScanner, but > >>>I'm having issues with spams that are just graphics (Viagra Cheap), they > >>>score very low and make it through. What is the best way to handle these > >>>types of spam, tweak the spamassassin scores a bit? Update to the latest > >>>spamassassin? Just looking for advice on the subject. > >>> > >>>Regards > >>>Michael Baird > >>> > >>>------------------------ MailScanner list ------------------------ > >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>>'leave mailscanner' in the body of the email. > >>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >>> > >>>Support MailScanner development - buy the book off the website! > >> > >>********************************************************************** > >> > >>This email and any files transmitted with it are confidential and > >>intended solely for the use of the individual or entity to whom they > >>are addressed. If you have received this email in error please notify > >>the system manager. > >> > >>This footnote confirms that this email message has been swept > >>for the presence of computer viruses and is believed to be clean. > >> > >>********************************************************************** > >> > >>------------------------ MailScanner list ------------------------ > >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>'leave mailscanner' in the body of the email. > >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> > >>Support MailScanner development - buy the book off the website! > > > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rgreen at TRAYERPRODUCTS.COM Thu Mar 10 14:36:26 2005 From: rgreen at TRAYERPRODUCTS.COM (Rodney Green) Date: Thu Jan 12 21:28:57 2006 Subject: Razor Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Stef, Thanks for replying. Are these applications pretty simple to install and configure? Anything specific I need to know about getting them to work with MS ans SA? Any advice is welcome. Thanks again, Rod Stef Morrell wrote: > Hi Rod, > > >>I haven't used Razor to date. What are the benefits of adding >>it to my mail server? > > > Razor is a collaborative system. The idea is that if a person reports an > email as spam, then every other user who receives the same email knows > that it is spam. > > In practical terms, it plugs into SpamAssassin. SpamAssassin checks the > Razor database as part of it's spam checks and gives additional score to > those emails which match existing entries. > > My advice is to use it, along with Pyzor and DCC, which work in similar > fashion. SpamAssassin has rules which match all three services and > further rules to account for times when a given email matches in > multiple databases. > > Stef > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Rodney Green Network/Security Administrator Trayer Products, Inc. E-Mail: rgreen@trayerproducts.com Phone: 607-734-8124 Ext. 343 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From waldner at WALDNER.PRIV.AT Thu Mar 10 14:24:52 2005 From: waldner at WALDNER.PRIV.AT (Robert Waldner) Date: Thu Jan 12 21:28:57 2006 Subject: Problem with MailScanner, postfix and corrupt mails Message-ID: On Thu, 10 Mar 2005 11:38:01 GMT, Julian Field writes: >>>Please try the attached patches for Postfix.pm and PFDiskStore.pm. >>>I *may* have found the problem. >>Should we revert the change you suggested on the 7th before applying >>these patches? >No, keep that patch in place, it may help. Thanks, Julian! Patches are applied, will report back on Monday with how the boxen are behaving. cheers, &rw -- -- I'm perfectly willing to admit that Unix not only lets you shoot -- yourself in the foot, it gives you an assortment of guns already -- loaded and pointed in the proper direction. - Michael Wojcik ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/PGP-SIGNATURE 196bytes. ] [ Unable to print this part. ] From martinh at SOLID-STATE-LOGIC.COM Thu Mar 10 14:38:17 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:57 2006 Subject: Graphic Based Spams Message-ID: Michael NB major scores where from the two RBL's !! -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Michael Baird wrote: > Ok, great, sounds like upgrading to the latest spamassassin is going to > help. > > Regards > Michael Baird > > >>Michael >> >>ok here's what I got.. >> >>tests=FR_HEAD_EMPTY,HTML_20_30, >> HTML_FONT_INVISIBLE,HTML_IMAGE_ONLY_24,HTML_MESSAGE, >> RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_XBL,SARE_HTML_HEAD_EMPTY >> >>score of 8.6, which in my case would tag the subject the deliver (scores >>over 10 don't get delivered). >> >>AS I thought the URI-RBL's didn;t trigger as the email has all the >>images etc inline. BUT the XBL and spamcop RBL's did fire (the only two >>RBL's I use). Also the HTML rules fired some rules inbuilt into sa 3 >>(HTML_*)and some from www.rulesemporium.com (SARE_* and FR_*). >> >>So it maybe worth you while upgrading to SA 3.02...as well as putting in >>Fred's rules and the SARE rules from www.rulesemporium.com/rules.htm >> >>-- >>Martin Hepworth >>Snr Systems Administrator >>Solid State Logic >>Tel: +44 (0)1865 842300 >> >> >>Michael Baird wrote: >> >>>Thanks Martin, I've put an example up at >>>http://linux.tc3net.com/drwho/viagraspam.tar.gz, if you want to run it >>>through SA 3.02 >>> >>>Regards >>>Michael Baird >>> >>> >>> >>>>Michael >>>> >>>>if you can drop the email somewhere I can pick it up (ftp or http site >>>>and save the email as a .txt with ALL the header info), I can run it on >>>>my 3.02 system which also has lots of the SARE and other rules as extras. >>>> >>>>If the html has the pictures embedded within the message (rather than a >>>>call to a URL to get them) then the URL-RBL (spamcop plugin for subl.org >>>>URI-RBL's) won't help much. >>>> >>>>Anyway if you can let me have the mesg I can advise better, >>>> >>>>-- >>>>Martin Hepworth >>>>Snr Systems Administrator >>>>Solid State Logic >>>>Tel: +44 (0)1865 842300 >>>> >>>> >>>>Michael Baird wrote: >>>> >>>> >>>>>Heh guys, this may not be a problem directly related to MailScanner, but >>>>>I'm having issues with spams that are just graphics (Viagra Cheap), they >>>>>score very low and make it through. What is the best way to handle these >>>>>types of spam, tweak the spamassassin scores a bit? Update to the latest >>>>>spamassassin? Just looking for advice on the subject. >>>>> >>>>>Regards >>>>>Michael Baird >>>>> >>>>>------------------------ MailScanner list ------------------------ >>>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>'leave mailscanner' in the body of the email. >>>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>> >>>>>Support MailScanner development - buy the book off the website! >>>> >>>>********************************************************************** >>>> >>>>This email and any files transmitted with it are confidential and >>>>intended solely for the use of the individual or entity to whom they >>>>are addressed. If you have received this email in error please notify >>>>the system manager. >>>> >>>>This footnote confirms that this email message has been swept >>>>for the presence of computer viruses and is believed to be clean. >>>> >>>>********************************************************************** >>>> >>>>------------------------ MailScanner list ------------------------ >>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>'leave mailscanner' in the body of the email. >>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>>Support MailScanner development - buy the book off the website! >>> >>> >>>------------------------ MailScanner list ------------------------ >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>'leave mailscanner' in the body of the email. >>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>Support MailScanner development - buy the book off the website! >> >>********************************************************************** >> >>This email and any files transmitted with it are confidential and >>intended solely for the use of the individual or entity to whom they >>are addressed. If you have received this email in error please notify >>the system manager. >> >>This footnote confirms that this email message has been swept >>for the presence of computer viruses and is believed to be clean. >> >>********************************************************************** >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Andreas.Doerfler at KEMPTEN.DE Thu Mar 10 14:40:06 2005 From: Andreas.Doerfler at KEMPTEN.DE ([iso-8859-1] Dörfler Andreas) Date: Thu Jan 12 21:28:57 2006 Subject: Razor Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] http://www.google.de/search?hl=de&client=firefox-a&rls=org.mozilla:de-DE:official&q=install+razor+spamassassin&spell=1 greetings andy --free your mind, use open source http://www.mono-project.com ASCII ribbon campaign ( ) - against HTML email X & vCards / \ > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Rodney Green > Sent: Thursday, March 10, 2005 3:36 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Razor > > > Hi Stef, > > Thanks for replying. Are these applications pretty simple to > install and > configure? Anything specific I need to know about getting them to work > with MS ans SA? Any advice is welcome. > > Thanks again, > Rod > > Stef Morrell wrote: > > Hi Rod, > > > > > >>I haven't used Razor to date. What are the benefits of adding > >>it to my mail server? > > > > > > Razor is a collaborative system. The idea is that if a > person reports an > > email as spam, then every other user who receives the same > email knows > > that it is spam. > > > > In practical terms, it plugs into SpamAssassin. > SpamAssassin checks the > > Razor database as part of it's spam checks and gives > additional score to > > those emails which match existing entries. > > > > My advice is to use it, along with Pyzor and DCC, which > work in similar > > fashion. SpamAssassin has rules which match all three services and > > further rules to account for times when a given email matches in > > multiple databases. > > > > Stef > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > -- > Rodney Green > Network/Security Administrator > Trayer Products, Inc. > E-Mail: rgreen@trayerproducts.com > Phone: 607-734-8124 Ext. 343 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Thu Mar 10 14:40:05 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:28:57 2006 Subject: Razor Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] It's very easy to install... I found a very easy step-by-step document in doing it at: http://www.spamassassinbook.com/chapter11_preview.htm Another good idea that is in that page is the "spamtrap". I made one and am already getting some spammers (two week after installing)... I'll notify Razor, Pyzor and DCC with those spammers... Regards Roger Jochem ----- Original Message ----- From: "Rodney Green" To: Sent: Thursday, March 10, 2005 11:36 AM Subject: Re: Razor > Hi Stef, > > Thanks for replying. Are these applications pretty simple to install and > configure? Anything specific I need to know about getting them to work > with MS ans SA? Any advice is welcome. > > Thanks again, > Rod > > Stef Morrell wrote: > > Hi Rod, > > > > > >>I haven't used Razor to date. What are the benefits of adding > >>it to my mail server? > > > > > > Razor is a collaborative system. The idea is that if a person reports an > > email as spam, then every other user who receives the same email knows > > that it is spam. > > > > In practical terms, it plugs into SpamAssassin. SpamAssassin checks the > > Razor database as part of it's spam checks and gives additional score to > > those emails which match existing entries. > > > > My advice is to use it, along with Pyzor and DCC, which work in similar > > fashion. SpamAssassin has rules which match all three services and > > further rules to account for times when a given email matches in > > multiple databases. > > > > Stef > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > -- > Rodney Green > Network/Security Administrator > Trayer Products, Inc. > E-Mail: rgreen@trayerproducts.com > Phone: 607-734-8124 Ext. 343 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Uwe.Krause at FEP.FRAUNHOFER.DE Thu Mar 10 14:42:14 2005 From: Uwe.Krause at FEP.FRAUNHOFER.DE (Uwe.Krause@FEP.FRAUNHOFER.DE) Date: Thu Jan 12 21:28:57 2006 Subject: Razor Message-ID: > Thanks for replying. Are these applications pretty simple to > install and > configure? Anything specific I need to know about getting them to work > with MS ans SA? Any advice is welcome. http://svn.apache.org/repos/asf/spamassassin/branches/3.0/INSTALL Helps a lot ... Uwe ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rgreen at TRAYERPRODUCTS.COM Thu Mar 10 14:58:36 2005 From: rgreen at TRAYERPRODUCTS.COM (Rodney Green) Date: Thu Jan 12 21:28:57 2006 Subject: Razor Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks everyone. I'm using SA globally on my server, not on a per user basis. Will Razor and DCC work well in that type of situation? Rod ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Thu Mar 10 15:00:46 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:28:57 2006 Subject: Razor Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Work fine... I'm using it that way too... ----- Original Message ----- From: "Rodney Green" To: Sent: Thursday, March 10, 2005 11:58 AM Subject: Re: Razor > Thanks everyone. I'm using SA globally on my server, not on a per user > basis. Will Razor and DCC work well in that type of situation? > > Rod > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Thu Mar 10 15:03:20 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:28:57 2006 Subject: How to quarantine only Phishing stuff from Clam? Message-ID: Julian, My daily report of who is sending viruses from our own domain has been showing Phishing stuff caught by ClamAV, coming from my own webmail server. A sample of what gets emailed to me via "Notices to", and then boiled down by a perl script: j29LMw3X004268: 137.146.210.58 (username) ClamAV Module: msg-21083-102.txt was infected: HTML.Phishing.Bank-111 I want to investigate, ie quarantine the offending messages. But I don't want to quarantine tons of crap. I have Quarantine Infections = yes Quarantine Silent Viruses = no and I want to set up a ruleset specifying silent viruses. Would this be right? %localrules-dir% = /etc/MailScanner/rules Silent Viruses = %localrules-dir%/silent-viruses.rules where the silent-viruses.rules looks like: Virus: All-Viruses yes Virus: HTML-IFrame yes Virus: Phishing.Bank no Do I need to specify a default here? Jeff Earickson Colby College ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From isi at DAGGERSDEN.NET Thu Mar 10 14:59:30 2005 From: isi at DAGGERSDEN.NET (Isi Lawson) Date: Thu Jan 12 21:28:57 2006 Subject: Problem releasing a message Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Glenn, Thanks for the help. I just replied to you in the MW list. I had found the logs afterward while debugging (needle in a haystack) I will look for the patch. Thanks again. -- Isi > Same "answerer" in both...:-). > Too bad you didn't include the logs "over there". > > In this case you are rejecting "non-FQDN HELOs/EHLOs", which is IMO a > good thing. You do this at MTA(postfix) level. Fine. > > Making the changes to MailWatch so that you can specify > define(QUARANTINE_MAIL_HOST, 'abaddon.'); > in conf.php will cure your problem (think it's in cvs and will be > in the (hopefully) imminent 0.6 release... Or look for messages by > me around Feb 07 on the MW list... Really minor change, so you might > as well do it "by hand"). > > -- Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From isi at DAGGERSDEN.NET Thu Mar 10 15:01:37 2005 From: isi at DAGGERSDEN.NET (Isi Lawson) Date: Thu Jan 12 21:28:57 2006 Subject: Problem releasing a message Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > Possible. But please be so kind as to post a NEW message next time, > thanks. You may not know this and unfortunately many people nowadays don't > know it, but each time you reply to a message your mail client will > indicate in the header that it is a reply. So, any decent mail client will > handle it as a reply and thread it in the existing thread. So, please, if > you send a new question press "New message" or whatever it says in your > mail program and don't just change the subject. Subjects are not for > threading. Thanks. Thanks for the info. I didn't know that would happen. Interesting that I even bitch about my mail client not sorting related message as via thread integrity and low an behold that I am causing at least some of my own head ache. Thanks again. Isi ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From "Danny Harris" at KILI.JISCMAIL.AC.UK Thu Mar 10 15:22:56 2005 From: "Danny Harris" at KILI.JISCMAIL.AC.UK ("Danny Harris"@KILI.JISCMAIL.AC.UK) Date: Thu Jan 12 21:28:57 2006 Subject: MAILSCANNER Digest - 6 Mar 2005 to 7 Mar 2005 - Special issue (#2005-69) Message-ID: >Don't know if anyone else has seen this, but for some reason our MailScanner >(4.37.7) has picked up the above digest as having "Other Bad Content >Detected", citing "Too many attachments in message" as the reason? We have >the default 200 set in MailScanner.conf. A quick browse of the archive shows >somewhere around 180 postings since the previous digest, so I guess the >other graphics must have tipped it over the 200 limit. I guess that there's >a bit of tweaking needed on the number of posts before a "Special Issue" >digest is created? Ok, no response so I assume that no one else had this problem and that I've done something stupid in my MailScanner settings? What is the default Max attachments allowed in more recent versions? What should the setting be to prevent the special issue digest getting caught in future (I've upped mine to 220 for now)? Any hints gratefully accepted, Dan. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Thu Mar 10 15:25:04 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:28:57 2006 Subject: MailScanner setting score ALL_TRUSTED 0???!!!! - SA trust paths; doing it correctly? Message-ID: Jeff If you don't specify any "internal_networks" entries but "trusted_networks" is set then the value of this is used for the "internal_networks" value. The SA 3.0.2 docs say that "internal_networks" is used when checking dial-up or dynamic IP address blocklists in order to detect spamming where these hosts connect directly to your MX host. Normally dial-up/dynamic-IP hosts should make their SMTP connection via a "smarthost". If they instead make a direct connection to your MX host then that is a good "signature" to identify a likely spam source. What happens if you run a "smarthost" yourself with MS + SA on it and it receives mail from dial-up, etc, clients? The answer is you simply do not include the smarthost's IP in "internal_networks". However you should include it in "trusted_networks". Note also that according to the SA docs, in a straigtforward mail gateway/network setup where the MTA writes RFC compliant "Received:" headers, SA is clever enough to correctly autodetect your "trusted" hosts. However as this is not a bullet proof algorithm, particularly at sites using NAT, etc, it is recommended that you set these values explicitly. Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." >-----Original Message----- >From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Jeff A. Earickson >Sent: 10 March 2005 14:14 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: MailScanner setting score ALL_TRUSTED 0???!!!! - >SA trust paths; doing it correctly? > >Gang, > >I have done roughly the same thing, per email with Matt and >the discussion >on the list. The *only* IP addresses that I listed as trusted_networks >are 127.0.0.1/32 and the IP of my own mail server. I don't trust any >other machine in my own class-B network, because we are a college with >student machines that sometimes have spambots. > >I am unclear as to what the difference between trusted_networks and >internal_networks is. Do I need to specify internal_networks, if I >don't trust anything except my own mail server? Or will >trusted_networks >do it? > >Jeff Earickson >Colby College > >On Thu, 10 Mar 2005, Quentin Campbell wrote: > >> Date: Thu, 10 Mar 2005 12:39:34 -0000 >> From: Quentin Campbell >> Reply-To: MailScanner mailing list >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: MailScanner setting score ALL_TRUSTED 0???!!!! >- SA trust paths; >> doing it correctly? >> >> Julian >> >> I thought it might be appropriate to start a thread here >that will help >> clarify the issues arising from Matt Kettler's comments about >> ALL_TRUSTED. >> >> I believe what I have done now correctly specifies and >exploits the SA >> "trust path" features. >> >> I have removed "score ALL_TRUSTED 0" from >> /etc/MailScanner/spam.assassin.prefs.conf. >> >> This line is replaced by two sets of new SA preferences in that file: >> >> 1. A block of "trusted_networks ..." lines. >> >> These are simply the network IP blocks that I already define in the >> "Spam Checks = %rules-dir%/Spam_Checks.rules" file and which >have "no" >> as the action. That is to say I don't want MS treating mail >fromn these >> sources as spam and I don't want SA to do DNSBL checks on them. I >> "trust" them because they are all within our campus network. >> >> 2. A block of "internal_networks ..." lines. >> >> There is an "internal_networks ..." record for the IP >address of each of >> the 8 mail relays that host our 50+ mail domains. Note that these >> addresses are also included in the trusted_networks address blocks >> specified above. >> >> It is important (as I understand it) that I exclude from the >> "internal_networks ..." records the one mail relay we allow our >> external/peripatetic users to specify as their SMTP host in POP, etc, >> mailers. If I include the IP address of this host in the >list then any >> connections to it from hosts listed in the DYNABLOCK RBL would have a >> HELO_DYNAMIC_* score added to their SA total scores. >> >> Note that you might already be seeing contributions from >HELO_DYNAMIC_* >> SA rules because in the absence of _both_ "trusted_networks" and >> "internal_networks" definitions, SA will try to infer what are the >> "trusted" hosts in your network. However it is not always >possible to do >> this automatically. If SA gets its guesses wrong this can lead to an >> increase in both FNs and FPs. Hence it is safer to do it >explicitly as >> above. >> >> I hope I have understood things correctly. If not would someone who >> understands this part of SA better let me know immediately - I am >> running with the above setup in "spam.assassin.prefs.conf" now!! >> >> >> Quentin >> --- >> PHONE: +44 191 222 8209 Information Systems and Services (ISS), >> University of Newcastle, >> Newcastle upon Tyne, >> FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >> >--------------------------------------------------------------- >--------- >> "Any opinion expressed above is mine. The University can get >its own." >> >>> -----Original Message----- >>> From: MailScanner mailing list >>> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>> Sent: 09 March 2005 17:45 >>> To: MAILSCANNER@JISCMAIL.AC.UK >>> Subject: Re: MailScanner setting score ALL_TRUSTED 0???!!!! >>> >>> Matt Kettler wrote: >>> >>>> At 03:32 AM 3/9/2005, Julian Field wrote: >>>> >>>>>> Are you completely out of your mind Julian? >>>>> >>>>> Someone remind me to add that to the list of "ways of >>> getting Jules to >>>>> ignore your email" >>>>> :-) >>>> >>>> >>>> Sorry Julian.. I just saw it and my jaw hit the floor. I >>> know you're a >>>> smart guy >>> >>> You're too kind :) >>> >>>> so I assumed you must have been overcome by temporary >insanity... :) >>> >>> Wibble.... what's my name again? Where am I? >>> >>>> Martin wrote: >>>> >>>>> Matt's probably they guy for this (given his comments on >>> the SA list), >>>>> but something like in the SA docs...bit of mouthful, but covers it >>>>> nicely. >>>> >>>> >>>> >>>> Martin... the bit you suggested is about internal_networks, and not >>>> trusted_networks.. While SA defaults to considering nothing >>> but localhost >>>> to be internal, it DOES default to trying to guess at >>> trusted_networks. >>>> That's the crux of the problem... It guesses poorly in some cases. >>>> >>>> "If you're running with DNS checks enabled, SpamAssassin >>> includes code to >>>> infer your trusted networks on the fly, so this may not be >necessary. >>>> (Thanks to Scott Banister and Andrew Flury for the >>> inspiration for this >>>> algorithm.) This inference works as follows: " >>>> >>>> And the inference algorithm works poorly if you have a NATed >>> mailserver. >>>> SA's algorithm winds up trusting all reserved IP's (ie: any >>> NATed host), >>>> plus the one non-reserved IP that delivered to a reserved >>> IP. This works >>>> great for NAT networks with a normally addressed MX. It >works poorly >>>> for a >>>> network where everything is NATed. Unfortunately, no >>> algorithm can tell >>>> which of the two cases is going on, and trusting too few >>> hosts is just as >>>> bad as trusting too many, so there's not much that can be >done better >>>> on an >>>> automatic basis. >>>> >>>> Julian: Might I suggest this comment: >>>> >>>> If you have problems where ALL_TRUSTED is matching external email, >>>> including spam, then SpamAssassin has become confused about which >>>> hosts are >>>> a part of your trusted_networks. The most common cause of this is >>>> having a >>>> gateway mail exchanger that has a reserved IP and gets >NATed by your >>>> firewall. Fortunately the problem is easy to fix by manually >>> declaring a >>>> trusted_networks setting. See man Mail::SpamAssassin::Conf >>> for details. >>>> Once manually set, SA won't try to guess. >>>> >>>> If that does not fix your problem, the other possibility >is you have >>>> an MTA >>>> that generates malformed Received: headers. If you've modified your >>>> Received: header format, please put it back to the standard format. >>>> SpamAssassin is quite tolerant of deviations from the RFC >>> 2822 format, >>>> but >>>> there are some combinations it can't handle. If the >>> malformed headers are >>>> being made by some form of network appliance that you can't >>> fix, report a >>>> bug to your vendor, and as a short-term fix set the score of >>>> ALL_TRUSTED to >>>> 0. However, realize that other problems may occur as a >result of the >>>> mis-parsed headers and the root cause does need fixing. >>> >>> That text sounds very good. I'll get it into the file I distribute. >>> >>> -- >>> Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> Professional Support Services at www.MailScanner.biz >>> MailScanner thanks transtec Computers for their support >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu Mar 10 15:31:19 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:57 2006 Subject: How to quarantine only Phishing stuff from Clam? Message-ID: Jeff from the EXAMPLE file in the rules dir.. ################################### 7. Only quarantine some viruses Set "Quarantine Infections = /etc/MailScanner/rules/quarantine.rules". Virus: sobig no Virus: default yes ################################### Also I'd change the Virus: Phishing.Bank no to Virus: Phishing no so it covers paypal/ebay phishing attempts etc (or phishing frauds if you can get your mouth around tongue twisters :-) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Jeff A. Earickson wrote: > Julian, > > My daily report of who is sending viruses from our own domain has > been showing Phishing stuff caught by ClamAV, coming from my own > webmail server. > > A sample of what gets emailed to me via "Notices to", and then boiled > down by a perl script: > > j29LMw3X004268: 137.146.210.58 (username) > ClamAV Module: msg-21083-102.txt was infected: HTML.Phishing.Bank-111 > > I want to investigate, ie quarantine the offending messages. But I > don't want to quarantine tons of crap. I have > > Quarantine Infections = yes > Quarantine Silent Viruses = no > > and I want to set up a ruleset specifying silent viruses. Would this > be right? > > %localrules-dir% = /etc/MailScanner/rules > Silent Viruses = %localrules-dir%/silent-viruses.rules > > where the silent-viruses.rules looks like: > > Virus: All-Viruses yes > Virus: HTML-IFrame yes > Virus: Phishing.Bank no > > Do I need to specify a default here? > > Jeff Earickson > Colby College > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From isi at DAGGERSDEN.NET Thu Mar 10 15:30:05 2005 From: isi at DAGGERSDEN.NET (Isi Lawson) Date: Thu Jan 12 21:28:57 2006 Subject: Problem releasing a message Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Glenn, I applied the patch to detail.php: // Fix by Glenn Steen, to set an arbitrary smtp host $mail_param = array("localhost" => QUARANTINE_MAIL_HOST); $body = $mime->get(); $hdrs = $mime->headers($hdrs); $mail =& Mail::factory("smtp",$mail_param); and made the conf.php changes: // Quarantine settings define(QUARANTINE_MAIL_HOST, "smtp server FQDM"); - i tried a number of things here - localhost, short name, full name and i am still getting this error: Mar 10 10:26:17 abaddon postfix/smtpd[20462]: connect from localhost.localdomain[127.0.0.1] Mar 10 10:26:17 abaddon postfix/smtpd[20462]: NOQUEUE: reject: RCPT from localhost.localdomain[127.0.0.1]: 504 : Helo command rejected: need fully-qualified hostname; from= to= proto=ESMTP helo= Mar 10 10:26:17 abaddon postfix/smtpd[20462]: lost connection after RCPT from localhost.localdomain[127.0.0.1] Mar 10 10:26:17 abaddon postfix/smtpd[20462]: disconnect from localhost.localdomain[127.0.0.1] Any thoughs? Isi >> In this case you are rejecting "non-FQDN HELOs/EHLOs", which is IMO a >> good thing. You do this at MTA(postfix) level. Fine. >> >> Making the changes to MailWatch so that you can specify >> define(QUARANTINE_MAIL_HOST, 'abaddon.'); >> in conf.php will cure your problem (think it's in cvs and will be >> in the (hopefully) imminent 0.6 release... Or look for messages by >> me around Feb 07 on the MW list... Really minor change, so you might >> as well do it "by hand"). >> ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Thu Mar 10 15:47:23 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:28:57 2006 Subject: How to quarantine only Phishing stuff from Clam? Message-ID: Martin, I looked at that example. I already have: Quarantine Infections = yes Quarantine Silent Viruses = no Silent Viruses = HTML-IFrame All-Viruses All of these options can take a ruleset. So I want to redefine what a silent virus is via a ruleset, ie "leave Julian's default alone, but remove Phishing from the silent virus set". Will what I've proposed do that? When everything can be defined with rulesets, sometimes the question is, "which option do I use the ruleset on?", as well as "Is this ruleset correct?". Jeff On Thu, 10 Mar 2005, Martin Hepworth wrote: > Date: Thu, 10 Mar 2005 15:31:19 +0000 > From: Martin Hepworth > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: How to quarantine only Phishing stuff from Clam? > > Jeff > > from the EXAMPLE file in the rules dir.. > ################################### > 7. Only quarantine some viruses > > Set "Quarantine Infections = /etc/MailScanner/rules/quarantine.rules". > Virus: sobig no > Virus: default yes > ################################### > > Also I'd change the > > Virus: Phishing.Bank no > > to > > Virus: Phishing no > > so it covers paypal/ebay phishing attempts etc (or phishing frauds if > you can get your mouth around tongue twisters :-) > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Jeff A. Earickson wrote: >> Julian, >> >> My daily report of who is sending viruses from our own domain has >> been showing Phishing stuff caught by ClamAV, coming from my own >> webmail server. >> >> A sample of what gets emailed to me via "Notices to", and then boiled >> down by a perl script: >> >> j29LMw3X004268: 137.146.210.58 (username) >> ClamAV Module: msg-21083-102.txt was infected: HTML.Phishing.Bank-111 >> >> I want to investigate, ie quarantine the offending messages. But I >> don't want to quarantine tons of crap. I have >> >> Quarantine Infections = yes >> Quarantine Silent Viruses = no >> >> and I want to set up a ruleset specifying silent viruses. Would this >> be right? >> >> %localrules-dir% = /etc/MailScanner/rules >> Silent Viruses = %localrules-dir%/silent-viruses.rules >> >> where the silent-viruses.rules looks like: >> >> Virus: All-Viruses yes >> Virus: HTML-IFrame yes >> Virus: Phishing.Bank no >> >> Do I need to specify a default here? >> >> Jeff Earickson >> Colby College >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Thu Mar 10 15:55:19 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:57 2006 Subject: Problem releasing a message Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Isi Lawson > Sent: den 10 mars 2005 16:30 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Problem releasing a message > > > Glenn, > > I applied the patch to detail.php: > > // Fix by Glenn Steen, to set an arbitrary smtp host > $mail_param = array("localhost" => QUARANTINE_MAIL_HOST); > $body = $mime->get(); > $hdrs = $mime->headers($hdrs); > $mail =& Mail::factory("smtp",$mail_param); > > and made the conf.php changes: > > // Quarantine settings > define(QUARANTINE_MAIL_HOST, "smtp server FQDM"); > > - i tried a number of things here > - localhost, short name, full name Hm, methinks you might have forgotten to reload or restart httpd efter making the changes. Set it to the FQDN and restart apache. -- Glenn > > and i am still getting this error: > > Mar 10 10:26:17 abaddon postfix/smtpd[20462]: connect from > localhost.localdomain[127.0.0.1] > Mar 10 10:26:17 abaddon postfix/smtpd[20462]: NOQUEUE: > reject: RCPT from > localhost.localdomain[127.0.0.1]: 504 : Helo > command rejected: > need fully-qualified hostname; from= > to= proto=ESMTP helo= > Mar 10 10:26:17 abaddon postfix/smtpd[20462]: lost connection > after RCPT > from localhost.localdomain[127.0.0.1] > Mar 10 10:26:17 abaddon postfix/smtpd[20462]: disconnect from > localhost.localdomain[127.0.0.1] > > Any thoughs? > > Isi > > >> In this case you are rejecting "non-FQDN HELOs/EHLOs", > which is IMO a > >> good thing. You do this at MTA(postfix) level. Fine. > >> > >> Making the changes to MailWatch so that you can specify > >> define(QUARANTINE_MAIL_HOST, 'abaddon.'); > >> in conf.php will cure your problem (think it's in cvs and will be > >> in the (hopefully) imminent 0.6 release... Or look for messages by > >> me around Feb 07 on the MW list... Really minor change, so > you might > >> as well do it "by hand"). > >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu Mar 10 16:17:51 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:57 2006 Subject: How to quarantine only Phishing stuff from Clam? Message-ID: Jeff there was something on this last week (I think) and I'm pretty sure your solution was more of less identical. Both Jiscmail and gmane searching are being dog slow for me at the moment, but searching on the silent viruses string during this month should give you the answer. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Jeff A. Earickson wrote: > Martin, > > I looked at that example. I already have: > > Quarantine Infections = yes > Quarantine Silent Viruses = no > Silent Viruses = HTML-IFrame All-Viruses > > All of these options can take a ruleset. So I want to redefine what > a silent virus is via a ruleset, ie "leave Julian's default alone, > but remove Phishing from the silent virus set". Will what I've proposed > do that? When everything can be defined with rulesets, sometimes the > question is, "which option do I use the ruleset on?", as well as > "Is this ruleset correct?". > > Jeff > > On Thu, 10 Mar 2005, Martin Hepworth wrote: > >> Date: Thu, 10 Mar 2005 15:31:19 +0000 >> From: Martin Hepworth >> Reply-To: MailScanner mailing list >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: How to quarantine only Phishing stuff from Clam? >> >> Jeff >> >> from the EXAMPLE file in the rules dir.. >> ################################### >> 7. Only quarantine some viruses >> >> Set "Quarantine Infections = /etc/MailScanner/rules/quarantine.rules". >> Virus: sobig no >> Virus: default yes >> ################################### >> >> Also I'd change the >> >> Virus: Phishing.Bank no >> >> to >> >> Virus: Phishing no >> >> so it covers paypal/ebay phishing attempts etc (or phishing frauds if >> you can get your mouth around tongue twisters :-) >> >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >> >> Jeff A. Earickson wrote: >> >>> Julian, >>> >>> My daily report of who is sending viruses from our own domain has >>> been showing Phishing stuff caught by ClamAV, coming from my own >>> webmail server. >>> >>> A sample of what gets emailed to me via "Notices to", and then boiled >>> down by a perl script: >>> >>> j29LMw3X004268: 137.146.210.58 (username) >>> ClamAV Module: msg-21083-102.txt was infected: HTML.Phishing.Bank-111 >>> >>> I want to investigate, ie quarantine the offending messages. But I >>> don't want to quarantine tons of crap. I have >>> >>> Quarantine Infections = yes >>> Quarantine Silent Viruses = no >>> >>> and I want to set up a ruleset specifying silent viruses. Would this >>> be right? >>> >>> %localrules-dir% = /etc/MailScanner/rules >>> Silent Viruses = %localrules-dir%/silent-viruses.rules >>> >>> where the silent-viruses.rules looks like: >>> >>> Virus: All-Viruses yes >>> Virus: HTML-IFrame yes >>> Virus: Phishing.Bank no >>> >>> Do I need to specify a default here? >>> >>> Jeff Earickson >>> Colby College >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >> >> >> ********************************************************************** >> >> This email and any files transmitted with it are confidential and >> intended solely for the use of the individual or entity to whom they >> are addressed. If you have received this email in error please notify >> the system manager. >> >> This footnote confirms that this email message has been swept >> for the presence of computer viruses and is believed to be clean. >> >> ********************************************************************** >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rgreen at TRAYERPRODUCTS.COM Thu Mar 10 16:44:25 2005 From: rgreen at TRAYERPRODUCTS.COM (Rodney Green) Date: Thu Jan 12 21:28:57 2006 Subject: Razor Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I've got Razor installed and working. Can someone explain the following that were taken from the 50_scores.cf file? score RAZOR2_CF_RANGE_51_100 0 1.485 0 0.056 score RAZOR2_CHECK 0 0.150 0 1.511 What do the numbers represent? Thanks, Rod Roger Jochem wrote: > Work fine... I'm using it that way too... > > ----- Original Message ----- > From: "Rodney Green" > To: > Sent: Thursday, March 10, 2005 11:58 AM > Subject: Re: Razor > > > >>Thanks everyone. I'm using SA globally on my server, not on a per user >>basis. Will Razor and DCC work well in that type of situation? >> >>Rod >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at LISTS.COM.AR Thu Mar 10 17:29:28 2005 From: mailscanner at LISTS.COM.AR (Leonardo Helman) Date: Thu Jan 12 21:28:57 2006 Subject: Razor Message-ID: From man Mail::SpamAssassin::Conf score SYMBOLIC_TEST_NAME n.nn [ n.nn n.nn n.nn ] If four valid scores are listed, then the score that is used depends on how SpamAssassin is being used. The first score is used when both Bayes and network tests are disabled (score set 0). The second score is used when Bayes is disabled, but network tests are enabled (score set 1). The third score is used when Bayes is enabled and network tests are disabled (score set 2). The fourth score is used when Bayes is enabled and network tests are enabled (score set 3). On Thu, Mar 10, 2005 at 11:44:03AM -0500, Rodney Green wrote: > I've got Razor installed and working. > > Can someone explain the following that were taken from the 50_scores.cf > file? > > score RAZOR2_CF_RANGE_51_100 0 1.485 0 0.056 > score RAZOR2_CHECK 0 0.150 0 1.511 > > What do the numbers represent? > > Thanks, > Rod > > Roger Jochem wrote: > >Work fine... I'm using it that way too... > > > >----- Original Message ----- > >From: "Rodney Green" > >To: > >Sent: Thursday, March 10, 2005 11:58 AM > >Subject: Re: Razor > > > > > > > >>Thanks everyone. I'm using SA globally on my server, not on a per user > >>basis. Will Razor and DCC work well in that type of situation? > >> > >>Rod > >> > >>------------------------ MailScanner list ------------------------ > >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>'leave mailscanner' in the body of the email. > >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> > >>Support MailScanner development - buy the book off the website! > > > > > >------------------------ MailScanner list ------------------------ > >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >'leave mailscanner' in the body of the email. > >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > >Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Thu Mar 10 17:43:12 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:28:57 2006 Subject: Razor Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > Roger Jochem wrote: >> Work fine... I'm using it that way too... Just out of interest what kind of load does it impose? My box is some what limited in it's capacity but it seems a shame to miss out on a useful tool if it doesn't take too much (Or indeed if DCC is better/ more economic) Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kwang at UCALGARY.CA Thu Mar 10 17:44:15 2005 From: kwang at UCALGARY.CA (Kai Wang) Date: Thu Jan 12 21:28:57 2006 Subject: Report variable substitutions Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, We are working on a utility to allow users unquarantine messages. The current $date substitution is in "Mmm DD HH:mm:SS YYYY" format. If we want it in "YYYYMMDD" format, how to to that? Thanks Kai Wang University of Calgary ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Thu Mar 10 18:00:14 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:28:57 2006 Subject: Razor Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I'm running MailScanner, Spamassassin, Razor2, Pyzor, DCC, mailscanner-mrtg, Mailwatch for MailScanner, about 10.000 messages / day, in an Pentium IV 2,8 Ghz machine, 512 Mb mem. Average ram usage is 440 Mb, and CPU ocupation is around 24%. I don't fill much diference in machine use processing the messages with or without razor2, dcc and pyzor. It increased a little the network traffic, but not much. ----- Original Message ----- From: "Drew Marshall" To: Sent: Thursday, March 10, 2005 2:43 PM Subject: Re: Razor > > Roger Jochem wrote: > >> Work fine... I'm using it that way too... > > Just out of interest what kind of load does it impose? My box is some what > limited in it's capacity but it seems a shame to miss out on a useful tool > if it doesn't take too much (Or indeed if DCC is better/ more economic) > > Drew > > -- > In line with our policy, this message has > been scanned for viruses and dangerous > content by MailScanner, and is believed to be clean. > www.themarshalls.co.uk/policy > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jimc at LARIDIAN.COM Thu Mar 10 18:01:13 2005 From: jimc at LARIDIAN.COM (Jim Coates) Date: Thu Jan 12 21:28:57 2006 Subject: Rules Du Jour and local domains Message-ID: What are the thoughts of using Rules Du Jour in a business environment? Are the rules included pretty safe for an environment where you expect a certain amount of business correspondence? I've recently upgraded my SA installation (which helped a great deal!) and am looking to keep rules up to date. Also, is there a good tutorial for setting MailScanner to not scan emails sent from the local domain users? I have it set to not scan @ourdomain.com, but with that in place spoofed email addresses aren't scanned either. I also tried it via the local IP, but then it doesn't scan emails grabbed by Fetchmail. Thanks for being patient with me.. I'm new to the list and trying to get our install working properly. Thanks, Jim Coates Laridian, Inc. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kwang at UCALGARY.CA Thu Mar 10 18:13:13 2005 From: kwang at UCALGARY.CA (Kai Wang) Date: Thu Jan 12 21:28:57 2006 Subject: Report variable substitutions Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Got it. Just use the variable $datenumber instead of $date. Kai Kai Wang wrote: > Hi, > > We are working on a utility to allow users unquarantine messages. The > current $date substitution is in "Mmm DD HH:mm:SS YYYY" format. If we > want it in "YYYYMMDD" format, how to to that? > > Thanks > Kai Wang > University of Calgary > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Mar 10 18:20:17 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:57 2006 Subject: How to quarantine only Phishing stuff from Clam? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jeff A. Earickson wrote: > Julian, > > My daily report of who is sending viruses from our own domain has > been showing Phishing stuff caught by ClamAV, coming from my own > webmail server. > > A sample of what gets emailed to me via "Notices to", and then boiled > down by a perl script: > > j29LMw3X004268: 137.146.210.58 (username) > ClamAV Module: msg-21083-102.txt was infected: HTML.Phishing.Bank-111 > > I want to investigate, ie quarantine the offending messages. But I > don't want to quarantine tons of crap. I have > > Quarantine Infections = yes > Quarantine Silent Viruses = no > > and I want to set up a ruleset specifying silent viruses. Would this > be right? > > %localrules-dir% = /etc/MailScanner/rules > Silent Viruses = %localrules-dir%/silent-viruses.rules > > where the silent-viruses.rules looks like: > > Virus: All-Viruses yes > Virus: HTML-IFrame yes > Virus: Phishing.Bank no "yes" and "no" are not valid values for the "Silent Viruses" option. If you want to separate out the Phishing.Bank mail from the All-Viruses mail then just set Silent Viruses = All-Viruses HTML-IFrame Non-Forging Viruses = Phishing.Bank The non-forging list effectively cancels out the Silent Viruses list for any matching viruses. > > Do I need to specify a default here? > > Jeff Earickson > Colby College > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Mar 10 18:22:36 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:57 2006 Subject: MAILSCANNER Digest - 6 Mar 2005 to 7 Mar 2005 - Special issue (#2005-69) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] "Danny Harris"@KILI.JISCMAIL.AC.UK wrote: >>Don't know if anyone else has seen this, but for some reason our >> >> >MailScanner > > >>(4.37.7) has picked up the above digest as having "Other Bad Content >>Detected", citing "Too many attachments in message" as the reason? We have >>the default 200 set in MailScanner.conf. A quick browse of the archive >> >> >shows > > >>somewhere around 180 postings since the previous digest, so I guess the >>other graphics must have tipped it over the 200 limit. I guess that there's >>a bit of tweaking needed on the number of posts before a "Special Issue" >>digest is created? >> >> > >Ok, no response so I assume that no one else had this problem and that I've >done something stupid in my MailScanner settings? What is the default Max >attachments allowed in more recent versions? What should the setting be to >prevent the special issue digest getting caught in future (I've upped mine >to 220 for now)? > >Any hints gratefully accepted, > > I don't think many people get this list as a digest, so most people won't see this problem at all. Just increase the number to a point where it stops being a problem. As long as your MailScanner server is reasonably big, you probably won't hit a problem until it hits several hundred attachments. I can't see setting the limit to 300 causing you any trouble. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Mar 10 18:29:09 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:57 2006 Subject: Rules Du Jour and local domains Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jim Coates wrote: >Also, is there a good tutorial for setting MailScanner to not scan emails >sent from the local domain users? > > Set Virus Scanning = %rules-dir%/skip.local.rules and in /etc/MailScanner/rules/skip.local.rules use either From: *@yourdomain.com no FromOrTo: default yes or, more reliably (as it doesn't matter if your domain is faked in incoming mail) From: 3.4.5.* no FromOrTo: default yes where you should replace 3.4.5.* with your local ip netblock. It will take any common syntax for specifying this. >I have it set to not scan @ourdomain.com, but with that in place spoofed >email addresses aren't scanned either. > >I also tried it via the local IP, but then it doesn't scan emails grabbed by >Fetchmail. > >Thanks for being patient with me.. I'm new to the list and trying to get our >install working properly. > >Thanks, >Jim Coates >Laridian, Inc. > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From isi at DAGGERSDEN.NET Thu Mar 10 18:22:21 2005 From: isi at DAGGERSDEN.NET (Isi Lawson) Date: Thu Jan 12 21:28:57 2006 Subject: Problem releasing a message Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > Hm, methinks you might have forgotten to reload or restart > httpd efter making the changes. > Set it to the FQDN and restart apache. > after a restart of mailscanner / postfix / apache i am still seeing the error Mar 10 13:19:17 abaddon postfix/smtpd[22575]: connect from localhost.localdomain [127.0.0.1] Mar 10 13:19:17 abaddon postfix/smtpd[22575]: NOQUEUE: reject: RCPT from localhost.localdomain[127.0.0.1]: 504 : Sender address rejected:need fully-qualified address; from= to= proto=ESMTP helo= Mar 10 13:19:17 abaddon postfix/smtpd[22575]: lost connection after RCPT from localhost.localdomain[127.0.0.1] Mar 10 13:19:17 abaddon postfix/smtpd[22575]: disconnect from localhost.localdomain[127.0.0.1] ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jimc at LARIDIAN.COM Thu Mar 10 18:35:41 2005 From: jimc at LARIDIAN.COM (Jim Coates) Date: Thu Jan 12 21:28:57 2006 Subject: Rules Du Jour and local domains Message-ID: Julian, This is what I already do. My "Virus Scanning" rule looks like this: From: *@mydomain.com no From: *@myotherdomain.org no FromOrTo: default yes But it allows spoofed incoming emails to come through. If I change it to an IP address or block, it allows mail pulled from another server via Fetchmail to come through because Fetchmail sends to MailScanner via the local IP address, so it looks like its being sent internally (even though headers are intact). Jim -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Thursday, March 10, 2005 12:29 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Rules Du Jour and local domains Jim Coates wrote: >Also, is there a good tutorial for setting MailScanner to not scan >emails sent from the local domain users? > > Set Virus Scanning = %rules-dir%/skip.local.rules and in /etc/MailScanner/rules/skip.local.rules use either From: *@yourdomain.com no FromOrTo: default yes or, more reliably (as it doesn't matter if your domain is faked in incoming mail) From: 3.4.5.* no FromOrTo: default yes where you should replace 3.4.5.* with your local ip netblock. It will take any common syntax for specifying this. >I have it set to not scan @ourdomain.com, but with that in place >spoofed email addresses aren't scanned either. > >I also tried it via the local IP, but then it doesn't scan emails >grabbed by Fetchmail. > >Thanks for being patient with me.. I'm new to the list and trying to >get our install working properly. > >Thanks, >Jim Coates >Laridian, Inc. > >------------------------ MailScanner list ------------------------ To >unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >mailscanner' in the body of the email. Before posting, read the MAQ >(http://www.mailscanner.biz/maq/) and the archives >(http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu Mar 10 18:44:57 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:28:57 2006 Subject: Problem releasing a message Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Isi Lawson wrote: >>Hm, methinks you might have forgotten to reload or restart >>httpd efter making the changes. >>Set it to the FQDN and restart apache. >> > > > after a restart of mailscanner / postfix / apache i am still seeing the error > > Mar 10 13:19:17 abaddon postfix/smtpd[22575]: connect from > localhost.localdomain [127.0.0.1] > > Mar 10 13:19:17 abaddon postfix/smtpd[22575]: NOQUEUE: reject: RCPT from > localhost.localdomain[127.0.0.1]: 504 : Sender > address rejected:need fully-qualified address; from= > to= proto=ESMTP helo= > > Mar 10 13:19:17 abaddon postfix/smtpd[22575]: lost connection after RCPT > from localhost.localdomain[127.0.0.1] > > Mar 10 13:19:17 abaddon postfix/smtpd[22575]: disconnect from > localhost.localdomain[127.0.0.1] > Shouldn't your postmaster address be a FQDN? I haven't had the time to install Mailwatch, but I want to try it. Maybe if someone with better script skills than I came up with an install script. -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu Mar 10 19:13:31 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:28:57 2006 Subject: Rules Du Jour and local domains Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jim Coates wrote: > Julian, > > This is what I already do. > > My "Virus Scanning" rule looks like this: > > From: *@mydomain.com no > From: *@myotherdomain.org no > FromOrTo: default yes > > But it allows spoofed incoming emails to come through. > > If I change it to an IP address or block, it allows mail pulled from another > server via Fetchmail to come through because Fetchmail sends to MailScanner > via the local IP address, so it looks like its being sent internally (even > though headers are intact). Julian, would something like this work? From: *@mydomain.com and From: 3.4.5.* no so they have to match local domain and address block. -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From zen23003 at ZEN.CO.UK Thu Mar 10 19:26:41 2005 From: zen23003 at ZEN.CO.UK (Paul Welsh) Date: Thu Jan 12 21:28:57 2006 Subject: Panda not working Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Steen, Glenn > Sent: 09 March 2005 17:57 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Panda not working > > > Paul, could you try this panda-wrapper? > Think I got something right this time, although it still is a > terrible kludge:). > Testing on my system got hold of Eicar at least...:). > Hi Glen Thanks so much for your help on this, but I'm at the give up stage on this one and I expect you are too. I installed your new wrapper and restarted MailScanner at about 7pm last night and Panda worked for a bit. Here's what happened compared to Bitdefender: Mar 9 22:10:52 mail MailScanner[29900]: Virus Scanning: Bitdefender found 1 infections Mar 9 22:10:59 mail MailScanner[29900]: Virus Scanning: Panda found 2 infections Mar 9 22:11:56 mail MailScanner[29968]: Virus Scanning: Bitdefender found 2 infections Mar 9 22:12:12 mail MailScanner[29968]: Virus Scanning: Panda found 4 infections Mar 9 22:24:33 mail MailScanner[29962]: Virus Scanning: Bitdefender found 1 infections Mar 9 22:24:39 mail MailScanner[29962]: Virus Scanning: Panda found 2 infections So far, so good. However, today so far Bitdefender has found 44 infections whereas Panda hasn't found any. My guess is that something went wrong when MailScanner restarted at midnight, but I could be wrong. Note that Panda still finds the eicar when I enter /usr/lib/MailScanner/panda-wrapper /usr /tmp ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rgreen at TRAYERPRODUCTS.COM Thu Mar 10 19:29:54 2005 From: rgreen at TRAYERPRODUCTS.COM (Rodney Green) Date: Thu Jan 12 21:28:57 2006 Subject: Realeasing from quarantine Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > Amend your MailScanner.conf file with > Quarantine Whole Message = yes > Quarantine Whole Message As Queue Files = no Shouldn't the second line read like this? Quarantine Whole Messages As Queue Files = no -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Mar 10 19:30:37 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:57 2006 Subject: Rules Du Jour and local domains Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Scott Silva wrote: >Jim Coates wrote: > > >>Julian, >> >>This is what I already do. >> >>My "Virus Scanning" rule looks like this: >> >>From: *@mydomain.com no >>From: *@myotherdomain.org no >>FromOrTo: default yes >> >>But it allows spoofed incoming emails to come through. >> >>If I change it to an IP address or block, it allows mail pulled from another >>server via Fetchmail to come through because Fetchmail sends to MailScanner >>via the local IP address, so it looks like its being sent internally (even >>though headers are intact). >> >> > >Julian, would something like this work? >From: *@mydomain.com and From: 3.4.5.* no > >so they have to match local domain and address block. > > Don't see why not. That should be okay. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From basement_mobile2004 at YAHOO.COM Thu Mar 10 19:33:08 2005 From: basement_mobile2004 at YAHOO.COM (Anakin SkyWalker) Date: Thu Jan 12 21:28:57 2006 Subject: AntiSpam Technics Message-ID: Hi, Is there any methods to prevent SPAM within MailScanner which do not use SPAMASSASSIN feature? I mean, using the DNSBLS without using the spamassassin tool integrated. Is there a way to do that? Many thanks. __________________________________ Do you Yahoo!? Yahoo! Small Business - Try our new resources site! http://smallbusiness.yahoo.com/resources/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Mar 10 19:37:26 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:57 2006 Subject: AntiSpam Technics Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Check out the "Spam List" setting in MailScanner.conf. The comments above the setting tell you how to use it. Basically you put in the names of DNSBLs which are defined in spam.lists.conf. Anakin SkyWalker wrote: >Hi, > > Is there any methods to prevent SPAM within >MailScanner which do not use SPAMASSASSIN feature? I >mean, using the DNSBLS without using the spamassassin >tool integrated. Is there a way to do that? > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jimc at LARIDIAN.COM Thu Mar 10 19:48:01 2005 From: jimc at LARIDIAN.COM (Jim Coates) Date: Thu Jan 12 21:28:57 2006 Subject: Rules Du Jour and local domains Message-ID: Scott and Julian, Thanks... that looks like it would work. I'll give it a try and let everyone know if I have issues with it. Jim Coates Laridian, Inc. >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Scott Silva >Sent: Thursday, March 10, 2005 1:14 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Rules Du Jour and local domains > >Julian, would something like this work? >From: *@mydomain.com and From: 3.4.5.* no > >so they have to match local domain and address block. > > > >-- >"If you have ever eaten crow, >It don't taste like chicken!!" > >------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Thu Mar 10 20:31:26 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:28:57 2006 Subject: Rules Du Jour and local domains Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jim Coates wrote on Thu, 10 Mar 2005 12:01:13 -0600: > Are the rules included pretty safe for an environment where you expect a > certain amount of business correspondence? > As always you have to carefully choose what fits your needs. There's plenty of possible rulesets you can update with rulesdujour, I don't think that many people use all of them. Consider rulesdujour as what it is: a tool for updating your rules, not as a ruleset. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From devonharding at gmail.com Thu Mar 10 20:43:13 2005 From: devonharding at gmail.com (Devon Harding) Date: Thu Jan 12 21:28:57 2006 Subject: IDS options? Message-ID: Does MailScanner, or Sendmail for that matter, have any IDS functions built in where if it sees a swarm of SMTP connections from a particular IP or domain, it disables future connections from that IP for a set ammount of time. IronMail has this feature. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Thu Mar 10 20:46:43 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:28:57 2006 Subject: IDS options? Message-ID: See the IPBlock feature in CustomConfig.pm. Also see the FAQ http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/239.html for details of control by region/subnet. Jeff Earickson Colby College On Thu, 10 Mar 2005, Devon Harding wrote: > Date: Thu, 10 Mar 2005 15:43:13 -0500 > From: Devon Harding > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: IDS options? > > Does MailScanner, or Sendmail for that matter, have any IDS functions > built in where if it sees a swarm of SMTP connections from a > particular IP or domain, it disables future connections from that IP > for a set ammount of time. IronMail has this feature. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From devonharding at gmail.com Thu Mar 10 20:57:13 2005 From: devonharding at gmail.com (Devon Harding) Date: Thu Jan 12 21:28:57 2006 Subject: Mail-ClamAV-0.17 out Message-ID: I get this error: Manifying blib/man3/Mail::ClamAV.3pm /usr/bin/make -- OK Running make test PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t t/Mail-ClamAV....NOK 1# Failed test (t/Mail-ClamAV.t at line 9) # Tried to use 'Mail::ClamAV'. # Error: Had problems bootstrapping Inline module 'Mail::ClamAV' # # Can't load '/root/.cpan/build/Mail-ClamAV-0.17/blib/arch/auto/Mail/ClamAV/ClamAV.so' for module Mail::ClamAV: /usr/lib/libz.so.1: symbol __fprintf_chk, version GLIBC_2.3.4 not defined in file libc.so.6 with link time reference at /usr/lib/perl5/5.8.3/i386-linux-thread-multi/DynaLoader.pm line 229. # at /usr/lib/perl5/site_perl/5.8.3/Inline.pm line 500 # # # at /root/.cpan/build/Mail-ClamAV-0.17/blib/lib/Mail/ClamAV.pm line 188 # BEGIN failed--compilation aborted at /root/.cpan/build/Mail-ClamAV-0.17/blib/lib/Mail/ClamAV.pm line 532. # Compilation failed in require at (eval 1) line 2. "all" is not defined in %Mail::ClamAV::EXPORT_TAGS at t/Mail-ClamAV.t line 11 Can't continue after import errors at t/Mail-ClamAV.t line 11 # Looks like you planned 10 tests but only ran 1. t/Mail-ClamAV....dubious Test returned status 10 (wstat 2560, 0xa00) Scalar found where operator expected at (eval 153) line 1, near "'int' $__val" (Missing operator before $__val?) DIED. FAILED tests 1-10 Failed 10/10 tests, 0.00% okay Failed Test Stat Wstat Total Fail Failed List of Failed ------------------------------------------------------------------------------- t/Mail-ClamAV.t 10 2560 10 19 190.00% 1-10 Failed 1/1 test scripts, 0.00% okay. 10/10 subtests failed, 0.00% okay. make: *** [test_dynamic] Error 2 /usr/bin/make test -- NOT OK Running make install make test had returned bad status, won't install without force On Thu, 10 Mar 2005 07:14:06 -0500, Jeff A. Earickson wrote: > I too gave Scott Beck a poke on the scanbuff issue, since it seemed > to bite both Linux and Solaris people. Too bad he didn't update > the Changes file to say what he did. > > Jeff Earickson > Colby College > > On Thu, 10 Mar 2005, David Lee wrote: > > > Date: Thu, 10 Mar 2005 09:53:40 +0000 > > From: David Lee > > Reply-To: MailScanner mailing list > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: Mail-ClamAV-0.17 out > > > > On Wed, 9 Mar 2005, Jeff A. Earickson wrote: > > > >> A new version of the ClamAV perl module is out. The make test > >> failures realted to scanbuff int the test file are now fixed > >> (the scanbuff call vanished). No updates to the Changes file > >> though. Installed and working on my system (Solaris 9). > > > > Thanks. (Behind the scenes for the last few days, I've been encouraging > > Scott Beck, the module's maintainer, to fix both the sets of problems in > > the test suite that have been discussed on the list. 0.16 fixed the first > > set, 0.17 the second set.) > > > > To confirm: 0.17 builds and tests itself cleanly on systems (Solaris 9 > > and Fedora Core 3) at my site. It looks sound. (In production on FC3 > > we've been successfully running 0.16 for a few days. A "diff -r" between > > that (0.16) and the brand new 0.17 indicates that the only change is the > > removal of the "scanbuff" tests within the test suite itself (so no > > differences in what gets installed). > > > > P.S. The difficulties encountered by Peter Russell are different, and look > > like being related to his installation, rather than to the module. I, > > too, trip over just such problems as his (failing to compile, then when > > that's fixed "make test" giving "Error: Had problems bootstrapping Inline > > module 'Mail::ClamAV'"). But these are because I use slightly non-default > > locations, so need to adjust PATH (and, in the case of FC3, LD_RUN_PATH) > > locally here. > > > > Hope that helps. > > > > > > -- > > > > : David Lee I.T. Service : > > : Senior Systems Programmer Computer Centre : > > : University of Durham : > > : http://www.dur.ac.uk/t.d.lee/ South Road : > > : Durham : > > : Phone: +44 191 334 2752 U.K. : > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Thu Mar 10 21:22:24 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:28:57 2006 Subject: User unknown in virtual alias table Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Steen, Glenn wrote: Yes... Perhaps a stupid question for you Drew, but... Couldn't one use the virtual mailbox feature (as in "man virtual" to do what Rodney seems to want to do? Perhaps a bit backwards:) No not stupid (I do stupid :-) ) You can use virtual delivery but you need to tell Postfix what a virtual domain is using virtual_mailbox_maps or virtual_alias_domains (Although this one can be left at it's default of $virtual_alias_maps and is not applicable in this instance). It just depends on the format of the virtual table and how they are aliased as to how Postfix views the file. For example if the virtual map reads: user1@tld.com user1@host1.tld.com and the main.cf has mydestination set as host1.tld.com then mail addressed to user1@tld.com will be delivered (By the local delivery agent) as it's alias is to a domain Postfix knows as it's own. However if the alias map is: user1@tld.com user1@host2.tld.com and the main.cf has no details of host2 as a destination, the smtpd process will accept the incoming message (As the user exists in a 'user map' but the delivery agent will bounce it as unknown or looping depending on other factors like MX records and transport maps. Slightly confusing but I'm sure you get the idea! Drew Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Thu Mar 10 21:23:03 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:57 2006 Subject: IDS options? Message-ID: At 03:43 PM 3/10/2005, Devon Harding wrote: >Does MailScanner, or Sendmail for that matter, have any IDS functions >built in where if it sees a swarm of SMTP connections from a >particular IP or domain, it disables future connections from that IP >for a set ammount of time. IronMail has this feature. Hmm, personally, I prefer to do my IPS and/or flood control at the network layer with a decent firewall. This way it's a bit more flexible and I can also protect all my servers, including web, dns and other things, all at the same time. It seems like re-implementing a solution to the same basic problem in each and every server program at the application layer is a bit of a waste, not to mention needing to learn how to configure each and every different server for it. The Juniper Netscreen does a great job of this. It's the "Source IP Based Session Limit " in the zone screen. OpenBSD's PF does it even better with the max-src-states option to a rule. You might even be able to do something useful with the limit module for IPTables, but you might need to get a bit fancy with it as it's not obvious how to do this with limit. Ditto for Cisco router with FWFS by adding a rate-limit statement to an ACL. One thing that is very useful to do at the application layer is protecting against application specific abuse. One example in sendmail is throttling off connections which are using a lot of invalid recipients.. it cuts off the rumplestiltskin attacks: define(`confBAD_RCPT_THROTTLE',5) Once a connection hits 5 bad recipients, they get throttled back with a 1 second sleep before the server will accept more tries from them. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Thu Mar 10 21:34:51 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:57 2006 Subject: IDS options? Message-ID: At 04:23 PM 3/10/2005, Matt Kettler wrote: >You might even be able to do something >useful with the limit module for IPTables, but you might need to get a bit >fancy with it as it's not obvious how to do this with limit. Additional info: The newest versions of IPTables (>1.2.8) support the connlimit module, which does this on a per-rule basis. However, it's not in the mainline kernel yet, only in the patch-o-matic at netfilter.org. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Thu Mar 10 21:35:49 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:28:57 2006 Subject: IDS options? Message-ID: Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Devon Harding > Sent: Thursday, March 10, 2005 3:43 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: IDS options? > > Does MailScanner, or Sendmail for that matter, have any IDS functions > built in where if it sees a swarm of SMTP connections from a > particular IP or domain, it disables future connections from that IP > for a set ammount of time. IronMail has this feature. > This can be implemented in Sendmail with a milter (mail filter) which limits the number of messages by connecting client IP, sender, or recipient. Please see: http://www.milter.info/milter-limit/index.shtml Steve Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ragan_davis at COLSTATE.EDU Thu Mar 10 21:49:40 2005 From: ragan_davis at COLSTATE.EDU (Mack Ragan) Date: Thu Jan 12 21:28:57 2006 Subject: inline html warning vs. text warning Message-ID: Hi, All of our infected/bad-filename emails have the "Inline Text Warning" inserted in them. Is there a trick to making MailScanner include the "Inline HTML Warning" file, rather than the "Inline Text Warning" file? thanks, mack ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Thu Mar 10 21:53:00 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:57 2006 Subject: Problem releasing a message Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Grmbl. That should work. Scott is likely right Isi. What do you have in /etc/hosts? What is the machines perceived hostname? What gave you set all the QUARANTINE_* things to in conf.php? Are you sure you've got no typos in the little fix? (Yeah, that last bit is fumbling after sraws....:-). -- Glenn -----Original Message----- From: MailScanner mailing list on behalf of Scott Silva Sent: Thu 3/10/2005 7:44 PM To: MAILSCANNER@JISCMAIL.AC.UK Cc: Subject: Re: Problem releasing a message Isi Lawson wrote: >>Hm, methinks you might have forgotten to reload or restart >>httpd efter making the changes. >>Set it to the FQDN and restart apache. >> > > > after a restart of mailscanner / postfix / apache i am still seeing the error > > Mar 10 13:19:17 abaddon postfix/smtpd[22575]: connect from > localhost.localdomain [127.0.0.1] > > Mar 10 13:19:17 abaddon postfix/smtpd[22575]: NOQUEUE: reject: RCPT from > localhost.localdomain[127.0.0.1]: 504 : Sender > address rejected:need fully-qualified address; from= > to= proto=ESMTP helo= > > Mar 10 13:19:17 abaddon postfix/smtpd[22575]: lost connection after RCPT > from localhost.localdomain[127.0.0.1] > > Mar 10 13:19:17 abaddon postfix/smtpd[22575]: disconnect from > localhost.localdomain[127.0.0.1] > Shouldn't your postmaster address be a FQDN? I haven't had the time to install Mailwatch, but I want to try it. Maybe if someone with better script skills than I came up with an install script. -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Thu Mar 10 22:04:53 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:57 2006 Subject: Panda not working Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hm well, when I tested a bit more it went as one could expect... Since I don't actually pay for any panda license, I don't have a valid login to get the updated sig file... Which means that Panda was fine finding old bull-droppings like Netsky/Somefool but missed all of the newer ones. ISTR you mentioning that there was some problems using the latest sigs? Or are those results with the latest sigs? I'm sure you already know, but if you want MailScanner to get the updates for you, you're supposed to edit the panda-autoupdate script with your login info. And you're pretty much right about my relative tiredness:-). ... Just whish there was a simple way to make it work in _one_ pavcl call instead of one/file. Pavcl is a dog, performancewise, and this makes the script so slow it's actually detectable in the deliveryspeed when comparing MS with<>without panda... Sigh. And it nettles me that it works so poorly. -- Glenn -----Original Message----- From: MailScanner mailing list on behalf of Paul Welsh Sent: Thu 3/10/2005 8:26 PM To: MAILSCANNER@JISCMAIL.AC.UK Cc: Subject: Re: Panda not working > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Steen, Glenn > Sent: 09 March 2005 17:57 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Panda not working > > > Paul, could you try this panda-wrapper? > Think I got something right this time, although it still is a > terrible kludge:). > Testing on my system got hold of Eicar at least...:). > Hi Glen Thanks so much for your help on this, but I'm at the give up stage on this one and I expect you are too. I installed your new wrapper and restarted MailScanner at about 7pm last night and Panda worked for a bit. Here's what happened compared to Bitdefender: Mar 9 22:10:52 mail MailScanner[29900]: Virus Scanning: Bitdefender found 1 infections Mar 9 22:10:59 mail MailScanner[29900]: Virus Scanning: Panda found 2 infections Mar 9 22:11:56 mail MailScanner[29968]: Virus Scanning: Bitdefender found 2 infections Mar 9 22:12:12 mail MailScanner[29968]: Virus Scanning: Panda found 4 infections Mar 9 22:24:33 mail MailScanner[29962]: Virus Scanning: Bitdefender found 1 infections Mar 9 22:24:39 mail MailScanner[29962]: Virus Scanning: Panda found 2 infections So far, so good. However, today so far Bitdefender has found 44 infections whereas Panda hasn't found any. My guess is that something went wrong when MailScanner restarted at midnight, but I could be wrong. Note that Panda still finds the eicar when I enter /usr/lib/MailScanner/panda-wrapper /usr /tmp ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Thu Mar 10 22:07:08 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:57 2006 Subject: Realeasing from quarantine Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Cut'n'pasted from the install doc... Any typos are Steves:-) -----Original Message----- From: MailScanner mailing list on behalf of Rodney Green Sent: Thu 3/10/2005 8:29 PM To: MAILSCANNER@JISCMAIL.AC.UK Cc: Subject: Re: Realeasing from quarantine > Amend your MailScanner.conf file with > Quarantine Whole Message = yes > Quarantine Whole Message As Queue Files = no Shouldn't the second line read like this? Quarantine Whole Messages As Queue Files = no -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Thu Mar 10 22:13:20 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:28:57 2006 Subject: User unknown in virtual alias table Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rodney Green wrote: >> What is mail2? Is that an alias for mail4? (i.e. they are the same >> machine) > > > mail2 is an alias for mail4.. they both point to the same machine. > >> >> Which way would you like to go, virtual or local? >> > > I think virtual for no other reason then I have used it for a long time > now and have scripts that use it. I've had a longer look at this now and I think you have found a little bug for Julian to add to his work stack :-( Julian How are you forwarding the spam to Postfix? It looks like you just dumping the output into the out going queue? If so it is not being cleaned up and aliases resolved by either the pickup or trivial-rewrite processes so the qmanager just bounces the mail as undeliverable. I have tried it on my system here and proved it. If you specify a local address or alias as the forward address it works fine (No aliasing required so the qmgr just delivers it), if you specify a virtual domain address it gets bounced. The clue is here in the log: Mar 8 08:43:53 proxy postfix/error[17012]: 832783132D: to=, orig_to=, relay=none, delay=6, status=bounced (user unknown in virtual alias table) Notice the orig_to line is unknown. That should have the original to address in it and the to= should be the aliased address (i.e. where it is being delivered to). > > Thanks for your help Drew! No problems Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From smf at F2S.COM Thu Mar 10 23:46:27 2005 From: smf at F2S.COM (Steve Freegard) Date: Thu Jan 12 21:28:57 2006 Subject: Problem releasing a message Message-ID: Glenn/Isi, Spotted a typo: $mail_param = array("localhost" => QUARANTINE_MAIL_HOST); should be $mail_param = array('host' => QUARANTINE_MAIL_HOST); Try that - it should work now... Cheers, Steve. On Thu, 2005-03-10 at 16:55 +0100, Steen, Glenn wrote: > > -----Original Message----- > > From: MailScanner mailing list > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Isi Lawson > > Sent: den 10 mars 2005 16:30 > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: Problem releasing a message > > > > > > Glenn, > > > > I applied the patch to detail.php: > > > > // Fix by Glenn Steen, to set an arbitrary smtp host > > $mail_param = array("localhost" => QUARANTINE_MAIL_HOST); > > $body = $mime->get(); > > $hdrs = $mime->headers($hdrs); > > $mail =& Mail::factory("smtp",$mail_param); > > > > and made the conf.php changes: > > > > // Quarantine settings > > define(QUARANTINE_MAIL_HOST, "smtp server FQDM"); > > > > - i tried a number of things here > > - localhost, short name, full name > Hm, methinks you might have forgotten to reload or restart > httpd efter making the changes. > Set it to the FQDN and restart apache. > > -- Glenn > > > > and i am still getting this error: > > > > Mar 10 10:26:17 abaddon postfix/smtpd[20462]: connect from > > localhost.localdomain[127.0.0.1] > > Mar 10 10:26:17 abaddon postfix/smtpd[20462]: NOQUEUE: > > reject: RCPT from > > localhost.localdomain[127.0.0.1]: 504 : Helo > > command rejected: > > need fully-qualified hostname; from= > > to= proto=ESMTP helo= > > Mar 10 10:26:17 abaddon postfix/smtpd[20462]: lost connection > > after RCPT > > from localhost.localdomain[127.0.0.1] > > Mar 10 10:26:17 abaddon postfix/smtpd[20462]: disconnect from > > localhost.localdomain[127.0.0.1] > > > > Any thoughs? > > > > Isi > > > > >> In this case you are rejecting "non-FQDN HELOs/EHLOs", > > which is IMO a > > >> good thing. You do this at MTA(postfix) level. Fine. > > >> > > >> Making the changes to MailWatch so that you can specify > > >> define(QUARANTINE_MAIL_HOST, 'abaddon.'); > > >> in conf.php will cure your problem (think it's in cvs and will be > > >> in the (hopefully) imminent 0.6 release... Or look for messages by > > >> me around Feb 07 on the MW list... Really minor change, so > > you might > > >> as well do it "by hand"). > > >> > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vachanta at GMAIL.COM Fri Mar 11 00:57:25 2005 From: vachanta at GMAIL.COM (Venkata Achanta) Date: Thu Jan 12 21:28:57 2006 Subject: MailScanner setting score ALL_TRUSTED 0???!!!! Message-ID: Gang, >score ALL_TRUSTED 0 0 -0.01 -0.01 >trusted_networks 127.0.0.1 >trusted_networks 137.146.210.56 i have a few machines affected by this ALL_TRUSTED negative score and i have added this to spamassassin conf file. is it wise to apply this "temporary" fix to unaffected machines as well as a preventive measure or will i be inviting trouble. Please advise. Thanks much, Venkata Achanta ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rzewnickie at RFA.ORG Fri Mar 11 01:16:43 2005 From: rzewnickie at RFA.ORG (Eric Dantan Rzewnicki) Date: Thu Jan 12 21:28:57 2006 Subject: ClamAV and SpamAssassin from Julian's tarball on Debian Woody Message-ID: A note to anyone else still using debian woody: I installed clamav and SA from Julian's tarball on a debian woody system. I had to add these standard packages: zlib1g-dev libdb3-dev libbz2-dev libgmp3 libgmp3-dev pkg-config and these from backports.org: libidn11 libidn11-dev libcurl3 libcurl3-dev After installing those the INSTALL-tar.sh script worked fine. Two questions: 1) I added clamavmodule to Virus Scanners in MailScanner.conf. Upon restarting MailScanner I guess I expected to see a note about clamav being used in the logs similar to this message concerning sophos: MailScanner[27917]: SophosSAVI 3.91 (engine 2.28) recognizing 101402 viruses If I set Debug = yes, I see that that clamavmodule is indeed used. Is there any reason SophosSAVI is logged and clamavmodule is not during normal mailscanner startup? not a big deal of course. 2) for some reason spamassassin --version still reports 3.0.1. Is this a known issue or do I have some other problem here? Thanks to everyone for MailScanner and for any advice. -- Eric Dantan Rzewnicki | Systems Administrator Technical Operations Division | Radio Free Asia 2025 M Street, NW | Washington, DC 20036 | 202-530-4900 CONFIDENTIAL COMMUNICATION This e-mail message is intended only for the use of the addressee and may contain information that is privileged and confidential. Any unauthorized dissemination, distribution, or copying is strictly prohibited. If you receive this transmission in error, please contact network@rfa.org. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Fri Mar 11 03:30:11 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:28:57 2006 Subject: MailScanner setting score ALL_TRUSTED 0???!!!! Message-ID: My final configuration, after getting the advice of others on this list, and staring into my O'Reilly book on Spamassassin, was to edit the spam.assassin.prefs.conf file, get rid of the "score ALL_TRUSTED" line, and add in trusted_networks lines for my trusted machines. In my case: trusted_networks 127.0.0.1/32 trusted_networks 137.146.210.56/32 Basically, I only trust my own mail server (the machine that MailScanner and SA 3.0.2 is running on). While we have a class-B network, I don't trust any other machine on our network, and no other machine in the network is a (valid) mail server anyway. Jeff Earickson Colby College On Fri, 11 Mar 2005, Venkata Achanta wrote: > Date: Fri, 11 Mar 2005 00:57:25 +0000 > From: Venkata Achanta > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: MailScanner setting score ALL_TRUSTED 0???!!!! > > Gang, > >> score ALL_TRUSTED 0 0 -0.01 -0.01 >> trusted_networks 127.0.0.1 >> trusted_networks 137.146.210.56 > > i have a few machines affected by this ALL_TRUSTED negative score and i > have added this to spamassassin conf file. is it wise to apply > this "temporary" fix to unaffected machines as well as a preventive measure > or will i be inviting trouble. > > Please advise. > > > Thanks much, > Venkata Achanta > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From isi at DAGGERSDEN.NET Fri Mar 11 04:24:52 2005 From: isi at DAGGERSDEN.NET (Isi Lawson) Date: Thu Jan 12 21:28:57 2006 Subject: Problem releasing a message Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] here are all the gory details: hostname: [root@abaddon htdocs]# hostname abaddon.purecomputing.net /etc/hosts (related bits) [root@abaddon htdocs]# more /etc/hosts 127.0.0.1 localhost.localdomain localhost 82.165.244.31 abaddon.purecomputing.net purecomputing.net abaddon 82.165.225.168 smtp01.purecomputing.net detail.php - don't think i missed anything and i updated the 'host' from 'localhost' as suggested in another mail // Fix by Glenn Steen, to set an arbitrary smtp host $mail_param = array('host' => QUARANTINE_MAIL_HOST); $body = $mime->get(); $hdrs = $mime->headers($hdrs); $mail =& Mail::factory("smtp",$mail_param); conf.php - quarantine setings // Quarantine settings define(QUARANTINE_MAIL_HOST, "localhost.localdomain"); define(QUARANTINE_FROM_ADDR, 'postmaster'); define(QUARANTINE_SUBJECT, 'Message released from quarantine'); define(QUARANTINE_MSG_BODY, 'Please find the original message that was quarantined attached to this mail. Regards,Postmaster'); I have changed the mail_host above to be a number of different things: smtp01.purecomputing.net, localhost.localdomain, abaddon.purecomputing.net, abaddon, localhost -> all with no luck. What i do see though in the maillog is that the connect from updates properly - basically every where in snip below that has localhost.localdomain changes to be whatever i set the above to be. The one thing that does not change are the two items that use only in the second log entry. Interesting bit in the logs Mar 10 23:06:13 abaddon postfix/smtpd[6676]: connect from localhost.localdomain[127.0.0.1] Mar 10 23:06:13 abaddon postfix/smtpd[6676]: NOQUEUE: reject: RCPT from localhost.localdomain[127.0.0.1]: 504 : Helo command rejected: need fully-qualified hostname; from= to= proto=ESMTP helo= Mar 10 23:06:13 abaddon postfix/smtpd[6676]: lost connection after RCPT from localhost.localdomain[127.0.0.1] Mar 10 23:06:13 abaddon postfix/smtpd[6676]: disconnect from localhost.localdomain[127.0.0.1] I confirmed that i am not blocking the traffic via the host firewall as well. (pretty obvious since a connection is getting started but checked anyway) :>) Any thing else that might aid in troubleshooting please let me know. -- Isi Steen, Glenn wrote: >Grmbl. That should work. > >Scott is likely right Isi. >What do you have in /etc/hosts? >What is the machines perceived hostname? >What gave you set all the QUARANTINE_* things to in conf.php? >Are you sure you've got no typos in the little fix? >(Yeah, that last bit is fumbling after sraws....:-). > >-- Glenn > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Fri Mar 11 05:24:14 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:28:57 2006 Subject: Report variable substitutions Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Will you be sharing your app with us :) I Desperately need this functionality, ESPECIALLY if it auths with AD, either using AD or imap auth. Pete Kai Wang wrote: > Got it. Just use the variable $datenumber instead of $date. > > Kai > > Kai Wang wrote: > >> Hi, >> >> We are working on a utility to allow users unquarantine messages. The >> current $date substitution is in "Mmm DD HH:mm:SS YYYY" format. If we >> want it in "YYYYMMDD" format, how to to that? >> >> Thanks >> Kai Wang >> University of Calgary >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Mar 11 07:41:49 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:57 2006 Subject: inline html warning vs. text warning Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] It will write the HTML warning into the body of HTML emails, and the Text one into text emails. If you are looking at the plain text of the message, you will naturally see the text version of the file. Mack Ragan wrote: >Hi, > >All of our infected/bad-filename emails have the "Inline Text Warning" >inserted in them. Is there a trick to making MailScanner include >the "Inline HTML Warning" file, rather than the "Inline Text Warning" >file? > > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Mar 11 07:43:55 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:57 2006 Subject: User unknown in virtual alias table Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Remind me about this one tomorrow. Drew Marshall wrote: > Rodney Green wrote: > >>> What is mail2? Is that an alias for mail4? (i.e. they are the same >>> machine) >> >> >> >> mail2 is an alias for mail4.. they both point to the same machine. >> >>> >>> Which way would you like to go, virtual or local? >>> >> >> I think virtual for no other reason then I have used it for a long time >> now and have scripts that use it. > > > I've had a longer look at this now and I think you have found a little > bug for Julian to add to his work stack :-( > > Julian > > How are you forwarding the spam to Postfix? It looks like you just > dumping the output into the out going queue? If so it is not being > cleaned up and aliases resolved by either the pickup or trivial-rewrite > processes so the qmanager just bounces the mail as undeliverable. I have > tried it on my system here and proved it. If you specify a local address > or alias as the forward address it works fine (No aliasing required so > the qmgr just delivers it), if you specify a virtual domain address it > gets bounced. The clue is here in the log: > > Mar 8 08:43:53 proxy postfix/error[17012]: 832783132D: > to=, orig_to=, relay=none, delay=6, > status=bounced (user unknown in virtual alias table) > > Notice the orig_to line is unknown. That should have the original to > address in it and the to= should be the aliased address (i.e. where it > is being delivered to). > >> >> Thanks for your help Drew! > > > No problems > > Drew > > -- > In line with our policy, this message has > been scanned for viruses and dangerous > content by MailScanner, and is believed to be clean. > www.themarshalls.co.uk/policy > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Fri Mar 11 07:46:45 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:28:57 2006 Subject: MailScanner setting score ALL_TRUSTED 0???!!!! - Question for Jeff Earickson Message-ID: >-----Original Message----- >From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Jeff A. Earickson >Sent: 11 March 2005 03:30 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: MailScanner setting score ALL_TRUSTED 0???!!!! > >My final configuration, after getting the advice of others on this >list, and staring into my O'Reilly book on Spamassassin, was to >edit the spam.assassin.prefs.conf file, get rid of the >"score ALL_TRUSTED" line, and add in trusted_networks lines for >my trusted machines. In my case: > >trusted_networks 127.0.0.1/32 >trusted_networks 137.146.210.56/32 > >Basically, I only trust my own mail server (the machine that >MailScanner and SA 3.0.2 is running on). While we have a class-B >network, I don't trust any other machine on our network, and no >other machine in the network is a (valid) mail server anyway. > >Jeff Earickson >Colby College Jeff Are all the hosts on your Class-B network required to relay outgoing SMTP taffic via your mail gateway? Quentin ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Mar 11 09:11:34 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:57 2006 Subject: Rules Du Jour and local domains Message-ID: Jim not seen anything about your first question so ..... rule_du_jour (and my_rule_du_jour wrapper and a similar one at www.fsl.com/support) is merely a mechanism for automatically updating third party SA rules. It will have no affect on your scanning IF the rules you define in it have not affect! What I do is not SA scan anything from my internal network, only virus scan. But I get very very few FP's on the inbound scans in my environment and I run lots of third party rules (mainly from www.rulesemporium.com) most of which are updated by my_rules_du_jour. NB if you run the bogus-virus-warnings.cf ('other' section of the rules page) you'll need to turn off certain rules where the author has MailScanner processed email in there due to past default configs with virus/spam bounces (doesn't help alot of people install MS and leave it for years without updates). score VIRUS_WARNING15 0 score VIRUS_WARNING28 0 score VIRUS_WARNING33 0 score VIRUS_WARNING62 0 score VIRUS_WARNING66 0 score VIRUS_WARNING226 0 score VIRUS_WARNING250 0 score VIRUS_WARNING300 0 score VIRUS_WARNING326 0 score VIRUS_WARNING339 0 score VIRUS_WARNING340 0 -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Jim Coates wrote: > What are the thoughts of using Rules Du Jour in a business environment? > > Are the rules included pretty safe for an environment where you expect a > certain amount of business correspondence? > > I've recently upgraded my SA installation (which helped a great deal!) and > am looking to keep rules up to date. > > Also, is there a good tutorial for setting MailScanner to not scan emails > sent from the local domain users? > > I have it set to not scan @ourdomain.com, but with that in place spoofed > email addresses aren't scanned either. > > I also tried it via the local IP, but then it doesn't scan emails grabbed by > Fetchmail. > > Thanks for being patient with me.. I'm new to the list and trying to get our > install working properly. > > Thanks, > Jim Coates > Laridian, Inc. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Fri Mar 11 09:25:34 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:57 2006 Subject: User unknown in virtual alias table Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Drew Marshall > Sent: den 10 mars 2005 23:13 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: User unknown in virtual alias table > > > Rodney Green wrote: > > >> What is mail2? Is that an alias for mail4? (i.e. they are the same > >> machine) > > > > > > mail2 is an alias for mail4.. they both point to the same machine. > > > >> > >> Which way would you like to go, virtual or local? > >> > > > > I think virtual for no other reason then I have used it for > a long time > > now and have scripts that use it. > > I've had a longer look at this now and I think you have found a little > bug for Julian to add to his work stack :-( > > Julian > > How are you forwarding the spam to Postfix? It looks like you just > dumping the output into the out going queue? If so it is not being > cleaned up and aliases resolved by either the pickup or > trivial-rewrite > processes so the qmanager just bounces the mail as > undeliverable. I have Ah, but of course... See, my question was stupid after all... One should always keep the "graph of interconnectedness within postfix" squarely at the front of ones mind, now shouldn't one:-). But how to solve this in an as nonintrusive way as possible? Go to decoding and "sendmail ad@re.ss"? I might be a bit dense today ((too:-) mainly due to a shortage of hours -> shortage of sleep), but I don't see many options that make sense. -- Glenn > tried it on my system here and proved it. If you specify a > local address > or alias as the forward address it works fine (No aliasing required so > the qmgr just delivers it), if you specify a virtual domain address it > gets bounced. The clue is here in the log: > > Mar 8 08:43:53 proxy postfix/error[17012]: 832783132D: > to=, orig_to=, > relay=none, delay=6, > status=bounced (user unknown in virtual alias table) > > Notice the orig_to line is unknown. That should have the original to > address in it and the to= should be the aliased address (i.e. where it > is being delivered to). > > > > > Thanks for your help Drew! > > No problems > > Drew > > -- > In line with our policy, this message has > been scanned for viruses and dangerous > content by MailScanner, and is believed to be clean. > www.themarshalls.co.uk/policy > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From David.While at UCE.AC.UK Fri Mar 11 09:39:30 2005 From: David.While at UCE.AC.UK (David While) Date: Thu Jan 12 21:28:58 2006 Subject: IDS options? Message-ID: Vispan can do this - it can be configured to block at the iptables level for a configurable time. See http://www.while.homeunix.net/mailstats/ -------------------------------------------- David While BSc CEng MBCS CITP Department of Computing & Information University of Central England Tel: 0121 331 6211 -------------------------------------------- -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Matt Kettler Sent: 10 March 2005 21:35 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: IDS options? At 04:23 PM 3/10/2005, Matt Kettler wrote: >You might even be able to do something >useful with the limit module for IPTables, but you might need to get a bit >fancy with it as it's not obvious how to do this with limit. Additional info: The newest versions of IPTables (>1.2.8) support the connlimit module, which does this on a per-rule basis. However, it's not in the mainline kernel yet, only in the patch-o-matic at netfilter.org. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Fri Mar 11 09:48:53 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:58 2006 Subject: Problem releasing a message Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Steve Freegard > Sent: den 11 mars 2005 00:46 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Problem releasing a message > > > Glenn/Isi, > > Spotted a typo: > > $mail_param = array("localhost" => QUARANTINE_MAIL_HOST); > > should be > > $mail_param = array('host' => QUARANTINE_MAIL_HOST); > > Try that - it should work now... Nope, that'll not work. Just tested on my box. One might want to set them both perhaps, but you definitely need change 'localhost' in the array... This is copied from the pear/Mail/smtp.php file distributed with 0.5.1: --------------------- /** * Constructor. * * Instantiates a new Mail_smtp:: object based on the parameters * passed in. It looks for the following parameters: * host The server to connect to. Defaults to localhost. * port The port to connect to. Defaults to 25. * auth SMTP authentication. Defaults to none. * username The username to use for SMTP auth. No default. * password The password to use for SMTP auth. No default. * localhost The local hostname / domain. Defaults to localhost. * * If a parameter is present in the $params array, it replaces the * default. --------------------- Hm, this means that the setting is a bit of a misnomer. Bummer. Ok, why not do it like: $mail_param = array('host' => QUARANTINE_MAIL_HOST, 'localhost' => QUARANTINE_MAIL_HELO); And of course in conf.php: // Quarantine settings define(QUARANTINE_MAIL_HOST, "mail.ap1.se"); define(QUARANTINE_MAIL_HELO, "apmx.ap1.se"); define(QUARANTINE_FROM_ADDR, 'postmaster@mail.ap1.se'); (Those are actual working tested settings on a system similarily setup as Isis). -- Glenn > > Cheers, > Steve. > > On Thu, 2005-03-10 at 16:55 +0100, Steen, Glenn wrote: > > > -----Original Message----- > > > From: MailScanner mailing list > > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Isi Lawson > > > Sent: den 10 mars 2005 16:30 > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > Subject: Re: Problem releasing a message > > > > > > > > > Glenn, > > > > > > I applied the patch to detail.php: > > > > > > // Fix by Glenn Steen, to set an arbitrary smtp host > > > $mail_param = array("localhost" => QUARANTINE_MAIL_HOST); > > > $body = $mime->get(); > > > $hdrs = $mime->headers($hdrs); > > > $mail =& Mail::factory("smtp",$mail_param); > > > > > > and made the conf.php changes: > > > > > > // Quarantine settings > > > define(QUARANTINE_MAIL_HOST, "smtp server FQDM"); > > > > > > - i tried a number of things here > > > - localhost, short name, full name > > Hm, methinks you might have forgotten to reload or restart > > httpd efter making the changes. > > Set it to the FQDN and restart apache. > > > > -- Glenn > > > > > > and i am still getting this error: > > > > > > Mar 10 10:26:17 abaddon postfix/smtpd[20462]: connect from > > > localhost.localdomain[127.0.0.1] > > > Mar 10 10:26:17 abaddon postfix/smtpd[20462]: NOQUEUE: > > > reject: RCPT from > > > localhost.localdomain[127.0.0.1]: 504 : Helo > > > command rejected: > > > need fully-qualified hostname; from= > > > to= proto=ESMTP helo= > > > Mar 10 10:26:17 abaddon postfix/smtpd[20462]: lost connection > > > after RCPT > > > from localhost.localdomain[127.0.0.1] > > > Mar 10 10:26:17 abaddon postfix/smtpd[20462]: disconnect from > > > localhost.localdomain[127.0.0.1] > > > > > > Any thoughs? > > > > > > Isi > > > > > > >> In this case you are rejecting "non-FQDN HELOs/EHLOs", > > > which is IMO a > > > >> good thing. You do this at MTA(postfix) level. Fine. > > > >> > > > >> Making the changes to MailWatch so that you can specify > > > >> define(QUARANTINE_MAIL_HOST, 'abaddon.'); > > > >> in conf.php will cure your problem (think it's in cvs > and will be > > > >> in the (hopefully) imminent 0.6 release... Or look for > messages by > > > >> me around Feb 07 on the MW list... Really minor change, so > > > you might > > > >> as well do it "by hand"). > > > >> > > > > > > ------------------------ MailScanner list ------------------------ > > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > > 'leave mailscanner' in the body of the email. > > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From t.d.lee at DURHAM.AC.UK Fri Mar 11 10:35:05 2005 From: t.d.lee at DURHAM.AC.UK (David Lee) Date: Thu Jan 12 21:28:58 2006 Subject: Mail-ClamAV-0.17 out Message-ID: On Thu, 10 Mar 2005, Devon Harding wrote: > I get this error: > > Manifying blib/man3/Mail::ClamAV.3pm > /usr/bin/make -- OK > Running make test > PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" > "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t > t/Mail-ClamAV....NOK 1# Failed test (t/Mail-ClamAV.t at line 9) > # Tried to use 'Mail::ClamAV'. > # Error: Had problems bootstrapping Inline module 'Mail::ClamAV' > # > # Can't load '/root/.cpan/build/Mail-ClamAV-0.17/blib/arch/auto/Mail/ClamAV/ClamAV.so' > for module Mail::ClamAV: /usr/lib/libz.so.1: symbol __fprintf_chk, > version GLIBC_2.3.4 not defined in file libc.so.6 with link time > reference at /usr/lib/perl5/5.8.3/i386-linux-thread-multi/DynaLoader.pm > line 229. > # at /usr/lib/perl5/site_perl/5.8.3/Inline.pm line 500 > [...] This looks like some interaction in your environment, rather than a fault within Mail::ClamAV . That "Can't load ... [...]/blib/arch/auto/Mail/ClamAV/ClamAV.so" is the fundamental thing for you to address. And there is a good chance that the subsequent errors should magically disappear after that. cd to the working directory: /root/.cpan/build/Mail-ClamAV-0.17 . See what dynamic libraries are required, which of them successfully resolve and which fail to resolve. Do: ldd ./blib/arch/auto/Mail/ClamAV/ClamAV.so whose output ought to be several lines of the form: libc.so.1 => /path/to/somewhere/libc.so.1 libclamav.so.1 => /path/to/elsewhere/libclamav.so.1 My guess is that that at least one of these "/path/..." things will give some sort of "not found" message. The rest is up to you, for your machine in your environment. But the strategy is to find the location of the "libXYZ.[...]" that "ldd" had failed to find, then to tickle things to make it work. This might involve editing the "config.pl" (warning! it gets recreated afresh after each "perl Makefile.PL"). Or it might mean adjusting your "/etc/ld.so.conf.d/" directory (care! mistakes here could harm your system). (I've had to dabble myself in this area. In my case, the "ldd" failure highlighted "libclamav.so.1, because our environment has it in an unusual location. In your case, it is probably a different library whose perhaps unusual location underlies the problem. Might you have two versions of a library in different locations? Does your C compiler build with one version, but your system "/etc/ld.so.conf.d/" refer to different run-time locations?) Hope that helps. -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : University of Durham : : http://www.dur.ac.uk/t.d.lee/ South Road : : Durham : : Phone: +44 191 334 2752 U.K. : ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bagt at TVS2NET.CH Fri Mar 11 10:40:48 2005 From: bagt at TVS2NET.CH (Bagt) Date: Thu Jan 12 21:28:58 2006 Subject: Sender Notices Message-ID: Hi, I will notice Mailscanner's administrator for blocked messages, not for the virus but for only unaccetable attachment and for others infections. It's possible to write a file's rules like this for "Send Notices" in MailScanner.conf : Virus: default no Filename : default yes Dangerous Content : yes Have you an another solution ? Can you add a configuration option in futur release to separate notices ? Thanks for your response. Cleo ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bagt at TVS2NET.CH Fri Mar 11 10:39:37 2005 From: bagt at TVS2NET.CH (Bagt) Date: Thu Jan 12 21:28:58 2006 Subject: Sender Notices Message-ID: Hi, I will notice Mailscanner's administrator for blocked messages, not for the virus but for only unaccetable attachment and for others infections. It's possible to write a file's rules like this for "Send Notices" in MailScanner.conf : Virus: default no Filename : default yes Dangerous Content : yes Have you an another solution ? Can you add a configuration option in futur release to separate notices ? Thanks for your response. Bagt ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Fri Mar 11 11:11:59 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:28:58 2006 Subject: MailScanner: Beta 4.36.1 released Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rick Cooper wrote: >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >>Behalf Of Julian Field >>Sent: Thursday, November 18, 2004 10:22 AM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: MailScanner: Beta 4.36.1 released >> >>- Added check for Password-Protected Archives setting when using >>clamavmodule. > > > I was looking at the clamavmodule changes that check for a simple value for > the Password-Protected archives, and I have a suggestion (since it there is > no reasonable way to use a rule set here) > > How about adding something like: > > if(MailScanner::Config::IsSimpleValue('allowpasszips')){ > my $AllowPasswd = MailScanner::Config::Value('allowpasszips'); > }else{ > my $AllowPasswd = 1; > } > > At the top of the ClamAVModule sub then change: > > if (MailScanner::Config::Value('allowpasszips')) { # || $haverar) { > > To > > if ($AllowPasswd) { # || $haverar) { > > This way if someone is using a rule file the action would change to allow so > no one loses an attachment. I think warning them in the log and defaulting > to "no", or taking away the ability to use rules is not a good solution. The > UnpackZip sub respects the rule sets and it's not fair to take away the > ability to use a rule set there just to ensure password protected RARs are > caught for all. > > Or just remove the CL_SCAN_BLOCKENCRYPTED flag all together. The only reason > I made the suggestion was because MS doesn't include the UnpackRar sub, > which would catch the password protected RARs, respect the rules sets and > report the file as password protected (rather than as an infected file). I > thought adding the CL_SCAN_BLOCKENCRYPTED would allow other MS systems to at > least catch protected RARs, even though the internal file name processing > wouldn't take place. > > Doesn't matter to me either way since my patched Message.pm includes > UnpackRar, and SweepVirues.pm includes the $haverar checks, so I never use > the CL_SCAN_BLOCKENCRYPTED flag anyway. > > Rick > First apologies for bringing up an old thread, but I noticed this today on my test server after adding a rule for "Allow Password-Protected Archives". MailScanner[24121]: "Allow Password-Protected Archives" should be set to just yes or no when using clamavmodule virus scanner Now that there is external unrar support for clamavmodule, can a ruleset be allowed again instead of yes/no? my setup ======== MailScanner: 4.40.2-1 unrar: 3.2.3-2.4 clam: 0.83-1 Mail::ClamAV: 0.17 - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Fri Mar 11 11:18:43 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:58 2006 Subject: Problem releasing a message Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Isi Lawson > Sent: den 11 mars 2005 05:25 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Problem releasing a message > > > here are all the gory details: > > hostname: > [root@abaddon htdocs]# hostname > abaddon.purecomputing.net > > /etc/hosts (related bits) > [root@abaddon htdocs]# more /etc/hosts > 127.0.0.1 localhost.localdomain localhost > 82.165.244.31 abaddon.purecomputing.net purecomputing.net abaddon > 82.165.225.168 smtp01.purecomputing.net Not that it'd matter (I think, tad tired today:) but I do have it like: 127.0.0.1 apmx.ap1.se apmx localhost.localdomain localhost > > detail.php - don't think i missed anything and i updated the > 'host' from > 'localhost' as suggested in another mail See my reply to Steve. That will not work for you. > > // Fix by Glenn Steen, to set an arbitrary smtp host > $mail_param = array('host' => QUARANTINE_MAIL_HOST); > $body = $mime->get(); > $hdrs = $mime->headers($hdrs); > $mail =& Mail::factory("smtp",$mail_param); > > conf.php - quarantine setings > > // Quarantine settings > define(QUARANTINE_MAIL_HOST, "localhost.localdomain"); > define(QUARANTINE_FROM_ADDR, 'postmaster'); > define(QUARANTINE_SUBJECT, 'Message released from quarantine'); > define(QUARANTINE_MSG_BODY, 'Please find the original message that was > quarantined attached to this mail. Regards,Postmaster'); Why don't you qualify the postmaster address? With that you'd rely on whatever postfix will add as $myorigin ... Which seems to be "localhost" for some reason.... That cannot be right. Do: postconf | egrep "^my" ... and check what you have myhostname, mydomain and myorigin set to. Basically, localhost.localdomain would be enough to fool postfixs reject_non_fqdn_hostname ... You could try removing that restriction from main.cf, and do a postfix reload ... Then it should just work. Downside is that you lose the feature... At least temporarily while figuring out what the blazes is going on:-). -- Glenn > > I have changed the mail_host above to be a number of different things: > smtp01.purecomputing.net, localhost.localdomain, > abaddon.purecomputing.net, abaddon, localhost -> all with no > luck. What > i do see though in the maillog is that the connect from > updates properly > - basically every where in snip below that has localhost.localdomain > changes to be whatever i set the above to be. The one thing that does > not change are the two items that use only in the > second log > entry. > > Interesting bit in the logs > Mar 10 23:06:13 abaddon postfix/smtpd[6676]: connect from > localhost.localdomain[127.0.0.1] > > Mar 10 23:06:13 abaddon postfix/smtpd[6676]: NOQUEUE: reject: > RCPT from > localhost.localdomain[127.0.0.1]: 504 : Helo command > rejected: need fully-qualified hostname; from= > to= proto=ESMTP helo= > > Mar 10 23:06:13 abaddon postfix/smtpd[6676]: lost connection > after RCPT > from localhost.localdomain[127.0.0.1] > Mar 10 23:06:13 abaddon postfix/smtpd[6676]: disconnect from > localhost.localdomain[127.0.0.1] > > I confirmed that i am not blocking the traffic via the host > firewall as > well. (pretty obvious since a connection is getting started > but checked > anyway) :>) > > Any thing else that might aid in troubleshooting please let me know. > > -- Isi > > Steen, Glenn wrote: > > >Grmbl. That should work. > > > >Scott is likely right Isi. > >What do you have in /etc/hosts? > >What is the machines perceived hostname? > >What gave you set all the QUARANTINE_* things to in conf.php? > >Are you sure you've got no typos in the little fix? > >(Yeah, that last bit is fumbling after sraws....:-). > > > >-- Glenn > > > > > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Fri Mar 11 11:45:33 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:58 2006 Subject: Problem releasing a message Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Steen, Glenn > Sent: den 11 mars 2005 12:19 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Problem releasing a message > > > > -----Original Message----- > > From: MailScanner mailing list > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Isi Lawson > > Sent: den 11 mars 2005 05:25 > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: Problem releasing a message > > > > > > here are all the gory details: > > > > hostname: > > [root@abaddon htdocs]# hostname > > abaddon.purecomputing.net > > > > /etc/hosts (related bits) > > [root@abaddon htdocs]# more /etc/hosts > > 127.0.0.1 localhost.localdomain localhost > > 82.165.244.31 abaddon.purecomputing.net purecomputing.net abaddon > > 82.165.225.168 smtp01.purecomputing.net > Not that it'd matter (I think, tad tired today:) but I do > have it like: > 127.0.0.1 apmx.ap1.se apmx localhost.localdomain localhost > > > > > detail.php - don't think i missed anything and i updated the > > 'host' from > > 'localhost' as suggested in another mail > See my reply to Steve. That will not work for you. > > > > > // Fix by Glenn Steen, to set an arbitrary smtp host > > $mail_param = array('host' => QUARANTINE_MAIL_HOST); > > $body = $mime->get(); > > $hdrs = $mime->headers($hdrs); > > $mail =& Mail::factory("smtp",$mail_param); > > > > conf.php - quarantine setings > > > > // Quarantine settings > > define(QUARANTINE_MAIL_HOST, "localhost.localdomain"); > > define(QUARANTINE_FROM_ADDR, 'postmaster'); > > define(QUARANTINE_SUBJECT, 'Message released from quarantine'); > > define(QUARANTINE_MSG_BODY, 'Please find the original > message that was > > quarantined attached to this mail. Regards,Postmaster'); > Why don't you qualify the postmaster address? With that you'd rely on > whatever postfix will add as $myorigin ... Which seems to be > "localhost" > for some reason.... That cannot be right. Ah, looking at pear/Mail.php one can see that this is actually a kludge in prepareHeaders, to "qualify" local addresses. Set it to define(QUARANTINE_FROM_ADDR, 'postmaster@localhost.localdomain'); or somesuch, to prevent that. > Do: > postconf | egrep "^my" > ... and check what you have myhostname, mydomain and myorigin set to. Probably don't need see these. -- Glenn > Basically, localhost.localdomain would be enough to fool postfixs > reject_non_fqdn_hostname ... You could try removing that restriction > from main.cf, and do a > postfix reload > ... Then it should just work. Downside is that you lose the feature... > At least temporarily while figuring out what the blazes is > going on:-). > > -- Glenn > > > > > I have changed the mail_host above to be a number of > different things: > > smtp01.purecomputing.net, localhost.localdomain, > > abaddon.purecomputing.net, abaddon, localhost -> all with no > > luck. What > > i do see though in the maillog is that the connect from > > updates properly > > - basically every where in snip below that has localhost.localdomain > > changes to be whatever i set the above to be. The one > thing that does > > not change are the two items that use only in the > > second log > > entry. > > > > Interesting bit in the logs > > Mar 10 23:06:13 abaddon postfix/smtpd[6676]: connect from > > localhost.localdomain[127.0.0.1] > > > > Mar 10 23:06:13 abaddon postfix/smtpd[6676]: NOQUEUE: reject: > > RCPT from > > localhost.localdomain[127.0.0.1]: 504 : Helo command > > rejected: need fully-qualified hostname; from= > > to= proto=ESMTP helo= > > > > Mar 10 23:06:13 abaddon postfix/smtpd[6676]: lost connection > > after RCPT > > from localhost.localdomain[127.0.0.1] > > Mar 10 23:06:13 abaddon postfix/smtpd[6676]: disconnect from > > localhost.localdomain[127.0.0.1] > > > > I confirmed that i am not blocking the traffic via the host > > firewall as > > well. (pretty obvious since a connection is getting started > > but checked > > anyway) :>) > > > > Any thing else that might aid in troubleshooting please let me know. > > > > -- Isi > > > > Steen, Glenn wrote: > > > > >Grmbl. That should work. > > > > > >Scott is likely right Isi. > > >What do you have in /etc/hosts? > > >What is the machines perceived hostname? > > >What gave you set all the QUARANTINE_* things to in conf.php? > > >Are you sure you've got no typos in the little fix? > > >(Yeah, that last bit is fumbling after sraws....:-). > > > > > >-- Glenn > > > > > > > > > > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Fri Mar 11 12:26:15 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:28:58 2006 Subject: MailScanner setting score ALL_TRUSTED 0???!!!! - Question for Jeff Earickson Message-ID: On Fri, 11 Mar 2005, Quentin Campbell wrote: > Date: Fri, 11 Mar 2005 07:46:45 -0000 > From: Quentin Campbell > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: MailScanner setting score ALL_TRUSTED 0???!!!! - Question for > Jeff Earickson > >> -----Original Message----- >> From: MailScanner mailing list >> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Jeff A. Earickson >> Sent: 11 March 2005 03:30 >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: MailScanner setting score ALL_TRUSTED 0???!!!! >> >> My final configuration, after getting the advice of others on this >> list, and staring into my O'Reilly book on Spamassassin, was to >> edit the spam.assassin.prefs.conf file, get rid of the >> "score ALL_TRUSTED" line, and add in trusted_networks lines for >> my trusted machines. In my case: >> >> trusted_networks 127.0.0.1/32 >> trusted_networks 137.146.210.56/32 >> >> Basically, I only trust my own mail server (the machine that >> MailScanner and SA 3.0.2 is running on). While we have a class-B >> network, I don't trust any other machine on our network, and no >> other machine in the network is a (valid) mail server anyway. >> >> Jeff Earickson >> Colby College > > Jeff > > Are all the hosts on your Class-B network required to relay outgoing > SMTP taffic via your mail gateway? > > Quentin The MX record for everything in our class-B lists 137.146.210.56, so in theory yes. However spambots have a mind of their own. Jeff ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From waldner at WALDNER.PRIV.AT Fri Mar 11 12:27:01 2005 From: waldner at WALDNER.PRIV.AT (Robert Waldner) Date: Thu Jan 12 21:28:58 2006 Subject: Problem with MailScanner, postfix and corrupt mails Message-ID: On Thu, 10 Mar 2005 15:24:52 +0100, Robert Waldner writes: >>>>Please try the attached patches for Postfix.pm and PFDiskStore.pm. >>>>I *may* have found the problem. >>>Should we revert the change you suggested on the 7th before applying >>>these patches? >>No, keep that patch in place, it may help. >Thanks, Julian! Patches are applied, will report back on Monday with > how the boxen are behaving. Nope, that didn't fix the problem. Fresh bunch of mails in postfix/ corrupt. Same "pattern" as before :( cheers, &rw -- -- Congress has banned such (copying) technology at the expense of public -- of access to such technology for lawful purposes. In the case of guns, -- Congress has not imposed a ban precisely because it was concerned about -- preserving access to firearms for lawful purposes. - About the DMCA ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/PGP-SIGNATURE 196bytes. ] [ Unable to print this part. ] From jmartin at GSI-KC.COM Fri Mar 11 12:32:52 2005 From: jmartin at GSI-KC.COM (Martin, Jeremy) Date: Thu Jan 12 21:28:58 2006 Subject: blocking mail for unknown users for certain domains only Message-ID: Hi fellow MailScannians, My goal: To reject mail at the MTA level (sendmail) if it is being sent to an unknown recipient (belonging to certain domains only), based on a list of known ‘good’ email addresses for those certain domains. Sort of like using sendmail’s blacklist_recipients to blacklist entire domains, yet having some sort of whitelist_recipients so we can let mail for known users override the blacklist. Background / details: We are using sendmail / MailScanner / MailWatch as a dedicated anti-virus/spam gateway mail server. I have made a little “prefs.php” addon for MailWatch, originally to let our users set up their own whitelists and blacklists on a per-user / per-domain / global basis. I also set up a daily quarantine email report and users can specify if they do or don’t want to receive their daily quarantine report through our addon to MailWatch. My prefs.php is storing their preferences in a MySQL database, and I have some perl scripts that grab the data from the database and output it into text files MailScanner can read. After letting that run for a few days, we can quickly build up a list of valid email accounts for a domain based on who is receiving mail, and it’s easy to see most of the typo’d and invalid email addresses spammers are sending mail to since they receive such little mail (and 100% spam) compared to the legitimate addresses. I set up a daily “domain admin” quarantine email report that shows a summary of all email for a certain domain in the past 24 hours, and made an easy one-click way people can set up a new account with a random password if they want to add a bunch of MailWatch accounts for valid users quickly. So I would like to give people an option on a per-domain basis of whether or not to make Sendmail reject mail destined for their domain unless its being sent to a known account. We do not want to apply this to every domain since this will require the ‘domain admins’ to set up any new email accounts they add in my prefs.php for MailWatch before the server will accept mail for that new account, which some might see as an inconvenience. Similar to how I am dumping the settings from the database into text files for MailScanner to read, I figure with the right Sendmail settings I could add any domains that want this feature to the blacklist_recipients file to reject all mail for their domain completely, and dump all of the known user accounts into the “whitelist_recipients” file if there is such a thing that can override blacklist_recipients. I have read in the M/FAQ about the Exchange LDAP lookahead stuff but that is overkill I think. Thanks for reading this and extra thanks to anyone who can point me in the right direction. :-) Best wishes Jeremy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From john at OMEGADATA.NO Fri Mar 11 12:45:11 2005 From: john at OMEGADATA.NO (John Berntsen) Date: Thu Jan 12 21:28:58 2006 Subject: blocking mail for unknown users for certain domains only Message-ID: @page Section1 {size: 8.5in 11.0in; margin: 1.0in 1.25in 1.0in 1.25in; } P.MsoNormal { FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman" } LI.MsoNormal { FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman" } DIV.MsoNormal { FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman" } A:link { COLOR: blue; TEXT-DECORATION: underline } SPAN.MsoHyperlink { COLOR: blue; TEXT-DECORATION: underline } A:visited { COLOR: purple; TEXT-DECORATION: underline } SPAN.MsoHyperlinkFollowed { COLOR: purple; TEXT-DECORATION: underline } SPAN.EmailStyle17 { COLOR: windowtext; FONT-FAMILY: Arial; mso-style-type: personal-compose } DIV.Section1 { page: Section1 } That prefs.php - is it something you could share with the rest of us? Med vennlig hilsen / Regards John Berntsen ________________________________________________________________________________ From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin, Jeremy Sent: 11. mars 2005 13:33 To: MAILSCANNER@JISCMAIL.AC.UK Subject: blocking mail for unknown users for certain domains only Hi fellow MailScannians, My goal: To reject mail at the MTA level (sendmail) if it is being sent to an unknown recipient (belonging to certain domains only), based on a list of known ‘good’ email addresses for those certain domains. Sort of like using sendmail’s blacklist_recipients to blacklist entire domains, yet having some sort of whitelist_recipients so we can let mail for known users override the blacklist. Background / details: We are using sendmail / MailScanner / MailWatch as a dedicated anti-virus/spam gateway mail server. I have made a little “prefs.php” addon for MailWatch, originally to let our users set up their own whitelists and blacklists on a per-user / per-domain / global basis. I also set up a daily quarantine email report and users can specify if they do or don’t want to receive their daily quarantine report through our addon to MailWatch. My prefs.php is storing their preferences in a MySQL database, and I have some perl scripts that grab the data from the database and output it into text files MailScanner can read. After letting that run for a few days, we can quickly build up a list of valid email accounts for a domain based on who is receiving mail, and it’s easy to see most of the typo’d and invalid email addresses spammers are sending mail to since they receive such little mail (and 100% spam) compared to the legitimate addresses. I set up a daily “domain admin” quarantine email report that shows a summary of all email for a certain domain in the past 24 hours, and made an easy one-click way people can set up a new account with a random password if they want to add a bunch of MailWatch accounts for valid users quickly. So I would like to give people an option on a per-domain basis of whether or not to make Sendmail reject mail destined for their domain unless its being sent to a known account. We do not want to apply this to every domain since this will require the ‘domain admins’ to set up any new email accounts they add in my prefs.php for MailWatch before the server will accept mail for that new account, which some might see as an inconvenience. Similar to how I am dumping the settings from the database into text files for MailScanner to read, I figure with the right Sendmail settings I could add any domains that want this feature to the blacklist_recipients file to reject all mail for their domain completely, and dump all of the known user accounts into the “whitelist_recipients” file if there is such a thing that can override blacklist_recipients. I have read in the M/FAQ about the Exchange LDAP lookahead stuff but that is overkill I think. Thanks for reading this and extra thanks to anyone who can point me in the right direction. :-) Best wishes Jeremy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From stef at L5NET.NET Fri Mar 11 12:46:54 2005 From: stef at L5NET.NET (Stef Morrell) Date: Thu Jan 12 21:28:58 2006 Subject: Problem with MailScanner, postfix and corrupt mails Message-ID: > Nope, that didn't fix the problem. Fresh bunch of mails in > postfix/ corrupt. Same "pattern" as before :( In contrast, I've not had a new one since moving the $Tf->flush(); line. Maybe I just got lucky... Stef ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lars+lister.mailscanner at ADVENTURAS.NO Fri Mar 11 14:06:10 2005 From: lars+lister.mailscanner at ADVENTURAS.NO (Lars Kristiansen) Date: Thu Jan 12 21:28:58 2006 Subject: blocking mail for unknown users for certain domains only Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > Hi fellow MailScannians, > > > > My goal: > > > > To reject mail at the MTA level (sendmail) if it is being sent to an > unknown recipient (belonging to certain domains only), based on a list > of known 'good' email addresses for those certain domains. Sort of like > using sendmail's blacklist_recipients to blacklist entire domains, yet > having some sort of whitelist_recipients so we can let mail for known > users override the blacklist. > In sendmail, virtusertable can be your friend: But remember to put in the required adresses postmaster and abuse in each domain. example: abuse@example.com abuseaccount+submailbox hostmaster@example.com hostmasteraccount+submailbox postmaster@example.com postmasteraccount+submailbox @example.com error:nouser 550 User unknown catchall example: @example2.com example2account+%1%3 You will find documentation on sendmail.org and in your distribution. Have not tried the following myself yet but I guess you can have a file for each domain that is editable from web, do syntaxcheck and cat them into makemap in a cron-job if any of them are more recent than the db. Tell us how you solve this and how it works! -- Hilsen Lars > > > Background / details: > > > > We are using sendmail / MailScanner / MailWatch as a dedicated > anti-virus/spam gateway mail server. I have made a little "prefs.php" > addon for MailWatch, originally to let our users set up their own > whitelists and blacklists on a per-user / per-domain / global basis. I > also set up a daily quarantine email report and users can specify if > they do or don't want to receive their daily quarantine report through > our addon to MailWatch. My prefs.php is storing their preferences in a > MySQL database, and I have some perl scripts that grab the data from the > database and output it into text files MailScanner can read. > > > > After letting that run for a few days, we can quickly build up a list of > valid email accounts for a domain based on who is receiving mail, and > it's easy to see most of the typo'd and invalid email addresses spammers > are sending mail to since they receive such little mail (and 100% spam) > compared to the legitimate addresses. I set up a daily "domain admin" > quarantine email report that shows a summary of all email for a certain > domain in the past 24 hours, and made an easy one-click way people can > set up a new account with a random password if they want to add a bunch > of MailWatch accounts for valid users quickly. > > > > So I would like to give people an option on a per-domain basis of > whether or not to make Sendmail reject mail destined for their domain > unless its being sent to a known account. We do not want to apply this > to every domain since this will require the 'domain admins' to set up > any new email accounts they add in my prefs.php for MailWatch before the > server will accept mail for that new account, which some might see as an > inconvenience. > > > > Similar to how I am dumping the settings from the database into text > files for MailScanner to read, I figure with the right Sendmail settings > I could add any domains that want this feature to the > blacklist_recipients file to reject all mail for their domain > completely, and dump all of the known user accounts into the > "whitelist_recipients" file if there is such a thing that can override > blacklist_recipients. > > > > I have read in the M/FAQ about the Exchange LDAP lookahead stuff but > that is overkill I think. > > > > Thanks for reading this and extra thanks to anyone who can point me in > the right direction. :-) > > > > Best wishes > > Jeremy > > > > > > > > > > > > > > > > > > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From samp at ARIAL-CONCEPT.COM Fri Mar 11 14:17:22 2005 From: samp at ARIAL-CONCEPT.COM (Sam Przyswa) Date: Thu Jan 12 21:28:58 2006 Subject: No recipient notification Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, Due to a lot of viruses attacks some customers ask me to suppress the recipient notification but I don't see this feature in MailScanner.conf ? Is it possible to only notify the administrator ? Sam. -- Sam Przyswa - Chef de projet Arial Concept - Intégrateur Internet 36, rue de Turin - 75008 - Paris - France Tel: 01 40 54 86 04 - Fax: 01 40 54 83 01 Web: http://www.arial-concept.com - Email: Info@arial-concept.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Fri Mar 11 14:21:09 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:58 2006 Subject: rules update Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Please take it easy on my. Yes when it comes to Linux I am still a nube. I just downloaded rule my_rules_du_jour and rules_du_jour. I updated my_rules_ru_jour to update the location of spamassassin (/etc/mail/spamassassin). When I run the my_rules_du_jour I get an error ***WARNING***: spamassassin --lint failed. Any help would be great. This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Fri Mar 11 14:23:38 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:28:58 2006 Subject: No recipient notification Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Use: Still Deliver Silent Viruses = no to keep recipients from getting notifications, and use Send Notices = yes to notify the postmaster/admin. Jeff Earickson Colby College On Fri, 11 Mar 2005, Sam Przyswa wrote: > Date: Fri, 11 Mar 2005 14:17:22 +0000 > From: Sam Przyswa > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: No recipient notification > > Hi, > > Due to a lot of viruses attacks some customers ask me to suppress the > recipient notification but I don't see this feature in MailScanner.conf ? > > Is it possible to only notify the administrator ? > > Sam. > > -- > Sam Przyswa - Chef de projet > Arial Concept - Intégrateur Internet > 36, rue de Turin - 75008 - Paris - France > Tel: 01 40 54 86 04 - Fax: 01 40 54 83 01 > Web: http://www.arial-concept.com - Email: Info@arial-concept.com > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Mar 11 14:28:29 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:58 2006 Subject: rules update Message-ID: David run it by hand and it will give you move info about what rule files it has downloaded and also what is failing on the --lint. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 David Curtis wrote: > Please take it easy on my. Yes when it comes to Linux I am still a nube. > > I just downloaded rule my_rules_du_jour and rules_du_jour. I updated > my_rules_ru_jour to update the location of spamassassin > (/etc/mail/spamassassin). When I run the my_rules_du_jour I get an error > ***WARNING***: spamassassin --lint failed. > > Any help would be great. > > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From samp at ARIAL-CONCEPT.COM Fri Mar 11 14:46:41 2005 From: samp at ARIAL-CONCEPT.COM (Sam Przyswa) Date: Thu Jan 12 21:28:58 2006 Subject: No recipient notification Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jeff A. Earickson (jaearick@COLBY.EDU) écrivait: > > Use: > > Still Deliver Silent Viruses = no > > to keep recipients from getting notifications, and use > > Send Notices = yes > > to notify the postmaster/admin. > Thanks a lot ! Sam. -- Sam Przyswa - Chef de projet Arial Concept - Intégrateur Internet 36, rue de Turin - 75008 - Paris - France Tel: 01 40 54 86 04 - Fax: 01 40 54 83 01 Web: http://www.arial-concept.com - Email: Info@arial-concept.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From isi at DAGGERSDEN.NET Fri Mar 11 14:40:46 2005 From: isi at DAGGERSDEN.NET (Isi Lawson) Date: Thu Jan 12 21:28:58 2006 Subject: Problem releasing a message Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Problem has been fixed. Thanks for all your help. Here are the details (inline) detail.php >> > // Fix by Glenn Steen, to set an arbitrary smtp host >> > $mail_param = array('host' => QUARANTINE_MAIL_HOST); >> > $body = $mime->get(); >> > $hdrs = $mime->headers($hdrs); >> > $mail =& Mail::factory("smtp",$mail_param); I changed the host back to 'localhost' conf.php - quarantine setings >> > >> > // Quarantine settings >> > define(QUARANTINE_MAIL_HOST, "localhost.localdomain"); >> > define(QUARANTINE_FROM_ADDR, 'postmaster'); > Ah, looking at pear/Mail.php one can see that this is actually a kludge > in prepareHeaders, to "qualify" local addresses. Set it to > define(QUARANTINE_FROM_ADDR, 'postmaster@localhost.localdomain'); > or somesuch, to prevent that. I qualified the QUARANTINE_FROM_ADDR 'postmaster@purecomputing.net' It seems that it works just fine now. I tested releasing and training combinations just to make sure but didn't get any hiccups. Thanks Glenn and Steve (and everyone else) for your help. (either one of you have a wish list) -- Isi ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Fri Mar 11 14:43:28 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:28:58 2006 Subject: How to quarantine only Phishing stuff from Clam? Message-ID: On Thu, 10 Mar 2005, Julian Field wrote: > Date: Thu, 10 Mar 2005 18:20:17 +0000 > From: Julian Field > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: How to quarantine only Phishing stuff from Clam? > > Jeff A. Earickson wrote: > >> Julian, >> >> My daily report of who is sending viruses from our own domain has >> been showing Phishing stuff caught by ClamAV, coming from my own >> webmail server. >> >> A sample of what gets emailed to me via "Notices to", and then boiled >> down by a perl script: >> >> j29LMw3X004268: 137.146.210.58 (username) >> ClamAV Module: msg-21083-102.txt was infected: HTML.Phishing.Bank-111 >> >> I want to investigate, ie quarantine the offending messages. But I >> don't want to quarantine tons of crap. I have >> >> Quarantine Infections = yes >> Quarantine Silent Viruses = no >> >> and I want to set up a ruleset specifying silent viruses. Would this >> be right? >> >> %localrules-dir% = /etc/MailScanner/rules >> Silent Viruses = %localrules-dir%/silent-viruses.rules >> >> where the silent-viruses.rules looks like: >> >> Virus: All-Viruses yes >> Virus: HTML-IFrame yes >> Virus: Phishing.Bank no > > "yes" and "no" are not valid values for the "Silent Viruses" option. If > you want to separate out the Phishing.Bank mail from the All-Viruses > mail then just set > > Silent Viruses = All-Viruses HTML-IFrame > Non-Forging Viruses = Phishing.Bank > > The non-forging list effectively cancels out the Silent Viruses list for > any matching viruses. I added Phishing to non-forging viruses, and had the side effect that people got phishing emails tagged by Clam with subject lines like: Subject: {Spam?} {Virus?} Washington Mutual... So I have removed Phishing from non-forging viruses, and decided to quarantine all viruses and non-high spam until I figure my issue out. Yuck. This will boost my disk load. I suppose this raises the issue (again) of anti-spam vs anti-virus first in the processing sequence. Sure would be a nice feature if you could choose. Jeff Earickson Colby College ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Fri Mar 11 15:10:54 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:58 2006 Subject: rules update Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] This is the error I get when I run it by hand: ***WARNING***: spamassassin --lint failed. Rolling configuration files back, not restarting SpamAssassin. Rollback command is: mv -f /etc/mail/spamassassin/tripwire.cf /etc/mail/spamassassin/RulesDuJour/99_FVGT_Tripwire.cf.2; rm -f /etc/mail/spamassassin/tripwire.cf; mv -f /etc/mail/spamassassin/evilnumbers.cf /etc/mail/spamassassin/RulesDuJour/evilnumbers.cf.2; rm -f /etc/mail/spamassassin/evilnumbers.cf; mv -f /etc/mail/spamassassin/70_sare_random.cf /etc/mail/spamassassin/RulesDuJour/70_sare_random.cf.2; rm -f /etc/mail/spamassassin/70_sare_random.cf; Lint output: config: SpamAssassin failed to parse line, skipping: 404 Not Found

404 Not Found

Resource /rdj/barbaz.404.cf not found on this server config: SpamAssassin failed to parse line, skipping: 404 Not Found

404 Not Found

Resource /rdj/foobar.404.cf not found on this server lint: 2 issues detected. please rerun with debug enabled for more information. Thanks. >>> martinh@SOLID-STATE-LOGIC.COM 03/11 9:28 AM >>> David run it by hand and it will give you move info about what rule files it has downloaded and also what is failing on the --lint. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 David Curtis wrote: > Please take it easy on my. Yes when it comes to Linux I am still a nube. > > I just downloaded rule my_rules_du_jour and rules_du_jour. I updated > my_rules_ru_jour to update the location of spamassassin > (/etc/mail/spamassassin). When I run the my_rules_du_jour I get an error > ***WARNING***: spamassassin --lint failed. > > Any help would be great. > > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Fri Mar 11 15:26:41 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:28:58 2006 Subject: quarantine notify in CreatePostmasterNotice? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian, Would it be possible to modify CreatePostmasterNotice in Message.pm to add a note about whether or not a message was quarantined, eg: Sender: personalbanking@erms-02.wamu.com IP Address: 200.30.141.86 Recipient: xxx@colby.edu Subject: Washington Mutual eCare® Customer Service.Security measures. MessageID: j2B50MI1013489 Quarantine: /var/spool/MailScanner/quarantine/20050311/j2B50MI1013489 Report: ClamAV Module: msg-14263-3.html was infected: HTML.Phishing.Bank-78 If the virus isn't quarantined, just leave the line out, or say "no" instead of the path. Thanks. Jeff Earickson Colby College ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Fri Mar 11 15:38:04 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:58 2006 Subject: Problem releasing a message Message-ID: Great that it works... Strange that it didn't before though. I'll have to do a plunge into the innards of Mail::factory again:-). No wishlist (apart from the standard wish... 25-28 hour days, eternal life, peace and prosperity...:-). Steve might have one. -- Glenn > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Isi Lawson > Sent: den 11 mars 2005 15:41 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Problem releasing a message > > > Problem has been fixed. Thanks for all your help. Here are > the details > (inline) > > detail.php > >> > // Fix by Glenn Steen, to set an arbitrary smtp host > >> > $mail_param = array('host' => QUARANTINE_MAIL_HOST); > >> > $body = $mime->get(); > >> > $hdrs = $mime->headers($hdrs); > >> > $mail =& Mail::factory("smtp",$mail_param); > > I changed the host back to 'localhost' > > conf.php - quarantine setings > >> > > >> > // Quarantine settings > >> > define(QUARANTINE_MAIL_HOST, "localhost.localdomain"); > >> > define(QUARANTINE_FROM_ADDR, 'postmaster'); > > > Ah, looking at pear/Mail.php one can see that this is > actually a kludge > > in prepareHeaders, to "qualify" local addresses. Set it to > > define(QUARANTINE_FROM_ADDR, 'postmaster@localhost.localdomain'); > > or somesuch, to prevent that. > > I qualified the QUARANTINE_FROM_ADDR 'postmaster@purecomputing.net' > > It seems that it works just fine now. I tested releasing and training > combinations just to make sure but didn't get any hiccups. > > Thanks Glenn and Steve (and everyone else) for your help. > (either one of > you have a wish list) > > -- Isi > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jmartin at GSI-KC.COM Fri Mar 11 15:43:12 2005 From: jmartin at GSI-KC.COM (Martin, Jeremy) Date: Thu Jan 12 21:28:58 2006 Subject: blocking mail for unknown users for certain domains only Message-ID: > That prefs.php - is it something you could share with the rest of us? I have to double check with my boss but I'm pretty sure I can - I'll send it to the MailWatch list asap if I get an OK. :-) Thanks Rick and Lars, time to do some experiments! Cheers Jeremy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Mar 11 15:49:00 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:58 2006 Subject: rules update Message-ID: David looking at the errors it put the html error message into the file, rather than detecting the download error. What WGET program have you got defined in my_rules_du_jour (defined around line 66 in my case). Mine is WGET="wget -N" This should report an error if the URL isn't valid, rathe than just dump the 404 error page to the file. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 David Curtis wrote: > This is the error I get when I run it by hand: > ***WARNING***: spamassassin --lint failed. > Rolling configuration files back, not restarting SpamAssassin. > Rollback command is: mv -f /etc/mail/spamassassin/tripwire.cf > /etc/mail/spamassassin/RulesDuJour/99_FVGT_Tripwire.cf.2; rm -f > /etc/mail/spamassassin/tripwire.cf; mv -f > /etc/mail/spamassassin/evilnumbers.cf > /etc/mail/spamassassin/RulesDuJour/evilnumbers.cf.2; rm -f > /etc/mail/spamassassin/evilnumbers.cf; mv -f > /etc/mail/spamassassin/70_sare_random.cf > /etc/mail/spamassassin/RulesDuJour/70_sare_random.cf.2; rm -f > /etc/mail/spamassassin/70_sare_random.cf; > > Lint output: config: SpamAssassin failed to parse line, skipping: > 404 Not Found

404 Not > Found

Resource /rdj/barbaz.404.cf not found on this server > config: SpamAssassin failed to parse line, skipping: > 404 Not Found

404 Not > Found

Resource /rdj/foobar.404.cf not found on this server > lint: 2 issues detected. please rerun with debug enabled for more > information. > Thanks. > > >>> martinh@SOLID-STATE-LOGIC.COM 03/11 9:28 AM >>> > David > > run it by hand and it will give you move info about what rule files it > has downloaded and also what is failing on the --lint. > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > David Curtis wrote: > > Please take it easy on my. Yes when it comes to Linux I am still a nube. > > > > I just downloaded rule my_rules_du_jour and rules_du_jour. I updated > > my_rules_ru_jour to update the location of spamassassin > > (/etc/mail/spamassassin). When I run the my_rules_du_jour I get an error > > ***WARNING***: spamassassin --lint failed. > > > > Any help would be great. > > > > > > > > > > > > > > > > This email may contain information protected under the Family > > Educational Rights and Privacy Act (FERPA) or the Health Insurance > > Portability and Accountability Act (HIPAA). If this email contains > > confidential and/or privileged health or student information and you > > are not entitled to access such information under FERPA or HIPAA, > > federal regulations require that you destroy this email without > > reviewing it and you may not forward it to anyone. > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > *Support MailScanner development - buy the book off the website!* > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Fri Mar 11 15:54:07 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:58 2006 Subject: Razor Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Roger Jochem > Sent: den 10 mars 2005 19:00 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Razor > > > I'm running MailScanner, Spamassassin, Razor2, Pyzor, DCC, > mailscanner-mrtg, > Mailwatch for MailScanner, about 10.000 messages / day, in an > Pentium IV 2,8 > Ghz machine, 512 Mb mem. Average ram usage is 440 Mb, and CPU > ocupation is > around 24%. I've got pretty much the same ... no mailscanner-mrtg, a decidedly weaker CPU (pIII 1GHz), and a lot less messages (c:a 2000-2300/day)... but otherwise the same. Similar perfstats too. Since the network load they add is minor, you're probably not going to notice them on a not too shabbily connected system, I'd really recommend using them. To me they make a world of difference. Well, together with everything else, of course;). -- Glenn > > I don't fill much diference in machine use processing the > messages with or > without razor2, dcc and pyzor. It increased a little the > network traffic, > but not much. > > ----- Original Message ----- > From: "Drew Marshall" > To: > Sent: Thursday, March 10, 2005 2:43 PM > Subject: Re: Razor > > > > > Roger Jochem wrote: > > >> Work fine... I'm using it that way too... > > > > Just out of interest what kind of load does it impose? My > box is some what > > limited in it's capacity but it seems a shame to miss out > on a useful tool > > if it doesn't take too much (Or indeed if DCC is better/ > more economic) > > > > Drew > > > > -- > > In line with our policy, this message has > > been scanned for viruses and dangerous > > content by MailScanner, and is believed to be clean. > > www.themarshalls.co.uk/policy > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Fri Mar 11 16:28:53 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:58 2006 Subject: rules update Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] That is what I have also. This is the output from the command line: exec: curl -w %{http_code} --compressed -O -R -s -S -z /etc/mail/spamassassin/RulesDuJour/rules_du_jour http://sandgnat.com/rdj/rules_du_jour 2>&1 curl_output: 304 ------ FOOBAR ------ RULESET_NAME=FOOBAR INDEX=1000 CF_URL=http://sandgnat.com/rdj/foobar.404.cf CF_FILE=foobar.cf CF_NAME=Foo's Bar PARSE_NEW_VER_SCRIPT=perl -ne 'print if /^\s*#.*(vers?|version|rev|revision)[:\.\s]*[0-9]/i;' | sort | tail -1 CF_MUNGE_SCRIPT= Old foobar.404.cf already existed in /etc/mail/spamassassin/RulesDuJour... Retrieving file from http://sandgnat.com/rdj/foobar.404.cf... exec: curl -w %{http_code} --compressed -O -R -s -S -z /etc/mail/spamassassin/RulesDuJour/foobar.404.cf http://sandgnat.com/rdj/foobar.404.cf 2>&1 curl_output: 404 Got 404 from Foo's Bar at http://sandgnat.com/rdj/foobar.404.cf ... ------ BARBAZ ------ RULESET_NAME=BARBAZ INDEX=1001 CF_URL=http://sandgnat.com/rdj/barbaz.404.cf CF_FILE=barbaz.cf CF_NAME=Bar's Baz PARSE_NEW_VER_SCRIPT=perl -ne 'print if /^\s*#.*(vers?|version|rev|revision)[:\.\s]*[0-9]/i;' | sort | tail -1 CF_MUNGE_SCRIPT= Old barbaz.404.cf already existed in /etc/mail/spamassassin/RulesDuJour... Retrieving file from http://sandgnat.com/rdj/barbaz.404.cf... exec: curl -w %{http_code} --compressed -O -R -s -S -z /etc/mail/spamassassin/RulesDuJour/barbaz.404.cf http://sandgnat.com/rdj/barbaz.404.cf 2>&1 curl_output: 404 Got 404 from Bar's Baz at http://sandgnat.com/rdj/barbaz.404.cf ... No files updated; No restart required. Rules Du Jour Run Summary:RulesDuJour Run Summary on sbschools.net: The following rules had errors: Foo's Bar not found (404) at http://sandgnat.com/rdj/foobar.404.cf Foo's Bar was not retrieved because of: 404 from http://sandgnat.com/rdj/foobar.404.cf. Additional Info: 404 Bar's Baz not found (404) at http://sandgnat.com/rdj/barbaz.404.cf Bar's Baz was not retrieved because of: 404 from http://sandgnat.com/rdj/barbaz.404.cf. Additional Info: 404 Thanks. >>> martinh@SOLID-STATE-LOGIC.COM 03/11 10:49 AM >>> David looking at the errors it put the html error message into the file, rather than detecting the download error. What WGET program have you got defined in my_rules_du_jour (defined around line 66 in my case). Mine is WGET="wget -N" This should report an error if the URL isn't valid, rathe than just dump the 404 error page to the file. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 David Curtis wrote: > This is the error I get when I run it by hand: > ***WARNING***: spamassassin --lint failed. > Rolling configuration files back, not restarting SpamAssassin. > Rollback command is: mv -f /etc/mail/spamassassin/tripwire.cf > /etc/mail/spamassassin/RulesDuJour/99_FVGT_Tripwire.cf.2; rm -f > /etc/mail/spamassassin/tripwire.cf; mv -f > /etc/mail/spamassassin/evilnumbers.cf > /etc/mail/spamassassin/RulesDuJour/evilnumbers.cf.2; rm -f > /etc/mail/spamassassin/evilnumbers.cf; mv -f > /etc/mail/spamassassin/70_sare_random.cf > /etc/mail/spamassassin/RulesDuJour/70_sare_random.cf.2; rm -f > /etc/mail/spamassassin/70_sare_random.cf; > > Lint output: config: SpamAssassin failed to parse line, skipping: > 404 Not Found

404 Not > Found

Resource /rdj/barbaz.404.cf not found on this server > config: SpamAssassin failed to parse line, skipping: > 404 Not Found

404 Not > Found

Resource /rdj/foobar.404.cf not found on this server > lint: 2 issues detected. please rerun with debug enabled for more > information. > Thanks. > > >>> martinh@SOLID-STATE-LOGIC.COM 03/11 9:28 AM >>> > David > > run it by hand and it will give you move info about what rule files it > has downloaded and also what is failing on the --lint. > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > David Curtis wrote: > > Please take it easy on my. Yes when it comes to Linux I am still a nube. > > > > I just downloaded rule my_rules_du_jour and rules_du_jour. I updated > > my_rules_ru_jour to update the location of spamassassin > > (/etc/mail/spamassassin). When I run the my_rules_du_jour I get an error > > ***WARNING***: spamassassin --lint failed. > > > > Any help would be great. > > > > > > > > > > > > > > > > This email may contain information protected under the Family > > Educational Rights and Privacy Act (FERPA) or the Health Insurance > > Portability and Accountability Act (HIPAA). If this email contains > > confidential and/or privileged health or student information and you > > are not entitled to access such information under FERPA or HIPAA, > > federal regulations require that you destroy this email without > > reviewing it and you may not forward it to anyone. > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > *Support MailScanner development - buy the book off the website!* > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > > > > > > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dean at SAHRA.ARIZONA.EDU Fri Mar 11 16:40:19 2005 From: dean at SAHRA.ARIZONA.EDU (Dean Jones) Date: Thu Jan 12 21:28:58 2006 Subject: Problem with MailScanner, postfix and corrupt mails Message-ID: Stef Morrell wrote: >>Nope, that didn't fix the problem. Fresh bunch of mails in >>postfix/ corrupt. Same "pattern" as before :( > > > In contrast, I've not had a new one since moving the > > $Tf->flush(); > > line. Maybe I just got lucky... > > Stef Hi, I have been following this as well.. After installing the patches and moving the $Tf->flush(); i have had only one corrupt mail so far. It was the daily news headlines from the NY times. on a related note i have been using a script postinject to re-send any corrupt mails to their destination. I stole the script off the net somewhere but here is a link to a copy. http://hwr.arizona.edu/~system/rickjames/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Mar 11 16:49:23 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:58 2006 Subject: Sender Notices Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] What's wrong with the solution you have come up with? Bagt wrote: > Hi, > > I will notice Mailscanner's administrator for blocked messages, not > for the > virus but for only unaccetable attachment and for others infections. > > It's possible to write a file's rules like this for "Send Notices" in > MailScanner.conf : > > Virus: default no > Filename : default yes > Dangerous Content : yes > > Have you an another solution ? > > Can you add a configuration option in futur release to separate notices ? > > Thanks for your response. > > Cleo > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Mar 11 16:50:06 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:58 2006 Subject: MailScanner: Beta 4.36.1 released Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] This has been fixed already, and will be in the April release of MailScanner. Dhawal Doshy wrote: > Rick Cooper wrote: > >>> -----Original Message----- >>> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >>> Behalf Of Julian Field >>> Sent: Thursday, November 18, 2004 10:22 AM >>> To: MAILSCANNER@JISCMAIL.AC.UK >>> Subject: MailScanner: Beta 4.36.1 released >>> >>> - Added check for Password-Protected Archives setting when using >>> clamavmodule. >> >> >> >> I was looking at the clamavmodule changes that check for a simple >> value for >> the Password-Protected archives, and I have a suggestion (since it >> there is >> no reasonable way to use a rule set here) >> >> How about adding something like: >> >> if(MailScanner::Config::IsSimpleValue('allowpasszips')){ >> my $AllowPasswd = >> MailScanner::Config::Value('allowpasszips'); >> }else{ >> my $AllowPasswd = 1; >> } >> >> At the top of the ClamAVModule sub then change: >> >> if (MailScanner::Config::Value('allowpasszips')) { # || $haverar) { >> >> To >> >> if ($AllowPasswd) { # || $haverar) { >> >> This way if someone is using a rule file the action would change to >> allow so >> no one loses an attachment. I think warning them in the log and >> defaulting >> to "no", or taking away the ability to use rules is not a good >> solution. The >> UnpackZip sub respects the rule sets and it's not fair to take away the >> ability to use a rule set there just to ensure password protected >> RARs are >> caught for all. >> >> Or just remove the CL_SCAN_BLOCKENCRYPTED flag all together. The only >> reason >> I made the suggestion was because MS doesn't include the UnpackRar sub, >> which would catch the password protected RARs, respect the rules sets >> and >> report the file as password protected (rather than as an infected >> file). I >> thought adding the CL_SCAN_BLOCKENCRYPTED would allow other MS >> systems to at >> least catch protected RARs, even though the internal file name >> processing >> wouldn't take place. >> >> Doesn't matter to me either way since my patched Message.pm includes >> UnpackRar, and SweepVirues.pm includes the $haverar checks, so I >> never use >> the CL_SCAN_BLOCKENCRYPTED flag anyway. >> >> Rick >> > > First apologies for bringing up an old thread, but I noticed this today > on my test server after adding a rule for "Allow Password-Protected > Archives". > > MailScanner[24121]: "Allow Password-Protected Archives" should be set to > just yes or no when using clamavmodule virus scanner > > Now that there is external unrar support for clamavmodule, can a ruleset > be allowed again instead of yes/no? > > my setup > ======== > MailScanner: 4.40.2-1 > unrar: 3.2.3-2.4 > clam: 0.83-1 > Mail::ClamAV: 0.17 > > - dhawal > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From zen23003 at ZEN.CO.UK Fri Mar 11 19:08:50 2005 From: zen23003 at ZEN.CO.UK (Paul Welsh) Date: Thu Jan 12 21:28:58 2006 Subject: Panda not working Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Steen, Glenn > Sent: 10 March 2005 22:05 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Panda not working > > > Hm well, when I tested a bit more it went as one could expect... > Since I don't actually pay for any panda license, I don't have > a valid login to get the updated sig file... Which means that > Panda was fine finding old bull-droppings like Netsky/Somefool > but missed all of the newer ones. > > ISTR you mentioning that there was some problems using the > latest sigs? Or are those results with the latest sigs? > > I'm sure you already know, but if you want MailScanner to get > the updates for you, you're supposed to edit the > panda-autoupdate script with your login info. > > And you're pretty much right about my relative tiredness:-). > ... Just whish there was a simple way to make it work in > _one_ pavcl call instead of one/file. Pavcl is a dog, > performancewise, and this makes the script so slow it's > actually detectable in the deliveryspeed when comparing MS > with<>without panda... Sigh. And it nettles me that it works > so poorly. > Hi Glen, I have an eval of Panda and have been using the latest /usr/lib/panda/pav.sig file. The signature download works fine; I edited the panda-autoupdate to add my eval username/password. Panda found nothing today either so I'm giving up on it. Thanks again for your help. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From zen23003 at ZEN.CO.UK Fri Mar 11 19:17:17 2005 From: zen23003 at ZEN.CO.UK (Paul Welsh) Date: Thu Jan 12 21:28:58 2006 Subject: F-Prot vs BitDefender vs ClamAV Message-ID: In case anyone's interested I've been comparing the number of viruses found by F-Prot, BitDefender and ClamAV over the last couple of weeks: Mon Feb 28 F-Prot found 118 ClamAV found 137 BitDefender found 118 Tue Mar 1 F-Prot found 176 ClamAV found 216 BitDefender found 183 Wed Mar 2 F-Prot found 202 ClamAV found 240 BitDefender found 205 Thu Mar 3 F-Prot found 234 ClamAV found 238 BitDefender found 234 Fri Mar 4 F-Prot found 195 ClamAV found 202 BitDefender found 202 Sat Mar 5 F-Prot found 94 ClamAV found 106 BitDefender found 96 Sun Mar 6 F-Prot found 87 ClamAV found 97 BitDefender found 88 Mon Mar 7 F-Prot found 126 ClamAV found 133 BitDefender found 126 Tue Mar 8 F-Prot found 86 ClamAV found 102 BitDefender found 87 Wed Mar 9 F-Prot found 47 ClamAV found 54 BitDefender found 47 Thu Mar 10 F-Prot found 52 ClamAV found 107 BitDefender found 53 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Fri Mar 11 19:20:39 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:28:58 2006 Subject: F-Prot vs BitDefender vs ClamAV Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] A lot of clamav catches may be phishing.net detection, that the other antivir don't do. ----- Original Message ----- From: "Paul Welsh" To: Sent: Friday, March 11, 2005 4:17 PM Subject: F-Prot vs BitDefender vs ClamAV > In case anyone's interested I've been comparing the number of viruses found > by F-Prot, BitDefender and ClamAV over the last couple of weeks: > > > Mon Feb 28 > F-Prot found 118 > ClamAV found 137 > BitDefender found 118 > > Tue Mar 1 > F-Prot found 176 > ClamAV found 216 > BitDefender found 183 > > Wed Mar 2 > F-Prot found 202 > ClamAV found 240 > BitDefender found 205 > > Thu Mar 3 > F-Prot found 234 > ClamAV found 238 > BitDefender found 234 > > Fri Mar 4 > F-Prot found 195 > ClamAV found 202 > BitDefender found 202 > > Sat Mar 5 > F-Prot found 94 > ClamAV found 106 > BitDefender found 96 > > Sun Mar 6 > F-Prot found 87 > ClamAV found 97 > BitDefender found 88 > > Mon Mar 7 > F-Prot found 126 > ClamAV found 133 > BitDefender found 126 > > Tue Mar 8 > F-Prot found 86 > ClamAV found 102 > BitDefender found 87 > > Wed Mar 9 > F-Prot found 47 > ClamAV found 54 > BitDefender found 47 > > Thu Mar 10 > F-Prot found 52 > ClamAV found 107 > BitDefender found 53 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From joshua.hirsh at PARTNERSOLUTIONS.CA Fri Mar 11 19:24:18 2005 From: joshua.hirsh at PARTNERSOLUTIONS.CA (Hirsh, Joshua) Date: Thu Jan 12 21:28:58 2006 Subject: F-Prot vs BitDefender vs ClamAV Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] This website: http://www.av-comparatives.org/ has some good details on comparisons of most virus scanners. Regards, -Joshua ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From zen23003 at ZEN.CO.UK Fri Mar 11 19:32:51 2005 From: zen23003 at ZEN.CO.UK (Paul Welsh) Date: Thu Jan 12 21:28:58 2006 Subject: F-Prot vs BitDefender vs ClamAV Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Roger Jochem > Sent: 11 March 2005 19:21 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: F-Prot vs BitDefender vs ClamAV > > > A lot of clamav catches may be phishing.net detection, that the other > antivir don't do. I'm glad you mentioned that. I don't bother putting viruses into quarantine, I just delete them. Presumably the phishing messages meet the same fate? I guess this isn't a problem unless it's a false alarm. MailScanner has given me some false phishing alarms in messages from the likes of travel companies; I wouldn't want these deleted as a matter of course. Do you think it worthwhile using MailScanner's phishing with ClamAV? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Fri Mar 11 19:35:46 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:28:58 2006 Subject: F-Prot vs BitDefender vs ClamAV Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I use it! And I delete it. I imagine they're safe. But there was an previous thread in the mailing list about putting these phishing alarms in quarantine. You coul'd do that for some time to see how efective is the clamav detection... ----- Original Message ----- From: "Paul Welsh" To: Sent: Friday, March 11, 2005 4:32 PM Subject: Re: F-Prot vs BitDefender vs ClamAV > > -----Original Message----- > > From: MailScanner mailing list > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Roger Jochem > > Sent: 11 March 2005 19:21 > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: F-Prot vs BitDefender vs ClamAV > > > > > > A lot of clamav catches may be phishing.net detection, that the other > > antivir don't do. > > I'm glad you mentioned that. I don't bother putting viruses into quarantine, > I just delete them. Presumably the phishing messages meet the same fate? I > guess this isn't a problem unless it's a false alarm. MailScanner has given > me some false phishing alarms in messages from the likes of travel > companies; I wouldn't want these deleted as a matter of course. > > Do you think it worthwhile using MailScanner's phishing with ClamAV? > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From zen23003 at ZEN.CO.UK Fri Mar 11 20:01:52 2005 From: zen23003 at ZEN.CO.UK (Paul Welsh) Date: Thu Jan 12 21:28:59 2006 Subject: Panda not working Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Paul Welsh > Sent: 11 March 2005 19:09 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Panda not working > Just tried the free Panda and called it with the wrapper. It just "hangs". I used this command: /usr/lib/MailScanner/panda-wrapper /usr /tmp The rpm I installed the free ver from was: 3878658 Aug 31 2004 pavcl_linux_i386.rpm The eval was: 2352673 Mar 8 21:32 pavcl_linux_i386.rpm ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Fri Mar 11 22:05:42 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:28:59 2006 Subject: F-Prot vs BitDefender vs ClamAV Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] How did you produce this report? Paul Welsh wrote: > In case anyone's interested I've been comparing the number of viruses found > by F-Prot, BitDefender and ClamAV over the last couple of weeks: > > > Mon Feb 28 > F-Prot found 118 > ClamAV found 137 > BitDefender found 118 > > Tue Mar 1 > F-Prot found 176 > ClamAV found 216 > BitDefender found 183 > > Wed Mar 2 > F-Prot found 202 > ClamAV found 240 > BitDefender found 205 > > Thu Mar 3 > F-Prot found 234 > ClamAV found 238 > BitDefender found 234 > > Fri Mar 4 > F-Prot found 195 > ClamAV found 202 > BitDefender found 202 > > Sat Mar 5 > F-Prot found 94 > ClamAV found 106 > BitDefender found 96 > > Sun Mar 6 > F-Prot found 87 > ClamAV found 97 > BitDefender found 88 > > Mon Mar 7 > F-Prot found 126 > ClamAV found 133 > BitDefender found 126 > > Tue Mar 8 > F-Prot found 86 > ClamAV found 102 > BitDefender found 87 > > Wed Mar 9 > F-Prot found 47 > ClamAV found 54 > BitDefender found 47 > > Thu Mar 10 > F-Prot found 52 > ClamAV found 107 > BitDefender found 53 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From zen23003 at ZEN.CO.UK Fri Mar 11 22:25:49 2005 From: zen23003 at ZEN.CO.UK (Paul Welsh) Date: Thu Jan 12 21:28:59 2006 Subject: F-Prot vs BitDefender vs ClamAV Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Pete Russell > Sent: 11 March 2005 22:06 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: F-Prot vs BitDefender vs ClamAV > > > How did you produce this report? Just a simple script which I ran as a cron job. I had to edit the results slightly and ignored the Panda result: date >> virtest.txt echo F-Prot found >> virtest.txt cat /var/log/maillog |grep "F-Prot found" |grep -c infections >> virtest.txt echo ClamAV found >> virtest.txt cat /var/log/maillog |grep "ClamAV found" |grep -c infections >> virtest.txt echo BitDefender found >> virtest.txt cat /var/log/maillog |grep "Bitdefender found" |grep -c infections >> virtest.txt echo Panda found >> virtest.txt cat /var/log/maillog |grep "Panda found" |grep -c infections >> virtest.txt echo "" >> virtest.txt ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From spamtrap71892316634 at ANIME.NET Fri Mar 11 23:29:09 2005 From: spamtrap71892316634 at ANIME.NET (Dan Hollis) Date: Thu Jan 12 21:28:59 2006 Subject: install failure on clean x86_64 FC3 Message-ID: I tried both 4.39.6 and 4.40.2-1, same results. install.sh says stuff like: "I think your system will build architecture-dependent modules for i386x86_64" Obviously, i386x86_64 is wrong... The installer fails with things like: Missing file /usr/src/redhat/RPMS/i386x86_64/MailScanner-perl-MIME-Base64-3.05-5.i386x86_64.rpm. Missing file /usr/src/redhat/RPMS/i386x86_64/perl-HTML-Parser-3.45-1.i386x86_64.rpm Missing file /usr/src/redhat/RPMS/i386x86_64/perl-Compress-Zlib-1.33-2.i386x86_64.rpm Also, perl-Archive-Zip completely fails to build: BEGIN failed--compilation aborted at /usr/src/redhat/BUILD/Archive-Zip-1.14/blib/lib/Archive/Zip.pm line 24. Compilation failed in require at t/testUpdate.t line 11. BEGIN failed--compilation aborted at t/testUpdate.t line 11. t/testUpdate........dubious Test returned status 2 (wstat 512, 0x200) FAILED--5 test scripts could be run, alas--no output ever seen make: *** [test_dynamic] Error 2 error: Bad exit status from /var/tmp/rpm-tmp.42255 (%build) RPM build errors: Bad exit status from /var/tmp/rpm-tmp.42255 (%build) -Dan ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rzewnickie at RFA.ORG Sat Mar 12 00:31:29 2005 From: rzewnickie at RFA.ORG (Eric Dantan Rzewnicki) Date: Thu Jan 12 21:28:59 2006 Subject: sa-learn hangs Message-ID: I've upgraded to spamassassin 3.0.2. I'm using the fsl spam.assassin.prefs.conf from http://www.fsl.com/support/. As far as I can tell spamassassin is working well with MailScanner 4.39.6. However, trying to run sa-learn to train on spam or ham just hangs. sa-learn --dump magic -p /opt/MailScanner/etc/spam.assassin.prefs.conf works fine and shows that the bayes database is growing as it should through autolearning. However if I run: sa-learn --showdots --mbox --ham -p /opt/MailScanner/etc/spam.assassin.prefs.conf sa-learn just hangs. Same happens for --spam. strace shows it stuck on a read(0, Any ideas? -- Eric Dantan Rzewnicki | Systems Administrator Technical Operations Division | Radio Free Asia 2025 M Street, NW | Washington, DC 20036 | 202-530-4900 CONFIDENTIAL COMMUNICATION This e-mail message is intended only for the use of the addressee and may contain information that is privileged and confidential. Any unauthorized dissemination, distribution, or copying is strictly prohibited. If you receive this transmission in error, please contact network@rfa.org. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Sat Mar 12 08:47:31 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:28:59 2006 Subject: User unknown in virtual alias table Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Morning Julian! Time for your reminder :-) Drew Julian Field wrote: Remind me about this one tomorrow. Drew Marshall wrote: Rodney Green wrote: What is mail2? Is that an alias for mail4? (i.e. they are the same machine) mail2 is an alias for mail4.. they both point to the same machine. Which way would you like to go, virtual or local? I think virtual for no other reason then I have used it for a long time now and have scripts that use it. I've had a longer look at this now and I think you have found a little bug for Julian to add to his work stack :-( Julian How are you forwarding the spam to Postfix? It looks like you just dumping the output into the out going queue? If so it is not being cleaned up and aliases resolved by either the pickup or trivial-rewrite processes so the qmanager just bounces the mail as undeliverable. I have tried it on my system here and proved it. If you specify a local address or alias as the forward address it works fine (No aliasing required so the qmgr just delivers it), if you specify a virtual domain address it gets bounced. The clue is here in the log: Mar 8 08:43:53 proxy postfix/error[17012]: 832783132D: to=, orig_to=, relay=none, delay=6, status=bounced (user unknown in virtual alias table) Notice the orig_to line is unknown. That should have the original to address in it and the to= should be the aliased address (i.e. where it is being delivered to). Thanks for your help Drew! No problems Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From s.kelly at AYRCOLL.AC.UK Sat Mar 12 10:00:56 2005 From: s.kelly at AYRCOLL.AC.UK (skk) Date: Thu Jan 12 21:28:59 2006 Subject: blocking mail for unknown users for certain domains only Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Jeremy, Martin, Jeremy wrote: > Hi fellow MailScannians, > > My goal: > > To reject mail at the MTA level (sendmail) if it is being sent to an > unknown recipient (belonging to certain domains only), based on a list > of known â^À^Øgoodâ^À^Ù email addresses for those certain domains. Sort of > like using sendmailâ^À^Ùs blacklist_recipients to blacklist entire > domains, yet having some sort of whitelist_recipients so we can let mail > for known users override the blacklist. Try the following: in the /etc/mail dir of your mailscanner gateway make/edit a file called relay-domains. Add to it all domains you wish to relay for, in the format: staff.gsi-kc.com sales.gsi-kc.com other.staff.gsi-kc.com etc, etc Make up a text file called access.txt that contains the following type of entries: staff.gsi-kc.com ERROR: "5.1.1 Unknown User" sales.gsi-kc.com ERROR: "5.1.1 Unknown User" other.staff.gsi-kc.com ERROR: "5.1.1 Unknown User" # internal email exchangers i.e your exchange boxen CONNECT:exchangebox1.gsi-kc.com RELAY CONNECT:exchangebox2.gsi-kc.com RELAY # email-addresses you want to recieve mail gaffer@staff.gsi-kc.com OK gaffer@sales.gsi-kc.com OK drone@other.staff.gsi-kc.com OK etc, etc, then do something like makemap hash access < access.txt This system blocks mail for all unknown users, dictionary spammers etc for each domain that I have - currently three, with around 16000 mail accounts total.I do not think it will scale to hundreds of thousands of accounts, but it works well enough here, and is not that difficult to keep up to date. (See other posts on the list for automatc ADS pull-throughs) If my explanation of all this is not making sense, then check out the following: http://www.sendmail.org/m4/anti_spam.html#access_db or if there are any others on the list who can point out what is wrong with this method I would be grateful ..... Hope this helps, Shane Kelly Network Manager Ayr College ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Sat Mar 12 11:34:49 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:59 2006 Subject: Panda not working Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] It needs the -aut -nso options (like MS will call it ... + the -aex). Otherwise it'll hang on user input (and "beep" its little heart out:-) We'll try work more on this next week, eh Paul. -- Glenn -----Original Message----- From: MailScanner mailing list on behalf of Paul Welsh Sent: fr 2005-03-11 21:01 To: MAILSCANNER@JISCMAIL.AC.UK Cc: Subject: Re: Panda not working > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Paul Welsh > Sent: 11 March 2005 19:09 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Panda not working > Just tried the free Panda and called it with the wrapper. It just "hangs". I used this command: /usr/lib/MailScanner/panda-wrapper /usr /tmp The rpm I installed the free ver from was: 3878658 Aug 31 2004 pavcl_linux_i386.rpm The eval was: 2352673 Mar 8 21:32 pavcl_linux_i386.rpm ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Sat Mar 12 12:23:41 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:28:59 2006 Subject: MailScanner: Beta 4.36.1 released Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thank you.. - dhawal Julian Field writes: > This has been fixed already, and will be in the April release of > MailScanner. > > Dhawal Doshy wrote: >> MailScanner[24121]: "Allow Password-Protected Archives" should be set to >> just yes or no when using clamavmodule virus scanner >> >> Now that there is external unrar support for clamavmodule, can a ruleset >> be allowed again instead of yes/no? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ddw at BAS.AC.UK Sat Mar 12 13:11:01 2005 From: ddw at BAS.AC.UK (ddw) Date: Thu Jan 12 21:28:59 2006 Subject: install failure on clean x86_64 FC3 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dan Hollis wrote: >I tried both 4.39.6 and 4.40.2-1, same results. > >install.sh says stuff like: >"I think your system will build architecture-dependent modules for i386x86_64" > >Obviously, i386x86_64 is wrong... > >The installer fails with things like: > >Missing file /usr/src/redhat/RPMS/i386x86_64/MailScanner-perl-MIME-Base64-3.05-5.i386x86_64.rpm. >Missing file /usr/src/redhat/RPMS/i386x86_64/perl-HTML-Parser-3.45-1.i386x86_64.rpm >Missing file /usr/src/redhat/RPMS/i386x86_64/perl-Compress-Zlib-1.33-2.i386x86_64.rpm > >Also, perl-Archive-Zip completely fails to build: > >BEGIN failed--compilation aborted at /usr/src/redhat/BUILD/Archive-Zip-1.14/blib/lib/Archive/Zip.pm line 24. >Compilation failed in require at t/testUpdate.t line 11. >BEGIN failed--compilation aborted at t/testUpdate.t line 11. >t/testUpdate........dubious > Test returned status 2 (wstat 512, 0x200) >FAILED--5 test scripts could be run, alas--no output ever seen >make: *** [test_dynamic] Error 2 >error: Bad exit status from /var/tmp/rpm-tmp.42255 (%build) > >RPM build errors: > Bad exit status from /var/tmp/rpm-tmp.42255 (%build) > >-Dan > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > I've installed MailScanner 4.37.7-1 on a dual processor Opteron system running FC3. I had only one problem and had great performance from it, >100,000 mail messages per day checked and passed on with a load average of around 1. Unfortunately it was only temporary while the existing machine was repaired so I cannot vouch for later versions. The only issue I had was getting sophossavi to install. It would not compile the i386 support as it constantly detected a 64bit Perl and tried to use that. Sophos were little help and it seems likely that they will not have an x86_64 bit version any time soon. I was forced to drop back to using the Sophos binary. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dcurtis at SBSCHOOLS.NET Sat Mar 12 14:03:16 2005 From: dcurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:59 2006 Subject: rulesdujour Message-ID: I am at a lost. I run spamassassin --prefs-file=/etc/MailScanner/spam.assassin.prefs.conf --lint -D to find out were my problem lies and here is the information I just don't how to correct it or where to look to find out why it fails. debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH (0x84eed5c) implements 'parse_config' debug: plugin: Mail::SpamAssassin::Plugin::Hashcash=HASH(0x902a6fc) implements 'parse_config' config: SpamAssassin failed to parse line, skipping: 404 Not Found

404 Not Found

Resource /rdj/barbaz.404.cf not found on this server config: SpamAssassin failed to parse line, skipping: 404 Not Found

404 Not Found

Resource /rdj/foobar.404.cf not found on this server Any advice would be great. Thanks, David Curtis dcurtis@sbschools.net (802) 652-7254 South Burlington School District 550 Dorset Street South Burlington, Vt 05403 This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Mar 12 14:04:57 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:59 2006 Subject: quarantine notify in CreatePostmasterNotice? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Easy. In Message.pm around line 3782, add 1 line of code: my $reportword = MailScanner::Config::LanguageValue($this, "report"); my $id = $this->{id}; my $from = $this->{from}; #my $to = join(', ', @{$this->{to}}); my $subj = $this->{subject}; my $rept = join(" $reportword: ", @everyrept); my $quarantine = join(", ", (grep /\//, @{$this->{archiveplaces}})); # <<<<<< my $ip = $this->{clientip}; #print STDERR "Rept is\n$rept\n"; And then use $quarantine in the notice report, by adding 1 line around line 3810: my $reportspaces = 10 - length($reportword); $reportword = ' ' x $reportspaces . $reportword if $reportspaces>0; $result = "\n" . " Sender: $from\n" . "IP Address: $ip\n" . " Recipient: $to\n" . " Subject: $subj\n" . " MessageID: $id\n" . "Quarantine: $quarantine\n" . # <<<<<<<< "$reportword: $rept\n"; Please let me know if it works okay. My main test server has died, and needs 2Gb of RAM to get it back to life again. So I cannot easily test stuff at the moment. If it works, I will put it in the next release. Jeff A. Earickson wrote: Julian, Would it be possible to modify CreatePostmasterNotice in Message.pm to add a note about whether or not a message was quarantined, eg: Sender: personalbanking@erms-02.wamu.com IP Address: 200.30.141.86 Recipient: xxx@colby.edu Subject: Washington Mutual eCare(R) Customer Service.Security measures. MessageID: j2B50MI1013489 Quarantine: /var/spool/MailScanner/quarantine/20050311/j2B50MI1013489 Report: ClamAV Module: msg-14263-3.html was infected: HTML.Phishing.Bank-78 If the virus isn't quarantined, just leave the line out, or say "no" instead of the path. Thanks. Jeff Earickson Colby College ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Mar 12 14:11:20 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:59 2006 Subject: install failure on clean x86_64 FC3 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] What is the architecture of your copy of Perl (as given in the information that "rpm -qi perl" produces)? That is where I get the architecture name from. `arch` doesn't actually produce the info I need :-( Dan Hollis wrote: >I tried both 4.39.6 and 4.40.2-1, same results. > >install.sh says stuff like: >"I think your system will build architecture-dependent modules for i386x86_64" > >Obviously, i386x86_64 is wrong... > >The installer fails with things like: > >Missing file /usr/src/redhat/RPMS/i386x86_64/MailScanner-perl-MIME-Base64-3.05-5.i386x86_64.rpm. >Missing file /usr/src/redhat/RPMS/i386x86_64/perl-HTML-Parser-3.45-1.i386x86_64.rpm >Missing file /usr/src/redhat/RPMS/i386x86_64/perl-Compress-Zlib-1.33-2.i386x86_64.rpm > >Also, perl-Archive-Zip completely fails to build: > >BEGIN failed--compilation aborted at /usr/src/redhat/BUILD/Archive-Zip-1.14/blib/lib/Archive/Zip.pm line 24. >Compilation failed in require at t/testUpdate.t line 11. >BEGIN failed--compilation aborted at t/testUpdate.t line 11. >t/testUpdate........dubious > Test returned status 2 (wstat 512, 0x200) >FAILED--5 test scripts could be run, alas--no output ever seen >make: *** [test_dynamic] Error 2 >error: Bad exit status from /var/tmp/rpm-tmp.42255 (%build) > >RPM build errors: > Bad exit status from /var/tmp/rpm-tmp.42255 (%build) > >-Dan > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Mar 12 14:17:11 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:59 2006 Subject: rulesdujour Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] It looks to me as if you are trying to wget a URL that doesn't work/exist. It is reading a 404 Not Found error page from the web server instead of the file you asked for. I would check the contents of the rules files that rulesdujour is fetching, one of them will be very short and contain the HTML text given below in the error message you saw. David Curtis wrote: >I am at a lost. I run spamassassin >--prefs-file=/etc/MailScanner/spam.assassin.prefs.conf --lint -D >to find out were my problem lies and here is the information I just >don't how to correct it or where to look to find out why it fails. > >debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH >(0x84eed5c) implements 'parse_config' >debug: plugin: Mail::SpamAssassin::Plugin::Hashcash=HASH(0x902a6fc) >implements 'parse_config' >config: SpamAssassin failed to parse line, skipping: >404 Not Found

404 Not >Found

Resource /rdj/barbaz.404.cf not found on this >server >config: SpamAssassin failed to parse line, skipping: >404 Not Found

404 Not >Found

Resource /rdj/foobar.404.cf not found on this >server > >Any advice would be great. > >Thanks, >David Curtis >dcurtis@sbschools.net >(802) 652-7254 >South Burlington School District >550 Dorset Street >South Burlington, Vt 05403 > > > > > > > >This email may contain information protected under the Family >Educational Rights and Privacy Act (FERPA) or the Health Insurance >Portability and Accountability Act (HIPAA). If this email contains >confidential and/or privileged health or student information and you >are not entitled to access such information under FERPA or HIPAA, >federal regulations require that you destroy this email without >reviewing it and you may not forward it to anyone. > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Mar 12 14:21:10 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:59 2006 Subject: install failure on clean x86_64 FC3 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] The command you actually need is rpm -q --queryformat='%{ARCH}' perl which is what the install.sh script does to work out the architecture. I installed it earlier this week on a dual-Opteron running RHEL AS4 and installed fine, so something odd is happening in FC3 that doesn't in AS4. Julian Field wrote: > What is the architecture of your copy of Perl (as given in the > information that "rpm -qi perl" produces)? > That is where I get the architecture name from. `arch` doesn't actually > produce the info I need :-( > > Dan Hollis wrote: > >> I tried both 4.39.6 and 4.40.2-1, same results. >> >> install.sh says stuff like: >> "I think your system will build architecture-dependent modules for >> i386x86_64" >> >> Obviously, i386x86_64 is wrong... >> >> The installer fails with things like: >> >> Missing file >> /usr/src/redhat/RPMS/i386x86_64/MailScanner-perl-MIME-Base64-3.05-5.i386x86_64.rpm. >> >> Missing file >> /usr/src/redhat/RPMS/i386x86_64/perl-HTML-Parser-3.45-1.i386x86_64.rpm >> Missing file >> /usr/src/redhat/RPMS/i386x86_64/perl-Compress-Zlib-1.33-2.i386x86_64.rpm >> >> Also, perl-Archive-Zip completely fails to build: >> >> BEGIN failed--compilation aborted at >> /usr/src/redhat/BUILD/Archive-Zip-1.14/blib/lib/Archive/Zip.pm line 24. >> Compilation failed in require at t/testUpdate.t line 11. >> BEGIN failed--compilation aborted at t/testUpdate.t line 11. >> t/testUpdate........dubious >> Test returned status 2 (wstat 512, 0x200) >> FAILED--5 test scripts could be run, alas--no output ever seen >> make: *** [test_dynamic] Error 2 >> error: Bad exit status from /var/tmp/rpm-tmp.42255 (%build) >> >> RPM build errors: >> Bad exit status from /var/tmp/rpm-tmp.42255 (%build) >> >> -Dan >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Sat Mar 12 15:08:43 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:28:59 2006 Subject: quarantine notify in CreatePostmasterNotice? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian, I tried this on a slow Saturday morning so it took a while for something to come along. Attached are: * "diff -c" for Message.pm that I modified (version 4.39.6) * What the portion of the postmaster notifiy report looked like (no quarantine info) * What the syslog for the message was. The miscreant *was* quarantined. typo? What happens if it wasn't quarantined? Jeff Earickson On Sat, 12 Mar 2005, Julian Field wrote: > Date: Sat, 12 Mar 2005 14:04:57 +0000 > From: Julian Field > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: quarantine notify in CreatePostmasterNotice? > > Easy. > > In Message.pm around line 3782, add 1 line of code: > > my $reportword = MailScanner::Config::LanguageValue($this, "report"); > my $id = $this->{id}; > my $from = $this->{from}; > #my $to = join(', ', @{$this->{to}}); > my $subj = $this->{subject}; > my $rept = join(" $reportword: ", @everyrept); > my $quarantine = join(", ", (grep /\//, @{$this->{archiveplaces}})); # > <<<<<< > my $ip = $this->{clientip}; > #print STDERR "Rept is\n$rept\n"; > > And then use $quarantine in the notice report, by adding 1 line around line > 3810: > > my $reportspaces = 10 - length($reportword); > $reportword = ' ' x $reportspaces . $reportword if $reportspaces>0; > $result = "\n" . > " Sender: $from\n" . > "IP Address: $ip\n" . > " Recipient: $to\n" . > " Subject: $subj\n" . > " MessageID: $id\n" . > "Quarantine: $quarantine\n" . # <<<<<<<< > "$reportword: $rept\n"; > > Please let me know if it works okay. My main test server has died, and needs > 2Gb of RAM to get it back to life again. So I cannot easily test stuff at the > moment. > > If it works, I will put it in the next release. > > Jeff A. Earickson wrote: > >> Julian, >> >> Would it be possible to modify CreatePostmasterNotice in Message.pm >> to add a note about whether or not a message was quarantined, eg: >> >> Sender: personalbanking@erms-02.wamu.com >> IP Address: 200.30.141.86 >> Recipient: xxx@colby.edu >> Subject: Washington Mutual eCare® Customer Service.Security measures. >> MessageID: j2B50MI1013489 >> Quarantine: /var/spool/MailScanner/quarantine/20050311/j2B50MI1013489 >> Report: ClamAV Module: msg-14263-3.html was infected: >> HTML.Phishing.Bank-78 >> >> If the virus isn't quarantined, just leave the line out, or say "no" >> instead of the path. Thanks. >> >> Jeff Earickson >> Colby College >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "" Text/PLAIN (Name: "Message.pm.diffs") 18 lines. ] [ Unable to print this part. ] [ Part 3, "" Text/PLAIN (Name: "quar.results") 8 lines. ] [ Unable to print this part. ] [ Part 4, "" Text/PLAIN (Name: "syslog.results") 20 lines. ] [ Unable to print this part. ] From MailScanner at ecs.soton.ac.uk Sat Mar 12 15:45:46 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:59 2006 Subject: User unknown in virtual alias table Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I'm not in the mood for battling against Postfix today. Still recovering from last night. Came downstairs to find a partially-eaten pizza and garlic bread, still in their Pizza Hut boxes, in the fridge. I have absolutely no idea how they got there. I can only assume that it is connected with the fact that my credit card was by the front door :-) Drew Marshall wrote: > Morning Julian! > > Time for your reminder :-) > > Drew > > Julian Field wrote: > >> Remind me about this one tomorrow. >> >> >> Drew Marshall wrote: >> >>> Rodney Green wrote: >>> >>>>> What is mail2? Is that an alias for mail4? (i.e. they are the same >>>>> machine) >>>> >>>> >>>> >>>> >>>> mail2 is an alias for mail4.. they both point to the same machine. >>>> >>>>> >>>>> Which way would you like to go, virtual or local? >>>>> >>>> >>>> I think virtual for no other reason then I have used it for a long >>>> time >>>> now and have scripts that use it. >>> >>> >>> >>> I've had a longer look at this now and I think you have found a little >>> bug for Julian to add to his work stack :-( >>> >>> Julian >>> >>> How are you forwarding the spam to Postfix? It looks like you just >>> dumping the output into the out going queue? If so it is not being >>> cleaned up and aliases resolved by either the pickup or trivial-rewrite >>> processes so the qmanager just bounces the mail as undeliverable. I >>> have >>> tried it on my system here and proved it. If you specify a local >>> address >>> or alias as the forward address it works fine (No aliasing required so >>> the qmgr just delivers it), if you specify a virtual domain address it >>> gets bounced. The clue is here in the log: >>> >>> Mar 8 08:43:53 proxy postfix/error[17012]: 832783132D: >>> to=, orig_to=, relay=none, delay=6, >>> status=bounced (user unknown in virtual alias table) >>> >>> Notice the orig_to line is unknown. That should have the original to >>> address in it and the to= should be the aliased address (i.e. where it >>> is being delivered to). >>> >>>> >>>> Thanks for your help Drew! >>> >>> >>> >>> No problems >>> >>> Drew >>> >>> -- >>> In line with our policy, this message has >>> been scanned for viruses and dangerous >>> content by MailScanner, and is believed to be clean. >>> www.themarshalls.co.uk/policy >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> -- >> Julian Field >> www.MailScanner.info >> MailScanner thanks transtec Computers for their support >> Buy the MailScanner book at www.MailScanner.info/store >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > -- > In line with our policy , this > message has been scanned for > viruses and dangerous content by MailScanner > , and is > believed to be clean. ------------------------ MailScanner list > ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Mar 12 16:09:34 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:59 2006 Subject: quarantine notify in CreatePostmasterNotice? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Undo those last changes and apply the attached patches to Message.pm and Quarantine.pm. Jeff A. Earickson wrote: > Julian, > I tried this on a slow Saturday morning so it took a while for > something to come along. Attached are: > > * "diff -c" for Message.pm that I modified (version 4.39.6) > * What the portion of the postmaster notifiy report looked like > (no quarantine info) > * What the syslog for the message was. > > The miscreant *was* quarantined. typo? What happens if it wasn't > quarantined? > > Jeff Earickson > > On Sat, 12 Mar 2005, Julian Field wrote: > >> Date: Sat, 12 Mar 2005 14:04:57 +0000 >> From: Julian Field >> Reply-To: MailScanner mailing list >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: quarantine notify in CreatePostmasterNotice? >> >> Easy. >> >> In Message.pm around line 3782, add 1 line of code: >> >> my $reportword = MailScanner::Config::LanguageValue($this, "report"); >> my $id = $this->{id}; >> my $from = $this->{from}; >> #my $to = join(', ', @{$this->{to}}); >> my $subj = $this->{subject}; >> my $rept = join(" $reportword: ", @everyrept); >> my $quarantine = join(", ", (grep /\//, @{$this->{archiveplaces}})); >> # <<<<<< >> my $ip = $this->{clientip}; >> #print STDERR "Rept is\n$rept\n"; >> >> And then use $quarantine in the notice report, by adding 1 line >> around line 3810: >> >> my $reportspaces = 10 - length($reportword); >> $reportword = ' ' x $reportspaces . $reportword if $reportspaces>0; >> $result = "\n" . >> " Sender: $from\n" . >> "IP Address: $ip\n" . >> " Recipient: $to\n" . >> " Subject: $subj\n" . >> " MessageID: $id\n" . >> "Quarantine: $quarantine\n" . # <<<<<<<< >> "$reportword: $rept\n"; >> >> Please let me know if it works okay. My main test server has died, >> and needs 2Gb of RAM to get it back to life again. So I cannot easily >> test stuff at the moment. >> >> If it works, I will put it in the next release. >> >> Jeff A. Earickson wrote: >> >>> Julian, >>> >>> Would it be possible to modify CreatePostmasterNotice in Message.pm >>> to add a note about whether or not a message was quarantined, eg: >>> >>> Sender: personalbanking@erms-02.wamu.com >>> IP Address: 200.30.141.86 >>> Recipient: xxx@colby.edu >>> Subject: Washington Mutual eCare® Customer Service.Security >>> measures. >>> MessageID: j2B50MI1013489 >>> Quarantine: /var/spool/MailScanner/quarantine/20050311/j2B50MI1013489 >>> Report: ClamAV Module: msg-14263-3.html was infected: >>> HTML.Phishing.Bank-78 >>> >>> If the virus isn't quarantined, just leave the line out, or say "no" >>> instead of the path. Thanks. >>> >>> Jeff Earickson >>> Colby College >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >> >> >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > >------------------------------------------------------------------------ > >*** Message.pm.orig Sat Mar 12 09:34:40 2005 >--- Message.pm Sat Mar 12 09:38:25 2005 >*************** >*** 3494,3499 **** >--- 3494,3500 ---- > #my $to = join(', ', @{$this->{to}}); > my $subj = $this->{subject}; > my $rept = join(" $reportword: ", @everyrept); >+ my $quarantine = join(", ", (grep /\//, @{$this->{archiveplaces}})); > my $ip = $this->{clientip}; > > # Build unique list of recipients. Avoids Postfix problem which has >*************** >*** 3521,3526 **** >--- 3522,3528 ---- > " Recipient: $to\n" . > " Subject: $subj\n" . > " MessageID: $id\n" . >+ "Quarantine: $quarantine\n" . > "$reportword: $rept\n"; > > if (MailScanner::Config::Value('noticefullheaders', $this)) { > > >------------------------------------------------------------------------ > > Sender: sentto-8326429-270-1110639345-xxx=colby.edu@returns.groups.yahoo.com >IP Address: 66.94.237.24 > Recipient: xxx@colby.edu > Subject: [corkpagans] JOIN THE MILLION VOICE CHOIR, 3/13/2005, 3:00 pm > MessageID: j2CEtjKg010584 >Quarantine: > Report: MailScanner: Found dangerous IFrame tag in HTML message > > > > >------------------------------------------------------------------------ > >Mar 12 09:55:53 basalt sendmail[10584]: [ID 801593 mail.info] j2CEtjKg010584: from=, size=9465, class=-60, nrcpts=1, msgid=<1110639343.19.38905.m24@yahoogroups.com>, proto=SMTP, daemon=MTA, relay=n13a.bulk.scd.yahoo.com [66.94.237.24] >Mar 12 09:56:00 basalt <20>MailScanner[8111]: Content Checks: Detected HTML-specific exploits in j2CEtjKg010584 >Mar 12 09:56:00 basalt <22>MailScanner[8111]: Content Checks: Detected and have disarmed HTML message in j2CEtjKg010584 from sentto-8326429-270-1110639345-cjfindei=colby.edu@returns.groups.yahoo.com >Mar 12 09:56:00 basalt <22>MailScanner[8111]: Saved entire message to /var/spool/MailScanner/quarantine/20050312/j2CEtjKg010584 >Mar 12 09:56:00 basalt <22>MailScanner[8111]: Saved infected "msg-8111-15.html" to /var/spool/MailScanner/quarantine/20050312/j2CEtjKg010584 > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2: "Attached Text" ] --- Quarantine.pm.old 2003-11-14 16:35:30.000000000 +0000 +++ Quarantine.pm 2005-03-12 16:05:36.459923482 +0000 @@ -160,6 +160,8 @@ my($qdir, $todaydir, $msgdir, $uid, $gid, $changeowner, @chownlist); + #print STDERR "In StoreInfections\n"; + # Create today's directory if necessary #$todaydir = $this->{dir} . '/' . TodayDir(); $qdir = MailScanner::Config::Value('quarantinedir', $message); @@ -195,6 +197,9 @@ $message->{store}->CopyEntireMessage($message, $msgdir, 'message', $uid, $gid, $changeowner); push @chownlist, "$msgdir/message" if -f "$msgdir/message"; + # Remember where we archived it, so we can put it in postmaster notice + push @{$message->{quarantineplaces}}, $msgdir; + #print STDERR "1 Added $msgdir to quarantine\n"; } # Now just quarantine the infected attachment files. @@ -215,6 +220,9 @@ #system($global::cp . " -p \"$indir/$attachment\" \"$msgdir/$attachment\""); copy("$indir/$attachment", "$msgdir/$attachment"); push @chownlist, "$msgdir/$attachment"; + # Remember where we archived it, so we can put it in postmaster notice + push @{$message->{quarantineplaces}}, $msgdir; + #print STDERR "2 Added $msgdir to quarantine\n"; } } chown $uid, $gid, @chownlist if @chownlist && $changeowner; ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 3: "Attached Text" ] --- Message.pm.old 2005-03-12 15:48:42.351163335 +0000 +++ Message.pm 2005-03-12 15:57:42.161904226 +0000 @@ -81,6 +81,7 @@ # $scanme set by NeedsScanning (from MsgBatch constructor) # $workarea set by new # @archiveplaces set by new (addresses and dirs) +# @quarantineplaces set by Quarantine.pm # $spamwhitelisted set by IsSpam # $spamblacklisted set by IsSpam # $isspam set by IsSpam @@ -171,8 +172,9 @@ #print STDERR "Creating message $id\n"; $this->{id} = $id; - @{$this->{archiveplaces}} = (); # Hope this syntax is right! - @{$this->{spamarchive}} = (); # Hope this syntax is right! + @{$this->{archiveplaces}} = (); + @{$this->{spamarchive}} = (); + @{$this->{quarantineplaces}} = (); # Create somewhere to store the message $this->{store} = new MailScanner::SMDiskStore($id, $queuedirname); @@ -3779,7 +3781,9 @@ #my $to = join(', ', @{$this->{to}}); my $subj = $this->{subject}; my $rept = join(" $reportword: ", @everyrept); - my $quarantine = join(", ", (grep /\//, @{$this->{archiveplaces}})); + my @quarantines = grep /\//, @{$this->{archiveplaces}}; + push @quarantines, grep /\//, @{$this->{quarantineplaces}}; + my $quarantine = join(", ", @quarantines); my $ip = $this->{clientip}; #print STDERR "Rept is\n$rept\n"; ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lars+lister.mailscanner at ADVENTURAS.NO Sat Mar 12 16:37:41 2005 From: lars+lister.mailscanner at ADVENTURAS.NO (Lars Kristiansen) Date: Thu Jan 12 21:28:59 2006 Subject: blocking mail for unknown users for certain domains only Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] --On Saturday, March 12, 2005 10:00:56 AM +0000 skk wrote: > Hi Jeremy, > > Martin, Jeremy wrote: >> Hi fellow MailScannians, >> >> My goal: >> >> To reject mail at the MTA level (sendmail) if it is being sent to an >> unknown recipient (belonging to certain domains only), based on a list >> of known â^À^Øgoodâ^À^Ù email addresses for those certain domains. Sort of >> like using sendmailâ^À^Ùs blacklist_recipients to blacklist entire >> domains, yet having some sort of whitelist_recipients so we can let mail >> for known users override the blacklist. > > Try the following: > in the /etc/mail dir of your mailscanner gateway make/edit a file > called relay-domains. Add to it all domains you wish to relay for, in > the format: > staff.gsi-kc.com > sales.gsi-kc.com > other.staff.gsi-kc.com > > etc, etc > > Make up a text file called access.txt that contains the following > type > of entries: > staff.gsi-kc.com ERROR: "5.1.1 Unknown User" > sales.gsi-kc.com ERROR: "5.1.1 Unknown User" > other.staff.gsi-kc.com ERROR: "5.1.1 Unknown User" > ># internal email exchangers i.e your exchange boxen > > CONNECT:exchangebox1.gsi-kc.com RELAY > CONNECT:exchangebox2.gsi-kc.com RELAY > ># email-addresses you want to recieve mail > > gaffer@staff.gsi-kc.com OK > gaffer@sales.gsi-kc.com OK > drone@other.staff.gsi-kc.com OK > > etc, etc, > > then do something like makemap hash access < access.txt > > This system blocks mail for all unknown users, dictionary spammers etc > for each domain that I have - currently three, with around 16000 mail > accounts total.I do not think it will scale to hundreds of thousands of > accounts, but it works well enough here, and is not that difficult to > keep up to date. (See other posts on the list for automatc ADS > pull-throughs) > > If my explanation of all this is not making sense, then check out the > following: http://www.sendmail.org/m4/anti_spam.html#access_db > > or if there are any others on the list who can point out what is wrong > with this method I would be grateful ..... To my knowledge nothing wrong her, but just a comment if setting this up from scratch anyway. As far as I have read, virtusertable is read early and is the first opportunity to stop false adresses with sendmail. Then the least amount of resources is used at this connection. And yes, how it works at the moment to do this kind of setup. Some quick editing and 60-80% of the traffic was gone here. A digression maybe: I guess it would be an effective thing to do to sort out the ip-adresses of repeatedly rejected relays and block them at the firewall. Maybe even play them a tarpit to keep them occupied. Just for the good of the the community of course. :-))) -- Hilsen Lars > > Hope this helps, > > > Shane Kelly > Network Manager > Ayr College > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dfilchak at SYMPATICO.CA Sat Mar 12 17:46:18 2005 From: dfilchak at SYMPATICO.CA (Dave Filchak) Date: Thu Jan 12 21:28:59 2006 Subject: Bayes Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello all, Today I had a situation where my / partition was full and it turned out to be the bayes directory under /etc/MailScanner being filled up with bayes_lock and bayes_tok files. To resolve this issue, at least temporarily, I moved these files to a new directory on a larger partition and symlinked to it from the original location. So, I have a couple of questions about this: 1. Will there be any significant performance hit doing it this way? 2. In MailScanner.conf, I had it set to rebuild bayes every day. I have files in the bayes directory dating back to the middle of February. What exactly happens when Bayes is rebuilt and should these files be there at all? Isn't this supposed to be compacted etc.? Thanks Dave ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Mar 12 17:51:26 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:59 2006 Subject: Bayes Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dave Filchak wrote: > Hello all, > > Today I had a situation where my / partition was full and it turned out > to be the bayes directory under /etc/MailScanner being filled up with > bayes_lock and bayes_tok files. To resolve this issue, at least > temporarily, I moved these files to a new directory on a larger > partition and symlinked to it from the original location. So, I have a > couple of questions about this: > 1. Will there be any significant performance hit doing it this way? No. > 2. In MailScanner.conf, I had it set to rebuild bayes every day. I > have files in the bayes directory dating back to the middle of February. > What exactly happens when Bayes is rebuilt and should these files be > there at all? Isn't this supposed to be compacted etc.? There is currently a bug in the MailScanner-does-Bayes-rebuilding code where it fails to lock out other child processes while the rebuild is in progress. This leaves rather a mess behind, sorry. I intend to have a good look at this code very shortly (possibly right now, in fact, as you have just reminded me) and should have a fix out soon. In the mean time delete all the old files, just leave the latest ones. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dfilchak at SYMPATICO.CA Sat Mar 12 18:42:25 2005 From: dfilchak at SYMPATICO.CA (Dave Filchak) Date: Thu Jan 12 21:28:59 2006 Subject: Bayes Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Cheers Julian. Dave Julian Field wrote: > Dave Filchak wrote: > >> Hello all, >> >> Today I had a situation where my / partition was full and it turned out >> to be the bayes directory under /etc/MailScanner being filled up with >> bayes_lock and bayes_tok files. To resolve this issue, at least >> temporarily, I moved these files to a new directory on a larger >> partition and symlinked to it from the original location. So, I have a >> couple of questions about this: >> 1. Will there be any significant performance hit doing it this way? > > > No. > >> 2. In MailScanner.conf, I had it set to rebuild bayes every day. I >> have files in the bayes directory dating back to the middle of February. >> What exactly happens when Bayes is rebuilt and should these files be >> there at all? Isn't this supposed to be compacted etc.? > > > There is currently a bug in the MailScanner-does-Bayes-rebuilding code > where it fails to lock out other child processes while the rebuild is in > progress. This leaves rather a mess behind, sorry. I intend to have a > good look at this code very shortly (possibly right now, in fact, as you > have just reminded me) and should have a fix out soon. In the mean time > delete all the old files, just leave the latest ones. > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Sat Mar 12 19:27:06 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:28:59 2006 Subject: User unknown in virtual alias table Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: I'm not in the mood for battling against Postfix today. Still recovering from last night. Came downstairs to find a partially-eaten pizza and garlic bread, still in their Pizza Hut boxes, in the fridge. I have absolutely no idea how they got there. I can only assume that it is connected with the fact that my credit card was by the front door :-) Good man!!! :-) I can quite understand, that is not the sort of head you need to fight the inner workings of Postfix! I'd go find some hair of dog and re-visit when the urge grabs you. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Mar 12 20:22:34 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:59 2006 Subject: Bayes rebuild timeout problems Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have found the source, it's an undesirable "feature" of the file locking semantics. While someone is waiting for an exclusive lock on a file, shared locks are still handed out freely if 1 process already has a shared lock. So while some processes have shared locks, other processes can get shared locks, despite the fact that someone else is waiting for an exclusive lock. So it doesn't show up when you have Max Children = 2, but gets more likely to show up as you increase the number of children beyond 3. I now have a 2nd lock file, signalling that a process is requesting an exclusive lock to rebuild the bayes database. If that 2nd lock file exists, the other processes don't even try to ask for a shared lock, they sit quietly waiting for it to disappear. That way the number of shared locks gradually drops to 0, giving the exclusive lock a chance at success. Once the exclusive lock succeeds, the Bayes rebuild can start. All the other children are now safely locked out while it rebuilds. This will have to be in a new beta, as it isn't a simple change and affects 2 files. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Sat Mar 12 20:53:19 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:28:59 2006 Subject: Bayes rebuild timeout problems Message-ID: Hi Julian, > While someone is waiting for an exclusive lock on a file, shared locks > are still handed out freely if 1 process already has a shared lock. So > while some processes have shared locks, other processes can get shared > locks, despite the fact that someone else is waiting for an exclusive lock. > > So it doesn't show up when you have Max Children = 2, but gets more > likely to show up as you increase the number of children beyond 3. > > I now have a 2nd lock file, signalling that a process is requesting an > exclusive lock to rebuild the bayes database. If that 2nd lock file > exists, the other processes don't even try to ask for a shared lock, > they sit quietly waiting for it to disappear. That way the number of > shared locks gradually drops to 0, giving the exclusive lock a chance at > success. Once the exclusive lock succeeds, the Bayes rebuild can start. > All the other children are now safely locked out while it rebuilds. > > This will have to be in a new beta, as it isn't a simple change and > affects 2 files. If you have something to test let me know. I am running a SA3.1 beta, but that should be all the same. Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Mar 12 21:19:38 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:59 2006 Subject: Released beta 4.40.4 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Folks, I have just released a new beta-test version, 4.40.4. This release is mainly for fixes to the Bayes database rebuilding, and for more Postfix testing. I have replaced my spam.assassin.prefs.conf and now use a very slightly modified version of the one provided by Fortress Systems (thanks Steve!). The change is to maintain compatibility with all previous versions that keep their Bayes files in ~/.spamassassin. Also the RAR archive handling is greatly improved. Download it as usual from www.mailscanner.info. The full Change Log is: * New Features and Improvements * - The "clamavmodule" scanner cannot unpack archives of RAR version 3. 2 new configuration settings allow you to unpack the latest RAR archives for testing by the "clamavmodule" scanner. It also enables the contents of the RAR archive to be checked for illegal filenames and filetypes, and also to see if they are password-protected. Unrar Command = /usr/bin/unrar Unrar Timeout = 50 - "Allow Password-protected Archives" can now be a ruleset when using the clamavmodule virus scanner. - Multiple "Subject:" lines are removed. The 1st one is kept. - If the "Unrar Command" is defined and points to an executable program, it will automatically be used by the "clamav" scanner. No -wrapper tweaking is needed to do this any more. - You can now use shell environment variables such as $HOSTNAME or ${HOSTNAME} in MailScanner.conf and its relatives. - More improvements to the phishing net. - More additions to the starter phishing.safe.sites.conf file. - Removed my spam.assassin.prefs.conf file in favour of the one from www.fsl.com, with just enough changes to produce an identical file layout to my previous versions. - Re-enabled ALL_TRUSTED rule after comments from Matt Kettler. Thanks! - Added long comment about ALL_TRUSTED rule, many thanks to Matt Kettler. - Improved screen behaviour of RPM-based init.d script. - Greatly improved RAR archive handler, thanks to Rick Cooper. * Fixes * - Fixed problem with missing Attachment-Warning when encountering a virus that is both silent and non-forging. - Improved output format of Sender warning, and removed duplicate lines. - In IPBlock facility, changed MTA dsn to 451 to temporarily refuse the connections, rather than the total block it used to do. - Removed erroneous log output from SpamAssassin bayes-rebuilder. - Postfix problem fixes. - Fixed SpamAssassin Bayes database rebuild timeout problem (hopefully!). -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Sat Mar 12 21:27:27 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:59 2006 Subject: User unknown in virtual alias table Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hair of dog, eh Drew.... Is that good against hangovers ....? (I'll be needing *something* tomorrow, or else my choirleader will.... well, let's not go there.... Oh, not to mention the rotations JSBach will be doing in his tomb...:-). ... Would it be entirely unacceptable to "fix" this in documentation... "don't do that" type of thing? -- Glenn -----Original Message----- From: MailScanner mailing list on behalf of Drew Marshall Sent: lö 2005-03-12 20:27 To: MAILSCANNER@JISCMAIL.AC.UK Cc: Subject: Re: User unknown in virtual alias table Julian Field wrote: > I'm not in the mood for battling against Postfix today. Still recovering > from last night. Came downstairs to find a partially-eaten pizza and > garlic bread, still in their Pizza Hut boxes, in the fridge. I have > absolutely no idea how they got there. > I can only assume that it is connected with the fact that my credit card > was by the front door :-) Good man!!! :-) I can quite understand, that is not the sort of head you need to fight the inner workings of Postfix! I'd go find some hair of dog and re-visit when the urge grabs you. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kodak at FRONTIERHOMEMORTGAGE.COM Sat Mar 12 21:31:17 2005 From: kodak at FRONTIERHOMEMORTGAGE.COM (Jason Balicki) Date: Thu Jan 12 21:28:59 2006 Subject: SpamAssassin gumming up the works Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] First, let me apologize. I'm rather sick and I'm running a high fever, so much so that I'm sure I'm probably partially incoherent and not checking obvious stuff. I've been running MailScanner for quite a long time, and when I've run into this issue before it's always been a RBL going dark or something that's causing the problem. In this case, I don't think it is. A little background: yesterday, my boss called me at home (I'm at home sick) and complained that they're getting spam delivered to the users@ email address, which is an alias for all users. The real problem is that the spam wasn't getting tagged as spam. First thing's first, I hadn't upgraded MailScanner or SpamAssassin in a while, so I got the most recent versions and started plugging away. (MailScanner 4.39.6 and Spamassassin 3.0.2 (the tarball says 4.0.2, what's up with that?)) The problem that I've run into is that after the upgrade if I enable Use Spamassassin = yes in my MailScanner.conf then nothing gets delivered. Well, I lie, if I send a few test messages through, those get delivered, but it seems like the first piece of spam (this is speculation) that I get gums up the works, and after that nothing goes through until I set Use SpamAssassin=no. Then things come through, but, of course, there's no spam checks being done. Here's what I see in the logs: Mar 12 15:29:27 mail MailScanner[25723]: Using locktype = flock Mar 12 15:29:27 mail MailScanner[25723]: New Batch: Scanning 2 messages, 5505 bytes Mar 12 15:29:27 mail MailScanner[25723]: MCP Checks completed at 5505 bytes per second Mar 12 15:29:27 mail MailScanner[25723]: Spam Checks: Starting Mar 12 15:29:31 mail MailScanner[25727]: SophosSAVI 3.91 (engine 2.28) recognizing 101433 viruses Mar 12 15:29:31 mail MailScanner[25727]: SophosSAVI using 85 IDE files Mar 12 15:29:31 mail MailScanner[25735]: MailScanner E-Mail Virus Scanner version 4.28.6 starting... Mar 12 15:29:34 mail MailScanner[25725]: Using locktype = flock Mar 12 15:29:34 mail MailScanner[25725]: New Batch: Scanning 2 messages, 5505 bytes Mar 12 15:29:34 mail MailScanner[25725]: MCP Checks completed at 5505 bytes per second Mar 12 15:29:34 mail MailScanner[25725]: Spam Checks: Starting Mar 12 15:29:41 mail MailScanner[25737]: MailScanner E-Mail Virus Scanner version 4.28.6 starting... and after more messages come in: Mar 12 15:36:06 mail MailScanner[25969]: Using locktype = flock Mar 12 15:36:06 mail MailScanner[25969]: New Batch: Scanning 5 messages, 19152 bytes Mar 12 15:36:06 mail MailScanner[25969]: MCP Checks completed at 19152 bytes per second Mar 12 15:36:06 mail MailScanner[25969]: Spam Checks: Starting Mar 12 15:36:08 mail MailScanner[25978]: MailScanner E-Mail Virus Scanner version 4.28.6 starting... And the number just keeps growing until I set Use SpamAssassin=no. As I mentioned, usually this is because of an RBL going dark, but I've set skip_rbl_checks 1 in my spam.assassin.prefs.conf (for testing). So, how can I trace this to find out where it's failing? Have I done something obviously stupid? Is there more information I can give to help someone help me figure this out? Any flu remedy recommendations? Again, sorry if I haven't given enough information, but I'm not thinking clearly at the moment and any and all help is appreciated. Thanks, --J(K) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Sat Mar 12 21:41:21 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:28:59 2006 Subject: SpamAssassin gumming up the works Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Jason Balicki > Sent: Saturday, March 12, 2005 4:31 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: SpamAssassin gumming up the works > > First, let me apologize. I'm rather sick and I'm running a high fever, > so much > so that I'm sure I'm probably partially incoherent and not checking > obvious > stuff. > > I've been running MailScanner for quite a long time, and when I've run > into > this issue before it's always been a RBL going dark or something that's > causing the problem. In this case, I don't think it is. > > A little background: yesterday, my boss called me at home (I'm at home > sick) and complained that they're getting spam delivered to the users@ > email address, which is an alias for all users. The real problem is that > the spam wasn't getting tagged as spam. > > First thing's first, I hadn't upgraded MailScanner or SpamAssassin in > a while, so I got the most recent versions and started plugging away. > (MailScanner 4.39.6 and Spamassassin 3.0.2 (the tarball says > 4.0.2, what's up with that?)) > > The problem that I've run into is that after the upgrade if I enable > Use Spamassassin = yes in my MailScanner.conf then nothing gets > delivered. Well, I lie, if I send a few test messages through, those > get delivered, but it seems like the first piece of spam (this is > speculation) > that I get gums up the works, and after that nothing goes through until > I set Use SpamAssassin=no. Then things come through, but, of > course, there's no spam checks being done. > > Here's what I see in the logs: > Mar 12 15:29:27 mail MailScanner[25723]: Using locktype = flock > Mar 12 15:29:27 mail MailScanner[25723]: New Batch: Scanning 2 messages, > 5505 bytes > Mar 12 15:29:27 mail MailScanner[25723]: MCP Checks completed at 5505 > bytes per second > Mar 12 15:29:27 mail MailScanner[25723]: Spam Checks: Starting > Mar 12 15:29:31 mail MailScanner[25727]: SophosSAVI 3.91 (engine 2.28) > recognizing 101433 viruses > Mar 12 15:29:31 mail MailScanner[25727]: SophosSAVI using 85 IDE files > Mar 12 15:29:31 mail MailScanner[25735]: MailScanner E-Mail Virus > Scanner version 4.28.6 starting... > Mar 12 15:29:34 mail MailScanner[25725]: Using locktype = flock > Mar 12 15:29:34 mail MailScanner[25725]: New Batch: Scanning 2 messages, > 5505 bytes > Mar 12 15:29:34 mail MailScanner[25725]: MCP Checks completed at 5505 > bytes per second > Mar 12 15:29:34 mail MailScanner[25725]: Spam Checks: Starting > Mar 12 15:29:41 mail MailScanner[25737]: MailScanner E-Mail Virus > Scanner version 4.28.6 starting... > > and after more messages come in: > > Mar 12 15:36:06 mail MailScanner[25969]: Using locktype = flock > Mar 12 15:36:06 mail MailScanner[25969]: New Batch: Scanning 5 messages, > 19152 bytes > Mar 12 15:36:06 mail MailScanner[25969]: MCP Checks completed at 19152 > bytes per second > Mar 12 15:36:06 mail MailScanner[25969]: Spam Checks: Starting > Mar 12 15:36:08 mail MailScanner[25978]: MailScanner E-Mail Virus > Scanner version 4.28.6 starting... > Did you install correctly the Log reports your running 4.28.6 ! ! ! 15:29:34 mail MailScanner[25725]: Spam Checks: Starting Mar 12 15:29:41 mail MailScanner[25737]: MailScanner E-Mail Virus Scanner version 4.28.6 starting... I'm pretty sure this version did not support support SpamAssasin 3.02 How did you install MS. What OS and version are you using? > > And the number just keeps growing until I set Use SpamAssassin=no. > > As I mentioned, usually this is because of an RBL going dark, > but I've set skip_rbl_checks 1 in my spam.assassin.prefs.conf > (for testing). > > So, how can I trace this to find out where it's failing? Have > I done something obviously stupid? Is there more information I can > give to help someone help me figure this out? Any flu remedy > recommendations? > > Again, sorry if I haven't given enough information, but I'm > not thinking clearly at the moment and any and all help is > appreciated. > > Thanks, > > --J(K) Steve Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Mar 12 21:44:19 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:59 2006 Subject: SpamAssassin gumming up the works Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] In your MailScanner.conf, set "Debug = yes" and "Debug SpamAssassin = yes" then stop MailScanner then check_MailScanner. Watch the output carefully to see if it pauses for a long time somewhere. Thump ctrl-S when it pauses and see what it's just been trying to do. If it mentions cloudmark.com, then it's Razor and you need to "razor-admin -discover" to get an up to date list of Razor servers. Jason Balicki wrote: > First, let me apologize. I'm rather sick and I'm running a high fever, > so much > so that I'm sure I'm probably partially incoherent and not checking > obvious > stuff. > > I've been running MailScanner for quite a long time, and when I've run > into > this issue before it's always been a RBL going dark or something that's > causing the problem. In this case, I don't think it is. > > A little background: yesterday, my boss called me at home (I'm at home > sick) and complained that they're getting spam delivered to the users@ > email address, which is an alias for all users. The real problem is that > the spam wasn't getting tagged as spam. > > First thing's first, I hadn't upgraded MailScanner or SpamAssassin in > a while, so I got the most recent versions and started plugging away. > (MailScanner 4.39.6 and Spamassassin 3.0.2 (the tarball says > 4.0.2, what's up with that?)) > > The problem that I've run into is that after the upgrade if I enable > Use Spamassassin = yes in my MailScanner.conf then nothing gets > delivered. Well, I lie, if I send a few test messages through, those > get delivered, but it seems like the first piece of spam (this is > speculation) > that I get gums up the works, and after that nothing goes through until > I set Use SpamAssassin=no. Then things come through, but, of > course, there's no spam checks being done. > > Here's what I see in the logs: > Mar 12 15:29:27 mail MailScanner[25723]: Using locktype = flock > Mar 12 15:29:27 mail MailScanner[25723]: New Batch: Scanning 2 messages, > 5505 bytes > Mar 12 15:29:27 mail MailScanner[25723]: MCP Checks completed at 5505 > bytes per second > Mar 12 15:29:27 mail MailScanner[25723]: Spam Checks: Starting > Mar 12 15:29:31 mail MailScanner[25727]: SophosSAVI 3.91 (engine 2.28) > recognizing 101433 viruses > Mar 12 15:29:31 mail MailScanner[25727]: SophosSAVI using 85 IDE files > Mar 12 15:29:31 mail MailScanner[25735]: MailScanner E-Mail Virus > Scanner version 4.28.6 starting... > Mar 12 15:29:34 mail MailScanner[25725]: Using locktype = flock > Mar 12 15:29:34 mail MailScanner[25725]: New Batch: Scanning 2 messages, > 5505 bytes > Mar 12 15:29:34 mail MailScanner[25725]: MCP Checks completed at 5505 > bytes per second > Mar 12 15:29:34 mail MailScanner[25725]: Spam Checks: Starting > Mar 12 15:29:41 mail MailScanner[25737]: MailScanner E-Mail Virus > Scanner version 4.28.6 starting... > > and after more messages come in: > > Mar 12 15:36:06 mail MailScanner[25969]: Using locktype = flock > Mar 12 15:36:06 mail MailScanner[25969]: New Batch: Scanning 5 messages, > 19152 bytes > Mar 12 15:36:06 mail MailScanner[25969]: MCP Checks completed at 19152 > bytes per second > Mar 12 15:36:06 mail MailScanner[25969]: Spam Checks: Starting > Mar 12 15:36:08 mail MailScanner[25978]: MailScanner E-Mail Virus > Scanner version 4.28.6 starting... > > > And the number just keeps growing until I set Use SpamAssassin=no. > > As I mentioned, usually this is because of an RBL going dark, > but I've set skip_rbl_checks 1 in my spam.assassin.prefs.conf > (for testing). > > So, how can I trace this to find out where it's failing? Have > I done something obviously stupid? Is there more information I can > give to help someone help me figure this out? Any flu remedy > recommendations? > > Again, sorry if I haven't given enough information, but I'm > not thinking clearly at the moment and any and all help is > appreciated. > > Thanks, > > --J(K) > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kodak at FRONTIERHOMEMORTGAGE.COM Sat Mar 12 22:01:21 2005 From: kodak at FRONTIERHOMEMORTGAGE.COM (Jason Balicki) Date: Thu Jan 12 21:28:59 2006 Subject: SpamAssassin gumming up the works Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Stephen Swaney wrote: [helpful tips] Julian Field wrote: [more helpful tips] Tattoo "DURRR" on my forehead. I did two things: 1) I install to /opt/MailScanner-version and symlink to /opt/MailScanner when I upgrade. At first I linked to the wrong damn version. Fever. Blame fever. And tab completion. 2) even after I fixed the link, I still didn't actually *stop* MailScanner, I just kept issuing HUP signals, so of course the (very) old version was still running and failing. Again, blaming fever. It appears to be working just fine now, sorry to bug you guys and thanks for the quick responses. I'm going back to bed. Bleh. --J(K) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Sat Mar 12 22:05:55 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:28:59 2006 Subject: User unknown in virtual alias table Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Steen, Glenn wrote: Hair of dog, eh Drew.... Is that good against hangovers ....? (I'll be needing *something* tomorrow, or else my choirleader will.... well, let's not go there.... Oh, not to mention the rotations JSBach will be doing in his tomb...:-). Now I'm not sure if you have picked up on the English colloquialism 'hair of dog' not it's literal phrase. Hair of dog is referred to as the first beer in the bar the following morning (For example) as opposed to the fur of a canine :-) . One will add to your hangover but if taken in sufficient quantity will help you forget it (Although pickle your liver!) the other will make you feel ruff (Sorry couldn't resist :-) ). ... Would it be entirely unacceptable to "fix" this in documentation... "don't do that" type of thing? I don't know how tricky it will be to fix the code TBH (I code like a sysadmin ;-) ). There is no reason why the docs can't read that for Postfix you can't enter virtual aliases. I'm not sure I personally like it as I prefer things to work (TM) but it is a work round. It's a pain that Postfix insists on doing it's virtual alias lookups in the cleanup stage after either pickup (Injected messages) or smtpd (SMTP input) before MailScanner gets to look at it. This document here http://www.postfix.org/ADDRESS_REWRITING_README.html details it rather well. See the table about 1/3rd down the page. That specifies which Postfix component does the address rewriting for aliases. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dcurtis at SBSCHOOLS.NET Sat Mar 12 22:04:28 2005 From: dcurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:28:59 2006 Subject: rulesdujour Message-ID: I found my problem. One time I must have run the script with a bad config. It dumped two cf files in my spamassassin folder that should have been in the rulesdujour folder. Once I deleted them the script worked fine. Thanks. Thanks, David Curtis dcurtis@sbschools.net (802) 652-7254 South Burlington School District 550 Dorset Street South Burlington, Vt 05403 This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Sat Mar 12 22:42:30 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:28:59 2006 Subject: quarantine notify in CreatePostmasterNotice? Message-ID: On Sat, 12 Mar 2005, Julian Field wrote: > Date: Sat, 12 Mar 2005 16:09:34 +0000 > From: Julian Field > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: quarantine notify in CreatePostmasterNotice? > > Undo those last changes and apply the attached patches to Message.pm and > Quarantine.pm. Julian, I got it to work with a little by-hand fiddling. The report output now looks like: Sender: support@northforkbank.com IP Address: 62.231.71.118 Recipient: xxx@colby.edu Subject: NFB - Urgent Security Notification MessageID: j2CMLkOc025394 Quarantine: /var/spool/MailScanner/quarantine/20050312/j2CMLkOc025394, /var/spool/MailScanner/quarantine/20050312/j2CMLkOc025394 Report: ClamAV Module: msg-25962-32.html was infected: HTML.Phishing.Bank-118 In looking at the code, it seems that you grab both an archive location and a quarantine location and join them together. Maybe separate them into two lines, eg Quarantine: [path] Archive: [path] Don't print if archive and/or quarantine not turned on? Otherwise, looks good. Many thanks. Jeff Earickson Colby College ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Sat Mar 12 22:56:38 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:28:59 2006 Subject: SpamAssassin gumming up the works Message-ID: Hi, MS 4.28.6 is pretty out-of-date compared to 4.39.6. If you jumped from SA 2.6x to 3.0.2, be sure to read the UPGRADE file in the SA directory and do the Bayes database changes or things won't work with SA. Maybe turn off Bayes as a stop-gap measure in 3.0.2 and see if things start working. If they do, follow the Bayres db upgrade instructions. Jeff Earickson Colby College On Sat, 12 Mar 2005, Jason Balicki wrote: > Date: Sat, 12 Mar 2005 15:31:17 -0600 > From: Jason Balicki > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: SpamAssassin gumming up the works > > First, let me apologize. I'm rather sick and I'm running a high fever, > so much > so that I'm sure I'm probably partially incoherent and not checking obvious > stuff. > > I've been running MailScanner for quite a long time, and when I've run into > this issue before it's always been a RBL going dark or something that's > causing the problem. In this case, I don't think it is. > > A little background: yesterday, my boss called me at home (I'm at home > sick) and complained that they're getting spam delivered to the users@ > email address, which is an alias for all users. The real problem is that > the spam wasn't getting tagged as spam. > > First thing's first, I hadn't upgraded MailScanner or SpamAssassin in > a while, so I got the most recent versions and started plugging away. > (MailScanner 4.39.6 and Spamassassin 3.0.2 (the tarball says > 4.0.2, what's up with that?)) > > The problem that I've run into is that after the upgrade if I enable > Use Spamassassin = yes in my MailScanner.conf then nothing gets > delivered. Well, I lie, if I send a few test messages through, those > get delivered, but it seems like the first piece of spam (this is > speculation) > that I get gums up the works, and after that nothing goes through until > I set Use SpamAssassin=no. Then things come through, but, of > course, there's no spam checks being done. > > Here's what I see in the logs: > Mar 12 15:29:27 mail MailScanner[25723]: Using locktype = flock > Mar 12 15:29:27 mail MailScanner[25723]: New Batch: Scanning 2 messages, > 5505 bytes > Mar 12 15:29:27 mail MailScanner[25723]: MCP Checks completed at 5505 > bytes per second > Mar 12 15:29:27 mail MailScanner[25723]: Spam Checks: Starting > Mar 12 15:29:31 mail MailScanner[25727]: SophosSAVI 3.91 (engine 2.28) > recognizing 101433 viruses > Mar 12 15:29:31 mail MailScanner[25727]: SophosSAVI using 85 IDE files > Mar 12 15:29:31 mail MailScanner[25735]: MailScanner E-Mail Virus > Scanner version 4.28.6 starting... > Mar 12 15:29:34 mail MailScanner[25725]: Using locktype = flock > Mar 12 15:29:34 mail MailScanner[25725]: New Batch: Scanning 2 messages, > 5505 bytes > Mar 12 15:29:34 mail MailScanner[25725]: MCP Checks completed at 5505 > bytes per second > Mar 12 15:29:34 mail MailScanner[25725]: Spam Checks: Starting > Mar 12 15:29:41 mail MailScanner[25737]: MailScanner E-Mail Virus > Scanner version 4.28.6 starting... > > and after more messages come in: > > Mar 12 15:36:06 mail MailScanner[25969]: Using locktype = flock > Mar 12 15:36:06 mail MailScanner[25969]: New Batch: Scanning 5 messages, > 19152 bytes > Mar 12 15:36:06 mail MailScanner[25969]: MCP Checks completed at 19152 > bytes per second > Mar 12 15:36:06 mail MailScanner[25969]: Spam Checks: Starting > Mar 12 15:36:08 mail MailScanner[25978]: MailScanner E-Mail Virus > Scanner version 4.28.6 starting... > > > And the number just keeps growing until I set Use SpamAssassin=no. > > As I mentioned, usually this is because of an RBL going dark, > but I've set skip_rbl_checks 1 in my spam.assassin.prefs.conf > (for testing). > > So, how can I trace this to find out where it's failing? Have > I done something obviously stupid? Is there more information I can > give to help someone help me figure this out? Any flu remedy > recommendations? > > Again, sorry if I haven't given enough information, but I'm > not thinking clearly at the moment and any and all help is > appreciated. > > Thanks, > > --J(K) > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Sun Mar 13 11:02:49 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:59 2006 Subject: User unknown in virtual alias table Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list on behalf of Drew Marshall > Sent: Sat 3/12/2005 11:05 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Cc: > Subject: Re: User unknown in virtual alias table > Steen, Glenn wrote: > > >Hair of dog, eh Drew.... Is that good against hangovers ....? (I'll be > needing *something* tomorrow, or else my choirleader will.... well, let's > not go there.... Oh, not to mention the rotations JSBach will be doing in > his tomb...:-). > > > > > Now I'm not sure if you have picked up on the English colloquialism > 'hair of dog' not it's literal phrase. Hair of dog is referred to as the > first beer in the bar the following morning (For example) as opposed to > the fur of a canine :-) . One will add to your hangover but if taken in > sufficient quantity will help you forget it (Although pickle your > liver!) the other will make you feel ruff (Sorry couldn't resist :-) ). Ah. No that particular turn of phrase had eluded me.... I'll be sure to remember it:-) Wouldn't be doing me much good anyway.... need to be sharp to sing "Magnificat":-):-) > >... Would it be entirely unacceptable to "fix" this in documentation... > "don't do that" type of thing? > > > > > I don't know how tricky it will be to fix the code TBH (I code like a > sysadmin ;-) ). There is no reason why the docs can't read that for > Postfix you can't enter virtual aliases. I'm not sure I personally like > it as I prefer things to work (TM) but it is a work round. It's a pain > that Postfix insists on doing it's virtual alias lookups in the cleanup > stage after either pickup (Injected messages) or smtpd (SMTP input) > before MailScanner gets to look at it. This document here > http://www.postfix.org/ADDRESS_REWRITING_README.html details it rather > well. See the table about 1/3rd down the page. That specifies which > Postfix component does the address rewriting for aliases. Yes, I know. But "doing it right" would mean not to just fiddle with the queue files and use "normal methods" for injecting it back in, or playing cleanup in MW (which seems horrendous). Or perhaps I'm missing something in my somewhat hubgover state?-). -- Glenn > Drew ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Sun Mar 13 11:07:41 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:59 2006 Subject: User unknown in virtual alias table Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Should say: files, and instead use "normal methods" for injecting it back in. Or playing "cleanup" in MailScanner (which seems horrendous). Or perhaps I'm missing something in my somewhat As said, not my best of mornings:-) -- Glenn -----Original Message----- From: MailScanner mailing list on behalf of Steen, Glenn Sent: Sun 3/13/2005 12:02 PM To: MAILSCANNER@JISCMAIL.AC.UK Cc: Subject: Re: User unknown in virtual alias table > -----Original Message----- > From: MailScanner mailing list on behalf of Drew Marshall > Sent: Sat 3/12/2005 11:05 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Cc: > Subject: Re: User unknown in virtual alias table > Steen, Glenn wrote: > > >Hair of dog, eh Drew.... Is that good against hangovers ....? (I'll be > needing *something* tomorrow, or else my choirleader will.... well, let's > not go there.... Oh, not to mention the rotations JSBach will be doing in > his tomb...:-). > > > > > Now I'm not sure if you have picked up on the English colloquialism > 'hair of dog' not it's literal phrase. Hair of dog is referred to as the > first beer in the bar the following morning (For example) as opposed to > the fur of a canine :-) . One will add to your hangover but if taken in > sufficient quantity will help you forget it (Although pickle your > liver!) the other will make you feel ruff (Sorry couldn't resist :-) ). Ah. No that particular turn of phrase had eluded me.... I'll be sure to remember it:-) Wouldn't be doing me much good anyway.... need to be sharp to sing "Magnificat":-):-) > >... Would it be entirely unacceptable to "fix" this in documentation... > "don't do that" type of thing? > > > > > I don't know how tricky it will be to fix the code TBH (I code like a > sysadmin ;-) ). There is no reason why the docs can't read that for > Postfix you can't enter virtual aliases. I'm not sure I personally like > it as I prefer things to work (TM) but it is a work round. It's a pain > that Postfix insists on doing it's virtual alias lookups in the cleanup > stage after either pickup (Injected messages) or smtpd (SMTP input) > before MailScanner gets to look at it. This document here > http://www.postfix.org/ADDRESS_REWRITING_README.html details it rather > well. See the table about 1/3rd down the page. That specifies which > Postfix component does the address rewriting for aliases. Yes, I know. But "doing it right" would mean not to just fiddle with the queue files and use "normal methods" for injecting it back in, or playing cleanup in MW (which seems horrendous). Or perhaps I'm missing something in my somewhat hubgover state?-). -- Glenn > Drew ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Sun Mar 13 11:42:37 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:28:59 2006 Subject: User unknown in virtual alias table Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Steen, Glenn wrote: -----Original Message----- From: MailScanner mailing list on behalf of Drew Marshall Sent: Sat 3/12/2005 11:05 PM To: MAILSCANNER@JISCMAIL.AC.UK Cc: Subject: Re: User unknown in virtual alias table Steen, Glenn wrote: Hair of dog, eh Drew.... Is that good against hangovers ....? (I'll be needing *something* tomorrow, or else my choirleader will.... well, let's not go there.... Oh, not to mention the rotations JSBach will be doing in his tomb...:-). Now I'm not sure if you have picked up on the English colloquialism 'hair of dog' not it's literal phrase. Hair of dog is referred to as the first beer in the bar the following morning (For example) as opposed to the fur of a canine :-) . One will add to your hangover but if taken in sufficient quantity will help you forget it (Although pickle your liver!) the other will make you feel ruff (Sorry couldn't resist :-) ). Ah. No that particular turn of phrase had eluded me.... I'll be sure to remember it:-) Wouldn't be doing me much good anyway.... need to be sharp to sing "Magnificat":-):-) ... Would it be entirely unacceptable to "fix" this in documentation... "don't do that" type of thing? I don't know how tricky it will be to fix the code TBH (I code like a sysadmin ;-) ). There is no reason why the docs can't read that for Postfix you can't enter virtual aliases. I'm not sure I personally like it as I prefer things to work (TM) but it is a work round. It's a pain that Postfix insists on doing it's virtual alias lookups in the cleanup stage after either pickup (Injected messages) or smtpd (SMTP input) before MailScanner gets to look at it. This document here http://www.postfix.org/ADDRESS_REWRITING_README.html details it rather well. See the table about 1/3rd down the page. That specifies which Postfix component does the address rewriting for aliases. Yes, I know. But "doing it right" would mean not to just fiddle with the queue files and use "normal methods" for injecting it back in, or playing cleanup in MW (which seems horrendous). Or perhaps I'm missing something in my somewhat hubgover state?-). Well as I see it there are 2 options, one is to change the docs, the other is to change the hold file regex to exclude direct injected mail (From localhost) and get MS to queue inject the forwarded file so it is not re-scanned. Neither is particularly pretty or an ideal solution. My preference would be your idea to change the docs as after all if the system admin is setting the forward option in MS then (s)he should also know the unaliased address of the recipient. Maybe Julian has a better idea?? Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dbird at SGHMS.AC.UK Sun Mar 13 15:07:36 2005 From: dbird at SGHMS.AC.UK (Daniel Bird) Date: Thu Jan 12 21:29:00 2006 Subject: Released beta 4.40.4 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > Folks, > > I have just released a new beta-test version, 4.40.4. > Been running for about 2 hours and seems fine. Dan > This release is mainly for fixes to the Bayes database rebuilding, and > for more Postfix testing. > > I have replaced my spam.assassin.prefs.conf and now use a very slightly > modified version of the one provided by Fortress Systems (thanks > Steve!). The change is to maintain compatibility with all previous > versions that keep their Bayes files in ~/.spamassassin. > > Also the RAR archive handling is greatly improved. > > Download it as usual from www.mailscanner.info. > > The full Change Log is: > * New Features and Improvements * > - The "clamavmodule" scanner cannot unpack archives of RAR version 3. > 2 new configuration settings allow you to unpack the latest RAR archives > for testing by the "clamavmodule" scanner. > It also enables the contents of the RAR archive to be checked for > illegal > filenames and filetypes, and also to see if they are password-protected. > Unrar Command = /usr/bin/unrar > Unrar Timeout = 50 > - "Allow Password-protected Archives" can now be a ruleset when using the > clamavmodule virus scanner. > - Multiple "Subject:" lines are removed. The 1st one is kept. > - If the "Unrar Command" is defined and points to an executable program, > it will automatically be used by the "clamav" scanner. No -wrapper > tweaking is needed to do this any more. > - You can now use shell environment variables such as $HOSTNAME or > ${HOSTNAME} in MailScanner.conf and its relatives. > - More improvements to the phishing net. > - More additions to the starter phishing.safe.sites.conf file. > - Removed my spam.assassin.prefs.conf file in favour of the one from > www.fsl.com, with just enough changes to produce an identical file > layout to my previous versions. > - Re-enabled ALL_TRUSTED rule after comments from Matt Kettler. Thanks! > - Added long comment about ALL_TRUSTED rule, many thanks to Matt Kettler. > - Improved screen behaviour of RPM-based init.d script. > - Greatly improved RAR archive handler, thanks to Rick Cooper. > > * Fixes * > - Fixed problem with missing Attachment-Warning when encountering a virus > that is both silent and non-forging. > - Improved output format of Sender warning, and removed duplicate lines. > - In IPBlock facility, changed MTA dsn to 451 to temporarily refuse the > connections, rather than the total block it used to do. > - Removed erroneous log output from SpamAssassin bayes-rebuilder. > - Postfix problem fixes. > - Fixed SpamAssassin Bayes database rebuild timeout problem (hopefully!). > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- ____________________________________ Daniel Bird Network and Systems Manager Department Of Information Services St. George's Hospital Medical School Tooting London SW17 0RE P: +44 20 8725 2897 F: +44 20 8725 3583 E: dan@sghms.ac.uk ____________________________________ Computing Services Homepage: http://www.intranet.sghms.ac.uk/depts/is/cu/ The Computing Services Handbook: http://www.intranet.sghms.ac.uk/depts/is/cu/handbook2003-4.pdf Everything is possible....except skiing through a revolving door. This message has been scanned for viruses and dangerous content by MailScanner at danbird.net and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dbird at SGHMS.AC.UK Sun Mar 13 15:31:56 2005 From: dbird at SGHMS.AC.UK (Daniel Bird) Date: Thu Jan 12 21:29:00 2006 Subject: Released beta 4.40.4 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Daniel Bird wrote: > Julian Field wrote: > >> Folks, >> >> I have just released a new beta-test version, 4.40.4. >> > Been running for about 2 hours and seems fine. I lied. Seems it got itself in a loop, continually rescanning messages. Had to revert. Will test tomorrow. Dan > > Dan > >> This release is mainly for fixes to the Bayes database rebuilding, and >> for more Postfix testing. >> >> I have replaced my spam.assassin.prefs.conf and now use a very slightly >> modified version of the one provided by Fortress Systems (thanks >> Steve!). The change is to maintain compatibility with all previous >> versions that keep their Bayes files in ~/.spamassassin. >> >> Also the RAR archive handling is greatly improved. >> >> Download it as usual from www.mailscanner.info. >> >> The full Change Log is: >> * New Features and Improvements * >> - The "clamavmodule" scanner cannot unpack archives of RAR version 3. >> 2 new configuration settings allow you to unpack the latest RAR >> archives >> for testing by the "clamavmodule" scanner. >> It also enables the contents of the RAR archive to be checked for >> illegal >> filenames and filetypes, and also to see if they are >> password-protected. >> Unrar Command = /usr/bin/unrar >> Unrar Timeout = 50 >> - "Allow Password-protected Archives" can now be a ruleset when using >> the >> clamavmodule virus scanner. >> - Multiple "Subject:" lines are removed. The 1st one is kept. >> - If the "Unrar Command" is defined and points to an executable program, >> it will automatically be used by the "clamav" scanner. No -wrapper >> tweaking is needed to do this any more. >> - You can now use shell environment variables such as $HOSTNAME or >> ${HOSTNAME} in MailScanner.conf and its relatives. >> - More improvements to the phishing net. >> - More additions to the starter phishing.safe.sites.conf file. >> - Removed my spam.assassin.prefs.conf file in favour of the one from >> www.fsl.com, with just enough changes to produce an identical file >> layout to my previous versions. >> - Re-enabled ALL_TRUSTED rule after comments from Matt Kettler. Thanks! >> - Added long comment about ALL_TRUSTED rule, many thanks to Matt >> Kettler. >> - Improved screen behaviour of RPM-based init.d script. >> - Greatly improved RAR archive handler, thanks to Rick Cooper. >> >> * Fixes * >> - Fixed problem with missing Attachment-Warning when encountering a >> virus >> that is both silent and non-forging. >> - Improved output format of Sender warning, and removed duplicate lines. >> - In IPBlock facility, changed MTA dsn to 451 to temporarily refuse the >> connections, rather than the total block it used to do. >> - Removed erroneous log output from SpamAssassin bayes-rebuilder. >> - Postfix problem fixes. >> - Fixed SpamAssassin Bayes database rebuild timeout problem >> (hopefully!). >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > > -- > ____________________________________ > > Daniel Bird > Network and Systems Manager > Department Of Information Services > St. George's Hospital Medical School > Tooting > London SW17 0RE > > P: +44 20 8725 2897 > F: +44 20 8725 3583 > E: dan@sghms.ac.uk > ____________________________________ > > Computing Services Homepage: > http://www.intranet.sghms.ac.uk/depts/is/cu/ > > The Computing Services Handbook: > http://www.intranet.sghms.ac.uk/depts/is/cu/handbook2003-4.pdf > > Everything is possible....except skiing through a revolving door. > > > > This message has been scanned for viruses and dangerous > content by MailScanner at danbird.net and is believed to be clean. > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- ____________________________________ Daniel Bird Network and Systems Manager Department Of Information Services St. George's Hospital Medical School Tooting London SW17 0RE P: +44 20 8725 2897 F: +44 20 8725 3583 E: dan@sghms.ac.uk ____________________________________ Computing Services Homepage: http://www.intranet.sghms.ac.uk/depts/is/cu/ The Computing Services Handbook: http://www.intranet.sghms.ac.uk/depts/is/cu/handbook2003-4.pdf Everything is possible....except skiing through a revolving door. This message has been scanned for viruses and dangerous content by MailScanner at danbird.net and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun Mar 13 16:01:21 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:00 2006 Subject: Released beta 4.40.4 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Daniel Bird wrote: > Daniel Bird wrote: > >> Julian Field wrote: >> >>> Folks, >>> >>> I have just released a new beta-test version, 4.40.4. >>> >> Been running for about 2 hours and seems fine. > > > > I lied. Seems it got itself in a loop, continually rescanning messages. > Had to revert. Will test tomorrow. Bother. Can you put it in debug mode, then stop it, then check_MailScanner and see what it says please? It may be one message causing it trouble, please can you let me know what you find. > > Dan > >> >> Dan >> >>> This release is mainly for fixes to the Bayes database rebuilding, and >>> for more Postfix testing. >>> >>> I have replaced my spam.assassin.prefs.conf and now use a very slightly >>> modified version of the one provided by Fortress Systems (thanks >>> Steve!). The change is to maintain compatibility with all previous >>> versions that keep their Bayes files in ~/.spamassassin. >>> >>> Also the RAR archive handling is greatly improved. >>> >>> Download it as usual from www.mailscanner.info. >>> >>> The full Change Log is: >>> * New Features and Improvements * >>> - The "clamavmodule" scanner cannot unpack archives of RAR version 3. >>> 2 new configuration settings allow you to unpack the latest RAR >>> archives >>> for testing by the "clamavmodule" scanner. >>> It also enables the contents of the RAR archive to be checked for >>> illegal >>> filenames and filetypes, and also to see if they are >>> password-protected. >>> Unrar Command = /usr/bin/unrar >>> Unrar Timeout = 50 >>> - "Allow Password-protected Archives" can now be a ruleset when using >>> the >>> clamavmodule virus scanner. >>> - Multiple "Subject:" lines are removed. The 1st one is kept. >>> - If the "Unrar Command" is defined and points to an executable >>> program, >>> it will automatically be used by the "clamav" scanner. No -wrapper >>> tweaking is needed to do this any more. >>> - You can now use shell environment variables such as $HOSTNAME or >>> ${HOSTNAME} in MailScanner.conf and its relatives. >>> - More improvements to the phishing net. >>> - More additions to the starter phishing.safe.sites.conf file. >>> - Removed my spam.assassin.prefs.conf file in favour of the one from >>> www.fsl.com, with just enough changes to produce an identical file >>> layout to my previous versions. >>> - Re-enabled ALL_TRUSTED rule after comments from Matt Kettler. Thanks! >>> - Added long comment about ALL_TRUSTED rule, many thanks to Matt >>> Kettler. >>> - Improved screen behaviour of RPM-based init.d script. >>> - Greatly improved RAR archive handler, thanks to Rick Cooper. >>> >>> * Fixes * >>> - Fixed problem with missing Attachment-Warning when encountering a >>> virus >>> that is both silent and non-forging. >>> - Improved output format of Sender warning, and removed duplicate >>> lines. >>> - In IPBlock facility, changed MTA dsn to 451 to temporarily refuse the >>> connections, rather than the total block it used to do. >>> - Removed erroneous log output from SpamAssassin bayes-rebuilder. >>> - Postfix problem fixes. >>> - Fixed SpamAssassin Bayes database rebuild timeout problem >>> (hopefully!). >>> >>> -- >>> Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> Professional Support Services at www.MailScanner.biz >>> MailScanner thanks transtec Computers for their support >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> >> -- >> ____________________________________ >> >> Daniel Bird >> Network and Systems Manager >> Department Of Information Services >> St. George's Hospital Medical School >> Tooting >> London SW17 0RE >> >> P: +44 20 8725 2897 >> F: +44 20 8725 3583 >> E: dan@sghms.ac.uk >> ____________________________________ >> >> Computing Services Homepage: >> http://www.intranet.sghms.ac.uk/depts/is/cu/ >> >> The Computing Services Handbook: >> http://www.intranet.sghms.ac.uk/depts/is/cu/handbook2003-4.pdf >> >> Everything is possible....except skiing through a revolving door. >> >> >> >> This message has been scanned for viruses and dangerous >> content by MailScanner at danbird.net and is believed to be clean. >> >> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > > -- > ____________________________________ > > Daniel Bird > Network and Systems Manager > Department Of Information Services > St. George's Hospital Medical School > Tooting > London SW17 0RE > > P: +44 20 8725 2897 > F: +44 20 8725 3583 > E: dan@sghms.ac.uk > ____________________________________ > > Computing Services Homepage: > http://www.intranet.sghms.ac.uk/depts/is/cu/ > > The Computing Services Handbook: > http://www.intranet.sghms.ac.uk/depts/is/cu/handbook2003-4.pdf > > Everything is possible....except skiing through a revolving door. > > > > This message has been scanned for viruses and dangerous > content by MailScanner at danbird.net and is believed to be clean. > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Sun Mar 13 16:08:15 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:29:00 2006 Subject: Released beta 4.40.4 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian, I was just looking into this myself. In my case it is caused by Exim.pm line 764: Can't use string ("Received: from sahomelt.internal") as a HASH ref while "strict refs" in use at /opt/MailScanner/lib/MailScanner/Exim.pm line 764 Rick > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Julian Field > Sent: Sunday, March 13, 2005 11:01 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Released beta 4.40.4 > > > Daniel Bird wrote: > > > Daniel Bird wrote: > > > >> Julian Field wrote: > >> > >>> Folks, > >>> > >>> I have just released a new beta-test version, 4.40.4. > >>> > >> Been running for about 2 hours and seems fine. > > > > > > > > I lied. Seems it got itself in a loop, continually rescanning messages. > > Had to revert. Will test tomorrow. > > Bother. Can you put it in debug mode, then stop it, then > check_MailScanner and see what it says please? It may be one message > causing it trouble, please can you let me know what you find. > > > > > Dan > > > >> > >> Dan > >> > >>> This release is mainly for fixes to the Bayes database rebuilding, and > >>> for more Postfix testing. > >>> > >>> I have replaced my spam.assassin.prefs.conf and now use a > very slightly > >>> modified version of the one provided by Fortress Systems (thanks > >>> Steve!). The change is to maintain compatibility with all previous > >>> versions that keep their Bayes files in ~/.spamassassin. > >>> > >>> Also the RAR archive handling is greatly improved. > >>> > >>> Download it as usual from www.mailscanner.info. > >>> > >>> The full Change Log is: > >>> * New Features and Improvements * > >>> - The "clamavmodule" scanner cannot unpack archives of RAR version 3. > >>> 2 new configuration settings allow you to unpack the latest RAR > >>> archives > >>> for testing by the "clamavmodule" scanner. > >>> It also enables the contents of the RAR archive to be checked for > >>> illegal > >>> filenames and filetypes, and also to see if they are > >>> password-protected. > >>> Unrar Command = /usr/bin/unrar > >>> Unrar Timeout = 50 > >>> - "Allow Password-protected Archives" can now be a ruleset when using > >>> the > >>> clamavmodule virus scanner. > >>> - Multiple "Subject:" lines are removed. The 1st one is kept. > >>> - If the "Unrar Command" is defined and points to an executable > >>> program, > >>> it will automatically be used by the "clamav" scanner. No -wrapper > >>> tweaking is needed to do this any more. > >>> - You can now use shell environment variables such as $HOSTNAME or > >>> ${HOSTNAME} in MailScanner.conf and its relatives. > >>> - More improvements to the phishing net. > >>> - More additions to the starter phishing.safe.sites.conf file. > >>> - Removed my spam.assassin.prefs.conf file in favour of the one from > >>> www.fsl.com, with just enough changes to produce an identical file > >>> layout to my previous versions. > >>> - Re-enabled ALL_TRUSTED rule after comments from Matt > Kettler. Thanks! > >>> - Added long comment about ALL_TRUSTED rule, many thanks to Matt > >>> Kettler. > >>> - Improved screen behaviour of RPM-based init.d script. > >>> - Greatly improved RAR archive handler, thanks to Rick Cooper. > >>> > >>> * Fixes * > >>> - Fixed problem with missing Attachment-Warning when encountering a > >>> virus > >>> that is both silent and non-forging. > >>> - Improved output format of Sender warning, and removed duplicate > >>> lines. > >>> - In IPBlock facility, changed MTA dsn to 451 to temporarily > refuse the > >>> connections, rather than the total block it used to do. > >>> - Removed erroneous log output from SpamAssassin bayes-rebuilder. > >>> - Postfix problem fixes. > >>> - Fixed SpamAssassin Bayes database rebuild timeout problem > >>> (hopefully!). > >>> > >>> -- > >>> Julian Field > >>> www.MailScanner.info > >>> Buy the MailScanner book at www.MailScanner.info/store > >>> Professional Support Services at www.MailScanner.biz > >>> MailScanner thanks transtec Computers for their support > >>> > >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >>> > >>> ------------------------ MailScanner list ------------------------ > >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>> 'leave mailscanner' in the body of the email. > >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >>> > >>> Support MailScanner development - buy the book off the website! > >>> > >> > >> > >> -- > >> ____________________________________ > >> > >> Daniel Bird > >> Network and Systems Manager > >> Department Of Information Services > >> St. George's Hospital Medical School > >> Tooting > >> London SW17 0RE > >> > >> P: +44 20 8725 2897 > >> F: +44 20 8725 3583 > >> E: dan@sghms.ac.uk > >> ____________________________________ > >> > >> Computing Services Homepage: > >> http://www.intranet.sghms.ac.uk/depts/is/cu/ > >> > >> The Computing Services Handbook: > >> http://www.intranet.sghms.ac.uk/depts/is/cu/handbook2003-4.pdf > >> > >> Everything is possible....except skiing through a revolving door. > >> > >> > >> > >> This message has been scanned for viruses and dangerous > >> content by MailScanner at danbird.net and is believed to be clean. > >> > >> > >> > >> ------------------------ MailScanner list ------------------------ > >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >> 'leave mailscanner' in the body of the email. > >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> > >> Support MailScanner development - buy the book off the website! > >> > > > > > > -- > > ____________________________________ > > > > Daniel Bird > > Network and Systems Manager > > Department Of Information Services > > St. George's Hospital Medical School > > Tooting > > London SW17 0RE > > > > P: +44 20 8725 2897 > > F: +44 20 8725 3583 > > E: dan@sghms.ac.uk > > ____________________________________ > > > > Computing Services Homepage: > > http://www.intranet.sghms.ac.uk/depts/is/cu/ > > > > The Computing Services Handbook: > > http://www.intranet.sghms.ac.uk/depts/is/cu/handbook2003-4.pdf > > > > Everything is possible....except skiing through a revolving door. > > > > > > > > This message has been scanned for viruses and dangerous > > content by MailScanner at danbird.net and is believed to be clean. > > > > > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun Mar 13 16:22:33 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:00 2006 Subject: Released beta 4.40.4 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Please can you send me a message that causes this. Rick Cooper wrote: >Julian, > >I was just looking into this myself. In my case it is caused by Exim.pm line >764: > >Can't use string ("Received: from sahomelt.internal") as a HASH ref while >"strict refs" in use at /opt/MailScanner/lib/MailScanner/Exim.pm line 764 > > >Rick > > > > > >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >>Behalf Of Julian Field >>Sent: Sunday, March 13, 2005 11:01 AM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: Released beta 4.40.4 >> >> >>Daniel Bird wrote: >> >> >> >>>Daniel Bird wrote: >>> >>> >>> >>>>Julian Field wrote: >>>> >>>> >>>> >>>>>Folks, >>>>> >>>>>I have just released a new beta-test version, 4.40.4. >>>>> >>>>> >>>>> >>>>Been running for about 2 hours and seems fine. >>>> >>>> >>> >>>I lied. Seems it got itself in a loop, continually rescanning messages. >>>Had to revert. Will test tomorrow. >>> >>> >>Bother. Can you put it in debug mode, then stop it, then >>check_MailScanner and see what it says please? It may be one message >>causing it trouble, please can you let me know what you find. >> >> >> >>>Dan >>> >>> >>> >>>>Dan >>>> >>>> >>>> >>>>>This release is mainly for fixes to the Bayes database rebuilding, and >>>>>for more Postfix testing. >>>>> >>>>>I have replaced my spam.assassin.prefs.conf and now use a >>>>> >>>>> >>very slightly >> >> >>>>>modified version of the one provided by Fortress Systems (thanks >>>>>Steve!). The change is to maintain compatibility with all previous >>>>>versions that keep their Bayes files in ~/.spamassassin. >>>>> >>>>>Also the RAR archive handling is greatly improved. >>>>> >>>>>Download it as usual from www.mailscanner.info. >>>>> >>>>>The full Change Log is: >>>>>* New Features and Improvements * >>>>>- The "clamavmodule" scanner cannot unpack archives of RAR version 3. >>>>> 2 new configuration settings allow you to unpack the latest RAR >>>>>archives >>>>> for testing by the "clamavmodule" scanner. >>>>> It also enables the contents of the RAR archive to be checked for >>>>>illegal >>>>> filenames and filetypes, and also to see if they are >>>>>password-protected. >>>>> Unrar Command = /usr/bin/unrar >>>>> Unrar Timeout = 50 >>>>>- "Allow Password-protected Archives" can now be a ruleset when using >>>>>the >>>>> clamavmodule virus scanner. >>>>>- Multiple "Subject:" lines are removed. The 1st one is kept. >>>>>- If the "Unrar Command" is defined and points to an executable >>>>>program, >>>>> it will automatically be used by the "clamav" scanner. No -wrapper >>>>> tweaking is needed to do this any more. >>>>>- You can now use shell environment variables such as $HOSTNAME or >>>>> ${HOSTNAME} in MailScanner.conf and its relatives. >>>>>- More improvements to the phishing net. >>>>>- More additions to the starter phishing.safe.sites.conf file. >>>>>- Removed my spam.assassin.prefs.conf file in favour of the one from >>>>> www.fsl.com, with just enough changes to produce an identical file >>>>> layout to my previous versions. >>>>>- Re-enabled ALL_TRUSTED rule after comments from Matt >>>>> >>>>> >>Kettler. Thanks! >> >> >>>>>- Added long comment about ALL_TRUSTED rule, many thanks to Matt >>>>>Kettler. >>>>>- Improved screen behaviour of RPM-based init.d script. >>>>>- Greatly improved RAR archive handler, thanks to Rick Cooper. >>>>> >>>>>* Fixes * >>>>>- Fixed problem with missing Attachment-Warning when encountering a >>>>>virus >>>>> that is both silent and non-forging. >>>>>- Improved output format of Sender warning, and removed duplicate >>>>>lines. >>>>>- In IPBlock facility, changed MTA dsn to 451 to temporarily >>>>> >>>>> >>refuse the >> >> >>>>> connections, rather than the total block it used to do. >>>>>- Removed erroneous log output from SpamAssassin bayes-rebuilder. >>>>>- Postfix problem fixes. >>>>>- Fixed SpamAssassin Bayes database rebuild timeout problem >>>>>(hopefully!). >>>>> >>>>>-- >>>>>Julian Field >>>>>www.MailScanner.info >>>>>Buy the MailScanner book at www.MailScanner.info/store >>>>>Professional Support Services at www.MailScanner.biz >>>>>MailScanner thanks transtec Computers for their support >>>>> >>>>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>>> >>>>>------------------------ MailScanner list ------------------------ >>>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>'leave mailscanner' in the body of the email. >>>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>> >>>>>Support MailScanner development - buy the book off the website! >>>>> >>>>> >>>>> >>>>-- >>>>____________________________________ >>>> >>>>Daniel Bird >>>>Network and Systems Manager >>>>Department Of Information Services >>>>St. George's Hospital Medical School >>>>Tooting >>>>London SW17 0RE >>>> >>>>P: +44 20 8725 2897 >>>>F: +44 20 8725 3583 >>>>E: dan@sghms.ac.uk >>>>____________________________________ >>>> >>>>Computing Services Homepage: >>>>http://www.intranet.sghms.ac.uk/depts/is/cu/ >>>> >>>>The Computing Services Handbook: >>>>http://www.intranet.sghms.ac.uk/depts/is/cu/handbook2003-4.pdf >>>> >>>>Everything is possible....except skiing through a revolving door. >>>> >>>> >>>> >>>>This message has been scanned for viruses and dangerous >>>>content by MailScanner at danbird.net and is believed to be clean. >>>> >>>> >>>> >>>>------------------------ MailScanner list ------------------------ >>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>'leave mailscanner' in the body of the email. >>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>>Support MailScanner development - buy the book off the website! >>>> >>>> >>>> >>>-- >>>____________________________________ >>> >>>Daniel Bird >>>Network and Systems Manager >>>Department Of Information Services >>>St. George's Hospital Medical School >>>Tooting >>>London SW17 0RE >>> >>>P: +44 20 8725 2897 >>>F: +44 20 8725 3583 >>>E: dan@sghms.ac.uk >>>____________________________________ >>> >>>Computing Services Homepage: >>>http://www.intranet.sghms.ac.uk/depts/is/cu/ >>> >>>The Computing Services Handbook: >>>http://www.intranet.sghms.ac.uk/depts/is/cu/handbook2003-4.pdf >>> >>>Everything is possible....except skiing through a revolving door. >>> >>> >>> >>>This message has been scanned for viruses and dangerous >>>content by MailScanner at danbird.net and is believed to be clean. >>> >>> >>> >>>------------------------ MailScanner list ------------------------ >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>'leave mailscanner' in the body of the email. >>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>Support MailScanner development - buy the book off the website! >>> >>> >>> >>-- >>Julian Field >>www.MailScanner.info >>Buy the MailScanner book at www.MailScanner.info/store >>Professional Support Services at www.MailScanner.biz >>MailScanner thanks transtec Computers for their support >> >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >>-- >>This message has been scanned for viruses and >>dangerous content by MailScanner, and is >>believed to be clean. >> >> >> >> >> > > >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun Mar 13 16:59:19 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:00 2006 Subject: Released beta 4.40.4 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] What MTA are you using? Please say Exim :-) Daniel Bird wrote: > Daniel Bird wrote: > >> Julian Field wrote: >> >>> Folks, >>> >>> I have just released a new beta-test version, 4.40.4. >>> >> Been running for about 2 hours and seems fine. > > > > I lied. Seems it got itself in a loop, continually rescanning messages. > Had to revert. Will test tomorrow. > > Dan > >> >> Dan >> >>> This release is mainly for fixes to the Bayes database rebuilding, and >>> for more Postfix testing. >>> >>> I have replaced my spam.assassin.prefs.conf and now use a very slightly >>> modified version of the one provided by Fortress Systems (thanks >>> Steve!). The change is to maintain compatibility with all previous >>> versions that keep their Bayes files in ~/.spamassassin. >>> >>> Also the RAR archive handling is greatly improved. >>> >>> Download it as usual from www.mailscanner.info. >>> >>> The full Change Log is: >>> * New Features and Improvements * >>> - The "clamavmodule" scanner cannot unpack archives of RAR version 3. >>> 2 new configuration settings allow you to unpack the latest RAR >>> archives >>> for testing by the "clamavmodule" scanner. >>> It also enables the contents of the RAR archive to be checked for >>> illegal >>> filenames and filetypes, and also to see if they are >>> password-protected. >>> Unrar Command = /usr/bin/unrar >>> Unrar Timeout = 50 >>> - "Allow Password-protected Archives" can now be a ruleset when using >>> the >>> clamavmodule virus scanner. >>> - Multiple "Subject:" lines are removed. The 1st one is kept. >>> - If the "Unrar Command" is defined and points to an executable >>> program, >>> it will automatically be used by the "clamav" scanner. No -wrapper >>> tweaking is needed to do this any more. >>> - You can now use shell environment variables such as $HOSTNAME or >>> ${HOSTNAME} in MailScanner.conf and its relatives. >>> - More improvements to the phishing net. >>> - More additions to the starter phishing.safe.sites.conf file. >>> - Removed my spam.assassin.prefs.conf file in favour of the one from >>> www.fsl.com, with just enough changes to produce an identical file >>> layout to my previous versions. >>> - Re-enabled ALL_TRUSTED rule after comments from Matt Kettler. Thanks! >>> - Added long comment about ALL_TRUSTED rule, many thanks to Matt >>> Kettler. >>> - Improved screen behaviour of RPM-based init.d script. >>> - Greatly improved RAR archive handler, thanks to Rick Cooper. >>> >>> * Fixes * >>> - Fixed problem with missing Attachment-Warning when encountering a >>> virus >>> that is both silent and non-forging. >>> - Improved output format of Sender warning, and removed duplicate >>> lines. >>> - In IPBlock facility, changed MTA dsn to 451 to temporarily refuse the >>> connections, rather than the total block it used to do. >>> - Removed erroneous log output from SpamAssassin bayes-rebuilder. >>> - Postfix problem fixes. >>> - Fixed SpamAssassin Bayes database rebuild timeout problem >>> (hopefully!). >>> >>> -- >>> Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> Professional Support Services at www.MailScanner.biz >>> MailScanner thanks transtec Computers for their support >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> >> -- >> ____________________________________ >> >> Daniel Bird >> Network and Systems Manager >> Department Of Information Services >> St. George's Hospital Medical School >> Tooting >> London SW17 0RE >> >> P: +44 20 8725 2897 >> F: +44 20 8725 3583 >> E: dan@sghms.ac.uk >> ____________________________________ >> >> Computing Services Homepage: >> http://www.intranet.sghms.ac.uk/depts/is/cu/ >> >> The Computing Services Handbook: >> http://www.intranet.sghms.ac.uk/depts/is/cu/handbook2003-4.pdf >> >> Everything is possible....except skiing through a revolving door. >> >> >> >> This message has been scanned for viruses and dangerous >> content by MailScanner at danbird.net and is believed to be clean. >> >> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > > -- > ____________________________________ > > Daniel Bird > Network and Systems Manager > Department Of Information Services > St. George's Hospital Medical School > Tooting > London SW17 0RE > > P: +44 20 8725 2897 > F: +44 20 8725 3583 > E: dan@sghms.ac.uk > ____________________________________ > > Computing Services Homepage: > http://www.intranet.sghms.ac.uk/depts/is/cu/ > > The Computing Services Handbook: > http://www.intranet.sghms.ac.uk/depts/is/cu/handbook2003-4.pdf > > Everything is possible....except skiing through a revolving door. > > > > This message has been scanned for viruses and dangerous > content by MailScanner at danbird.net and is believed to be clean. > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun Mar 13 17:01:12 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:00 2006 Subject: Released beta 4.40.4 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Found this one, thanks for reporting it. [root@karla input]# diff Exim.pm.old Exim.pm 763,764c763,764 < for ($hdrnum=0; $hdrnum<@{$message->{headers}}; $hdrnum++) { < next unless lc $message->{headers}[$hdrnum]{name} eq lc $key; --- > for ($hdrnum=0; $hdrnum<@{$metadata->{headers}}; $hdrnum++) { > next unless lc $metadata->{headers}[$hdrnum]{name} eq lc $key; That's the patch for Exim.pm. Change $message to $metadata on both lines. Rick Cooper wrote: >Julian, > >I was just looking into this myself. In my case it is caused by Exim.pm line >764: > >Can't use string ("Received: from sahomelt.internal") as a HASH ref while >"strict refs" in use at /opt/MailScanner/lib/MailScanner/Exim.pm line 764 > > >Rick > > > > > >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >>Behalf Of Julian Field >>Sent: Sunday, March 13, 2005 11:01 AM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: Released beta 4.40.4 >> >> >>Daniel Bird wrote: >> >> >> >>>Daniel Bird wrote: >>> >>> >>> >>>>Julian Field wrote: >>>> >>>> >>>> >>>>>Folks, >>>>> >>>>>I have just released a new beta-test version, 4.40.4. >>>>> >>>>> >>>>> >>>>Been running for about 2 hours and seems fine. >>>> >>>> >>> >>>I lied. Seems it got itself in a loop, continually rescanning messages. >>>Had to revert. Will test tomorrow. >>> >>> >>Bother. Can you put it in debug mode, then stop it, then >>check_MailScanner and see what it says please? It may be one message >>causing it trouble, please can you let me know what you find. >> >> >> >>>Dan >>> >>> >>> >>>>Dan >>>> >>>> >>>> >>>>>This release is mainly for fixes to the Bayes database rebuilding, and >>>>>for more Postfix testing. >>>>> >>>>>I have replaced my spam.assassin.prefs.conf and now use a >>>>> >>>>> >>very slightly >> >> >>>>>modified version of the one provided by Fortress Systems (thanks >>>>>Steve!). The change is to maintain compatibility with all previous >>>>>versions that keep their Bayes files in ~/.spamassassin. >>>>> >>>>>Also the RAR archive handling is greatly improved. >>>>> >>>>>Download it as usual from www.mailscanner.info. >>>>> >>>>>The full Change Log is: >>>>>* New Features and Improvements * >>>>>- The "clamavmodule" scanner cannot unpack archives of RAR version 3. >>>>> 2 new configuration settings allow you to unpack the latest RAR >>>>>archives >>>>> for testing by the "clamavmodule" scanner. >>>>> It also enables the contents of the RAR archive to be checked for >>>>>illegal >>>>> filenames and filetypes, and also to see if they are >>>>>password-protected. >>>>> Unrar Command = /usr/bin/unrar >>>>> Unrar Timeout = 50 >>>>>- "Allow Password-protected Archives" can now be a ruleset when using >>>>>the >>>>> clamavmodule virus scanner. >>>>>- Multiple "Subject:" lines are removed. The 1st one is kept. >>>>>- If the "Unrar Command" is defined and points to an executable >>>>>program, >>>>> it will automatically be used by the "clamav" scanner. No -wrapper >>>>> tweaking is needed to do this any more. >>>>>- You can now use shell environment variables such as $HOSTNAME or >>>>> ${HOSTNAME} in MailScanner.conf and its relatives. >>>>>- More improvements to the phishing net. >>>>>- More additions to the starter phishing.safe.sites.conf file. >>>>>- Removed my spam.assassin.prefs.conf file in favour of the one from >>>>> www.fsl.com, with just enough changes to produce an identical file >>>>> layout to my previous versions. >>>>>- Re-enabled ALL_TRUSTED rule after comments from Matt >>>>> >>>>> >>Kettler. Thanks! >> >> >>>>>- Added long comment about ALL_TRUSTED rule, many thanks to Matt >>>>>Kettler. >>>>>- Improved screen behaviour of RPM-based init.d script. >>>>>- Greatly improved RAR archive handler, thanks to Rick Cooper. >>>>> >>>>>* Fixes * >>>>>- Fixed problem with missing Attachment-Warning when encountering a >>>>>virus >>>>> that is both silent and non-forging. >>>>>- Improved output format of Sender warning, and removed duplicate >>>>>lines. >>>>>- In IPBlock facility, changed MTA dsn to 451 to temporarily >>>>> >>>>> >>refuse the >> >> >>>>> connections, rather than the total block it used to do. >>>>>- Removed erroneous log output from SpamAssassin bayes-rebuilder. >>>>>- Postfix problem fixes. >>>>>- Fixed SpamAssassin Bayes database rebuild timeout problem >>>>>(hopefully!). >>>>> >>>>>-- >>>>>Julian Field >>>>>www.MailScanner.info >>>>>Buy the MailScanner book at www.MailScanner.info/store >>>>>Professional Support Services at www.MailScanner.biz >>>>>MailScanner thanks transtec Computers for their support >>>>> >>>>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>>> >>>>>------------------------ MailScanner list ------------------------ >>>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>'leave mailscanner' in the body of the email. >>>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>> >>>>>Support MailScanner development - buy the book off the website! >>>>> >>>>> >>>>> >>>>-- >>>>____________________________________ >>>> >>>>Daniel Bird >>>>Network and Systems Manager >>>>Department Of Information Services >>>>St. George's Hospital Medical School >>>>Tooting >>>>London SW17 0RE >>>> >>>>P: +44 20 8725 2897 >>>>F: +44 20 8725 3583 >>>>E: dan@sghms.ac.uk >>>>____________________________________ >>>> >>>>Computing Services Homepage: >>>>http://www.intranet.sghms.ac.uk/depts/is/cu/ >>>> >>>>The Computing Services Handbook: >>>>http://www.intranet.sghms.ac.uk/depts/is/cu/handbook2003-4.pdf >>>> >>>>Everything is possible....except skiing through a revolving door. >>>> >>>> >>>> >>>>This message has been scanned for viruses and dangerous >>>>content by MailScanner at danbird.net and is believed to be clean. >>>> >>>> >>>> >>>>------------------------ MailScanner list ------------------------ >>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>'leave mailscanner' in the body of the email. >>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>>Support MailScanner development - buy the book off the website! >>>> >>>> >>>> >>>-- >>>____________________________________ >>> >>>Daniel Bird >>>Network and Systems Manager >>>Department Of Information Services >>>St. George's Hospital Medical School >>>Tooting >>>London SW17 0RE >>> >>>P: +44 20 8725 2897 >>>F: +44 20 8725 3583 >>>E: dan@sghms.ac.uk >>>____________________________________ >>> >>>Computing Services Homepage: >>>http://www.intranet.sghms.ac.uk/depts/is/cu/ >>> >>>The Computing Services Handbook: >>>http://www.intranet.sghms.ac.uk/depts/is/cu/handbook2003-4.pdf >>> >>>Everything is possible....except skiing through a revolving door. >>> >>> >>> >>>This message has been scanned for viruses and dangerous >>>content by MailScanner at danbird.net and is believed to be clean. >>> >>> >>> >>>------------------------ MailScanner list ------------------------ >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>'leave mailscanner' in the body of the email. >>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>Support MailScanner development - buy the book off the website! >>> >>> >>> >>-- >>Julian Field >>www.MailScanner.info >>Buy the MailScanner book at www.MailScanner.info/store >>Professional Support Services at www.MailScanner.biz >>MailScanner thanks transtec Computers for their support >> >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >>-- >>This message has been scanned for viruses and >>dangerous content by MailScanner, and is >>believed to be clean. >> >> >> >> >> > > >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dbird at SGHMS.AC.UK Sun Mar 13 17:03:06 2005 From: dbird at SGHMS.AC.UK (Daniel Bird) Date: Thu Jan 12 21:29:00 2006 Subject: Released beta 4.40.4 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > What MTA are you using? Please say Exim :-) Indeed! 8-) > > Daniel Bird wrote: > >> Daniel Bird wrote: >> >>> Julian Field wrote: >>> >>>> Folks, >>>> >>>> I have just released a new beta-test version, 4.40.4. >>>> >>> Been running for about 2 hours and seems fine. >> >> >> >> >> I lied. Seems it got itself in a loop, continually rescanning messages. >> Had to revert. Will test tomorrow. >> >> Dan >> >>> >>> Dan >>> >>>> This release is mainly for fixes to the Bayes database rebuilding, and >>>> for more Postfix testing. >>>> >>>> I have replaced my spam.assassin.prefs.conf and now use a very >>>> slightly >>>> modified version of the one provided by Fortress Systems (thanks >>>> Steve!). The change is to maintain compatibility with all previous >>>> versions that keep their Bayes files in ~/.spamassassin. >>>> >>>> Also the RAR archive handling is greatly improved. >>>> >>>> Download it as usual from www.mailscanner.info. >>>> >>>> The full Change Log is: >>>> * New Features and Improvements * >>>> - The "clamavmodule" scanner cannot unpack archives of RAR version 3. >>>> 2 new configuration settings allow you to unpack the latest RAR >>>> archives >>>> for testing by the "clamavmodule" scanner. >>>> It also enables the contents of the RAR archive to be checked for >>>> illegal >>>> filenames and filetypes, and also to see if they are >>>> password-protected. >>>> Unrar Command = /usr/bin/unrar >>>> Unrar Timeout = 50 >>>> - "Allow Password-protected Archives" can now be a ruleset when using >>>> the >>>> clamavmodule virus scanner. >>>> - Multiple "Subject:" lines are removed. The 1st one is kept. >>>> - If the "Unrar Command" is defined and points to an executable >>>> program, >>>> it will automatically be used by the "clamav" scanner. No -wrapper >>>> tweaking is needed to do this any more. >>>> - You can now use shell environment variables such as $HOSTNAME or >>>> ${HOSTNAME} in MailScanner.conf and its relatives. >>>> - More improvements to the phishing net. >>>> - More additions to the starter phishing.safe.sites.conf file. >>>> - Removed my spam.assassin.prefs.conf file in favour of the one from >>>> www.fsl.com, with just enough changes to produce an identical file >>>> layout to my previous versions. >>>> - Re-enabled ALL_TRUSTED rule after comments from Matt Kettler. >>>> Thanks! >>>> - Added long comment about ALL_TRUSTED rule, many thanks to Matt >>>> Kettler. >>>> - Improved screen behaviour of RPM-based init.d script. >>>> - Greatly improved RAR archive handler, thanks to Rick Cooper. >>>> >>>> * Fixes * >>>> - Fixed problem with missing Attachment-Warning when encountering a >>>> virus >>>> that is both silent and non-forging. >>>> - Improved output format of Sender warning, and removed duplicate >>>> lines. >>>> - In IPBlock facility, changed MTA dsn to 451 to temporarily refuse >>>> the >>>> connections, rather than the total block it used to do. >>>> - Removed erroneous log output from SpamAssassin bayes-rebuilder. >>>> - Postfix problem fixes. >>>> - Fixed SpamAssassin Bayes database rebuild timeout problem >>>> (hopefully!). >>>> >>>> -- >>>> Julian Field >>>> www.MailScanner.info >>>> Buy the MailScanner book at www.MailScanner.info/store >>>> Professional Support Services at www.MailScanner.biz >>>> MailScanner thanks transtec Computers for their support >>>> >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>> >>> >>> -- >>> ____________________________________ >>> >>> Daniel Bird >>> Network and Systems Manager >>> Department Of Information Services >>> St. George's Hospital Medical School >>> Tooting >>> London SW17 0RE >>> >>> P: +44 20 8725 2897 >>> F: +44 20 8725 3583 >>> E: dan@sghms.ac.uk >>> ____________________________________ >>> >>> Computing Services Homepage: >>> http://www.intranet.sghms.ac.uk/depts/is/cu/ >>> >>> The Computing Services Handbook: >>> http://www.intranet.sghms.ac.uk/depts/is/cu/handbook2003-4.pdf >>> >>> Everything is possible....except skiing through a revolving door. >>> >>> >>> >>> This message has been scanned for viruses and dangerous >>> content by MailScanner at danbird.net and is believed to be clean. >>> >>> >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> >> -- >> ____________________________________ >> >> Daniel Bird >> Network and Systems Manager >> Department Of Information Services >> St. George's Hospital Medical School >> Tooting >> London SW17 0RE >> >> P: +44 20 8725 2897 >> F: +44 20 8725 3583 >> E: dan@sghms.ac.uk >> ____________________________________ >> >> Computing Services Homepage: >> http://www.intranet.sghms.ac.uk/depts/is/cu/ >> >> The Computing Services Handbook: >> http://www.intranet.sghms.ac.uk/depts/is/cu/handbook2003-4.pdf >> >> Everything is possible....except skiing through a revolving door. >> >> >> >> This message has been scanned for viruses and dangerous >> content by MailScanner at danbird.net and is believed to be clean. >> >> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- ____________________________________ Daniel Bird Network and Systems Manager Department Of Information Services St. George's Hospital Medical School Tooting London SW17 0RE P: +44 20 8725 2897 F: +44 20 8725 3583 E: dan@sghms.ac.uk ____________________________________ Computing Services Homepage: http://www.intranet.sghms.ac.uk/depts/is/cu/ The Computing Services Handbook: http://www.intranet.sghms.ac.uk/depts/is/cu/handbook2003-4.pdf Everything is possible....except skiing through a revolving door. This message has been scanned for viruses and dangerous content by MailScanner at danbird.net and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From FStein at THEHILL.ORG Sun Mar 13 17:06:04 2005 From: FStein at THEHILL.ORG (Stein, Mr. Fred) Date: Thu Jan 12 21:29:00 2006 Subject: Released beta 4.40.4 Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] It is running well for me. Centos 3 postfix. Fred Stein Network Administrator The Hill School 717 E. High Street Pottstown, PA 19464 fstein@thehill.org www.thehill.org -----Original Message----- From: MailScanner mailing list on behalf of Julian Field Sent: Sat 3/12/2005 4:19 PM To: MAILSCANNER@JISCMAIL.AC.UK Cc: Subject: Released beta 4.40.4 Folks, I have just released a new beta-test version, 4.40.4. This release is mainly for fixes to the Bayes database rebuilding, and for more Postfix testing. I have replaced my spam.assassin.prefs.conf and now use a very slightly modified version of the one provided by Fortress Systems (thanks Steve!). The change is to maintain compatibility with all previous versions that keep their Bayes files in ~/.spamassassin. Also the RAR archive handling is greatly improved. Download it as usual from www.mailscanner.info. The full Change Log is: * New Features and Improvements * - The "clamavmodule" scanner cannot unpack archives of RAR version 3. 2 new configuration settings allow you to unpack the latest RAR archives for testing by the "clamavmodule" scanner. It also enables the contents of the RAR archive to be checked for illegal filenames and filetypes, and also to see if they are password-protected. Unrar Command = /usr/bin/unrar Unrar Timeout = 50 - "Allow Password-protected Archives" can now be a ruleset when using the clamavmodule virus scanner. - Multiple "Subject:" lines are removed. The 1st one is kept. - If the "Unrar Command" is defined and points to an executable program, it will automatically be used by the "clamav" scanner. No -wrapper tweaking is needed to do this any more. - You can now use shell environment variables such as $HOSTNAME or ${HOSTNAME} in MailScanner.conf and its relatives. - More improvements to the phishing net. - More additions to the starter phishing.safe.sites.conf file. - Removed my spam.assassin.prefs.conf file in favour of the one from www.fsl.com, with just enough changes to produce an identical file layout to my previous versions. - Re-enabled ALL_TRUSTED rule after comments from Matt Kettler. Thanks! - Added long comment about ALL_TRUSTED rule, many thanks to Matt Kettler. - Improved screen behaviour of RPM-based init.d script. - Greatly improved RAR archive handler, thanks to Rick Cooper. * Fixes * - Fixed problem with missing Attachment-Warning when encountering a virus that is both silent and non-forging. - Improved output format of Sender warning, and removed duplicate lines. - In IPBlock facility, changed MTA dsn to 451 to temporarily refuse the connections, rather than the total block it used to do. - Removed erroneous log output from SpamAssassin bayes-rebuilder. - Postfix problem fixes. - Fixed SpamAssassin Bayes database rebuild timeout problem (hopefully!). -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun Mar 13 17:09:27 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:00 2006 Subject: Released beta 4.40.4 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I'll quietly put out 4.40.5 to fix this, or no-one else will test it! Daniel Bird wrote: > Julian Field wrote: > >> What MTA are you using? Please say Exim :-) > > > Indeed! 8-) > >> >> Daniel Bird wrote: >> >>> Daniel Bird wrote: >>> >>>> Julian Field wrote: >>>> >>>>> Folks, >>>>> >>>>> I have just released a new beta-test version, 4.40.4. >>>>> >>>> Been running for about 2 hours and seems fine. >>> >>> >>> >>> >>> >>> I lied. Seems it got itself in a loop, continually rescanning messages. >>> Had to revert. Will test tomorrow. >>> >>> Dan >>> >>>> >>>> Dan >>>> >>>>> This release is mainly for fixes to the Bayes database rebuilding, >>>>> and >>>>> for more Postfix testing. >>>>> >>>>> I have replaced my spam.assassin.prefs.conf and now use a very >>>>> slightly >>>>> modified version of the one provided by Fortress Systems (thanks >>>>> Steve!). The change is to maintain compatibility with all previous >>>>> versions that keep their Bayes files in ~/.spamassassin. >>>>> >>>>> Also the RAR archive handling is greatly improved. >>>>> >>>>> Download it as usual from www.mailscanner.info. >>>>> >>>>> The full Change Log is: >>>>> * New Features and Improvements * >>>>> - The "clamavmodule" scanner cannot unpack archives of RAR version 3. >>>>> 2 new configuration settings allow you to unpack the latest RAR >>>>> archives >>>>> for testing by the "clamavmodule" scanner. >>>>> It also enables the contents of the RAR archive to be checked for >>>>> illegal >>>>> filenames and filetypes, and also to see if they are >>>>> password-protected. >>>>> Unrar Command = /usr/bin/unrar >>>>> Unrar Timeout = 50 >>>>> - "Allow Password-protected Archives" can now be a ruleset when using >>>>> the >>>>> clamavmodule virus scanner. >>>>> - Multiple "Subject:" lines are removed. The 1st one is kept. >>>>> - If the "Unrar Command" is defined and points to an executable >>>>> program, >>>>> it will automatically be used by the "clamav" scanner. No -wrapper >>>>> tweaking is needed to do this any more. >>>>> - You can now use shell environment variables such as $HOSTNAME or >>>>> ${HOSTNAME} in MailScanner.conf and its relatives. >>>>> - More improvements to the phishing net. >>>>> - More additions to the starter phishing.safe.sites.conf file. >>>>> - Removed my spam.assassin.prefs.conf file in favour of the one from >>>>> www.fsl.com, with just enough changes to produce an identical file >>>>> layout to my previous versions. >>>>> - Re-enabled ALL_TRUSTED rule after comments from Matt Kettler. >>>>> Thanks! >>>>> - Added long comment about ALL_TRUSTED rule, many thanks to Matt >>>>> Kettler. >>>>> - Improved screen behaviour of RPM-based init.d script. >>>>> - Greatly improved RAR archive handler, thanks to Rick Cooper. >>>>> >>>>> * Fixes * >>>>> - Fixed problem with missing Attachment-Warning when encountering a >>>>> virus >>>>> that is both silent and non-forging. >>>>> - Improved output format of Sender warning, and removed duplicate >>>>> lines. >>>>> - In IPBlock facility, changed MTA dsn to 451 to temporarily refuse >>>>> the >>>>> connections, rather than the total block it used to do. >>>>> - Removed erroneous log output from SpamAssassin bayes-rebuilder. >>>>> - Postfix problem fixes. >>>>> - Fixed SpamAssassin Bayes database rebuild timeout problem >>>>> (hopefully!). >>>>> >>>>> -- >>>>> Julian Field >>>>> www.MailScanner.info >>>>> Buy the MailScanner book at www.MailScanner.info/store >>>>> Professional Support Services at www.MailScanner.biz >>>>> MailScanner thanks transtec Computers for their support >>>>> >>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>>> >>>>> ------------------------ MailScanner list ------------------------ >>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>> 'leave mailscanner' in the body of the email. >>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>>> >>>> >>>> >>>> -- >>>> ____________________________________ >>>> >>>> Daniel Bird >>>> Network and Systems Manager >>>> Department Of Information Services >>>> St. George's Hospital Medical School >>>> Tooting >>>> London SW17 0RE >>>> >>>> P: +44 20 8725 2897 >>>> F: +44 20 8725 3583 >>>> E: dan@sghms.ac.uk >>>> ____________________________________ >>>> >>>> Computing Services Homepage: >>>> http://www.intranet.sghms.ac.uk/depts/is/cu/ >>>> >>>> The Computing Services Handbook: >>>> http://www.intranet.sghms.ac.uk/depts/is/cu/handbook2003-4.pdf >>>> >>>> Everything is possible....except skiing through a revolving door. >>>> >>>> >>>> >>>> This message has been scanned for viruses and dangerous >>>> content by MailScanner at danbird.net and is believed to be clean. >>>> >>>> >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>> >>> >>> -- >>> ____________________________________ >>> >>> Daniel Bird >>> Network and Systems Manager >>> Department Of Information Services >>> St. George's Hospital Medical School >>> Tooting >>> London SW17 0RE >>> >>> P: +44 20 8725 2897 >>> F: +44 20 8725 3583 >>> E: dan@sghms.ac.uk >>> ____________________________________ >>> >>> Computing Services Homepage: >>> http://www.intranet.sghms.ac.uk/depts/is/cu/ >>> >>> The Computing Services Handbook: >>> http://www.intranet.sghms.ac.uk/depts/is/cu/handbook2003-4.pdf >>> >>> Everything is possible....except skiing through a revolving door. >>> >>> >>> >>> This message has been scanned for viruses and dangerous >>> content by MailScanner at danbird.net and is believed to be clean. >>> >>> >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > > -- > ____________________________________ > > Daniel Bird > Network and Systems Manager > Department Of Information Services > St. George's Hospital Medical School > Tooting > London SW17 0RE > > P: +44 20 8725 2897 > F: +44 20 8725 3583 > E: dan@sghms.ac.uk > ____________________________________ > > Computing Services Homepage: > http://www.intranet.sghms.ac.uk/depts/is/cu/ > > The Computing Services Handbook: > http://www.intranet.sghms.ac.uk/depts/is/cu/handbook2003-4.pdf > > Everything is possible....except skiing through a revolving door. > > > > This message has been scanned for viruses and dangerous > content by MailScanner at danbird.net and is believed to be clean. > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Sun Mar 13 17:12:46 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:29:00 2006 Subject: Released beta 4.40.4 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Julian Field > Sent: Sunday, March 13, 2005 12:01 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Released beta 4.40.4 > > > Found this one, thanks for reporting it. > > [root@karla input]# diff Exim.pm.old Exim.pm > 763,764c763,764 > < for ($hdrnum=0; $hdrnum<@{$message->{headers}}; $hdrnum++) { > < next unless lc $message->{headers}[$hdrnum]{name} eq lc $key; > --- > > for ($hdrnum=0; $hdrnum<@{$metadata->{headers}}; $hdrnum++) { > > next unless lc $metadata->{headers}[$hdrnum]{name} eq lc $key; > > That's the patch for Exim.pm. Change $message to $metadata on both lines. That was it, all ok now. Rick > > Rick Cooper wrote: > > >Julian, > > > >I was just looking into this myself. In my case it is caused by > Exim.pm line > >764: > > > >Can't use string ("Received: from sahomelt.internal") as a HASH ref while > >"strict refs" in use at /opt/MailScanner/lib/MailScanner/Exim.pm line 764 > > > > > >Rick > > > > > > > > > > > >>-----Original Message----- > >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > >>Behalf Of Julian Field > >>Sent: Sunday, March 13, 2005 11:01 AM > >>To: MAILSCANNER@JISCMAIL.AC.UK > >>Subject: Re: Released beta 4.40.4 > >> > >> > >>Daniel Bird wrote: > >> > >> > >> > >>>Daniel Bird wrote: > >>> > >>> > >>> > >>>>Julian Field wrote: > >>>> > >>>> > >>>> > >>>>>Folks, > >>>>> > >>>>>I have just released a new beta-test version, 4.40.4. > >>>>> > >>>>> > >>>>> > >>>>Been running for about 2 hours and seems fine. > >>>> > >>>> > >>> > >>>I lied. Seems it got itself in a loop, continually rescanning messages. > >>>Had to revert. Will test tomorrow. > >>> > >>> > >>Bother. Can you put it in debug mode, then stop it, then > >>check_MailScanner and see what it says please? It may be one message > >>causing it trouble, please can you let me know what you find. > >> > >> > >> > >>>Dan > >>> > >>> > >>> > >>>>Dan > >>>> > >>>> > >>>> > >>>>>This release is mainly for fixes to the Bayes database > rebuilding, and > >>>>>for more Postfix testing. > >>>>> > >>>>>I have replaced my spam.assassin.prefs.conf and now use a > >>>>> > >>>>> > >>very slightly > >> > >> > >>>>>modified version of the one provided by Fortress Systems (thanks > >>>>>Steve!). The change is to maintain compatibility with all previous > >>>>>versions that keep their Bayes files in ~/.spamassassin. > >>>>> > >>>>>Also the RAR archive handling is greatly improved. > >>>>> > >>>>>Download it as usual from www.mailscanner.info. > >>>>> > >>>>>The full Change Log is: > >>>>>* New Features and Improvements * > >>>>>- The "clamavmodule" scanner cannot unpack archives of RAR version 3. > >>>>> 2 new configuration settings allow you to unpack the latest RAR > >>>>>archives > >>>>> for testing by the "clamavmodule" scanner. > >>>>> It also enables the contents of the RAR archive to be checked for > >>>>>illegal > >>>>> filenames and filetypes, and also to see if they are > >>>>>password-protected. > >>>>> Unrar Command = /usr/bin/unrar > >>>>> Unrar Timeout = 50 > >>>>>- "Allow Password-protected Archives" can now be a ruleset when using > >>>>>the > >>>>> clamavmodule virus scanner. > >>>>>- Multiple "Subject:" lines are removed. The 1st one is kept. > >>>>>- If the "Unrar Command" is defined and points to an executable > >>>>>program, > >>>>> it will automatically be used by the "clamav" scanner. No -wrapper > >>>>> tweaking is needed to do this any more. > >>>>>- You can now use shell environment variables such as $HOSTNAME or > >>>>> ${HOSTNAME} in MailScanner.conf and its relatives. > >>>>>- More improvements to the phishing net. > >>>>>- More additions to the starter phishing.safe.sites.conf file. > >>>>>- Removed my spam.assassin.prefs.conf file in favour of the one from > >>>>> www.fsl.com, with just enough changes to produce an identical file > >>>>> layout to my previous versions. > >>>>>- Re-enabled ALL_TRUSTED rule after comments from Matt > >>>>> > >>>>> > >>Kettler. Thanks! > >> > >> > >>>>>- Added long comment about ALL_TRUSTED rule, many thanks to Matt > >>>>>Kettler. > >>>>>- Improved screen behaviour of RPM-based init.d script. > >>>>>- Greatly improved RAR archive handler, thanks to Rick Cooper. > >>>>> > >>>>>* Fixes * > >>>>>- Fixed problem with missing Attachment-Warning when encountering a > >>>>>virus > >>>>> that is both silent and non-forging. > >>>>>- Improved output format of Sender warning, and removed duplicate > >>>>>lines. > >>>>>- In IPBlock facility, changed MTA dsn to 451 to temporarily > >>>>> > >>>>> > >>refuse the > >> > >> > >>>>> connections, rather than the total block it used to do. > >>>>>- Removed erroneous log output from SpamAssassin bayes-rebuilder. > >>>>>- Postfix problem fixes. > >>>>>- Fixed SpamAssassin Bayes database rebuild timeout problem > >>>>>(hopefully!). > >>>>> > >>>>>-- > >>>>>Julian Field > >>>>>www.MailScanner.info > >>>>>Buy the MailScanner book at www.MailScanner.info/store > >>>>>Professional Support Services at www.MailScanner.biz > >>>>>MailScanner thanks transtec Computers for their support > >>>>> > >>>>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >>>>> > >>>>>------------------------ MailScanner list ------------------------ > >>>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>>>>'leave mailscanner' in the body of the email. > >>>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >>>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >>>>> > >>>>>Support MailScanner development - buy the book off the website! > >>>>> > >>>>> > >>>>> > >>>>-- > >>>>____________________________________ > >>>> > >>>>Daniel Bird > >>>>Network and Systems Manager > >>>>Department Of Information Services > >>>>St. George's Hospital Medical School > >>>>Tooting > >>>>London SW17 0RE > >>>> > >>>>P: +44 20 8725 2897 > >>>>F: +44 20 8725 3583 > >>>>E: dan@sghms.ac.uk > >>>>____________________________________ > >>>> > >>>>Computing Services Homepage: > >>>>http://www.intranet.sghms.ac.uk/depts/is/cu/ > >>>> > >>>>The Computing Services Handbook: > >>>>http://www.intranet.sghms.ac.uk/depts/is/cu/handbook2003-4.pdf > >>>> > >>>>Everything is possible....except skiing through a revolving door. > >>>> > >>>> > >>>> > >>>>This message has been scanned for viruses and dangerous > >>>>content by MailScanner at danbird.net and is believed to be clean. > >>>> > >>>> > >>>> > >>>>------------------------ MailScanner list ------------------------ > >>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>>>'leave mailscanner' in the body of the email. > >>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >>>> > >>>>Support MailScanner development - buy the book off the website! > >>>> > >>>> > >>>> > >>>-- > >>>____________________________________ > >>> > >>>Daniel Bird > >>>Network and Systems Manager > >>>Department Of Information Services > >>>St. George's Hospital Medical School > >>>Tooting > >>>London SW17 0RE > >>> > >>>P: +44 20 8725 2897 > >>>F: +44 20 8725 3583 > >>>E: dan@sghms.ac.uk > >>>____________________________________ > >>> > >>>Computing Services Homepage: > >>>http://www.intranet.sghms.ac.uk/depts/is/cu/ > >>> > >>>The Computing Services Handbook: > >>>http://www.intranet.sghms.ac.uk/depts/is/cu/handbook2003-4.pdf > >>> > >>>Everything is possible....except skiing through a revolving door. > >>> > >>> > >>> > >>>This message has been scanned for viruses and dangerous > >>>content by MailScanner at danbird.net and is believed to be clean. > >>> > >>> > >>> > >>>------------------------ MailScanner list ------------------------ > >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>>'leave mailscanner' in the body of the email. > >>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >>> > >>>Support MailScanner development - buy the book off the website! > >>> > >>> > >>> > >>-- > >>Julian Field > >>www.MailScanner.info > >>Buy the MailScanner book at www.MailScanner.info/store > >>Professional Support Services at www.MailScanner.biz > >>MailScanner thanks transtec Computers for their support > >> > >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >> > >>------------------------ MailScanner list ------------------------ > >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>'leave mailscanner' in the body of the email. > >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> > >>Support MailScanner development - buy the book off the website! > >> > >>-- > >>This message has been scanned for viruses and > >>dangerous content by MailScanner, and is > >>believed to be clean. > >> > >> > >> > >> > >> > > > > > >-- > >This message has been scanned for viruses and > >dangerous content by MailScanner, and is > >believed to be clean. > > > >------------------------ MailScanner list ------------------------ > >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >'leave mailscanner' in the body of the email. > >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > >Support MailScanner development - buy the book off the website! > > > > > > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun Mar 13 17:31:33 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:00 2006 Subject: Released beta 4.40.4 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have just put out 4.40.5 with this fix in it. Rick Cooper wrote: >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >>Behalf Of Julian Field >>Sent: Sunday, March 13, 2005 12:01 PM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: Released beta 4.40.4 >> >> >>Found this one, thanks for reporting it. >> >>[root@karla input]# diff Exim.pm.old Exim.pm >>763,764c763,764 >>< for ($hdrnum=0; $hdrnum<@{$message->{headers}}; $hdrnum++) { >>< next unless lc $message->{headers}[$hdrnum]{name} eq lc $key; >>--- >> > for ($hdrnum=0; $hdrnum<@{$metadata->{headers}}; $hdrnum++) { >> > next unless lc $metadata->{headers}[$hdrnum]{name} eq lc $key; >> >>That's the patch for Exim.pm. Change $message to $metadata on both lines. >> >> > >That was it, all ok now. > >Rick > > > > >>Rick Cooper wrote: >> >> >> >>>Julian, >>> >>>I was just looking into this myself. In my case it is caused by >>> >>> >>Exim.pm line >> >> >>>764: >>> >>>Can't use string ("Received: from sahomelt.internal") as a HASH ref while >>>"strict refs" in use at /opt/MailScanner/lib/MailScanner/Exim.pm line 764 >>> >>> >>>Rick >>> >>> >>> >>> >>> >>> >>> >>>>-----Original Message----- >>>>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >>>>Behalf Of Julian Field >>>>Sent: Sunday, March 13, 2005 11:01 AM >>>>To: MAILSCANNER@JISCMAIL.AC.UK >>>>Subject: Re: Released beta 4.40.4 >>>> >>>> >>>>Daniel Bird wrote: >>>> >>>> >>>> >>>> >>>> >>>>>Daniel Bird wrote: >>>>> >>>>> >>>>> >>>>> >>>>> >>>>>>Julian Field wrote: >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>>Folks, >>>>>>> >>>>>>>I have just released a new beta-test version, 4.40.4. >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>Been running for about 2 hours and seems fine. >>>>>> >>>>>> >>>>>> >>>>>> >>>>>I lied. Seems it got itself in a loop, continually rescanning messages. >>>>>Had to revert. Will test tomorrow. >>>>> >>>>> >>>>> >>>>> >>>>Bother. Can you put it in debug mode, then stop it, then >>>>check_MailScanner and see what it says please? It may be one message >>>>causing it trouble, please can you let me know what you find. >>>> >>>> >>>> >>>> >>>> >>>>>Dan >>>>> >>>>> >>>>> >>>>> >>>>> >>>>>>Dan >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>>This release is mainly for fixes to the Bayes database >>>>>>> >>>>>>> >>rebuilding, and >> >> >>>>>>>for more Postfix testing. >>>>>>> >>>>>>>I have replaced my spam.assassin.prefs.conf and now use a >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>very slightly >>>> >>>> >>>> >>>> >>>>>>>modified version of the one provided by Fortress Systems (thanks >>>>>>>Steve!). The change is to maintain compatibility with all previous >>>>>>>versions that keep their Bayes files in ~/.spamassassin. >>>>>>> >>>>>>>Also the RAR archive handling is greatly improved. >>>>>>> >>>>>>>Download it as usual from www.mailscanner.info. >>>>>>> >>>>>>>The full Change Log is: >>>>>>>* New Features and Improvements * >>>>>>>- The "clamavmodule" scanner cannot unpack archives of RAR version 3. >>>>>>>2 new configuration settings allow you to unpack the latest RAR >>>>>>>archives >>>>>>>for testing by the "clamavmodule" scanner. >>>>>>>It also enables the contents of the RAR archive to be checked for >>>>>>>illegal >>>>>>>filenames and filetypes, and also to see if they are >>>>>>>password-protected. >>>>>>>Unrar Command = /usr/bin/unrar >>>>>>>Unrar Timeout = 50 >>>>>>>- "Allow Password-protected Archives" can now be a ruleset when using >>>>>>>the >>>>>>>clamavmodule virus scanner. >>>>>>>- Multiple "Subject:" lines are removed. The 1st one is kept. >>>>>>>- If the "Unrar Command" is defined and points to an executable >>>>>>>program, >>>>>>>it will automatically be used by the "clamav" scanner. No -wrapper >>>>>>>tweaking is needed to do this any more. >>>>>>>- You can now use shell environment variables such as $HOSTNAME or >>>>>>>${HOSTNAME} in MailScanner.conf and its relatives. >>>>>>>- More improvements to the phishing net. >>>>>>>- More additions to the starter phishing.safe.sites.conf file. >>>>>>>- Removed my spam.assassin.prefs.conf file in favour of the one from >>>>>>>www.fsl.com, with just enough changes to produce an identical file >>>>>>>layout to my previous versions. >>>>>>>- Re-enabled ALL_TRUSTED rule after comments from Matt >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>Kettler. Thanks! >>>> >>>> >>>> >>>> >>>>>>>- Added long comment about ALL_TRUSTED rule, many thanks to Matt >>>>>>>Kettler. >>>>>>>- Improved screen behaviour of RPM-based init.d script. >>>>>>>- Greatly improved RAR archive handler, thanks to Rick Cooper. >>>>>>> >>>>>>>* Fixes * >>>>>>>- Fixed problem with missing Attachment-Warning when encountering a >>>>>>>virus >>>>>>>that is both silent and non-forging. >>>>>>>- Improved output format of Sender warning, and removed duplicate >>>>>>>lines. >>>>>>>- In IPBlock facility, changed MTA dsn to 451 to temporarily >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>refuse the >>>> >>>> >>>> >>>> >>>>>>>connections, rather than the total block it used to do. >>>>>>>- Removed erroneous log output from SpamAssassin bayes-rebuilder. >>>>>>>- Postfix problem fixes. >>>>>>>- Fixed SpamAssassin Bayes database rebuild timeout problem >>>>>>>(hopefully!). >>>>>>> >>>>>>>-- >>>>>>>Julian Field >>>>>>>www.MailScanner.info >>>>>>>Buy the MailScanner book at www.MailScanner.info/store >>>>>>>Professional Support Services at www.MailScanner.biz >>>>>>>MailScanner thanks transtec Computers for their support >>>>>>> >>>>>>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>>>>> >>>>>>>------------------------ MailScanner list ------------------------ >>>>>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>>'leave mailscanner' in the body of the email. >>>>>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>> >>>>>>>Support MailScanner development - buy the book off the website! >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>-- >>>>>>____________________________________ >>>>>> >>>>>>Daniel Bird >>>>>>Network and Systems Manager >>>>>>Department Of Information Services >>>>>>St. George's Hospital Medical School >>>>>>Tooting >>>>>>London SW17 0RE >>>>>> >>>>>>P: +44 20 8725 2897 >>>>>>F: +44 20 8725 3583 >>>>>>E: dan@sghms.ac.uk >>>>>>____________________________________ >>>>>> >>>>>>Computing Services Homepage: >>>>>>http://www.intranet.sghms.ac.uk/depts/is/cu/ >>>>>> >>>>>>The Computing Services Handbook: >>>>>>http://www.intranet.sghms.ac.uk/depts/is/cu/handbook2003-4.pdf >>>>>> >>>>>>Everything is possible....except skiing through a revolving door. >>>>>> >>>>>> >>>>>> >>>>>>This message has been scanned for viruses and dangerous >>>>>>content by MailScanner at danbird.net and is believed to be clean. >>>>>> >>>>>> >>>>>> >>>>>>------------------------ MailScanner list ------------------------ >>>>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>'leave mailscanner' in the body of the email. >>>>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>> >>>>>>Support MailScanner development - buy the book off the website! >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>-- >>>>>____________________________________ >>>>> >>>>>Daniel Bird >>>>>Network and Systems Manager >>>>>Department Of Information Services >>>>>St. George's Hospital Medical School >>>>>Tooting >>>>>London SW17 0RE >>>>> >>>>>P: +44 20 8725 2897 >>>>>F: +44 20 8725 3583 >>>>>E: dan@sghms.ac.uk >>>>>____________________________________ >>>>> >>>>>Computing Services Homepage: >>>>>http://www.intranet.sghms.ac.uk/depts/is/cu/ >>>>> >>>>>The Computing Services Handbook: >>>>>http://www.intranet.sghms.ac.uk/depts/is/cu/handbook2003-4.pdf >>>>> >>>>>Everything is possible....except skiing through a revolving door. >>>>> >>>>> >>>>> >>>>>This message has been scanned for viruses and dangerous >>>>>content by MailScanner at danbird.net and is believed to be clean. >>>>> >>>>> >>>>> >>>>>------------------------ MailScanner list ------------------------ >>>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>'leave mailscanner' in the body of the email. >>>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>> >>>>>Support MailScanner development - buy the book off the website! >>>>> >>>>> >>>>> >>>>> >>>>> >>>>-- >>>>Julian Field >>>>www.MailScanner.info >>>>Buy the MailScanner book at www.MailScanner.info/store >>>>Professional Support Services at www.MailScanner.biz >>>>MailScanner thanks transtec Computers for their support >>>> >>>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>> >>>>------------------------ MailScanner list ------------------------ >>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>'leave mailscanner' in the body of the email. >>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>>Support MailScanner development - buy the book off the website! >>>> >>>>-- >>>>This message has been scanned for viruses and >>>>dangerous content by MailScanner, and is >>>>believed to be clean. >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>-- >>>This message has been scanned for viruses and >>>dangerous content by MailScanner, and is >>>believed to be clean. >>> >>>------------------------ MailScanner list ------------------------ >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>'leave mailscanner' in the body of the email. >>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>Support MailScanner development - buy the book off the website! >>> >>> >>> >>> >>> >>-- >>Julian Field >>www.MailScanner.info >>Buy the MailScanner book at www.MailScanner.info/store >>Professional Support Services at www.MailScanner.biz >>MailScanner thanks transtec Computers for their support >> >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >>-- >>This message has been scanned for viruses and >>dangerous content by MailScanner, and is >>believed to be clean. >> >> >> >> >> > > >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dbird at SGHMS.AC.UK Sun Mar 13 21:32:13 2005 From: dbird at SGHMS.AC.UK (Daniel Bird) Date: Thu Jan 12 21:29:00 2006 Subject: Released beta 4.40.4 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > I'll quietly put out 4.40.5 to fix this, or no-one else will test it! Excellent. Running perfectly now. Thanks for the quick fix. Dan PS: I'll buy you a beer (or 2!) at Networkshop (Got the book already! ;-) > > Daniel Bird wrote: > >> Julian Field wrote: >> >>> What MTA are you using? Please say Exim :-) >> >> >> >> Indeed! 8-) >> >>> >>> Daniel Bird wrote: >>> >>>> Daniel Bird wrote: >>>> >>>>> Julian Field wrote: >>>>> >>>>>> Folks, >>>>>> >>>>>> I have just released a new beta-test version, 4.40.4. >>>>>> >>>>> Been running for about 2 hours and seems fine. >>>> >>>> >>>> >>>> >>>> >>>> >>>> I lied. Seems it got itself in a loop, continually rescanning >>>> messages. >>>> Had to revert. Will test tomorrow. >>>> >>>> Dan >>>> >>>>> >>>>> Dan >>>>> >>>>>> This release is mainly for fixes to the Bayes database rebuilding, >>>>>> and >>>>>> for more Postfix testing. >>>>>> >>>>>> I have replaced my spam.assassin.prefs.conf and now use a very >>>>>> slightly >>>>>> modified version of the one provided by Fortress Systems (thanks >>>>>> Steve!). The change is to maintain compatibility with all previous >>>>>> versions that keep their Bayes files in ~/.spamassassin. >>>>>> >>>>>> Also the RAR archive handling is greatly improved. >>>>>> >>>>>> Download it as usual from www.mailscanner.info. >>>>>> >>>>>> The full Change Log is: >>>>>> * New Features and Improvements * >>>>>> - The "clamavmodule" scanner cannot unpack archives of RAR >>>>>> version 3. >>>>>> 2 new configuration settings allow you to unpack the latest RAR >>>>>> archives >>>>>> for testing by the "clamavmodule" scanner. >>>>>> It also enables the contents of the RAR archive to be checked for >>>>>> illegal >>>>>> filenames and filetypes, and also to see if they are >>>>>> password-protected. >>>>>> Unrar Command = /usr/bin/unrar >>>>>> Unrar Timeout = 50 >>>>>> - "Allow Password-protected Archives" can now be a ruleset when >>>>>> using >>>>>> the >>>>>> clamavmodule virus scanner. >>>>>> - Multiple "Subject:" lines are removed. The 1st one is kept. >>>>>> - If the "Unrar Command" is defined and points to an executable >>>>>> program, >>>>>> it will automatically be used by the "clamav" scanner. No -wrapper >>>>>> tweaking is needed to do this any more. >>>>>> - You can now use shell environment variables such as $HOSTNAME or >>>>>> ${HOSTNAME} in MailScanner.conf and its relatives. >>>>>> - More improvements to the phishing net. >>>>>> - More additions to the starter phishing.safe.sites.conf file. >>>>>> - Removed my spam.assassin.prefs.conf file in favour of the one from >>>>>> www.fsl.com, with just enough changes to produce an identical file >>>>>> layout to my previous versions. >>>>>> - Re-enabled ALL_TRUSTED rule after comments from Matt Kettler. >>>>>> Thanks! >>>>>> - Added long comment about ALL_TRUSTED rule, many thanks to Matt >>>>>> Kettler. >>>>>> - Improved screen behaviour of RPM-based init.d script. >>>>>> - Greatly improved RAR archive handler, thanks to Rick Cooper. >>>>>> >>>>>> * Fixes * >>>>>> - Fixed problem with missing Attachment-Warning when encountering a >>>>>> virus >>>>>> that is both silent and non-forging. >>>>>> - Improved output format of Sender warning, and removed duplicate >>>>>> lines. >>>>>> - In IPBlock facility, changed MTA dsn to 451 to temporarily refuse >>>>>> the >>>>>> connections, rather than the total block it used to do. >>>>>> - Removed erroneous log output from SpamAssassin bayes-rebuilder. >>>>>> - Postfix problem fixes. >>>>>> - Fixed SpamAssassin Bayes database rebuild timeout problem >>>>>> (hopefully!). >>>>>> >>>>>> -- >>>>>> Julian Field >>>>>> www.MailScanner.info >>>>>> Buy the MailScanner book at www.MailScanner.info/store >>>>>> Professional Support Services at www.MailScanner.biz >>>>>> MailScanner thanks transtec Computers for their support >>>>>> >>>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>>>> >>>>>> ------------------------ MailScanner list ------------------------ >>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>> 'leave mailscanner' in the body of the email. >>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>> >>>>>> Support MailScanner development - buy the book off the website! >>>>>> >>>>> >>>>> >>>>> -- >>>>> ____________________________________ >>>>> >>>>> Daniel Bird >>>>> Network and Systems Manager >>>>> Department Of Information Services >>>>> St. George's Hospital Medical School >>>>> Tooting >>>>> London SW17 0RE >>>>> >>>>> P: +44 20 8725 2897 >>>>> F: +44 20 8725 3583 >>>>> E: dan@sghms.ac.uk >>>>> ____________________________________ >>>>> >>>>> Computing Services Homepage: >>>>> http://www.intranet.sghms.ac.uk/depts/is/cu/ >>>>> >>>>> The Computing Services Handbook: >>>>> http://www.intranet.sghms.ac.uk/depts/is/cu/handbook2003-4.pdf >>>>> >>>>> Everything is possible....except skiing through a revolving door. >>>>> >>>>> >>>>> >>>>> This message has been scanned for viruses and dangerous >>>>> content by MailScanner at danbird.net and is believed to be clean. >>>>> >>>>> >>>>> >>>>> ------------------------ MailScanner list ------------------------ >>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>> 'leave mailscanner' in the body of the email. >>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>>> >>>> >>>> >>>> -- >>>> ____________________________________ >>>> >>>> Daniel Bird >>>> Network and Systems Manager >>>> Department Of Information Services >>>> St. George's Hospital Medical School >>>> Tooting >>>> London SW17 0RE >>>> >>>> P: +44 20 8725 2897 >>>> F: +44 20 8725 3583 >>>> E: dan@sghms.ac.uk >>>> ____________________________________ >>>> >>>> Computing Services Homepage: >>>> http://www.intranet.sghms.ac.uk/depts/is/cu/ >>>> >>>> The Computing Services Handbook: >>>> http://www.intranet.sghms.ac.uk/depts/is/cu/handbook2003-4.pdf >>>> >>>> Everything is possible....except skiing through a revolving door. >>>> >>>> >>>> >>>> This message has been scanned for viruses and dangerous >>>> content by MailScanner at danbird.net and is believed to be clean. >>>> >>>> >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>> >>> -- >>> Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> Professional Support Services at www.MailScanner.biz >>> MailScanner thanks transtec Computers for their support >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> >> -- >> ____________________________________ >> >> Daniel Bird >> Network and Systems Manager >> Department Of Information Services >> St. George's Hospital Medical School >> Tooting >> London SW17 0RE >> >> P: +44 20 8725 2897 >> F: +44 20 8725 3583 >> E: dan@sghms.ac.uk >> ____________________________________ >> >> Computing Services Homepage: >> http://www.intranet.sghms.ac.uk/depts/is/cu/ >> >> The Computing Services Handbook: >> http://www.intranet.sghms.ac.uk/depts/is/cu/handbook2003-4.pdf >> >> Everything is possible....except skiing through a revolving door. >> >> >> >> This message has been scanned for viruses and dangerous >> content by MailScanner at danbird.net and is believed to be clean. >> >> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- ____________________________________ Daniel Bird Network and Systems Manager Department Of Information Services St. George's Hospital Medical School Tooting London SW17 0RE P: +44 20 8725 2897 F: +44 20 8725 3583 E: dan@sghms.ac.uk ____________________________________ Computing Services Homepage: http://www.intranet.sghms.ac.uk/depts/is/cu/ The Computing Services Handbook: http://www.intranet.sghms.ac.uk/depts/is/cu/handbook2003-4.pdf Everything is possible....except skiing through a revolving door. This message has been scanned for viruses and dangerous content by MailScanner at danbird.net and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martelm at QUARK.VSC.EDU Sun Mar 13 23:37:05 2005 From: martelm at QUARK.VSC.EDU (Michael H. Martel) Date: Thu Jan 12 21:29:00 2006 Subject: ProcessClamAVOutput: unrecognised Message-ID: Hello! using the latest BETA version of MailScanner I get messages like this in my logfiles when the body of the message being scanned is empty. It's a cosmetic thing only, but there it is. I'm using the latest CVS version of ClamAV, so no doubt they changed something. Though, you never know, it could be something I did. Mar 13 18:34:09 styx MailScanner[4327]: Virus and Content Scanning: Starting Mar 13 18:34:12 styx MailScanner[4327]: /var/spool/MailScanner/incoming/4327/./j2DNY8X0004332/msg-4327-1.txt: Empty file Mar 13 18:34:13 styx MailScanner[4327]: ProcessClamAVOutput: unrecognised line "/var/spool/MailScanner/incoming/4327/./j2DNY8X0004332/msg-4327-1.txt: Empty file". Please contact the authors! Thanks! Michael -- --------------------------------o--------------------------------- Michael H. Martel | Vermont State Colleges martelm@quark.vsc.edu | Systems Administrator http://probe.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pg at NEWHONEST.COM Mon Mar 14 03:16:20 2005 From: pg at NEWHONEST.COM (Jason) Date: Thu Jan 12 21:29:00 2006 Subject: small spam score, but defined as spam Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, Sometimes I recieve emails marked to be spam without enough spam score. The follow header is from an email (actually a spam). MailScanner correctly defines it as spam, but the score is just -0.125. So does MailScanner does not only rely on spam score? What else then? X-MailScanner-SpamCheck: spam, spamhaus-XBL, SpamAssassin (score=-0.125, required 5, ALL_TRUSTED -3.30, BAYES_50 0.00, HTML_30_40 0.02, HTML_MESSAGE 0.00, INVALID_DATE 0.24, MIME_HTML_ONLY 0.18, MIME_QP_LONG_LINE 0.04, MSGID_OUTLOOK_INVALID 2.70) X-MailScanner-From: vang_fp@email.australia.edu Jason ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From james at grayonline.id.au Mon Mar 14 03:28:45 2005 From: james at grayonline.id.au (James Gray) Date: Thu Jan 12 21:29:00 2006 Subject: small spam score, but defined as spam Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Mon, 14 Mar 2005 02:16 pm, Jason wrote: > Hi, > > Sometimes I recieve emails marked to be spam without enough spam score. > The follow header is from an email (actually a spam). MailScanner > correctly defines it as spam, but the score is just -0.125. So does > MailScanner does not only rely on spam score? What else then? > > X-MailScanner-SpamCheck: spam, spamhaus-XBL, SpamAssassin (score=-0.125, > required 5, ALL_TRUSTED -3.30, BAYES_50 0.00, HTML_30_40 0.02, > HTML_MESSAGE 0.00, INVALID_DATE 0.24, MIME_HTML_ONLY 0.18, > MIME_QP_LONG_LINE 0.04, MSGID_OUTLOOK_INVALID 2.70) > X-MailScanner-From: vang_fp@email.australia.edu > > Jason Notice the ...SpamCheck: spam, spamhaus-XBL, SpamAssassin... ^ Header ^ ^MS RBL ^SA | Spam/Not spam "status" After the spam check header, MailScanner is telling you it's classified it as spam for two reasons: 1. the message was matched against spamhaus-XBL list 2. Spamassassin's score Note it's an "OR" relationship, not "AND". In other words, if you have configured RBL's in MailScanner.conf AND MailScanner to use SpamAssassin, then the first one to identify spam, wins. If neither identify it as spam, it's considered clean (ham). If you want to rely on SpamAssassin ONLY, take out the RBL's in MailScanner.conf. Then your mail will only be identified as spam if SpamAssassin scores above 5. SA also uses RBL's (many more than MailScanner in fact) so you wont be "loosing" anything, but you will be able to adjust the scores of RBL's you trust etc from the spam.assassin.prefs.conf file, or by custom rules etc. HTH, James -- Just when you thought you were winning the rat race, along comes a faster rat!!! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pg at NEWHONEST.COM Mon Mar 14 03:30:40 2005 From: pg at NEWHONEST.COM (Jason) Date: Thu Jan 12 21:29:00 2006 Subject: bayes on new server Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, I'm considering an upgrade from FC2 to CentOS4. Is there a way to restore the bayes from FC2 to CentOs4? What files should I copy, or how?? Jason ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Mar 14 07:32:32 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:00 2006 Subject: bayes on new server Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] /root/.spamassassin/bayes* Jason wrote: > Hi, > > I'm considering an upgrade from FC2 to CentOS4. Is there a way to > restore the bayes from FC2 to CentOs4? What files should I copy, or how?? > > Jason > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Mar 14 07:31:34 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:00 2006 Subject: Released beta 4.40.4 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Daniel Bird wrote: > Julian Field wrote: > >> I'll quietly put out 4.40.5 to fix this, or no-one else will test it! > > > Excellent. Running perfectly now. Thanks for the quick fix. > > Dan > > PS: I'll buy you a beer (or 2!) at Networkshop (Got the book already! ;-) You're on! Mine will be a glass of dry white please :-) > >> >> Daniel Bird wrote: >> >>> Julian Field wrote: >>> >>>> What MTA are you using? Please say Exim :-) >>> >>> >>> >>> >>> Indeed! 8-) >>> >>>> >>>> Daniel Bird wrote: >>>> >>>>> Daniel Bird wrote: >>>>> >>>>>> Julian Field wrote: >>>>>> >>>>>>> Folks, >>>>>>> >>>>>>> I have just released a new beta-test version, 4.40.4. >>>>>>> >>>>>> Been running for about 2 hours and seems fine. >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> I lied. Seems it got itself in a loop, continually rescanning >>>>> messages. >>>>> Had to revert. Will test tomorrow. >>>>> >>>>> Dan >>>>> >>>>>> >>>>>> Dan >>>>>> >>>>>>> This release is mainly for fixes to the Bayes database rebuilding, >>>>>>> and >>>>>>> for more Postfix testing. >>>>>>> >>>>>>> I have replaced my spam.assassin.prefs.conf and now use a very >>>>>>> slightly >>>>>>> modified version of the one provided by Fortress Systems (thanks >>>>>>> Steve!). The change is to maintain compatibility with all previous >>>>>>> versions that keep their Bayes files in ~/.spamassassin. >>>>>>> >>>>>>> Also the RAR archive handling is greatly improved. >>>>>>> >>>>>>> Download it as usual from www.mailscanner.info. >>>>>>> >>>>>>> The full Change Log is: >>>>>>> * New Features and Improvements * >>>>>>> - The "clamavmodule" scanner cannot unpack archives of RAR >>>>>>> version 3. >>>>>>> 2 new configuration settings allow you to unpack the latest RAR >>>>>>> archives >>>>>>> for testing by the "clamavmodule" scanner. >>>>>>> It also enables the contents of the RAR archive to be checked for >>>>>>> illegal >>>>>>> filenames and filetypes, and also to see if they are >>>>>>> password-protected. >>>>>>> Unrar Command = /usr/bin/unrar >>>>>>> Unrar Timeout = 50 >>>>>>> - "Allow Password-protected Archives" can now be a ruleset when >>>>>>> using >>>>>>> the >>>>>>> clamavmodule virus scanner. >>>>>>> - Multiple "Subject:" lines are removed. The 1st one is kept. >>>>>>> - If the "Unrar Command" is defined and points to an executable >>>>>>> program, >>>>>>> it will automatically be used by the "clamav" scanner. No -wrapper >>>>>>> tweaking is needed to do this any more. >>>>>>> - You can now use shell environment variables such as $HOSTNAME or >>>>>>> ${HOSTNAME} in MailScanner.conf and its relatives. >>>>>>> - More improvements to the phishing net. >>>>>>> - More additions to the starter phishing.safe.sites.conf file. >>>>>>> - Removed my spam.assassin.prefs.conf file in favour of the one >>>>>>> from >>>>>>> www.fsl.com, with just enough changes to produce an identical file >>>>>>> layout to my previous versions. >>>>>>> - Re-enabled ALL_TRUSTED rule after comments from Matt Kettler. >>>>>>> Thanks! >>>>>>> - Added long comment about ALL_TRUSTED rule, many thanks to Matt >>>>>>> Kettler. >>>>>>> - Improved screen behaviour of RPM-based init.d script. >>>>>>> - Greatly improved RAR archive handler, thanks to Rick Cooper. >>>>>>> >>>>>>> * Fixes * >>>>>>> - Fixed problem with missing Attachment-Warning when encountering a >>>>>>> virus >>>>>>> that is both silent and non-forging. >>>>>>> - Improved output format of Sender warning, and removed duplicate >>>>>>> lines. >>>>>>> - In IPBlock facility, changed MTA dsn to 451 to temporarily refuse >>>>>>> the >>>>>>> connections, rather than the total block it used to do. >>>>>>> - Removed erroneous log output from SpamAssassin bayes-rebuilder. >>>>>>> - Postfix problem fixes. >>>>>>> - Fixed SpamAssassin Bayes database rebuild timeout problem >>>>>>> (hopefully!). >>>>>>> >>>>>>> -- >>>>>>> Julian Field >>>>>>> www.MailScanner.info >>>>>>> Buy the MailScanner book at www.MailScanner.info/store >>>>>>> Professional Support Services at www.MailScanner.biz >>>>>>> MailScanner thanks transtec Computers for their support >>>>>>> >>>>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>>>>> >>>>>>> ------------------------ MailScanner list ------------------------ >>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>> 'leave mailscanner' in the body of the email. >>>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>> >>>>>>> Support MailScanner development - buy the book off the website! >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> ____________________________________ >>>>>> >>>>>> Daniel Bird >>>>>> Network and Systems Manager >>>>>> Department Of Information Services >>>>>> St. George's Hospital Medical School >>>>>> Tooting >>>>>> London SW17 0RE >>>>>> >>>>>> P: +44 20 8725 2897 >>>>>> F: +44 20 8725 3583 >>>>>> E: dan@sghms.ac.uk >>>>>> ____________________________________ >>>>>> >>>>>> Computing Services Homepage: >>>>>> http://www.intranet.sghms.ac.uk/depts/is/cu/ >>>>>> >>>>>> The Computing Services Handbook: >>>>>> http://www.intranet.sghms.ac.uk/depts/is/cu/handbook2003-4.pdf >>>>>> >>>>>> Everything is possible....except skiing through a revolving door. >>>>>> >>>>>> >>>>>> >>>>>> This message has been scanned for viruses and dangerous >>>>>> content by MailScanner at danbird.net and is believed to be clean. >>>>>> >>>>>> >>>>>> >>>>>> ------------------------ MailScanner list ------------------------ >>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>> 'leave mailscanner' in the body of the email. >>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>> >>>>>> Support MailScanner development - buy the book off the website! >>>>>> >>>>> >>>>> >>>>> -- >>>>> ____________________________________ >>>>> >>>>> Daniel Bird >>>>> Network and Systems Manager >>>>> Department Of Information Services >>>>> St. George's Hospital Medical School >>>>> Tooting >>>>> London SW17 0RE >>>>> >>>>> P: +44 20 8725 2897 >>>>> F: +44 20 8725 3583 >>>>> E: dan@sghms.ac.uk >>>>> ____________________________________ >>>>> >>>>> Computing Services Homepage: >>>>> http://www.intranet.sghms.ac.uk/depts/is/cu/ >>>>> >>>>> The Computing Services Handbook: >>>>> http://www.intranet.sghms.ac.uk/depts/is/cu/handbook2003-4.pdf >>>>> >>>>> Everything is possible....except skiing through a revolving door. >>>>> >>>>> >>>>> >>>>> This message has been scanned for viruses and dangerous >>>>> content by MailScanner at danbird.net and is believed to be clean. >>>>> >>>>> >>>>> >>>>> ------------------------ MailScanner list ------------------------ >>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>> 'leave mailscanner' in the body of the email. >>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>>> >>>> >>>> -- >>>> Julian Field >>>> www.MailScanner.info >>>> Buy the MailScanner book at www.MailScanner.info/store >>>> Professional Support Services at www.MailScanner.biz >>>> MailScanner thanks transtec Computers for their support >>>> >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>> >>> >>> -- >>> ____________________________________ >>> >>> Daniel Bird >>> Network and Systems Manager >>> Department Of Information Services >>> St. George's Hospital Medical School >>> Tooting >>> London SW17 0RE >>> >>> P: +44 20 8725 2897 >>> F: +44 20 8725 3583 >>> E: dan@sghms.ac.uk >>> ____________________________________ >>> >>> Computing Services Homepage: >>> http://www.intranet.sghms.ac.uk/depts/is/cu/ >>> >>> The Computing Services Handbook: >>> http://www.intranet.sghms.ac.uk/depts/is/cu/handbook2003-4.pdf >>> >>> Everything is possible....except skiing through a revolving door. >>> >>> >>> >>> This message has been scanned for viruses and dangerous >>> content by MailScanner at danbird.net and is believed to be clean. >>> >>> >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > > -- > ____________________________________ > > Daniel Bird > Network and Systems Manager > Department Of Information Services > St. George's Hospital Medical School > Tooting > London SW17 0RE > > P: +44 20 8725 2897 > F: +44 20 8725 3583 > E: dan@sghms.ac.uk > ____________________________________ > > Computing Services Homepage: > http://www.intranet.sghms.ac.uk/depts/is/cu/ > > The Computing Services Handbook: > http://www.intranet.sghms.ac.uk/depts/is/cu/handbook2003-4.pdf > > Everything is possible....except skiing through a revolving door. > > > > This message has been scanned for viruses and dangerous > content by MailScanner at danbird.net and is believed to be clean. > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Mar 14 09:41:04 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:00 2006 Subject: SophosSAVI module on AMD x86_64? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Have any of you folks managed to build the sophossavi SAVI::Perl perl module on an Opteron? It won't go for me, so I'm using the command-line scanner instead. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Mon Mar 14 10:15:06 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:00 2006 Subject: User unknown in virtual alias table Message-ID: Ah, so I wasn't going blind with drink there. Although I too hope Julian will have a better take on this, I'll not hold my breath:-). -- Glenn PS. Where's that shaggy beast when one needs it? The party after the (very successful) performance was oh so very wet... And I do hate mondays... or at least this particular one...:) DS -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Drew Marshall Sent: den 13 mars 2005 12:43 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: User unknown in virtual alias table Steen, Glenn wrote: -----Original Message----- From: MailScanner mailing list on behalf of Drew Marshall Sent: Sat 3/12/2005 11:05 PM To: MAILSCANNER@JISCMAIL.AC.UK Cc: Subject: Re: User unknown in virtual alias table Steen, Glenn wrote: Hair of dog, eh Drew.... Is that good against hangovers ....? (I'll be needing *something* tomorrow, or else my choirleader will.... well, let's not go there.... Oh, not to mention the rotations JSBach will be doing in his tomb...:-). Now I'm not sure if you have picked up on the English colloquialism 'hair of dog' not it's literal phrase. Hair of dog is referred to as the first beer in the bar the following morning (For example) as opposed to the fur of a canine :-) . One will add to your hangover but if taken in sufficient quantity will help you forget it (Although pickle your liver!) the other will make you feel ruff (Sorry couldn't resist :-) ). Ah. No that particular turn of phrase had eluded me.... I'll be sure to remember it:-) Wouldn't be doing me much good anyway.... need to be sharp to sing "Magnificat":-):-) ... Would it be entirely unacceptable to "fix" this in documentation... "don't do that" type of thing? I don't know how tricky it will be to fix the code TBH (I code like a sysadmin ;-) ). There is no reason why the docs can't read that for Postfix you can't enter virtual aliases. I'm not sure I personally like it as I prefer things to work (TM) but it is a work round. It's a pain that Postfix insists on doing it's virtual alias lookups in the cleanup stage after either pickup (Injected messages) or smtpd (SMTP input) before MailScanner gets to look at it. This document here http://www.postfix.org/ADDRESS_REWRITING_README.html details it rather well. See the table about 1/3rd down the page. That specifies which Postfix component does the address rewriting for aliases. Yes, I know. But "doing it right" would mean not to just fiddle with the queue files and use "normal methods" for injecting it back in, or playing cleanup in MW (which seems horrendous). Or perhaps I'm missing something in my somewhat hubgover state?-). Well as I see it there are 2 options, one is to change the docs, the other is to change the hold file regex to exclude direct injected mail (From localhost) and get MS to queue inject the forwarded file so it is not re-scanned. Neither is particularly pretty or an ideal solution. My preference would be your idea to change the docs as after all if the system admin is setting the forward option in MS then (s)he should also know the unaliased address of the recipient. Maybe Julian has a better idea?? Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Mar 14 10:35:56 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:00 2006 Subject: SophosSAVI module on AMD x86_64? Message-ID: Jules Looks like a couple of people also reported this problem ove the w/end On from ddw@bas.ac.uk @ 12/03/05 13:11 called Sophos, got little help, and ended up running the CLI version instead. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Julian Field wrote: > Have any of you folks managed to build the sophossavi SAVI::Perl perl > module on an Opteron? > > It won't go for me, so I'm using the command-line scanner instead. > > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From res at AUSICS.NET Mon Mar 14 10:46:09 2005 From: res at AUSICS.NET (Res) Date: Thu Jan 12 21:29:00 2006 Subject: F-Prot vs BitDefender vs ClamAV Message-ID: On Fri, 11 Mar 2005, Paul Welsh wrote: > In case anyone's interested I've been comparing the number of viruses found > by F-Prot, BitDefender and ClamAV over the last couple of weeks: Pitty clamscan cant detect somthing as simple as a rootkit infected archive, but f-prot does (thank heavens), and a rootkit thats been around since 2003 at that. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Mon Mar 14 11:02:01 2005 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:29:00 2006 Subject: Compelte Rebuild. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Some of you probably think I am mad but I want to rebuild my MS server completely and reconfigure it. I am currently running it on SUSE 9.1 and want to move it to CENTOS 4. Is there anything I should remember before attempting to do this? I have been toying with the idea of installing SMgateway as I am not to confident with my ability to install MS from scratch as I have been receiving quite a bit of spam lately. What do you guys think ta Lance ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Mar 14 11:08:11 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:00 2006 Subject: Compelte Rebuild. Message-ID: Lance if you have another machine to do this on, so the existing one stays in place, why not. as to the spam increase, what SA version, what extra rules and do you run the URI-RBL checks? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Lance Haig wrote: > Some of you probably think I am mad but I want to rebuild my MS server > completely and reconfigure it. > > I am currently running it on SUSE 9.1 and want to move it to CENTOS 4. > > Is there anything I should remember before attempting to do this? > > I have been toying with the idea of installing SMgateway as I am not to > confident with my ability to install MS from scratch as I have been > receiving quite a bit of spam lately. > > What do you guys think > > ta > > Lance > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Mon Mar 14 11:14:38 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:29:00 2006 Subject: Compelte Rebuild. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Why not use SMgateway? But you will need to run Centos3. If you have the equipment install smgateway and try it out before you decom the existing machine? I installed on a test PC - pretty damned cool.....get your boss to approve a support package and you are completely set!!! Lance Haig wrote: > Some of you probably think I am mad but I want to rebuild my MS server > completely and reconfigure it. > > I am currently running it on SUSE 9.1 and want to move it to CENTOS 4. > > Is there anything I should remember before attempting to do this? > > I have been toying with the idea of installing SMgateway as I am not to > confident with my ability to install MS from scratch as I have been > receiving quite a bit of spam lately. > > What do you guys think > > ta > > Lance > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Mon Mar 14 11:19:28 2005 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:29:00 2006 Subject: Compelte Rebuild. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Martin, I will have to check these and get back to you. I think I enabled the RBL checks but I have no idea if it is working. I also have some cron jobs that are failing and well a clean build will be better to start from. I had a hard time getting MS and the others working on SUSE and I am sure it is not running as it should. The MS server I have only serves my family so I can tell them they will be down for a time and then work on the server. Thanks Lance Martin Hepworth wrote: > Lance > > if you have another machine to do this on, so the existing one stays in > place, why not. > > as to the spam increase, what SA version, what extra rules and do you > run the URI-RBL checks? > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Lance Haig wrote: > >> Some of you probably think I am mad but I want to rebuild my MS server >> completely and reconfigure it. >> >> I am currently running it on SUSE 9.1 and want to move it to CENTOS 4. >> >> Is there anything I should remember before attempting to do this? >> >> I have been toying with the idea of installing SMgateway as I am not to >> confident with my ability to install MS from scratch as I have been >> receiving quite a bit of spam lately. >> >> What do you guys think >> >> ta >> >> Lance >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Mon Mar 14 11:25:27 2005 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:29:00 2006 Subject: Compelte Rebuild. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Pete, Thanks I have had a look at it and I also think it is really cool. The fact that the users can set their own options is great. This is a private MS box and so the budget does not exist and so I will have to support it myself. I will have to thing about this a bit more Lance Pete Russell wrote: > Why not use SMgateway? But you will need to run Centos3. > > If you have the equipment install smgateway and try it out before you > decom the existing machine? > > I installed on a test PC - pretty damned cool.....get your boss to > approve a support package and you are completely set!!! > > > > Lance Haig wrote: > >> Some of you probably think I am mad but I want to rebuild my MS server >> completely and reconfigure it. >> >> I am currently running it on SUSE 9.1 and want to move it to CENTOS 4. >> >> Is there anything I should remember before attempting to do this? >> >> I have been toying with the idea of installing SMgateway as I am not to >> confident with my ability to install MS from scratch as I have been >> receiving quite a bit of spam lately. >> >> What do you guys think >> >> ta >> >> Lance >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ramprasad at NETCORE.CO.IN Mon Mar 14 11:32:35 2005 From: ramprasad at NETCORE.CO.IN (Ramprasad A Padmanabhan) Date: Thu Jan 12 21:29:00 2006 Subject: Text part in $message Message-ID: Hi all, I want to extract the text part of the message object in CustomConfig.pm. If the mail is pure html then I would like to convert html part to text. Basically what I am trying to do is get the message text for sms. Has anyone done this already ? Thanks Ram ---------------------------------------------------------- Netcore Solutions Pvt. Ltd. Website: http://www.netcore.co.in Spamtraps: http://cleanmail.netcore.co.in/directory.html ---------------------------------------------------------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Andreas.Doerfler at KEMPTEN.DE Mon Mar 14 11:35:50 2005 From: Andreas.Doerfler at KEMPTEN.DE ([iso-8859-1] Dörfler Andreas) Date: Thu Jan 12 21:29:00 2006 Subject: Compelte Rebuild. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] i can not agree with that. im running ms, mailwatch, pyzor, razor, dcc, spamsassassin, clamav .... on suse 9.x without any problems. installation is done in one day max greetings andy --free your mind, use open source http://www.mono-project.com ASCII ribbon campaign ( ) - against HTML email X & vCards / \ > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Lance Haig > I had a hard time getting MS and the others working on SUSE and I am > sure it is not running as it should. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Mar 14 11:39:49 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:00 2006 Subject: Released beta 4.40.4 Message-ID: Julian running 4.40.5 (with exim on FreeBSD) and seems to be running fine over tha last hour or so.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Julian Field wrote: > I have just put out 4.40.5 with this fix in it. > > Rick Cooper wrote: > >>> -----Original Message----- >>> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >>> Behalf Of Julian Field >>> Sent: Sunday, March 13, 2005 12:01 PM >>> To: MAILSCANNER@JISCMAIL.AC.UK >>> Subject: Re: Released beta 4.40.4 >>> >>> >>> Found this one, thanks for reporting it. >>> >>> [root@karla input]# diff Exim.pm.old Exim.pm >>> 763,764c763,764 >>> < for ($hdrnum=0; $hdrnum<@{$message->{headers}}; $hdrnum++) { >>> < next unless lc $message->{headers}[$hdrnum]{name} eq lc $key; >>> --- >>> > for ($hdrnum=0; $hdrnum<@{$metadata->{headers}}; $hdrnum++) { >>> > next unless lc $metadata->{headers}[$hdrnum]{name} eq lc $key; >>> >>> That's the patch for Exim.pm. Change $message to $metadata on both >>> lines. >>> >>> >> >> That was it, all ok now. >> >> Rick >> >> >> >> >>> Rick Cooper wrote: >>> >>> >>> >>>> Julian, >>>> >>>> I was just looking into this myself. In my case it is caused by >>>> >>>> >>> Exim.pm line >>> >>> >>>> 764: >>>> >>>> Can't use string ("Received: from sahomelt.internal") as a HASH ref >>>> while >>>> "strict refs" in use at /opt/MailScanner/lib/MailScanner/Exim.pm >>>> line 764 >>>> >>>> >>>> Rick >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>>> -----Original Message----- >>>>> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >>>>> Behalf Of Julian Field >>>>> Sent: Sunday, March 13, 2005 11:01 AM >>>>> To: MAILSCANNER@JISCMAIL.AC.UK >>>>> Subject: Re: Released beta 4.40.4 >>>>> >>>>> >>>>> Daniel Bird wrote: >>>>> >>>>> >>>>> >>>>> >>>>> >>>>>> Daniel Bird wrote: >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>> Julian Field wrote: >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>> Folks, >>>>>>>> >>>>>>>> I have just released a new beta-test version, 4.40.4. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> Been running for about 2 hours and seems fine. >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>> I lied. Seems it got itself in a loop, continually rescanning >>>>>> messages. >>>>>> Had to revert. Will test tomorrow. >>>>>> >>>>>> >>>>>> >>>>>> >>>>> Bother. Can you put it in debug mode, then stop it, then >>>>> check_MailScanner and see what it says please? It may be one message >>>>> causing it trouble, please can you let me know what you find. >>>>> >>>>> >>>>> >>>>> >>>>> >>>>>> Dan >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>> Dan >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>> This release is mainly for fixes to the Bayes database >>>>>>>> >>>>>>>> >>> rebuilding, and >>> >>> >>>>>>>> for more Postfix testing. >>>>>>>> >>>>>>>> I have replaced my spam.assassin.prefs.conf and now use a >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>> very slightly >>>>> >>>>> >>>>> >>>>> >>>>>>>> modified version of the one provided by Fortress Systems (thanks >>>>>>>> Steve!). The change is to maintain compatibility with all previous >>>>>>>> versions that keep their Bayes files in ~/.spamassassin. >>>>>>>> >>>>>>>> Also the RAR archive handling is greatly improved. >>>>>>>> >>>>>>>> Download it as usual from www.mailscanner.info. >>>>>>>> >>>>>>>> The full Change Log is: >>>>>>>> * New Features and Improvements * >>>>>>>> - The "clamavmodule" scanner cannot unpack archives of RAR >>>>>>>> version 3. >>>>>>>> 2 new configuration settings allow you to unpack the latest RAR >>>>>>>> archives >>>>>>>> for testing by the "clamavmodule" scanner. >>>>>>>> It also enables the contents of the RAR archive to be checked for >>>>>>>> illegal >>>>>>>> filenames and filetypes, and also to see if they are >>>>>>>> password-protected. >>>>>>>> Unrar Command = /usr/bin/unrar >>>>>>>> Unrar Timeout = 50 >>>>>>>> - "Allow Password-protected Archives" can now be a ruleset when >>>>>>>> using >>>>>>>> the >>>>>>>> clamavmodule virus scanner. >>>>>>>> - Multiple "Subject:" lines are removed. The 1st one is kept. >>>>>>>> - If the "Unrar Command" is defined and points to an executable >>>>>>>> program, >>>>>>>> it will automatically be used by the "clamav" scanner. No -wrapper >>>>>>>> tweaking is needed to do this any more. >>>>>>>> - You can now use shell environment variables such as $HOSTNAME or >>>>>>>> ${HOSTNAME} in MailScanner.conf and its relatives. >>>>>>>> - More improvements to the phishing net. >>>>>>>> - More additions to the starter phishing.safe.sites.conf file. >>>>>>>> - Removed my spam.assassin.prefs.conf file in favour of the one >>>>>>>> from >>>>>>>> www.fsl.com, with just enough changes to produce an identical file >>>>>>>> layout to my previous versions. >>>>>>>> - Re-enabled ALL_TRUSTED rule after comments from Matt >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>> Kettler. Thanks! >>>>> >>>>> >>>>> >>>>> >>>>>>>> - Added long comment about ALL_TRUSTED rule, many thanks to Matt >>>>>>>> Kettler. >>>>>>>> - Improved screen behaviour of RPM-based init.d script. >>>>>>>> - Greatly improved RAR archive handler, thanks to Rick Cooper. >>>>>>>> >>>>>>>> * Fixes * >>>>>>>> - Fixed problem with missing Attachment-Warning when encountering a >>>>>>>> virus >>>>>>>> that is both silent and non-forging. >>>>>>>> - Improved output format of Sender warning, and removed duplicate >>>>>>>> lines. >>>>>>>> - In IPBlock facility, changed MTA dsn to 451 to temporarily >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>> refuse the >>>>> >>>>> >>>>> >>>>> >>>>>>>> connections, rather than the total block it used to do. >>>>>>>> - Removed erroneous log output from SpamAssassin bayes-rebuilder. >>>>>>>> - Postfix problem fixes. >>>>>>>> - Fixed SpamAssassin Bayes database rebuild timeout problem >>>>>>>> (hopefully!). >>>>>>>> >>>>>>>> -- >>>>>>>> Julian Field >>>>>>>> www.MailScanner.info >>>>>>>> Buy the MailScanner book at www.MailScanner.info/store >>>>>>>> Professional Support Services at www.MailScanner.biz >>>>>>>> MailScanner thanks transtec Computers for their support >>>>>>>> >>>>>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>>>>>> >>>>>>>> ------------------------ MailScanner list ------------------------ >>>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>>> 'leave mailscanner' in the body of the email. >>>>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>>> >>>>>>>> Support MailScanner development - buy the book off the website! >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> -- >>>>>>> ____________________________________ >>>>>>> >>>>>>> Daniel Bird >>>>>>> Network and Systems Manager >>>>>>> Department Of Information Services >>>>>>> St. George's Hospital Medical School >>>>>>> Tooting >>>>>>> London SW17 0RE >>>>>>> >>>>>>> P: +44 20 8725 2897 >>>>>>> F: +44 20 8725 3583 >>>>>>> E: dan@sghms.ac.uk >>>>>>> ____________________________________ >>>>>>> >>>>>>> Computing Services Homepage: >>>>>>> http://www.intranet.sghms.ac.uk/depts/is/cu/ >>>>>>> >>>>>>> The Computing Services Handbook: >>>>>>> http://www.intranet.sghms.ac.uk/depts/is/cu/handbook2003-4.pdf >>>>>>> >>>>>>> Everything is possible....except skiing through a revolving door. >>>>>>> >>>>>>> >>>>>>> >>>>>>> This message has been scanned for viruses and dangerous >>>>>>> content by MailScanner at danbird.net and is believed to be clean. >>>>>>> >>>>>>> >>>>>>> >>>>>>> ------------------------ MailScanner list ------------------------ >>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>> 'leave mailscanner' in the body of the email. >>>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>> >>>>>>> Support MailScanner development - buy the book off the website! >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>> -- >>>>>> ____________________________________ >>>>>> >>>>>> Daniel Bird >>>>>> Network and Systems Manager >>>>>> Department Of Information Services >>>>>> St. George's Hospital Medical School >>>>>> Tooting >>>>>> London SW17 0RE >>>>>> >>>>>> P: +44 20 8725 2897 >>>>>> F: +44 20 8725 3583 >>>>>> E: dan@sghms.ac.uk >>>>>> ____________________________________ >>>>>> >>>>>> Computing Services Homepage: >>>>>> http://www.intranet.sghms.ac.uk/depts/is/cu/ >>>>>> >>>>>> The Computing Services Handbook: >>>>>> http://www.intranet.sghms.ac.uk/depts/is/cu/handbook2003-4.pdf >>>>>> >>>>>> Everything is possible....except skiing through a revolving door. >>>>>> >>>>>> >>>>>> >>>>>> This message has been scanned for viruses and dangerous >>>>>> content by MailScanner at danbird.net and is believed to be clean. >>>>>> >>>>>> >>>>>> >>>>>> ------------------------ MailScanner list ------------------------ >>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>> 'leave mailscanner' in the body of the email. >>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>> >>>>>> Support MailScanner development - buy the book off the website! >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>> -- >>>>> Julian Field >>>>> www.MailScanner.info >>>>> Buy the MailScanner book at www.MailScanner.info/store >>>>> Professional Support Services at www.MailScanner.biz >>>>> MailScanner thanks transtec Computers for their support >>>>> >>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>>> >>>>> ------------------------ MailScanner list ------------------------ >>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>> 'leave mailscanner' in the body of the email. >>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>>> >>>>> -- >>>>> This message has been scanned for viruses and >>>>> dangerous content by MailScanner, and is >>>>> believed to be clean. >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>> -- >>>> This message has been scanned for viruses and >>>> dangerous content by MailScanner, and is >>>> believed to be clean. >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>>> >>>> >>>> >>> -- >>> Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> Professional Support Services at www.MailScanner.biz >>> MailScanner thanks transtec Computers for their support >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> >>> >>> >>> >>> >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Mon Mar 14 11:46:36 2005 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:29:00 2006 Subject: Compelte Rebuild. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Perhaps I should have made it clear. I don't think the problem is with SUSE but with my knowledge of SUSE. and when I installed MS on it. The reason for the change is that MS is written for Red Hat and so should be easier to configure and run on CentOs as I can't afford Rhes04. Lance Doerfler Andreas wrote: i can not agree with that. im running ms, mailwatch, pyzor, razor, dcc, spamsassassin, clamav .... on suse 9.x without any problems. installation is done in one day max greetings andy --free your mind, use open source http://www.mono-project.com ASCII ribbon campaign ( ) - against HTML email X & vCards / \ -----Original Message----- From: MailScanner mailing list ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Mon Mar 14 11:46:38 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:29:00 2006 Subject: Released beta 4.40.4 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Running on Centos 3.4 with sendmail for an hour now, and it's running fine too... ----- Original Message ----- From: "Martin Hepworth" To: Sent: Monday, March 14, 2005 8:39 AM Subject: Re: Released beta 4.40.4 > Julian > > running 4.40.5 (with exim on FreeBSD) and seems to be running fine over > tha last hour or so.. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Julian Field wrote: > > I have just put out 4.40.5 with this fix in it. > > > > Rick Cooper wrote: > > > >>> -----Original Message----- > >>> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > >>> Behalf Of Julian Field > >>> Sent: Sunday, March 13, 2005 12:01 PM > >>> To: MAILSCANNER@JISCMAIL.AC.UK > >>> Subject: Re: Released beta 4.40.4 > >>> > >>> > >>> Found this one, thanks for reporting it. > >>> > >>> [root@karla input]# diff Exim.pm.old Exim.pm > >>> 763,764c763,764 > >>> < for ($hdrnum=0; $hdrnum<@{$message->{headers}}; $hdrnum++) { > >>> < next unless lc $message->{headers}[$hdrnum]{name} eq lc $key; > >>> --- > >>> > for ($hdrnum=0; $hdrnum<@{$metadata->{headers}}; $hdrnum++) { > >>> > next unless lc $metadata->{headers}[$hdrnum]{name} eq lc $key; > >>> > >>> That's the patch for Exim.pm. Change $message to $metadata on both > >>> lines. > >>> > >>> > >> > >> That was it, all ok now. > >> > >> Rick > >> > >> > >> > >> > >>> Rick Cooper wrote: > >>> > >>> > >>> > >>>> Julian, > >>>> > >>>> I was just looking into this myself. In my case it is caused by > >>>> > >>>> > >>> Exim.pm line > >>> > >>> > >>>> 764: > >>>> > >>>> Can't use string ("Received: from sahomelt.internal") as a HASH ref > >>>> while > >>>> "strict refs" in use at /opt/MailScanner/lib/MailScanner/Exim.pm > >>>> line 764 > >>>> > >>>> > >>>> Rick > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>>> -----Original Message----- > >>>>> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > >>>>> Behalf Of Julian Field > >>>>> Sent: Sunday, March 13, 2005 11:01 AM > >>>>> To: MAILSCANNER@JISCMAIL.AC.UK > >>>>> Subject: Re: Released beta 4.40.4 > >>>>> > >>>>> > >>>>> Daniel Bird wrote: > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>>> Daniel Bird wrote: > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>>> Julian Field wrote: > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>>> Folks, > >>>>>>>> > >>>>>>>> I have just released a new beta-test version, 4.40.4. > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>> Been running for about 2 hours and seems fine. > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>> I lied. Seems it got itself in a loop, continually rescanning > >>>>>> messages. > >>>>>> Had to revert. Will test tomorrow. > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>> Bother. Can you put it in debug mode, then stop it, then > >>>>> check_MailScanner and see what it says please? It may be one message > >>>>> causing it trouble, please can you let me know what you find. > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>>> Dan > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>>> Dan > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>>> This release is mainly for fixes to the Bayes database > >>>>>>>> > >>>>>>>> > >>> rebuilding, and > >>> > >>> > >>>>>>>> for more Postfix testing. > >>>>>>>> > >>>>>>>> I have replaced my spam.assassin.prefs.conf and now use a > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>> very slightly > >>>>> > >>>>> > >>>>> > >>>>> > >>>>>>>> modified version of the one provided by Fortress Systems (thanks > >>>>>>>> Steve!). The change is to maintain compatibility with all previous > >>>>>>>> versions that keep their Bayes files in ~/.spamassassin. > >>>>>>>> > >>>>>>>> Also the RAR archive handling is greatly improved. > >>>>>>>> > >>>>>>>> Download it as usual from www.mailscanner.info. > >>>>>>>> > >>>>>>>> The full Change Log is: > >>>>>>>> * New Features and Improvements * > >>>>>>>> - The "clamavmodule" scanner cannot unpack archives of RAR > >>>>>>>> version 3. > >>>>>>>> 2 new configuration settings allow you to unpack the latest RAR > >>>>>>>> archives > >>>>>>>> for testing by the "clamavmodule" scanner. > >>>>>>>> It also enables the contents of the RAR archive to be checked for > >>>>>>>> illegal > >>>>>>>> filenames and filetypes, and also to see if they are > >>>>>>>> password-protected. > >>>>>>>> Unrar Command = /usr/bin/unrar > >>>>>>>> Unrar Timeout = 50 > >>>>>>>> - "Allow Password-protected Archives" can now be a ruleset when > >>>>>>>> using > >>>>>>>> the > >>>>>>>> clamavmodule virus scanner. > >>>>>>>> - Multiple "Subject:" lines are removed. The 1st one is kept. > >>>>>>>> - If the "Unrar Command" is defined and points to an executable > >>>>>>>> program, > >>>>>>>> it will automatically be used by the "clamav" scanner. No -wrapper > >>>>>>>> tweaking is needed to do this any more. > >>>>>>>> - You can now use shell environment variables such as $HOSTNAME or > >>>>>>>> ${HOSTNAME} in MailScanner.conf and its relatives. > >>>>>>>> - More improvements to the phishing net. > >>>>>>>> - More additions to the starter phishing.safe.sites.conf file. > >>>>>>>> - Removed my spam.assassin.prefs.conf file in favour of the one > >>>>>>>> from > >>>>>>>> www.fsl.com, with just enough changes to produce an identical file > >>>>>>>> layout to my previous versions. > >>>>>>>> - Re-enabled ALL_TRUSTED rule after comments from Matt > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>> Kettler. Thanks! > >>>>> > >>>>> > >>>>> > >>>>> > >>>>>>>> - Added long comment about ALL_TRUSTED rule, many thanks to Matt > >>>>>>>> Kettler. > >>>>>>>> - Improved screen behaviour of RPM-based init.d script. > >>>>>>>> - Greatly improved RAR archive handler, thanks to Rick Cooper. > >>>>>>>> > >>>>>>>> * Fixes * > >>>>>>>> - Fixed problem with missing Attachment-Warning when encountering a > >>>>>>>> virus > >>>>>>>> that is both silent and non-forging. > >>>>>>>> - Improved output format of Sender warning, and removed duplicate > >>>>>>>> lines. > >>>>>>>> - In IPBlock facility, changed MTA dsn to 451 to temporarily > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>> refuse the > >>>>> > >>>>> > >>>>> > >>>>> > >>>>>>>> connections, rather than the total block it used to do. > >>>>>>>> - Removed erroneous log output from SpamAssassin bayes-rebuilder. > >>>>>>>> - Postfix problem fixes. > >>>>>>>> - Fixed SpamAssassin Bayes database rebuild timeout problem > >>>>>>>> (hopefully!). > >>>>>>>> > >>>>>>>> -- > >>>>>>>> Julian Field > >>>>>>>> www.MailScanner.info > >>>>>>>> Buy the MailScanner book at www.MailScanner.info/store > >>>>>>>> Professional Support Services at www.MailScanner.biz > >>>>>>>> MailScanner thanks transtec Computers for their support > >>>>>>>> > >>>>>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >>>>>>>> > >>>>>>>> ------------------------ MailScanner list ------------------------ > >>>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>>>>>>> 'leave mailscanner' in the body of the email. > >>>>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >>>>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >>>>>>>> > >>>>>>>> Support MailScanner development - buy the book off the website! > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>> -- > >>>>>>> ____________________________________ > >>>>>>> > >>>>>>> Daniel Bird > >>>>>>> Network and Systems Manager > >>>>>>> Department Of Information Services > >>>>>>> St. George's Hospital Medical School > >>>>>>> Tooting > >>>>>>> London SW17 0RE > >>>>>>> > >>>>>>> P: +44 20 8725 2897 > >>>>>>> F: +44 20 8725 3583 > >>>>>>> E: dan@sghms.ac.uk > >>>>>>> ____________________________________ > >>>>>>> > >>>>>>> Computing Services Homepage: > >>>>>>> http://www.intranet.sghms.ac.uk/depts/is/cu/ > >>>>>>> > >>>>>>> The Computing Services Handbook: > >>>>>>> http://www.intranet.sghms.ac.uk/depts/is/cu/handbook2003-4.pdf > >>>>>>> > >>>>>>> Everything is possible....except skiing through a revolving door. > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> This message has been scanned for viruses and dangerous > >>>>>>> content by MailScanner at danbird.net and is believed to be clean. > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> ------------------------ MailScanner list ------------------------ > >>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>>>>>> 'leave mailscanner' in the body of the email. > >>>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >>>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >>>>>>> > >>>>>>> Support MailScanner development - buy the book off the website! > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>> -- > >>>>>> ____________________________________ > >>>>>> > >>>>>> Daniel Bird > >>>>>> Network and Systems Manager > >>>>>> Department Of Information Services > >>>>>> St. George's Hospital Medical School > >>>>>> Tooting > >>>>>> London SW17 0RE > >>>>>> > >>>>>> P: +44 20 8725 2897 > >>>>>> F: +44 20 8725 3583 > >>>>>> E: dan@sghms.ac.uk > >>>>>> ____________________________________ > >>>>>> > >>>>>> Computing Services Homepage: > >>>>>> http://www.intranet.sghms.ac.uk/depts/is/cu/ > >>>>>> > >>>>>> The Computing Services Handbook: > >>>>>> http://www.intranet.sghms.ac.uk/depts/is/cu/handbook2003-4.pdf > >>>>>> > >>>>>> Everything is possible....except skiing through a revolving door. > >>>>>> > >>>>>> > >>>>>> > >>>>>> This message has been scanned for viruses and dangerous > >>>>>> content by MailScanner at danbird.net and is believed to be clean. > >>>>>> > >>>>>> > >>>>>> > >>>>>> ------------------------ MailScanner list ------------------------ > >>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>>>>> 'leave mailscanner' in the body of the email. > >>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >>>>>> > >>>>>> Support MailScanner development - buy the book off the website! > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>> -- > >>>>> Julian Field > >>>>> www.MailScanner.info > >>>>> Buy the MailScanner book at www.MailScanner.info/store > >>>>> Professional Support Services at www.MailScanner.biz > >>>>> MailScanner thanks transtec Computers for their support > >>>>> > >>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >>>>> > >>>>> ------------------------ MailScanner list ------------------------ > >>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>>>> 'leave mailscanner' in the body of the email. > >>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >>>>> > >>>>> Support MailScanner development - buy the book off the website! > >>>>> > >>>>> -- > >>>>> This message has been scanned for viruses and > >>>>> dangerous content by MailScanner, and is > >>>>> believed to be clean. > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>> -- > >>>> This message has been scanned for viruses and > >>>> dangerous content by MailScanner, and is > >>>> believed to be clean. > >>>> > >>>> ------------------------ MailScanner list ------------------------ > >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>>> 'leave mailscanner' in the body of the email. > >>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >>>> > >>>> Support MailScanner development - buy the book off the website! > >>>> > >>>> > >>>> > >>>> > >>>> > >>> -- > >>> Julian Field > >>> www.MailScanner.info > >>> Buy the MailScanner book at www.MailScanner.info/store > >>> Professional Support Services at www.MailScanner.biz > >>> MailScanner thanks transtec Computers for their support > >>> > >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >>> > >>> ------------------------ MailScanner list ------------------------ > >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>> 'leave mailscanner' in the body of the email. > >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >>> > >>> Support MailScanner development - buy the book off the website! > >>> > >>> -- > >>> This message has been scanned for viruses and > >>> dangerous content by MailScanner, and is > >>> believed to be clean. > >>> > >>> > >>> > >>> > >>> > >> > >> > >> -- > >> This message has been scanned for viruses and > >> dangerous content by MailScanner, and is > >> believed to be clean. > >> > >> ------------------------ MailScanner list ------------------------ > >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >> 'leave mailscanner' in the body of the email. > >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> > >> Support MailScanner development - buy the book off the website! > >> > >> > >> > > > > -- > > Julian Field > > www.MailScanner.info > > Buy the MailScanner book at www.MailScanner.info/store > > Professional Support Services at www.MailScanner.biz > > MailScanner thanks transtec Computers for their support > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Mar 14 11:57:56 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:00 2006 Subject: Compelte Rebuild. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Lance works fine withe FreeBSD.. using the tar.gz install rather than the rpm or ports version -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Lance Haig wrote: > Perhaps I should have made it clear. > > I don't think the problem is with SUSE but with my knowledge of SUSE. > and when I installed MS on it. > > The reason for the change is that MS is written for Red Hat and so > should be easier to configure and run on CentOs as I can't afford Rhes04. > > Lance > > > Dörfler Andreas wrote: > >>i can not agree with that. im running ms, mailwatch, pyzor, razor, dcc, spamsassassin, clamav .... on suse 9.x without any problems. installation is done in one day max >> >>greetings >>andy >> >>--free your mind, use open source >>http://www.mono-project.com >> >>ASCII ribbon campaign ( ) >> - against HTML email X >> & vCards / \ >> >> >> >> >>>-----Original Message----- >>>From: MailScanner mailing list >>>------------------------ MailScanner list ------------------------ >>> >>>To unsubscribe, email jiscmail@jiscmail.ac.uk >>>with the words: >>> >>>'leave mailscanner' in the body of the email. >>> >>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) >>>and >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> >>> >>>*Support MailScanner development - buy the book off the website!* ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Mon Mar 14 12:37:52 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:29:00 2006 Subject: Compelte Rebuild. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Martin Hepworth said: > Lance > > works fine withe FreeBSD.. using the tar.gz install rather than the rpm > or ports version In fact you might even find that FreeBSD is easier to use and maintain (As that seems to be your area of concern). There is an excellent handbook at www.freebsd.org/handbook which will help with the installation and the ports system will help keep MailScanner up todate and the correct, up todate dependencies will also be automatically installed just by changing directory to the application you wish to install (e.g. cd /usr/ports/mail/mailscanner) and typing 'make install'. Sit back and wait for it all to happen and follow the instructions on the screen to make the MailSCanner.conf file and wrapper/ auto update scripts. But please don't let me directly influence you, YMMV but it's certainly worth consideration. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Mon Mar 14 15:20:26 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:29:00 2006 Subject: 4.40.5: quarantine notify in CreatePostmasterNotice Message-ID: Julian, I pulled down 4.40.5 (I'm about to install it). I didn't see anything in the changelog about this feature, but the code is in there. It must have missed the changelog... Jeff Earickson Colby College ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From t.d.lee at DURHAM.AC.UK Mon Mar 14 15:19:50 2005 From: t.d.lee at DURHAM.AC.UK (David Lee) Date: Thu Jan 12 21:29:00 2006 Subject: 4.40.5 comment Message-ID: Being one of the people to have taken part in the Bayes thread, I felt dutybound to try the new version 4.40.5 . This has now been running for a few hours on our low priority (high MX) campus gateway. It seems fine so far (although it hasn't had a chance to try an automatic rebuild). So it is looking good. (If it looks stable for a day or so, I hope to install it on our other, more heavily loaded, machines with "SpamAssassin Timeout" set to something low enough to allow the new locking code to be seriously tickled.) But I did spot an entirely separate thing that seems suboptimal. The "MailScanner.conf" included the lines: Envelope From Header = X-MailScanner-From: and Envelope To Header = X-MailScanner-To: Wouldn't these be better as "X-%org-name%-MailScanner-From:" etc.? This topic was discussed on May 21-22 2004, including a comment "All done. I'll put out a beta very soon.". Has something regressed? (I vaguely recall seeing these suboptimal "X-MailScanner" variants a few weeks ago, so the regression, if any, is probably not recent.) I also noticed that the new "spam.assassin.prefs.conf" includes new (between 4.38.9 and 4.40.5) lines of the form: bayes_ignore_header X-YOURDOMAIN-COM-MailScanner but I guess that there is no easy way of somehow automating these to be effective as ""X-%org-name%-MailScanner[...]". Is there? Best wishes. -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : University of Durham : : http://www.dur.ac.uk/t.d.lee/ South Road : : Durham : : Phone: +44 191 334 2752 U.K. : ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Mon Mar 14 15:35:04 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:29:00 2006 Subject: add to phishing.safe.sites.conf Message-ID: Julian, Please add www.labelsforeducation.com to this file. In general, what is the procedure for reporting additions? Post to the list? Jeff Earickson Colby College ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Andreas.Doerfler at KEMPTEN.DE Mon Mar 14 15:37:38 2005 From: Andreas.Doerfler at KEMPTEN.DE ([iso-8859-1] Dörfler Andreas) Date: Thu Jan 12 21:29:00 2006 Subject: add to phishing.safe.sites.conf Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] everyone add the sides on his own. thats why only a dummy inside the file greetings andy --free your mind, use open source http://www.mono-project.com ASCII ribbon campaign ( ) - against HTML email X & vCards / \ > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Jeff A. Earickson > Sent: Monday, March 14, 2005 4:35 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: add to phishing.safe.sites.conf > > > Julian, > Please add www.labelsforeducation.com to this file. > In general, what is the procedure for reporting additions? > Post to the list? > > Jeff Earickson > Colby College > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Mar 14 15:38:49 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:01 2006 Subject: add to phishing.safe.sites.conf Message-ID: Jeff I email Julian direct...which seems to work. Perhaps a better resource would be a phishingupdate@mailscanner.info email drop? What do you think Julian? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Jeff A. Earickson wrote: > Julian, > Please add www.labelsforeducation.com to this file. > In general, what is the procedure for reporting additions? > Post to the list? > > Jeff Earickson > Colby College > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Mar 14 15:44:16 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:01 2006 Subject: JP Koopmann - MIA???? Message-ID: Anyone heard from JP recently? He seems to have dropped off the list and hasn't updated the FreeBSD ports he maintains for a while (three weeks) which is unlike him. Long winter holiday?? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Mar 14 16:11:07 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:01 2006 Subject: add to phishing.safe.sites.conf Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Please just mail me your list towards the end of the month, and I will merge in any that aren't already there ("!G|sort|uniq" in vi). Jeff A. Earickson wrote: > Julian, > Please add www.labelsforeducation.com to this file. > In general, what is the procedure for reporting additions? > Post to the list? > > Jeff Earickson > Colby College > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Mar 14 16:25:41 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:01 2006 Subject: add to phishing.safe.sites.conf Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Great idea. Please send all phishing updates to phishing@mailscanner.info. I'll post about this next. Martin Hepworth wrote: > Jeff > > I email Julian direct...which seems to work. > > Perhaps a better resource would be a phishingupdate@mailscanner.info > email drop? What do you think Julian? > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Jeff A. Earickson wrote: > >> Julian, >> Please add www.labelsforeducation.com to this file. >> In general, what is the procedure for reporting additions? >> Post to the list? >> >> Jeff Earickson >> Colby College >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Mar 14 16:28:32 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:01 2006 Subject: MailScanner ANNOUNCE: Phishing net updates Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] If you add a significant number of sites to your phishing.safe.sites.conf file, then towards the end of the month please send me your list (inline, not as an attachment please, it's easier) and I will add any new ones to the list. Don't bother taking a lot of time to only send your extra additions (but feel free if it's easy), as I can merge in the lists very quickly anyway. Please send the updates to phishing@mailscanner.info -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Andreas.Doerfler at KEMPTEN.DE Mon Mar 14 16:38:46 2005 From: Andreas.Doerfler at KEMPTEN.DE ([iso-8859-1] Dörfler Andreas) Date: Thu Jan 12 21:29:01 2006 Subject: MailScanner ANNOUNCE: Phishing net updates Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] julian, whats the plan to secure the list ? that way its easy for a spamer to send his list with his own servers. greetings andy --free your mind, use open source http://www.mono-project.com ASCII ribbon campaign ( ) - against HTML email X & vCards / \ > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field > Sent: Monday, March 14, 2005 5:29 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: MailScanner ANNOUNCE: Phishing net updates > > > If you add a significant number of sites to your > phishing.safe.sites.conf file, then towards the end of the > month please > send me your list (inline, not as an attachment please, it's > easier) and > I will add any new ones to the list. > > Don't bother taking a lot of time to only send your extra > additions (but > feel free if it's easy), as I can merge in the lists very > quickly anyway. > > Please send the updates to > phishing@mailscanner.info ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From john at TRADOC.FR Mon Mar 14 16:45:33 2005 From: john at TRADOC.FR (John Wilcock) Date: Thu Jan 12 21:29:01 2006 Subject: MailScanner ANNOUNCE: Phishing net updates Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > If you add a significant number of sites to your > phishing.safe.sites.conf file, then towards the end of the month please > send me your list (inline, not as an attachment please, it's easier) and > I will add any new ones to the list. > > Don't bother taking a lot of time to only send your extra additions (but > feel free if it's easy), as I can merge in the lists very quickly anyway. > > Please send the updates to > phishing@mailscanner.info Isn't this going to make rather a lot of work for you, reviewing all the submissions to ensure that cunning phishers don't submit a legitimate-looking redirector that they can abuse later, once it's got onto your whitelist? Or will you only be accepting submissions from known and trusted MailScanner users? John. -- -- Over 2500 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Mar 14 16:46:12 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:01 2006 Subject: MailScanner ANNOUNCE: Phishing net updates Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I'll visually inspect the lists to make sure they look reasonably genuine before I include them. There isn't much more I can do, unless you all have PGP keys and the spammers don't. There is no way to use your information while keeping out all the spammers, except for something such as visual inspection by a human. Dörfler Andreas wrote: >julian, > >whats the plan to secure the list ? >that way its easy for a spamer to send his >list with his own servers. > >greetings >andy > >--free your mind, use open source >http://www.mono-project.com > >ASCII ribbon campaign ( ) > - against HTML email X > & vCards / \ > > > > >>-----Original Message----- >>From: MailScanner mailing list >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>Sent: Monday, March 14, 2005 5:29 PM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: MailScanner ANNOUNCE: Phishing net updates >> >> >>If you add a significant number of sites to your >>phishing.safe.sites.conf file, then towards the end of the >>month please >>send me your list (inline, not as an attachment please, it's >>easier) and >>I will add any new ones to the list. >> >>Don't bother taking a lot of time to only send your extra >>additions (but >>feel free if it's easy), as I can merge in the lists very >>quickly anyway. >> >>Please send the updates to >> phishing@mailscanner.info >> >> > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Mar 14 16:53:01 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:01 2006 Subject: MailScanner ANNOUNCE: Phishing net updates Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] John Wilcock wrote: > Julian Field wrote: > >> If you add a significant number of sites to your >> phishing.safe.sites.conf file, then towards the end of the month please >> send me your list (inline, not as an attachment please, it's easier) and >> I will add any new ones to the list. >> >> Don't bother taking a lot of time to only send your extra additions (but >> feel free if it's easy), as I can merge in the lists very quickly >> anyway. >> >> Please send the updates to >> phishing@mailscanner.info > > > Isn't this going to make rather a lot of work for you, reviewing all the > submissions to ensure that cunning phishers don't submit a > legitimate-looking redirector that they can abuse later, once it's got > onto your whitelist? > > Or will you only be accepting submissions from known and trusted > MailScanner users? I'll just ignore anything that looks dodgy. There isn't much more I can do. Hopefully the number of additions will be relatively small anyway, I don't expect to be inundated after the first month or two. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Mon Mar 14 16:53:08 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:29:01 2006 Subject: 4.40.5: comments on spam.assassin.prefs.conf Message-ID: Julian, Since spam.assassin.prefs.conf changed so significantly, I had to stare at it a bit. My two pence here: 1) I installed DCC in a non-standard path (/opt/dcc), so I had to change dcc_path here, but I also had to define dcc_home, like so: #(original)dcc_path /usr/local/bin/dccproc dcc_path /opt/dcc/bin/dccproc dcc_home /opt/dcc Don't remember why, but I had to. 2) After all of the fuss about ALL_TRUSTED, I ended up defining trusted networks by hand. Maybe this would be a good thing to mention in the file? # other ALL_TRUSTED comments... #---maybe a better way is to specify your trusted and internal #---networks by hand, like so: #trusted_networks 127.0.0.1/32 #trusted_networks [your netblock in CIDR format] Jeff Earickson Colby College ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From john at TRADOC.FR Mon Mar 14 16:59:19 2005 From: john at TRADOC.FR (John Wilcock) Date: Thu Jan 12 21:29:01 2006 Subject: MailScanner ANNOUNCE: Phishing net updates Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > I'll just ignore anything that looks dodgy. There isn't much more I can > do. Hopefully the number of additions will be relatively small anyway, I > don't expect to be inundated after the first month or two. Fair enough. It might be a good idea to cross-check against ph.surbl.org, fraud.rhs.mailpolice.com and the like just in case... John. -- -- Over 2500 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Mar 14 17:22:14 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:01 2006 Subject: MailScanner ANNOUNCE: Phishing net updates Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] John Wilcock wrote: > Julian Field wrote: > >> I'll just ignore anything that looks dodgy. There isn't much more I can >> do. Hopefully the number of additions will be relatively small anyway, I >> don't expect to be inundated after the first month or two. > > > Fair enough. It might be a good idea to cross-check against > ph.surbl.org, fraud.rhs.mailpolice.com and the like just in case... Good points. Fancy writing me a checking script that takes phishing.safe.sites.conf and flags up any known to be dangerous? Then I can just put that into the build script. Oh, and it will need to return 1 if it found any dodgy ones. Thanks :-) -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Mon Mar 14 19:28:19 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:29:01 2006 Subject: 4.40.5: unrar for Solaris users? Message-ID: Julian, The "Unrar Command = /usr/bin/unrar" in MailScanner.conf is a stumbling block for us Solaris users that don't have this. I've been googling for the source code, which to use please? Maybe a comment in MailScanner.conf, or inclusion of a tarfile would be a good idea. Can this be commented out otherwise? I also noticed that "Queue Scan Interval" changed from 5 to 6 seconds. Slowing down in your old age? Jeff Earickson Colby College ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Mon Mar 14 19:34:37 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:29:01 2006 Subject: 4.40.5: unrar for Solaris users? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jeff A. Earickson wrote: > The "Unrar Command = /usr/bin/unrar" in MailScanner.conf is a > stumbling block for us Solaris users that don't have this. I've > been googling for the source code, which to use please? Maybe > a comment in MailScanner.conf, or inclusion of a tarfile would > be a good idea. Can this be commented out otherwise? The binary for Solaris 8 Sparc works great on my Solaris 9 systems. http://www.rarlab.com/rar_add.htm They have source too (near the top), I haven't tried that yet. -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Mon Mar 14 19:40:32 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:29:01 2006 Subject: 4.40.5: unrar for Solaris users? Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Jeff A. Earickson > Sent: Monday, March 14, 2005 2:28 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: 4.40.5: unrar for Solaris users? > > > Julian, > > The "Unrar Command = /usr/bin/unrar" in MailScanner.conf is a > stumbling block for us Solaris users that don't have this. I've > been googling for the source code, which to use please? Maybe > a comment in MailScanner.conf, or inclusion of a tarfile would > be a good idea. Can this be commented out otherwise? Look here : http://www.pcsupport.dk/software/WinRAR.html toward the bottom there are two dists for solaris depending on architechure Change Unrar Command = /user/bin/unrar To Unrar Command = > > I also noticed that "Queue Scan Interval" changed from 5 to 6 > seconds. Slowing down in your old age? > > Jeff Earickson > Colby College > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From spamtrap71892316634 at ANIME.NET Mon Mar 14 19:44:34 2005 From: spamtrap71892316634 at ANIME.NET (Dan Hollis) Date: Thu Jan 12 21:29:01 2006 Subject: mailscanner x86_64 install failure Message-ID: Ok, I figured out the i386x86_64 issue, I had both i386 and x86_64 versions of perl installed. I removed the i386 version so only x86_64 perl is still installed. But the mailscanner installer fails on building perl-Archive-Zip-1.14-1.src.rpm: t/testex............NOK 13# Test 13 got: (t/testex.t at line 82) # Expected: "1" (zip created) # t/testex.t line 82 is: ok( -f OUTPUTZIP, 1, "zip created" ); t/testex............NOK 14# Test 14 got: "256" (t/testex.t at line 83) # Expected: "0" (updateTree.pl update) # t/testex.t line 83 is: ok( runPerlCommand( 'examples/updateTree.pl', OUTPUTZIP, TESTDIR ), 0, "updateTree.pl update" ); t/testex............NOK 15# Test 15 got: (t/testex.t at line 84) # Expected: "1" (zip updated) # t/testex.t line 84 is: ok( -f OUTPUTZIP, 1, "zip updated" ); t/testex............FAILED tests 1-15 Failed 15/15 tests, 0.00% okay t/testMemberRead....ok t/testTree..........ok t/testUpdate........ok Failed Test Stat Wstat Total Fail Failed List of Failed ------------------------------------------------------------------------------- t/testex.t 15 15 100.00% 1-15 Failed 1/5 test scripts, 80.00% okay. 15/163 subtests failed, 90.80% okay. make: *** [test_dynamic] Error 255 error: Bad exit status from /var/tmp/rpm-tmp.96477 (%build) -Dan ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Mar 14 19:55:44 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:01 2006 Subject: 4.40.5: unrar for Solaris users? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jeff A. Earickson wrote: > The "Unrar Command = /usr/bin/unrar" in MailScanner.conf is a > stumbling block for us Solaris users that don't have this. I've > been googling for the source code, which to use please? Maybe > a comment in MailScanner.conf, or inclusion of a tarfile would > be a good idea. Can this be commented out otherwise? It currently just whines a bit if it can't find unrar. It is getting increasingly important to do this scanning, and so I would rather leave it in place to encourage people to get hold of unrar. > I also noticed that "Queue Scan Interval" changed from 5 to 6 > seconds. Slowing down in your old age? I have also internally changed the child forking delay to 11 seconds. With 10 seconds and 5 seconds, the children will tend to group together on multi-cpu systems. Changing it to 11 and 6 causes a much better spread of processes. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Mar 14 19:56:56 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:01 2006 Subject: mailscanner x86_64 install failure Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] What happens if you install Archive::Zip using CPAN? I remember I hit a problem somewhere, but can't now remember where. Archive::Zip or Compress:Zlib could well have been the problem. Dan Hollis wrote: >Ok, I figured out the i386x86_64 issue, I had both i386 and x86_64 >versions of perl installed. I removed the i386 version so only x86_64 perl >is still installed. > >But the mailscanner installer fails on building perl-Archive-Zip-1.14-1.src.rpm: > >t/testex............NOK 13# Test 13 got: (t/testex.t at line 82) ># Expected: "1" (zip created) ># t/testex.t line 82 is: ok( -f OUTPUTZIP, 1, "zip created" ); >t/testex............NOK 14# Test 14 got: "256" (t/testex.t at line 83) ># Expected: "0" (updateTree.pl update) ># t/testex.t line 83 is: ok( runPerlCommand( 'examples/updateTree.pl', OUTPUTZIP, TESTDIR ), 0, "updateTree.pl update" ); >t/testex............NOK 15# Test 15 got: (t/testex.t at line 84) ># Expected: "1" (zip updated) ># t/testex.t line 84 is: ok( -f OUTPUTZIP, 1, "zip updated" ); >t/testex............FAILED tests 1-15 > Failed 15/15 tests, 0.00% okay >t/testMemberRead....ok >t/testTree..........ok >t/testUpdate........ok >Failed Test Stat Wstat Total Fail Failed List of Failed >------------------------------------------------------------------------------- >t/testex.t 15 15 100.00% 1-15 >Failed 1/5 test scripts, 80.00% okay. 15/163 subtests failed, 90.80% okay. >make: *** [test_dynamic] Error 255 >error: Bad exit status from /var/tmp/rpm-tmp.96477 (%build) > >-Dan > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Mon Mar 14 20:01:08 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:29:01 2006 Subject: 4.40.5: unrar for Solaris users? Message-ID: On Mon, 14 Mar 2005, Julian Field wrote: > Date: Mon, 14 Mar 2005 19:55:44 +0000 > From: Julian Field > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: 4.40.5: unrar for Solaris users? > > Jeff A. Earickson wrote: > >> The "Unrar Command = /usr/bin/unrar" in MailScanner.conf is a >> stumbling block for us Solaris users that don't have this. I've >> been googling for the source code, which to use please? Maybe >> a comment in MailScanner.conf, or inclusion of a tarfile would >> be a good idea. Can this be commented out otherwise? > > It currently just whines a bit if it can't find unrar. It is getting > increasingly important to do this scanning, and so I would rather leave > it in place to encourage people to get hold of unrar. where from? I grabbed unrarsc-3.4.3.tar.gz and was about to fire up 4.40.5. Your recommendation please... Jeff ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From spamtrap71892316634 at ANIME.NET Mon Mar 14 20:02:04 2005 From: spamtrap71892316634 at ANIME.NET (Dan Hollis) Date: Thu Jan 12 21:29:01 2006 Subject: mailscanner x86_64 install failure Message-ID: btw can the installer check for two perls? eg perl.i386 and perl.x86_64 and bitch at the user? :)) i'll try archive::zip via cpan. maybe mailscanner is using an outdated version? -Dan On Mon, 14 Mar 2005, Julian Field wrote: > What happens if you install Archive::Zip using CPAN? > I remember I hit a problem somewhere, but can't now remember where. > Archive::Zip or Compress:Zlib could well have been the problem. > > Dan Hollis wrote: > > >Ok, I figured out the i386x86_64 issue, I had both i386 and x86_64 > >versions of perl installed. I removed the i386 version so only x86_64 perl > >is still installed. > > > >But the mailscanner installer fails on building perl-Archive-Zip-1.14-1.src.rpm: > > > >t/testex............NOK 13# Test 13 got: (t/testex.t at line 82) > ># Expected: "1" (zip created) > ># t/testex.t line 82 is: ok( -f OUTPUTZIP, 1, "zip created" ); > >t/testex............NOK 14# Test 14 got: "256" (t/testex.t at line 83) > ># Expected: "0" (updateTree.pl update) > ># t/testex.t line 83 is: ok( runPerlCommand( 'examples/updateTree.pl', OUTPUTZIP, TESTDIR ), 0, "updateTree.pl update" ); > >t/testex............NOK 15# Test 15 got: (t/testex.t at line 84) > ># Expected: "1" (zip updated) > ># t/testex.t line 84 is: ok( -f OUTPUTZIP, 1, "zip updated" ); > >t/testex............FAILED tests 1-15 > > Failed 15/15 tests, 0.00% okay > >t/testMemberRead....ok > >t/testTree..........ok > >t/testUpdate........ok > >Failed Test Stat Wstat Total Fail Failed List of Failed > >------------------------------------------------------------------------------- > >t/testex.t 15 15 100.00% 1-15 > >Failed 1/5 test scripts, 80.00% okay. 15/163 subtests failed, 90.80% okay. > >make: *** [test_dynamic] Error 255 > >error: Bad exit status from /var/tmp/rpm-tmp.96477 (%build) > > > >-Dan > > > >------------------------ MailScanner list ------------------------ > >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >'leave mailscanner' in the body of the email. > >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > >Support MailScanner development - buy the book off the website! > > > > > > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Mar 14 20:30:36 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:01 2006 Subject: 4.40.5: unrar for Solaris users? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jeff A. Earickson wrote: > On Mon, 14 Mar 2005, Julian Field wrote: > >> Date: Mon, 14 Mar 2005 19:55:44 +0000 >> From: Julian Field >> Reply-To: MailScanner mailing list >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: 4.40.5: unrar for Solaris users? >> >> Jeff A. Earickson wrote: >> >>> The "Unrar Command = /usr/bin/unrar" in MailScanner.conf is a >>> stumbling block for us Solaris users that don't have this. I've >>> been googling for the source code, which to use please? Maybe >>> a comment in MailScanner.conf, or inclusion of a tarfile would >>> be a good idea. Can this be commented out otherwise? >> >> >> It currently just whines a bit if it can't find unrar. It is getting >> increasingly important to do this scanning, and so I would rather leave >> it in place to encourage people to get hold of unrar. > > > where from? I grabbed unrarsc-3.4.3.tar.gz and was about to fire up > 4.40.5. Your recommendation please... Other people have already replied with a couple of places to look for it. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Jan-Peter.Koopmann at SECEIDOS.DE Mon Mar 14 20:49:36 2005 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:29:01 2006 Subject: JP Koopmann - MIA???? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Martin, > Anyone heard from JP recently? He seems to have dropped off the list > and hasn't updated the FreeBSD ports he maintains for a while (three > weeks) which is unlike him. I am terribly sorry. Just in a lot of stress lately. I hope I will be able to update all MailScanner ports this week. > Long winter holiday?? You wish. Actually: I wish... Sorry, JP ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Mon Mar 14 22:07:10 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:29:01 2006 Subject: small spam score, but defined as spam Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jason wrote: > Sometimes I recieve emails marked to be spam without enough spam score. The > follow header is from an email (actually a spam). MailScanner correctly > defines it as spam, but the score is just -0.125. So does MailScanner does > not only rely on spam score? What else then? > > X-MailScanner-SpamCheck: spam, spamhaus-XBL, SpamAssassin (score=-0.125, > required 5, ALL_TRUSTED -3.30, BAYES_50 0.00, HTML_30_40 0.02, > HTML_MESSAGE 0.00, INVALID_DATE 0.24, MIME_HTML_ONLY 0.18, > MIME_QP_LONG_LINE 0.04, MSGID_OUTLOOK_INVALID 2.70) Julian, this question pops up every week. Could you please consider having RBL checks within MS disabled as a default? -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From spamtrap71892316634 at ANIME.NET Mon Mar 14 22:11:09 2005 From: spamtrap71892316634 at ANIME.NET (Dan Hollis) Date: Thu Jan 12 21:29:01 2006 Subject: mailscanner x86_64 install failure Message-ID: archive::zip installs fine via cpan. so something is broke in the rpm? from cpan install: Running make test PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t t/test..............ok t/testex............ok t/testMemberRead....ok t/testTree..........ok t/testUpdate........ok All tests successful. Files=5, Tests=163, 2 wallclock secs ( 1.71 cusr + 0.39 csys = 2.10 CPU) /usr/bin/make test -- OK -Dan > On Mon, 14 Mar 2005, Julian Field wrote: > > What happens if you install Archive::Zip using CPAN? > > I remember I hit a problem somewhere, but can't now remember where. > > Archive::Zip or Compress:Zlib could well have been the problem. > > > > Dan Hollis wrote: > > > > >Ok, I figured out the i386x86_64 issue, I had both i386 and x86_64 > > >versions of perl installed. I removed the i386 version so only x86_64 perl > > >is still installed. > > > > > >But the mailscanner installer fails on building perl-Archive-Zip-1.14-1.src.rpm: > > > > > >t/testex............NOK 13# Test 13 got: (t/testex.t at line 82) > > ># Expected: "1" (zip created) > > ># t/testex.t line 82 is: ok( -f OUTPUTZIP, 1, "zip created" ); > > >t/testex............NOK 14# Test 14 got: "256" (t/testex.t at line 83) > > ># Expected: "0" (updateTree.pl update) > > ># t/testex.t line 83 is: ok( runPerlCommand( 'examples/updateTree.pl', OUTPUTZIP, TESTDIR ), 0, "updateTree.pl update" ); > > >t/testex............NOK 15# Test 15 got: (t/testex.t at line 84) > > ># Expected: "1" (zip updated) > > ># t/testex.t line 84 is: ok( -f OUTPUTZIP, 1, "zip updated" ); > > >t/testex............FAILED tests 1-15 > > > Failed 15/15 tests, 0.00% okay > > >t/testMemberRead....ok > > >t/testTree..........ok > > >t/testUpdate........ok > > >Failed Test Stat Wstat Total Fail Failed List of Failed > > >------------------------------------------------------------------------------- > > >t/testex.t 15 15 100.00% 1-15 > > >Failed 1/5 test scripts, 80.00% okay. 15/163 subtests failed, 90.80% okay. > > >make: *** [test_dynamic] Error 255 > > >error: Bad exit status from /var/tmp/rpm-tmp.96477 (%build) > > > > > >-Dan > > > > > >------------------------ MailScanner list ------------------------ > > >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > >'leave mailscanner' in the body of the email. > > >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > > >Support MailScanner development - buy the book off the website! > > > > > > > > > > > > > -- > > Julian Field > > www.MailScanner.info > > Buy the MailScanner book at www.MailScanner.info/store > > Professional Support Services at www.MailScanner.biz > > MailScanner thanks transtec Computers for their support > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Jan-Peter.Koopmann at SECEIDOS.DE Mon Mar 14 22:19:18 2005 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:29:01 2006 Subject: JP Koopmann - MIA???? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Monday, March 14, 2005 4:44 PM Martin Hepworth wrote: > Anyone heard from JP recently? He seems to have dropped off the list > and hasn't updated the FreeBSD ports he maintains for a while (three > weeks) which is unlike him. Long winter holiday?? Just submitted the 4.39.6 port. Hope it get's committed soon. I hope the mailscanner-devel port will be ready the next days. Regards, JP ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From gregk at infosecsolutions.com.au Tue Mar 15 00:16:51 2005 From: gregk at infosecsolutions.com.au (Greg Krzeszkowski) Date: Thu Jan 12 21:29:01 2006 Subject: Email is HTML Disarmed - doesn't get sent afterwards Message-ID: Hi, some weird behaviour (or at least it looks weird to me). We have an external company that creates our mailouts (retail fashion) and sends from their server using one of our domains. When these emails are sent to staff, the following comes up in maillog: Mar 15 10:09:14 localhost sendmail[18296]: j2EN9CHx018296: to=
, delay=00:00:01, mailer=smtp, pri=68753, stat=queued Mar 15 10:09:14 localhost sendmail[18296]: j2EN9CHx018296: to=
, delay=00:00:01, mailer=smtp, pri=68753, stat=queued Mar 15 10:09:14 localhost MailScanner[12837]: New Batch: Found 85 messages waiting Mar 15 10:09:14 localhost MailScanner[12837]: New Batch: Scanning 1 messages, 9329 bytes Mar 15 10:09:14 localhost MailScanner[12837]: MCP Checks completed at 9329 bytes per second Mar 15 10:09:14 localhost MailScanner[12837]: Spam Checks: Starting Mar 15 10:09:19 localhost MailScanner[12837]: Spam Checks completed at 1865 bytes per second Mar 15 10:09:19 localhost MailScanner[12837]: Virus and Content Scanning: Starting Mar 15 10:09:20 localhost MailScanner[12837]: Content Checks: Detected HTML-specific exploits in j2EN9CHx018296 Mar 15 10:09:20 localhost MailScanner[12837]: Content Checks: Found 1 problems Mar 15 10:09:20 localhost MailScanner[12837]: Virus Scanning completed at 9329 bytes per second Mar 15 10:09:20 localhost MailScanner[12837]: Content Checks: Detected and will disarm HTML message in j2EN9CHx018296 Mar 15 10:09:20 localhost MailScanner[12837]: Virus Processing completed at 9329 bytes per second Mar 15 10:09:20 localhost MailScanner[12837]: Disinfection completed at 9329 bytes per second Mar 15 10:09:20 localhost MailScanner[12837]: Batch completed at 1554 bytes per second (9329 / 6) There's no queued for delivery message in the log for this messageid, nor is there anything in mqueue for the message. Dangerous Content Scanning = Yes Allow WebBugs = disarm Any ideas? -------------------------- Greg Krzeszkowski Director, Infrastructure and Applications Development Practice InfoSec Solutions 0411 154 261 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Mon Mar 14 23:59:20 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:01 2006 Subject: vnames.pl script Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I was playing with the vnames.pl script and added support for ETrust, clammodule, RAV antivirus, and Trend. If any one with these virus scanners would like to test and let me know, I would appreciate it. I offered a diff to the writer, but have gotten no response as of yet. -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2: "Attached Text" ] #!/usr/bin/perl -w # # vnames.pl [-v] Version 2.1.2 - 4/5/2004 # ---------------------------------------------------------------------------- # Print a report of all the e-mail viruses received today. # # Contributors v.2.x.x: # McAfee French, Text Formatting - Denis Beauchemin (Denis.Beauchemin@USherbrooke.ca) # H+BEDV AntiVir Support - Wolfgang Bönschen (wolfgang@antares.de) # McAfee virus|trojan fix - James Gray (james@grayonline.id.au) # BitDefender, RAV, ETrust, trend, and clammodule support - Scott Silva (ssilva@sgvwater.com) # Refined & Expanded Scanners - Joshua Hirsh (joshua.hirsh@partnersolutions.ca) # originally from David While's MailStats.pl script: (http://staff.cie.uce.ac.uk/~id001869/mailstats/). # Panda support - Pedro Rosa (Pedro.Rosa@SA.FC.UL.PT) # # Contributors v.1.x.x: # Sophos Support - Aaron Seelye (aseelye-lists@eltopia.com) # F-Prot Support - jburzenski (jburzenski@americanhm.com) # # Copyright, (c) 2003-2004, Corey S. McFadden & Associates (contact@csma.biz) # www.csma.biz # By postal mail: # McFadden Associates # PO Box 20665 # Lehigh Valley, PA 18002 # U.S.A. # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # Definable Vars $Scanner = "mcafee,clamav,bitdefender"; # comma sep: sophos,sophossavi,inoculan,clamav,command,f-prot, # mcafee,mcafee_fr,fsecure,panda,antivir,bitdefender $HTML = "yes"; # yes|no (no=text only) $Sort = "count"; #count|name (count=ascending) $MailLogFile = "/var/log/maillog"; $SendMail = "/usr/sbin/sendmail"; $StatsFile = "/root/virus.log"; # Scanner Strings my %Scanners = ( sophos => { Output => '>>> Virus', String => '>>> Virus \'(.*)\''}, sophossavi => { Output => 'INFECTED::', String => 'INFECTED:: (.*)::'}, inoculan => { Output => 'was infected by virus', String => 'was infected by virus \[(.*)\]'}, clamav => { Output => 'FOUND', String => ':.* (.*) FOUND'}, command => { Output => 'Infection:', String => 'Infection: (.*)'}, "f-prot" => { Output => 'Infection:', String => 'Infection: (.*)'}, mcafee => { Output => 'Found the', String => 'Found the (.*) (virus|trojan) !!!'}, mcafee_fr => { Output => 'contient le', String => 'contient le (?:virus|ver|cheval de Troie) (.*) !!!'}, fsecure => { Output => '.*Infection: (.*)', String => '.*Infection: (.*)'}, panda => { Output => 'Virus: (.*)', String => '.* => (.*)##'}, antivir => { Output => 'ALERT: (.*)', String => 'ALERT: \[(.*)\]'}, bitdefender => { Output => '\/.*infected:', String => '\/.*infected: (.*)'}, rav => { Output => '.*Infected: (.*)', String => '.*Infected: (.*)'}, eTrust => { Output => 'is infected by virus:', String => 'is infected by virus: (.*)'}, clamavmodule => { Output => 'INFECTED', String => 'INFECTED::(.*)::'}, trend => { Output => 'Trend found (.*) in ', String => 'Trend found (.*) in '}, ); my %ScannerText = ( sophos => "Sophos SAV", sophossavi => "Sophos SAVI", inoculan => "Inoculan", clamav => "ClamAV", command => "Command", "f-prot" => "F-Prot", mcafee => "McAfee", mcafee_fr => "McAfee (with French messages)", fsecure => "FSecure", panda => "Panda Antivirus", antivir => "H+BEDV AntiVir", bitdefender => "BitDefender Antivirus", rav => "RAV Antivirus", eTrust => "eTrust", clamavmodule => "ClamAV Module", trend => "Trend Antivirus" ); # Internal Vars $EmailTo = $ARGV[0]; if ($EmailTo eq "") { print "\tUsage: vnames.pl [-v] \n"; exit 1; } if ($EmailTo eq "-v") { print "\n"; print "\tvnames.pl - MailScanner Virus Filter Report.\n"; print "\t Version 2.1.2, released 4/5/2004.\n"; print "\t http://web.csma.biz/apps/vnames.shtml\n\n"; print "\tScanners supported:\n"; foreach $in(sort(keys %ScannerText)) { printf "\t %-12s %-20s\n", $in, $ScannerText{$in}; } print "\n"; exit 0; } @UseScanners = split(/,/,$Scanner); $now_date = localtime(time); @TIM = split(/\ /,$now_date); # Check this $AnsiDate = ""; # # Program Main # &parse_date; open (SENDMAIL,"|$SendMail $EmailTo") or die "Cannot open $SendMail."; &print_header; foreach $in(@UseScanners) { &init_vars; &print_sectionheader($in); &check_log($in); &print_sortedresults; &print_sectionfooter; } &print_footer; close SENDMAIL; #&write_stats; # # Program Subroutines # sub init_vars { %Seen = (); @SortedList = (); @Names1 = (); $count = 0; } sub print_header { # Print e-mail header my $myhostname = (`hostname`); $myhostname =~ s/\n//g; print SENDMAIL "Reply-to: root\@$myhostname\n"; print SENDMAIL "Subject: E-Mail Viruses ($TIM[0]) - $myhostname\n"; print SENDMAIL "To: $EmailTo\n"; if ($HTML eq "yes") { print SENDMAIL "Content-type: text/html\;\n\n"; print SENDMAIL "\n"; } else { print SENDMAIL "\n"; } } sub print_sectionheader { # Start each scanner block # Current scanner name must be supplied my $currentscanner = $_[0]; if ($HTML eq "yes") { print SENDMAIL "

\n"; print SENDMAIL "Viruses found by MailScanner \&\; $ScannerText{$currentscanner} today:\n"; } else { print SENDMAIL "Viruses found by MailScanner \& $ScannerText{$currentscanner} today:\n"; } } sub print_sectionfooter { if ($HTML eq "yes") { print SENDMAIL "


"; } else { print SENDMAIL "\n\n"; } } sub check_log { # Current scanner name must be supplied my $currentscanner = $_[0]; my $ThisScanner = $Scanners{$currentscanner}; open (MAILLOG,$MailLogFile); while ($cline = ) { $cline =~ s/\n//g; if ($cline =~ "$TIM[1] $TIM[2]") { if ($cline =~ /$ThisScanner->{Output}/) { ($vname) = ($cline =~ /$ThisScanner->{String}/); $count = ($count + 1); $vname =~ s/\ //g; $vname =~ s/\n//g; push @Names1,"$vname"; } } } close MAILLOG; } sub print_sortedresults { # Take the resulting array, Names1, and sort with a count. my @UniqueList = (); foreach $in(@Names1) { push (@UniqueList,$in) unless ($Seen{$in}); $Seen{$in}++; } @SortedList = sort(@UniqueList); if ($HTML eq "yes") { # HTML output print SENDMAIL "\n"; if ($Sort eq "count") { # Sorted by count foreach $in(sort { $Seen{$b} <=> $Seen{$a} } keys %Seen) { # print SENDMAIL "\n"; print SENDMAIL "\n"; } } else { # Sorted by name foreach $in(@SortedList) { print SENDMAIL "\n"; } } print SENDMAIL "
\ \ $in\ \  $Seen{$in}
\ \ $in$Seen{$in}
\ \ $in$Seen{$in}
\n"; } else { # Text output if ($Sort eq "count") { # Sorted by count foreach $in(sort { $Seen{$b} <=> $Seen{$a} } keys %Seen) { printf SENDMAIL " - %-28s %7d\n", $in, $Seen{$in}; } } else { # Sorted by name foreach $in(@SortedList) { printf SENDMAIL " - %-28s %7d\n", $in, $Seen{$in}; } } } if ($count eq 0) { print SENDMAIL "None.\n"; } else { print SENDMAIL "A total of $count viruses were found and filtered.\n"; } } sub print_footer { if ($HTML eq "yes") { print SENDMAIL "\n"; } else { print SENDMAIL "\n"; } } sub write_stats { # Write CSV Stats for Excel graphs and whatnot open (STAT, ">>$StatsFile"); foreach $in(@SortedList) { print STAT "$AnsiDate,$in,$Seen{$in}\n"; } close STAT; } sub parse_date { my $date=localtime(); my ($day, $month, $num, $time, $year) = split(/\s+/,$date); if ($month eq "Jan") { $month = "1"; } if ($month eq "Feb") { $month = "2"; } if ($month eq "Mar") { $month = "3"; } if ($month eq "Apr") { $month = "4"; } if ($month eq "May") { $month = "5"; } if ($month eq "Jun") { $month = "6"; } if ($month eq "Jul") { $month = "7"; } if ($month eq "Aug") { $month = "8"; } if ($month eq "Sep") { $month = "9"; } if ($month eq "Oct") { $month = "10"; } if ($month eq "Nov") { $month = "11"; } if ($month eq "Dec") { $month = "12"; } $month = int($month); $num = int($num); if ($month < 10) { $fmonth = "0$month"; } else { $fmonth = "$month"; }; if ($num < 10) { $fnum = "0$num"; } else { $fnum = "$num"; }; $AnsiDate = "$year-$fmonth-$fnum"; } exit 0; ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Tue Mar 15 01:16:53 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:29:01 2006 Subject: Released beta 4.40.4 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian, have the autolearn=notspam, autolearn=spam comments been removed from the MS output to the maillog? I see these on my old machine 4.29x but on latest stable they dont appear. Is this your design or SA 3.02? Regards and thanks Pete ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Tue Mar 15 03:34:23 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:29:01 2006 Subject: 4.40.5, Solaris 9, no problems Message-ID: Been working great, using unrar from http://www.rarlab.com/. You outta mention a URL for where to get unrar if your system (like mine) doesn't come with it. What's another comment in the MailScanner.conf file? Jeff Earickson ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pg at NEWHONEST.COM Tue Mar 15 04:14:19 2005 From: pg at NEWHONEST.COM (Jason) Date: Thu Jan 12 21:29:01 2006 Subject: spamhaus-XBL Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, I'm using mailscanner-4.38.10-1, with sendmail and spamassassin. When a client send an email (not spam) with outlook express through our server, the receipient received the message regarded as spam. And the reason is "spamhaus-XBL". The IP of mail server is certainly not in the "spamhaus-XBL" list, but the client may be, since it's a dynamic IP. And we certainly have no control of what ip was assigned to us by ISP. So, from my point of view, the ip of the client should not be considered as spam host of not, right? But this does not seem to be case. The following is the header of the received emal : Return-Path: Received: from edp008 ([219.132.219.6]) (authenticated bits=0) by mail.newhonest.com (8.12.11/8.12.11) with ESMTP id j2F3flTp027281 for ; Tue, 15 Mar 2005 11:41:50 +0800 Message-ID: <008601c52910$ee521720$4001a8c0@edp008> From: "sender" sender@newhonest.com To: "receipient" receipient@newhonest.com Subject: {Spam?} test2 ,this is a external email Date: Tue, 15 Mar 2005 11:41:49 +0800 MIME-Version: 1.0 Content-type: multipart/report; boundary="======19077==36171======" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-MailScanner-Information: Please contact the ISP for more information X-MailScanner: Found to be clean X-MailScanner-SpamCheck: spam, spamhaus-XBL, SpamAssassin (score=1.529, required 5, AWL -2.93, BAYES_20 -1.95, HTML_90_100 0.02, HTML_MESSAGE 0.00, MIME_BASE64_TEXT 0.30, MIME_HTML_MOSTLY 1.02, RCVD_IN_SORBS_DUL 1.99, RCVD_IN_XBL 3.08) X-MailScanner-SpamScore: 1 X-MailScanner-From: sender@newhonest.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ramprasad at NETCORE.CO.IN Tue Mar 15 06:55:35 2005 From: ramprasad at NETCORE.CO.IN (Ramprasad A Padmanabhan) Date: Thu Jan 12 21:29:01 2006 Subject: Abort delivery of mail in customconfig.pm Message-ID: Hi, I have an application where Mail is sent to a server with Mailscanner. I require to take some actions based on the text in the mail and then simply ignore the mail Can someone give me pointers on 1) Configuring Mailscanner optimally to retain only text part of the mail. I am not interested in the MIME attachments 2) Abort the deivery of mail after the action is taken in CustomConfig.pm Thanks Ram ---------------------------------------------------------- Netcore Solutions Pvt. Ltd. Website: http://www.netcore.co.in Spamtraps: http://cleanmail.netcore.co.in/directory.html ---------------------------------------------------------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Mar 15 07:02:12 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:01 2006 Subject: small spam score, but defined as spam Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Peter Bonivart wrote: > Jason wrote: > >> Sometimes I recieve emails marked to be spam without enough spam >> score. The >> follow header is from an email (actually a spam). MailScanner correctly >> defines it as spam, but the score is just -0.125. So does MailScanner >> does >> not only rely on spam score? What else then? >> >> X-MailScanner-SpamCheck: spam, spamhaus-XBL, SpamAssassin (score=-0.125, >> required 5, ALL_TRUSTED -3.30, BAYES_50 0.00, HTML_30_40 0.02, >> HTML_MESSAGE 0.00, INVALID_DATE 0.24, MIME_HTML_ONLY 0.18, >> MIME_QP_LONG_LINE 0.04, MSGID_OUTLOOK_INVALID 2.70) > > > Julian, > > this question pops up every week. Could you please consider having RBL > checks within MS disabled as a default? I think a MAQ entry would be more appropriate. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Mar 15 07:04:59 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:01 2006 Subject: Released beta 4.40.4 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Peter Russell wrote: > Julian, have the autolearn=notspam, autolearn=spam comments been removed > from the MS output to the maillog? > > I see these on my old machine 4.29x but on latest stable they dont > appear. Is this your design or SA 3.02? They should still be in the code. I haven't removed them... I should be able to check properly later today when my devel server gets its RAM replaced. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Mar 15 07:06:28 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:01 2006 Subject: 4.40.5, Solaris 9, no problems Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jeff A. Earickson wrote: > Been working great, using unrar from http://www.rarlab.com/. > You outta mention a URL for where to get unrar if your > system (like mine) doesn't come with it. What's another comment > in the MailScanner.conf file? > Good point. I have added a pointer to www.rarlab.com in the MailScanner.conf. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From randyf at SIBERNET.COM Tue Mar 15 07:26:06 2005 From: randyf at SIBERNET.COM (Randy Fishel) Date: Thu Jan 12 21:29:01 2006 Subject: 4.40.5: unrar for Solaris users? Message-ID: On Mon, 14 Mar 2005, Jeff A. Earickson wrote: > > where from? I grabbed unrarsc-3.4.3.tar.gz and was about to fire up > 4.40.5. Your recommendation please... > > Jeff > For Solaris tools, I would suggest getting pkg-get from blaswave.org, and have it fetch the proper unrar package for the Solaris version that is being run. There are other tools available via blastwave as well, packaged for S8 through S10, and starting to get more attention than sunfreeware.com. rf ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ak at HOVMARK.DK Tue Mar 15 08:55:58 2005 From: ak at HOVMARK.DK (Anders Kongsted) Date: Thu Jan 12 21:29:01 2006 Subject: Bayes is gone Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, I have a couple of MailScanner running, but on one of them, it doesn't look like it use bayes. Any good idears? It runs on a RH9 with MS 4.38.10. I had upgrade MS from a much earlier version without bayes-support... Looking forward to hear from sombody! :-) Anders, Denmark ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Mar 15 09:03:13 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:01 2006 Subject: spamhaus-XBL Message-ID: Jason doing a looking at spamhaus (http://www.spamhaus.org/query/bl?ip=219.132.219.6) the ip-address IS in spamhaus's DB. I find doing the RBL checks in MailScanner can produce problems with false positives and I only do the checks in SA, as you've also got set. if you remove the RBL check from MailScanner.conf and let SA only do this you won't get the email marked as spam. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Jason wrote: > Hi, > > I'm using mailscanner-4.38.10-1, with sendmail and spamassassin. When a > client send an email (not spam) with outlook express through our server, > the > receipient received the message regarded as spam. And the reason is > "spamhaus-XBL". > > The IP of mail server is certainly not in the "spamhaus-XBL" list, but > the client may be, since it's a dynamic IP. And we certainly have no > control > of what ip was assigned to us by ISP. So, from my point of view, the ip of > the client should not be considered as spam host of not, right? But this > does not seem to be case. > > > The following is the header of the received emal : > > Return-Path: > Received: from edp008 ([219.132.219.6]) > (authenticated bits=0) > by mail.newhonest.com (8.12.11/8.12.11) with ESMTP id j2F3flTp027281 > for ; Tue, 15 Mar 2005 11:41:50 +0800 > Message-ID: <008601c52910$ee521720$4001a8c0@edp008> > From: "sender" sender@newhonest.com > To: "receipient" receipient@newhonest.com > Subject: {Spam?} test2 ,this is a external email > Date: Tue, 15 Mar 2005 11:41:49 +0800 > MIME-Version: 1.0 > Content-type: multipart/report; boundary="======19077==36171======" > X-Priority: 3 > X-MSMail-Priority: Normal > X-Mailer: Microsoft Outlook Express 6.00.2900.2180 > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 > X-MailScanner-Information: Please contact the ISP for more information > X-MailScanner: Found to be clean > X-MailScanner-SpamCheck: spam, spamhaus-XBL, SpamAssassin (score=1.529, > required 5, AWL -2.93, BAYES_20 -1.95, HTML_90_100 0.02, > HTML_MESSAGE 0.00, MIME_BASE64_TEXT 0.30, MIME_HTML_MOSTLY 1.02, > RCVD_IN_SORBS_DUL 1.99, RCVD_IN_XBL 3.08) > X-MailScanner-SpamScore: 1 > X-MailScanner-From: sender@newhonest.com > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Mar 15 09:03:52 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:01 2006 Subject: Bayes is gone Message-ID: Anders what does "spamassassin -D --lint" show? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Anders Kongsted wrote: > Hi, > > I have a couple of MailScanner running, but on one of them, it doesn't > look like it use bayes. Any good idears? It runs on a RH9 with MS > 4.38.10. I had upgrade MS from a much earlier version without > bayes-support... > > Looking forward to hear from sombody! :-) > > Anders, Denmark > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michael at NOMENNESCIO.NET Tue Mar 15 09:03:07 2005 From: michael at NOMENNESCIO.NET (Mike) Date: Thu Jan 12 21:29:01 2006 Subject: Bayes is gone Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >Behalf Of Anders Kongsted > >Hi, > >I have a couple of MailScanner running, but on one of them, it doesn't >look like it use bayes. Any good idears? It runs on a RH9 with MS >4.38.10. I had upgrade MS from a much earlier version without >bayes-support... > >Looking forward to hear from sombody! :-) Bayes is probably learning at the moment. I believe it needs about 200 - 250 message (classified as being SPAM), before it is used by MS/SA. >Anders, Denmark Mike. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Mar 15 09:12:12 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:01 2006 Subject: spam with inline gif image but filename of .com Message-ID: All Anyone seeing spam (with bayes poisoning attempts, and talking about the Shuttle disaster last year etc) with an inline gif image attached, but the filename being somthing.com or emailaddress.com? The mimetype is gif. It's getting trapped by the filename trap in MS, but just wondering if anyone else is getting these? Neither Sophos nor ClamAV is picking it up as viral. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pg at NEWHONEST.COM Tue Mar 15 09:11:49 2005 From: pg at NEWHONEST.COM (Jason) Date: Thu Jan 12 21:29:01 2006 Subject: spamhaus-XBL Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, But 219.132.219.6 is the client (outlook express), not the email server. The client is sending email through the server by smtp auth. Jason ----- Original Message ----- From: "Martin Hepworth" To: Sent: Tuesday, March 15, 2005 5:03 PM Subject: Re: spamhaus-XBL > Jason > > > doing a looking at spamhaus > (http://www.spamhaus.org/query/bl?ip=219.132.219.6) the ip-address IS in > spamhaus's DB. > > I find doing the RBL checks in MailScanner can produce problems with > false positives and I only do the checks in SA, as you've also got set. > > if you remove the RBL check from MailScanner.conf and let SA only do > this you won't get the email marked as spam. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Jason wrote: >> Hi, >> >> I'm using mailscanner-4.38.10-1, with sendmail and spamassassin. When >> a >> client send an email (not spam) with outlook express through our server, >> the >> receipient received the message regarded as spam. And the reason is >> "spamhaus-XBL". >> >> The IP of mail server is certainly not in the "spamhaus-XBL" list, but >> the client may be, since it's a dynamic IP. And we certainly have no >> control >> of what ip was assigned to us by ISP. So, from my point of view, the ip >> of >> the client should not be considered as spam host of not, right? But this >> does not seem to be case. >> >> >> The following is the header of the received emal : >> >> Return-Path: >> Received: from edp008 ([219.132.219.6]) >> (authenticated bits=0) >> by mail.newhonest.com (8.12.11/8.12.11) with ESMTP id j2F3flTp027281 >> for ; Tue, 15 Mar 2005 11:41:50 +0800 >> Message-ID: <008601c52910$ee521720$4001a8c0@edp008> >> From: "sender" sender@newhonest.com >> To: "receipient" receipient@newhonest.com >> Subject: {Spam?} test2 ,this is a external email >> Date: Tue, 15 Mar 2005 11:41:49 +0800 >> MIME-Version: 1.0 >> Content-type: multipart/report; boundary="======19077==36171======" >> X-Priority: 3 >> X-MSMail-Priority: Normal >> X-Mailer: Microsoft Outlook Express 6.00.2900.2180 >> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 >> X-MailScanner-Information: Please contact the ISP for more information >> X-MailScanner: Found to be clean >> X-MailScanner-SpamCheck: spam, spamhaus-XBL, SpamAssassin (score=1.529, >> required 5, AWL -2.93, BAYES_20 -1.95, HTML_90_100 0.02, >> HTML_MESSAGE 0.00, MIME_BASE64_TEXT 0.30, MIME_HTML_MOSTLY 1.02, >> RCVD_IN_SORBS_DUL 1.99, RCVD_IN_XBL 3.08) >> X-MailScanner-SpamScore: 1 >> X-MailScanner-From: sender@newhonest.com >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Tue Mar 15 09:18:32 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:29:01 2006 Subject: spamhaus-XBL Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jason said: > Hi, > > But 219.132.219.6 is the client (outlook express), not the email > server. > The client is sending email through the server by smtp auth. > > Jason That won't make any difference. The client is establishing a SMTP connection to the server and so it's IP address will be checked. Spammers will often fake the client so all SMTP connections have to be checked. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From frank at OPENMINDS.BE Tue Mar 15 09:25:11 2005 From: frank at OPENMINDS.BE (Frank Louwers) Date: Thu Jan 12 21:29:01 2006 Subject: spamhaus-XBL Message-ID: On Tue, Mar 15, 2005 at 09:18:32AM -0000, Drew Marshall wrote: > Jason said: > > Hi, > > > > But 219.132.219.6 is the client (outlook express), not the email > > server. > > The client is sending email through the server by smtp auth. > > > > Jason > > That won't make any difference. The client is establishing a SMTP > connection to the server and so it's IP address will be checked. Spammers > will often fake the client so all SMTP connections have to be checked. Not realy. You should run auth-smtp on a different port (tcp/587) and ONLY run auth-smtp on that port, no regular smtp. That way, you can configure the MTA on 587 not to do special checks (blacklist checks). Kind Regards, Frank Louwers -- Openminds bvba www.openminds.be Tweebruggenstraat 16 - 9000 Gent - Belgium ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pg at NEWHONEST.COM Tue Mar 15 09:28:33 2005 From: pg at NEWHONEST.COM (Jason) Date: Thu Jan 12 21:29:01 2006 Subject: spamhaus-XBL Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Martin, I see! But as what I have stated in my first message, we can't control what dynamic IP that our ISP would assign to us. So if we are assigned a bad ip, we would be in trouble, at least for a while until we get a new ip. That doesn't seem sensible. Jason ----- Original Message ----- From: "Drew Marshall" To: Sent: Tuesday, March 15, 2005 5:18 PM Subject: Re: spamhaus-XBL > Jason said: >> Hi, >> >> But 219.132.219.6 is the client (outlook express), not the email >> server. >> The client is sending email through the server by smtp auth. >> >> Jason > > That won't make any difference. The client is establishing a SMTP > connection to the server and so it's IP address will be checked. Spammers > will often fake the client so all SMTP connections have to be checked. > > Drew > > -- > In line with our policy, this message has > been scanned for viruses and dangerous > content by MailScanner, and is believed to be clean. > www.themarshalls.co.uk/policy > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pg at NEWHONEST.COM Tue Mar 15 09:31:26 2005 From: pg at NEWHONEST.COM (Jason) Date: Thu Jan 12 21:29:01 2006 Subject: spamhaus-XBL Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Frank, In fact my server has port 587 enabled (also smtp-auth enables). What exactly I should to do to "not to do special checks (blacklist checks) on port 587"? Jason ----- Original Message ----- From: "Frank Louwers" To: Sent: Tuesday, March 15, 2005 5:25 PM Subject: Re: spamhaus-XBL > On Tue, Mar 15, 2005 at 09:18:32AM -0000, Drew Marshall wrote: >> Jason said: >> > Hi, >> > >> > But 219.132.219.6 is the client (outlook express), not the email >> > server. >> > The client is sending email through the server by smtp auth. >> > >> > Jason >> >> That won't make any difference. The client is establishing a SMTP >> connection to the server and so it's IP address will be checked. Spammers >> will often fake the client so all SMTP connections have to be checked. > > Not realy. You should run auth-smtp on a different port (tcp/587) and > ONLY run auth-smtp on that port, no regular smtp. That way, you can > configure the MTA on 587 not to do special checks (blacklist checks). > > > > Kind Regards, > Frank Louwers > > -- > Openminds bvba www.openminds.be > Tweebruggenstraat 16 - 9000 Gent - Belgium > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Mar 15 09:32:07 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:01 2006 Subject: spamhaus-XBL Message-ID: Jason Another reason why doing the RBL's in MailScanner.conf if a bad idea (tm) if you have this kind of setup. Leave it to SA and you won't have quite so much of an issue. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Jason wrote: > Hi Martin, > > I see! But as what I have stated in my first message, we can't control > what dynamic IP that our ISP would assign to us. So if we are assigned a > bad > ip, we would be in trouble, at least for a while until we get a new ip. > That > doesn't seem sensible. > > Jason > > > ----- Original Message ----- > From: "Drew Marshall" > To: > Sent: Tuesday, March 15, 2005 5:18 PM > Subject: Re: spamhaus-XBL > > >> Jason said: >> >>> Hi, >>> >>> But 219.132.219.6 is the client (outlook express), not the email >>> server. >>> The client is sending email through the server by smtp auth. >>> >>> Jason >> >> >> That won't make any difference. The client is establishing a SMTP >> connection to the server and so it's IP address will be checked. Spammers >> will often fake the client so all SMTP connections have to be checked. >> >> Drew >> >> -- >> In line with our policy, this message has >> been scanned for viruses and dangerous >> content by MailScanner, and is believed to be clean. >> www.themarshalls.co.uk/policy >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Tue Mar 15 09:33:53 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:29:01 2006 Subject: spamhaus-XBL Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Frank Louwers said: > On Tue, Mar 15, 2005 at 09:18:32AM -0000, Drew Marshall wrote: >> Jason said: >> > Hi, >> > >> > But 219.132.219.6 is the client (outlook express), not the email >> > server. >> > The client is sending email through the server by smtp auth. >> > >> > Jason >> >> That won't make any difference. The client is establishing a SMTP >> connection to the server and so it's IP address will be checked. >> Spammers >> will often fake the client so all SMTP connections have to be checked. > > Not realy. You should run auth-smtp on a different port (tcp/587) and > ONLY run auth-smtp on that port, no regular smtp. That way, you can > configure the MTA on 587 not to do special checks (blacklist checks). But the mail is not being bounced but tagged as spam in MS. If the RBL checks are set in MailScanner then messages from that IP address will always be marked as spam. Better still as Martin suggested is to remove all RBLs from MailScanner and let SpamAssassin check them. This won't mean that there isn't a chance that the message is tagged but it's less likely. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From frank at OPENMINDS.BE Tue Mar 15 09:38:54 2005 From: frank at OPENMINDS.BE (Frank Louwers) Date: Thu Jan 12 21:29:01 2006 Subject: spamhaus-XBL Message-ID: On Tue, Mar 15, 2005 at 05:31:26PM +0800, Jason wrote: > Hi Frank, > > In fact my server has port 587 enabled (also smtp-auth enables). > > What exactly I should to do to "not to do special checks (blacklist > checks) on port 587"? You could do two things: - remove al rbl checks from mailscanner itself (do it either in your MTA (only the one listening on tcp/25) or in mailscanner and add a highly negative score (eg -20 or -100 for authenticated smtp (detect using a special header?)) - reinject all "authenticated mail" into regular smtp, so that the "sending host" will be your auth-smtp mailserver, not the client (which might be blacklisted). Kind Regards, Frank Louwers -- Openminds bvba www.openminds.be Tweebruggenstraat 16 - 9000 Gent - Belgium ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pg at NEWHONEST.COM Tue Mar 15 09:39:18 2005 From: pg at NEWHONEST.COM (Jason) Date: Thu Jan 12 21:29:01 2006 Subject: spamhaus-XBL Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Drew, In fact, this spamhaus-XBL has detected serveral messages that are missed by spamassassin (not enough score). So if Frank's suggestion do work, I would give it a try. If it doesn't, I would surely use spamassassin only. False positive is alway troublesome. Jason ----- Original Message ----- From: "Drew Marshall" To: Sent: Tuesday, March 15, 2005 5:33 PM Subject: Re: spamhaus-XBL > Frank Louwers said: >> On Tue, Mar 15, 2005 at 09:18:32AM -0000, Drew Marshall wrote: >>> Jason said: >>> > Hi, >>> > >>> > But 219.132.219.6 is the client (outlook express), not the email >>> > server. >>> > The client is sending email through the server by smtp auth. >>> > >>> > Jason >>> >>> That won't make any difference. The client is establishing a SMTP >>> connection to the server and so it's IP address will be checked. >>> Spammers >>> will often fake the client so all SMTP connections have to be checked. >> >> Not realy. You should run auth-smtp on a different port (tcp/587) and >> ONLY run auth-smtp on that port, no regular smtp. That way, you can >> configure the MTA on 587 not to do special checks (blacklist checks). > > But the mail is not being bounced but tagged as spam in MS. If the RBL > checks are set in MailScanner then messages from that IP address will > always be marked as spam. Better still as Martin suggested is to remove > all RBLs from MailScanner and let SpamAssassin check them. This won't mean > that there isn't a chance that the message is tagged but it's less likely. > > Drew > > -- > In line with our policy, this message has > been scanned for viruses and dangerous > content by MailScanner, and is believed to be clean. > www.themarshalls.co.uk/policy > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pg at NEWHONEST.COM Tue Mar 15 09:43:40 2005 From: pg at NEWHONEST.COM (Jason) Date: Thu Jan 12 21:29:01 2006 Subject: spamhaus-XBL Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Frank, Wow, that seems very complicated. Could you tell me some more, or give me some indicative documents I can start with? Jason ----- Original Message ----- From: "Frank Louwers" To: Sent: Tuesday, March 15, 2005 5:38 PM Subject: Re: spamhaus-XBL > On Tue, Mar 15, 2005 at 05:31:26PM +0800, Jason wrote: >> Hi Frank, >> >> In fact my server has port 587 enabled (also smtp-auth enables). >> >> What exactly I should to do to "not to do special checks (blacklist >> checks) on port 587"? > > You could do two things: > - remove al rbl checks from mailscanner itself (do it either in your MTA > (only the one listening on tcp/25) or in mailscanner and add a highly > negative score (eg -20 or -100 for authenticated smtp (detect using a > special header?)) > > - reinject all "authenticated mail" into regular smtp, so that the > "sending host" will be your auth-smtp mailserver, not the client > (which might be blacklisted). > > > Kind Regards, > Frank Louwers > > -- > Openminds bvba www.openminds.be > Tweebruggenstraat 16 - 9000 Gent - Belgium > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From frank at OPENMINDS.BE Tue Mar 15 09:46:09 2005 From: frank at OPENMINDS.BE (Frank Louwers) Date: Thu Jan 12 21:29:01 2006 Subject: spamhaus-XBL Message-ID: On Tue, Mar 15, 2005 at 05:43:40PM +0800, Jason wrote: > Hi Frank, > > Wow, that seems very complicated. Could you tell me some more, or give > me some indicative documents I can start with? what's your MTA? I could give you a postfix example if you like ... Kind Regards, Frank Louwers -- Openminds bvba www.openminds.be Tweebruggenstraat 16 - 9000 Gent - Belgium ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From prandal at HEREFORDSHIRE.GOV.UK Tue Mar 15 09:45:01 2005 From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil) Date: Thu Jan 12 21:29:01 2006 Subject: spamhaus-XBL Message-ID: You've hit the nail right on the head with that one. The best way to use the Spamhaus XBL list is in spamassassin, not MailScanner, with a fairly low score (I wouldn't give it more than 1.5). Two many false positives from PCs in dial-up/ADSL IP address pools. Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Jason > Sent: 15 March 2005 04:14 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: spamhaus-XBL > > Hi, > > I'm using mailscanner-4.38.10-1, with sendmail and > spamassassin. When a client send an email (not spam) with > outlook express through our server, the receipient received > the message regarded as spam. And the reason is "spamhaus-XBL". > > The IP of mail server is certainly not in the > "spamhaus-XBL" list, but the client may be, since it's a > dynamic IP. And we certainly have no control of what ip was > assigned to us by ISP. So, from my point of view, the ip of > the client should not be considered as spam host of not, > right? But this does not seem to be case. > > > The following is the header of the received emal : > > Return-Path: > Received: from edp008 ([219.132.219.6]) > (authenticated bits=0) > by mail.newhonest.com (8.12.11/8.12.11) with ESMTP id > j2F3flTp027281 for ; Tue, 15 Mar > 2005 11:41:50 +0800 > Message-ID: <008601c52910$ee521720$4001a8c0@edp008> > From: "sender" sender@newhonest.com > To: "receipient" receipient@newhonest.com > Subject: {Spam?} test2 ,this is a external email > Date: Tue, 15 Mar 2005 11:41:49 +0800 > MIME-Version: 1.0 > Content-type: multipart/report; boundary="======19077==36171======" > X-Priority: 3 > X-MSMail-Priority: Normal > X-Mailer: Microsoft Outlook Express 6.00.2900.2180 > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 > X-MailScanner-Information: Please contact the ISP for more information > X-MailScanner: Found to be clean > X-MailScanner-SpamCheck: spam, spamhaus-XBL, SpamAssassin > (score=1.529, required 5, AWL -2.93, BAYES_20 -1.95, > HTML_90_100 0.02, HTML_MESSAGE 0.00, MIME_BASE64_TEXT 0.30, > MIME_HTML_MOSTLY 1.02, RCVD_IN_SORBS_DUL 1.99, RCVD_IN_XBL 3.08) > X-MailScanner-SpamScore: 1 > X-MailScanner-From: sender@newhonest.com > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Tue Mar 15 09:47:30 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:29:01 2006 Subject: spamhaus-XBL Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jason, almost none of us use the Spam Lists in mailscanner.conf, we do it in SA, as outlined by martin. ANd i find that all of the RBLS, and razor have a lot of the major Aussie isps IP ranges listed now, its has been fairly furstating lately. Jason wrote: > Hi Drew, > > In fact, this spamhaus-XBL has detected serveral messages that are > missed by > spamassassin (not enough score). So if Frank's suggestion do work, I would > give it a try. If it doesn't, I would surely use spamassassin only. False > positive is alway troublesome. > > Jason > > ----- Original Message ----- > From: "Drew Marshall" > To: > Sent: Tuesday, March 15, 2005 5:33 PM > Subject: Re: spamhaus-XBL > > >> Frank Louwers said: >> >>> On Tue, Mar 15, 2005 at 09:18:32AM -0000, Drew Marshall wrote: >>> >>>> Jason said: >>>> > Hi, >>>> > >>>> > But 219.132.219.6 is the client (outlook express), not the email >>>> > server. >>>> > The client is sending email through the server by smtp auth. >>>> > >>>> > Jason >>>> >>>> That won't make any difference. The client is establishing a SMTP >>>> connection to the server and so it's IP address will be checked. >>>> Spammers >>>> will often fake the client so all SMTP connections have to be checked. >>> >>> >>> Not realy. You should run auth-smtp on a different port (tcp/587) and >>> ONLY run auth-smtp on that port, no regular smtp. That way, you can >>> configure the MTA on 587 not to do special checks (blacklist checks). >> >> >> But the mail is not being bounced but tagged as spam in MS. If the RBL >> checks are set in MailScanner then messages from that IP address will >> always be marked as spam. Better still as Martin suggested is to remove >> all RBLs from MailScanner and let SpamAssassin check them. This won't >> mean >> that there isn't a chance that the message is tagged but it's less >> likely. >> >> Drew >> >> -- >> In line with our policy, this message has >> been scanned for viruses and dangerous >> content by MailScanner, and is believed to be clean. >> www.themarshalls.co.uk/policy >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From sargastic at YAHOO.FR Tue Mar 15 09:50:02 2005 From: sargastic at YAHOO.FR (Violaine Grimly) Date: Thu Jan 12 21:29:01 2006 Subject: What does this mean ? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Julian, --- Julian Field a écrit : > Can you try switching from clamav to clamavmodule, > as that should cure the problem. Okay, trying that from now on. I will keep you informed of the outcome. Is it useful to let clamd running now that Mail::ClamAV is active in MailScanner ? [...] > > If you don't want it to touch your ClamAV > installation (which I would quite understand) then > just edit the INSTALL-tar.sh script, it's fairly BTW, around here we never perform root compilations. So I'm quite used to all the "perl Makefile.PL, make, make tests and so on" routine. And Mail-ClamAV-0.13 (from your install-SA-ClamAV file) did not perform a "clean" make test. We upgraded to 0.17 (latest version). Sincerely, VG. Découvrez nos promotions exclusives "destination de la Tunisie, du Maroc, des Baléares et la Rép. Dominicaine sur Yahoo! Voyages : http://fr.travel.yahoo.com/promotions/mar14.html ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Tue Mar 15 09:49:31 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:29:01 2006 Subject: spamhaus-XBL Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Randal, Phil said: > You've hit the nail right on the head with that one. > > The best way to use the Spamhaus XBL list is in spamassassin, not > MailScanner, with a fairly low score (I wouldn't give it more than 1.5). > Two many false positives from PCs in dial-up/ADSL IP address pools. And indeed it can be done quickly and easily with a single line MailScanner.conf change and a re-start of MS, which would give you an immediate solution. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ak at HOVMARK.DK Tue Mar 15 10:01:55 2005 From: ak at HOVMARK.DK (Anders Kongsted) Date: Thu Jan 12 21:29:01 2006 Subject: Bayes is gone Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Martin, Here is the output of the command... Martin Hepworth wrote: > Anders > > what does "spamassassin -D --lint" show? > debug: SpamAssassin version 3.0.2 debug: Score set 0 chosen. debug: running in taint mode? yes debug: Running in taint mode, removing unsafe env vars, and resetting PATH debug: PATH included '/usr/kerberos/sbin', keeping. debug: PATH included '/usr/kerberos/bin', keeping. debug: PATH included '/usr/local/sbin', keeping. debug: PATH included '/usr/local/bin', keeping. debug: PATH included '/sbin', keeping. debug: PATH included '/bin', keeping. debug: PATH included '/usr/sbin', keeping. debug: PATH included '/usr/bin', keeping. debug: PATH included '/usr/X11R6/bin', keeping. debug: PATH included '/root/bin', which doesn't exist, dropping. debug: Final PATH set to: /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin debug: diag: module installed: DBI, version 1.32 debug: diag: module installed: DB_File, version 1.806 debug: diag: module installed: Digest::SHA1, version 2.01 debug: diag: module installed: IO::Socket::UNIX, version 1.2 debug: diag: module installed: MIME::Base64, version 2.12 debug: diag: module installed: Net::DNS, version 0.31 debug: diag: module not installed: Net::LDAP ('require' failed) debug: diag: module not installed: Razor2::Client::Agent ('require' failed) debug: diag: module installed: Storable, version 2.06 debug: diag: module installed: URI, version 1.21 debug: ignore: using a test message to lint rules debug: using "/etc/mail/spamassassin/init.pre" for site rules init.pre debug: config: read file /etc/mail/spamassassin/init.pre debug: using "/usr/share/spamassassin" for default rules dir debug: config: read file /usr/share/spamassassin/10_misc.cf debug: config: read file /usr/share/spamassassin/20_anti_ratware.cf debug: config: read file /usr/share/spamassassin/20_body_tests.cf debug: config: read file /usr/share/spamassassin/20_compensate.cf debug: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf debug: config: read file /usr/share/spamassassin/20_drugs.cf debug: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf debug: config: read file /usr/share/spamassassin/20_head_tests.cf debug: config: read file /usr/share/spamassassin/20_html_tests.cf debug: config: read file /usr/share/spamassassin/20_meta_tests.cf debug: config: read file /usr/share/spamassassin/20_phrases.cf debug: config: read file /usr/share/spamassassin/20_porn.cf debug: config: read file /usr/share/spamassassin/20_ratware.cf debug: config: read file /usr/share/spamassassin/20_uri_tests.cf debug: config: read file /usr/share/spamassassin/23_bayes.cf debug: config: read file /usr/share/spamassassin/25_body_tests_es.cf debug: config: read file /usr/share/spamassassin/25_hashcash.cf debug: config: read file /usr/share/spamassassin/25_spf.cf debug: config: read file /usr/share/spamassassin/25_uribl.cf debug: config: read file /usr/share/spamassassin/30_text_de.cf debug: config: read file /usr/share/spamassassin/30_text_fr.cf debug: config: read file /usr/share/spamassassin/30_text_nl.cf debug: config: read file /usr/share/spamassassin/30_text_pl.cf debug: config: read file /usr/share/spamassassin/50_scores.cf debug: config: read file /usr/share/spamassassin/60_whitelist.cf debug: using "/etc/mail/spamassassin" for site rules dir debug: config: read file /etc/mail/spamassassin/local.cf debug: using "/root/.spamassassin" for user state dir debug: using "/root/.spamassassin" for user state dir Created user preferences file: /root/.spamassassin/user_prefs debug: using "/root/.spamassassin/user_prefs" for user prefs file debug: config: read file /root/.spamassassin/user_prefs debug: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x84cd594) debug: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8c36f48) debug: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x8c15c34) debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x84cd594) implements 'parse_config' debug: plugin: Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8c36f48) implements 'parse_config' debug: using "/root/.spamassassin" for user state dir debug: bayes: 29548 tie-ing to DB file R/O /root/.spamassassin/bayes_toks debug: bayes: 29548 tie-ing to DB file R/O /root/.spamassassin/bayes_seen debug: bayes: found bayes db version 3 debug: using "/root/.spamassassin" for user state dir debug: bayes: Not available for scanning, only 80 spam(s) in Bayes DB < 200 debug: bayes: 29548 untie-ing debug: bayes: 29548 untie-ing db_toks debug: bayes: 29548 untie-ing db_seen debug: Score set 1 chosen. debug: ---- MIME PARSER START ---- debug: main message type: text/plain debug: parsing normal part debug: added part, type: text/plain debug: ---- MIME PARSER END ---- debug: bayes: 29548 tie-ing to DB file R/O /root/.spamassassin/bayes_toks debug: bayes: 29548 tie-ing to DB file R/O /root/.spamassassin/bayes_seen debug: bayes: found bayes db version 3 debug: bayes: Not available for scanning, only 80 spam(s) in Bayes DB < 200 debug: bayes: 29548 untie-ing debug: bayes: 29548 untie-ing db_toks debug: bayes: 29548 untie-ing db_seen debug: metadata: X-Spam-Relays-Trusted: debug: metadata: X-Spam-Relays-Untrusted: debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x84cd594) implements 'parsed_metadata' Net::DNS version is 0.31, but need 0.34dnsavailable-1 at /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/Dns.pm line 1230. debug: decoding: no encoding detected debug: Running tests for priority: 0 debug: running header regexp tests; score so far=0 debug: registering glue method for check_hashcash_double_spend (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8c36f48)) debug: registering glue method for check_for_spf_helo_pass (Mail::SpamAssassin::Plugin::SPF=HASH(0x8c15c34)) debug: all '*From' addrs: ignore@compiling.spamassassin.taint.org debug: registering glue method for check_hashcash_value (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8c36f48)) debug: all '*To' addrs: debug: registering glue method for check_for_spf_softfail (Mail::SpamAssassin::Plugin::SPF=HASH(0x8c15c34)) debug: registering glue method for check_for_spf_pass (Mail::SpamAssassin::Plugin::SPF=HASH(0x8c15c34)) debug: registering glue method for check_for_spf_helo_softfail (Mail::SpamAssassin::Plugin::SPF=HASH(0x8c15c34)) debug: registering glue method for check_for_spf_helo_fail (Mail::SpamAssassin::Plugin::SPF=HASH(0x8c15c34)) debug: running body-text per-line regexp tests; score so far=-2.623 debug: running uri tests; score so far=-2.623 debug: registering glue method for check_uridnsbl (Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x84cd594)) debug: Razor2 is not available debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x84cd594) implements 'check_tick' debug: running raw-body-text per-line regexp tests; score so far=-2.623 debug: running full-text regexp tests; score so far=-2.623 debug: Razor2 is not available debug: Current PATH is: /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin debug: Pyzor is not available: pyzor not found debug: DCCifd is not available: no r/w dccifd socket found. debug: DCC is not available: no executable dccproc found. debug: Running tests for priority: 500 debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x84cd594) implements 'check_post_dnsbl' debug: running meta tests; score so far=-2.623 debug: running header regexp tests; score so far=-1.053 debug: running body-text per-line regexp tests; score so far=-1.053 debug: running uri tests; score so far=-1.053 debug: running raw-body-text per-line regexp tests; score so far=-1.053 debug: running full-text regexp tests; score so far=-1.053 debug: Running tests for priority: 1000 debug: running meta tests; score so far=-1.053 debug: running header regexp tests; score so far=-1.053 debug: using "/root/.spamassassin" for user state dir debug: lock: 29548 created /root/.spamassassin/auto-whitelist.lock.mail.n-k-spedition.dk.29548 debug: lock: 29548 trying to get lock on /root/.spamassassin/auto-whitelist with 0 retries debug: lock: 29548 link to /root/.spamassassin/auto-whitelist.lock: link ok debug: Tie-ing to DB file R/W in /root/.spamassassin/auto-whitelist debug: auto-whitelist (db-based): ignore@compiling.spamassassin.taint.org|ip=none scores 0/0 debug: AWL active, pre-score: -1.053, autolearn score: -1.053, mean: undef, IP: undef debug: DB addr list: untie-ing and unlocking. debug: DB addr list: file locked, breaking lock. debug: unlock: 29548 unlink /root/.spamassassin/auto-whitelist.lock debug: Post AWL score: -1.053 debug: running body-text per-line regexp tests; score so far=-1.053 debug: running uri tests; score so far=-1.053 debug: running raw-body-text per-line regexp tests; score so far=-1.053 debug: running full-text regexp tests; score so far=-1.053 debug: is spam? score=-1.053 required=5 debug: tests=ALL_TRUSTED,MISSING_DATE,MISSING_SUBJECT,NO_REAL_NAME debug: subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__SANE_MSGID,__UNUSABLE_MSGID > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Anders Kongsted wrote: > >> Hi, >> >> I have a couple of MailScanner running, but on one of them, it doesn't >> look like it use bayes. Any good idears? It runs on a RH9 with MS >> 4.38.10. I had upgrade MS from a much earlier version without >> bayes-support... >> >> Looking forward to hear from sombody! :-) >> >> Anders, Denmark >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- Med venlig hilsen Anders Kongsted Hovmark Data Krogsgårdsvej 56 6731 Tjæreborg Tlf.: 76 12 59 00 Email: ak@hovmark.dk Skype: akhovmark ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Mar 15 10:01:38 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:01 2006 Subject: spamhaus-XBL Message-ID: Jason In that case you need to look at what third party rules you run with SA. Even with SA 3.02 I run most of the rules in www.rulesemporium.com/rules.htm and also in the 'other section' for things like chickenpox.cf,munged.cf etc. I also run the URI-RBL's, pyzor, and bayes and some local rules for obsfucations. A default install of SA still needs alot of help from extra rules IMHO. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Jason wrote: > Hi Drew, > > In fact, this spamhaus-XBL has detected serveral messages that are > missed by > spamassassin (not enough score). So if Frank's suggestion do work, I would > give it a try. If it doesn't, I would surely use spamassassin only. False > positive is alway troublesome. > > Jason > > ----- Original Message ----- > From: "Drew Marshall" > To: > Sent: Tuesday, March 15, 2005 5:33 PM > Subject: Re: spamhaus-XBL > > >> Frank Louwers said: >> >>> On Tue, Mar 15, 2005 at 09:18:32AM -0000, Drew Marshall wrote: >>> >>>> Jason said: >>>> > Hi, >>>> > >>>> > But 219.132.219.6 is the client (outlook express), not the email >>>> > server. >>>> > The client is sending email through the server by smtp auth. >>>> > >>>> > Jason >>>> >>>> That won't make any difference. The client is establishing a SMTP >>>> connection to the server and so it's IP address will be checked. >>>> Spammers >>>> will often fake the client so all SMTP connections have to be checked. >>> >>> >>> Not realy. You should run auth-smtp on a different port (tcp/587) and >>> ONLY run auth-smtp on that port, no regular smtp. That way, you can >>> configure the MTA on 587 not to do special checks (blacklist checks). >> >> >> But the mail is not being bounced but tagged as spam in MS. If the RBL >> checks are set in MailScanner then messages from that IP address will >> always be marked as spam. Better still as Martin suggested is to remove >> all RBLs from MailScanner and let SpamAssassin check them. This won't >> mean >> that there isn't a chance that the message is tagged but it's less >> likely. >> >> Drew >> >> -- >> In line with our policy, this message has >> been scanned for viruses and dangerous >> content by MailScanner, and is believed to be clean. >> www.themarshalls.co.uk/policy >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Mar 15 10:03:21 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:01 2006 Subject: What does this mean ? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Violaine Grimly wrote: >Hi Julian, > > --- Julian Field a >écrit : > > >>Can you try switching from clamav to clamavmodule, >>as that should cure the problem. >> >> > >Okay, trying that from now on. I will keep you >informed of the outcome. Is it useful to let clamd >running now that Mail::ClamAV is active in MailScanner >? > > MailScanner has never used, and will never use, clamd. It is just wasting system resources, you might as well switch it off. >>If you don't want it to touch your ClamAV >>installation (which I would quite understand) then >>just edit the INSTALL-tar.sh script, it's fairly >> >> > >BTW, around here we never perform root compilations. >So I'm quite used to all the "perl Makefile.PL, make, >make tests and so on" routine. >And Mail-ClamAV-0.13 (from your install-SA-ClamAV >file) did not perform a "clean" make test. We upgraded >to 0.17 (latest version). > > Thanks for that. I will have to upgrade (once I get my devel server back running again, which might be today or tomorrow). -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Mar 15 10:08:05 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:01 2006 Subject: Bayes is gone Message-ID: Anders Ok here's the critical bit of the output.. > debug: bayes: 29548 tie-ing to DB file R/O /root/.spamassassin/bayes_toks > debug: bayes: 29548 tie-ing to DB file R/O /root/.spamassassin/bayes_seen > debug: bayes: found bayes db version 3 > debug: using "/root/.spamassassin" for user state dir > debug: bayes: Not available for scanning, only 80 spam(s) in Bayes DB < 200 > debug: bayes: 29548 untie-ing > debug: bayes: 29548 untie-ing db_toks > debug: bayes: 29548 untie-ing db_seen bayes will only kick in once it's seen at least 200 spam AND 200 ham emails. You've only given it 80 spams. If you need a 'starter' bayes DB there's one at www.fsl.com/support that should match your environment. Otherwise you can run sa-learn yourself if you have a good corpus of both spam and ham. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Anders Kongsted wrote: > Hi Martin, > > Here is the output of the command... > Martin Hepworth wrote: > >> Anders >> ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ak at HOVMARK.DK Tue Mar 15 10:22:39 2005 From: ak at HOVMARK.DK (Anders Kongsted) Date: Thu Jan 12 21:29:01 2006 Subject: Bayes is gone Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have another mailscanner with a avange of 1000 SPAM-mails each day. Is it posible to make af copy of the DB and place it on the server? //Anders Martin Hepworth wrote: > Anders > > Ok here's the critical bit of the output.. > > > debug: bayes: 29548 tie-ing to DB file R/O > /root/.spamassassin/bayes_toks > > debug: bayes: 29548 tie-ing to DB file R/O > /root/.spamassassin/bayes_seen > > debug: bayes: found bayes db version 3 > > debug: using "/root/.spamassassin" for user state dir > > debug: bayes: Not available for scanning, only 80 spam(s) in Bayes DB > < 200 > > debug: bayes: 29548 untie-ing > > debug: bayes: 29548 untie-ing db_toks > > debug: bayes: 29548 untie-ing db_seen > > bayes will only kick in once it's seen at least 200 spam AND 200 ham > emails. You've only given it 80 spams. > > If you need a 'starter' bayes DB there's one at www.fsl.com/support that > should match your environment. > > Otherwise you can run sa-learn yourself if you have a good corpus of > both spam and ham. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Anders Kongsted wrote: > >> Hi Martin, >> >> Here is the output of the command... >> Martin Hepworth wrote: >> >>> Anders >>> > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- Med venlig hilsen Anders Kongsted Hovmark Data Krogsgårdsvej 56 6731 Tjæreborg Tlf.: 76 12 59 00 Email: ak@hovmark.dk Skype: akhovmark ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Mar 15 10:44:58 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:01 2006 Subject: Bayes is gone Message-ID: Anders yes. might want to do it with salearn --backup & --restore options rathe r than copy.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Anders Kongsted wrote: > I have another mailscanner with a avange of 1000 SPAM-mails each day. Is > it posible to make af copy of the DB and place it on the server? > > //Anders > > Martin Hepworth wrote: > >> Anders >> >> Ok here's the critical bit of the output.. >> >> > debug: bayes: 29548 tie-ing to DB file R/O >> /root/.spamassassin/bayes_toks >> > debug: bayes: 29548 tie-ing to DB file R/O >> /root/.spamassassin/bayes_seen >> > debug: bayes: found bayes db version 3 >> > debug: using "/root/.spamassassin" for user state dir >> > debug: bayes: Not available for scanning, only 80 spam(s) in Bayes DB >> < 200 >> > debug: bayes: 29548 untie-ing >> > debug: bayes: 29548 untie-ing db_toks >> > debug: bayes: 29548 untie-ing db_seen >> >> bayes will only kick in once it's seen at least 200 spam AND 200 ham >> emails. You've only given it 80 spams. >> >> If you need a 'starter' bayes DB there's one at www.fsl.com/support that >> should match your environment. >> >> Otherwise you can run sa-learn yourself if you have a good corpus of >> both spam and ham. >> >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >> >> Anders Kongsted wrote: >> >>> Hi Martin, >>> >>> Here is the output of the command... >>> Martin Hepworth wrote: >>> >>>> Anders >>>> >> >> >> ********************************************************************** >> >> This email and any files transmitted with it are confidential and >> intended solely for the use of the individual or entity to whom they >> are addressed. If you have received this email in error please notify >> the system manager. >> >> This footnote confirms that this email message has been swept >> for the presence of computer viruses and is believed to be clean. >> >> ********************************************************************** >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ak at HOVMARK.DK Tue Mar 15 10:59:28 2005 From: ak at HOVMARK.DK (Anders Kongsted) Date: Thu Jan 12 21:29:02 2006 Subject: Bayes is gone Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks alot! :-) I will do that.... Have a nice day! :-) //Anders Martin Hepworth wrote: > Anders > > yes. might want to do it with salearn --backup & --restore options rathe > r than copy.. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Anders Kongsted wrote: > >> I have another mailscanner with a avange of 1000 SPAM-mails each day. Is >> it posible to make af copy of the DB and place it on the server? >> >> //Anders >> >> Martin Hepworth wrote: >> >>> Anders >>> >>> Ok here's the critical bit of the output.. >>> >>> > debug: bayes: 29548 tie-ing to DB file R/O >>> /root/.spamassassin/bayes_toks >>> > debug: bayes: 29548 tie-ing to DB file R/O >>> /root/.spamassassin/bayes_seen >>> > debug: bayes: found bayes db version 3 >>> > debug: using "/root/.spamassassin" for user state dir >>> > debug: bayes: Not available for scanning, only 80 spam(s) in Bayes DB >>> < 200 >>> > debug: bayes: 29548 untie-ing >>> > debug: bayes: 29548 untie-ing db_toks >>> > debug: bayes: 29548 untie-ing db_seen >>> >>> bayes will only kick in once it's seen at least 200 spam AND 200 ham >>> emails. You've only given it 80 spams. >>> >>> If you need a 'starter' bayes DB there's one at www.fsl.com/support >>> that >>> should match your environment. >>> >>> Otherwise you can run sa-learn yourself if you have a good corpus of >>> both spam and ham. >>> >>> -- >>> Martin Hepworth >>> Snr Systems Administrator >>> Solid State Logic >>> Tel: +44 (0)1865 842300 >>> >>> >>> Anders Kongsted wrote: >>> >>>> Hi Martin, >>>> >>>> Here is the output of the command... >>>> Martin Hepworth wrote: >>>> >>>>> Anders >>>>> >>> >>> >>> ********************************************************************** >>> >>> This email and any files transmitted with it are confidential and >>> intended solely for the use of the individual or entity to whom they >>> are addressed. If you have received this email in error please notify >>> the system manager. >>> >>> This footnote confirms that this email message has been swept >>> for the presence of computer viruses and is believed to be clean. >>> >>> ********************************************************************** >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >> >> >> >> > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- Med venlig hilsen Anders Kongsted Hovmark Data Krogsgårdsvej 56 6731 Tjæreborg Tlf.: 76 12 59 00 Email: ak@hovmark.dk Skype: akhovmark ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Tue Mar 15 11:04:44 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:29:02 2006 Subject: Mailwatch Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Does anybody has any way of changing Mailwatch for MailScanner so it can archive the message body also? I don't want to archive any attachments, only the body... Could it be done? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Tue Mar 15 11:13:13 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:29:02 2006 Subject: Bayes is gone Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Martin Hepworth wrote: > Anders > > yes. might want to do it with salearn --backup & --restore options rathe > r than copy.. > > -- Umm this is where bayesSQL has a huge advantage.. force-expire, sync, backups and restores are much faster (< 5 seconds).. and the fact that all your servers lookup to a single bayes_db. No expired files is another feature. The overhead isn't much either. If you are not too keen on the mysql dependency, a couple of scripts will help you backup / restore to sql from various servers on a nightly basis thus keeping all your dbs in sync with each other. - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Mar 15 11:14:01 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:02 2006 Subject: Mailwatch Message-ID: Roger This is more a MS setup question. If you want to 'store' ham, spam or high scoring spam then you need 'store' in the actions list or ruleset. In which case it will store the entire message, attachments and all. I don't think there's an option to strip the attachment and then store. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Roger Jochem wrote: > Does anybody has any way of changing Mailwatch for MailScanner so it can > archive the message body also? I don't want to archive any attachments, > only the body... Could it be done? > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Mar 15 11:18:17 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:02 2006 Subject: Mailwatch Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I advise you ask on the MailWatch list. I believe that may be hosted on SourceForge, follow this link to get to it: http://lists.sourceforge.net/lists/listinfo/mailwatch-users Roger Jochem wrote: > Does anybody has any way of changing Mailwatch for MailScanner so it > can archive the message body also? I don't want to archive any > attachments, only the body... Could it be done? -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Tue Mar 15 11:17:20 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:29:02 2006 Subject: Mailwatch Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks! I don't use store because the space it would require is to big, and if I could strip the attachments ant then store this would work really fine! Maybe a new feature for MailScanner? :) ----- Original Message ----- From: "Martin Hepworth" To: Sent: Tuesday, March 15, 2005 8:14 AM Subject: Re: Mailwatch > Roger > > This is more a MS setup question. > > If you want to 'store' ham, spam or high scoring spam then you need > 'store' in the actions list or ruleset. In which case it will store the > entire message, attachments and all. > > I don't think there's an option to strip the attachment and then store. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Roger Jochem wrote: > > Does anybody has any way of changing Mailwatch for MailScanner so it can > > archive the message body also? I don't want to archive any attachments, > > only the body... Could it be done? > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > *Support MailScanner development - buy the book off the website!* > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ak at HOVMARK.DK Tue Mar 15 11:21:16 2005 From: ak at HOVMARK.DK (Anders Kongsted) Date: Thu Jan 12 21:29:02 2006 Subject: Bayes is gone Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Dhawal, Our company is a support firm, with a lot of customers. The servers are on diff. locations. So I don't think this is a great ideas! :-) But thanks for your suggestion... But my problem is continues. The server don't use bayes. The debug shows as below: debug: SpamAssassin version 3.0.2 debug: Score set 0 chosen. debug: running in taint mode? yes debug: Running in taint mode, removing unsafe env vars, and resetting PATH debug: PATH included '/usr/kerberos/sbin', keeping. debug: PATH included '/usr/kerberos/bin', keeping. debug: PATH included '/usr/local/sbin', keeping. debug: PATH included '/usr/local/bin', keeping. debug: PATH included '/sbin', keeping. debug: PATH included '/bin', keeping. debug: PATH included '/usr/sbin', keeping. debug: PATH included '/usr/bin', keeping. debug: PATH included '/usr/X11R6/bin', keeping. debug: PATH included '/root/bin', which doesn't exist, dropping. debug: Final PATH set to: /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin debug: diag: module installed: DBI, version 1.32 debug: diag: module installed: DB_File, version 1.806 debug: diag: module installed: Digest::SHA1, version 2.01 debug: diag: module installed: IO::Socket::UNIX, version 1.2 debug: diag: module installed: MIME::Base64, version 2.12 debug: diag: module installed: Net::DNS, version 0.31 debug: diag: module not installed: Net::LDAP ('require' failed) debug: diag: module not installed: Razor2::Client::Agent ('require' failed) debug: diag: module installed: Storable, version 2.06 debug: diag: module installed: URI, version 1.21 debug: ignore: using a test message to lint rules debug: using "/etc/mail/spamassassin/init.pre" for site rules init.pre debug: config: read file /etc/mail/spamassassin/init.pre debug: using "/usr/share/spamassassin" for default rules dir debug: config: read file /usr/share/spamassassin/10_misc.cf debug: config: read file /usr/share/spamassassin/20_anti_ratware.cf debug: config: read file /usr/share/spamassassin/20_body_tests.cf debug: config: read file /usr/share/spamassassin/20_compensate.cf debug: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf debug: config: read file /usr/share/spamassassin/20_drugs.cf debug: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf debug: config: read file /usr/share/spamassassin/20_head_tests.cf debug: config: read file /usr/share/spamassassin/20_html_tests.cf debug: config: read file /usr/share/spamassassin/20_meta_tests.cf debug: config: read file /usr/share/spamassassin/20_phrases.cf debug: config: read file /usr/share/spamassassin/20_porn.cf debug: config: read file /usr/share/spamassassin/20_ratware.cf debug: config: read file /usr/share/spamassassin/20_uri_tests.cf debug: config: read file /usr/share/spamassassin/23_bayes.cf debug: config: read file /usr/share/spamassassin/25_body_tests_es.cf debug: config: read file /usr/share/spamassassin/25_hashcash.cf debug: config: read file /usr/share/spamassassin/25_spf.cf debug: config: read file /usr/share/spamassassin/25_uribl.cf debug: config: read file /usr/share/spamassassin/30_text_de.cf debug: config: read file /usr/share/spamassassin/30_text_fr.cf debug: config: read file /usr/share/spamassassin/30_text_nl.cf debug: config: read file /usr/share/spamassassin/30_text_pl.cf debug: config: read file /usr/share/spamassassin/50_scores.cf debug: config: read file /usr/share/spamassassin/60_whitelist.cf debug: using "/etc/mail/spamassassin" for site rules dir debug: config: read file /etc/mail/spamassassin/local.cf debug: using "/root/.spamassassin" for user state dir debug: using "/root/.spamassassin/user_prefs" for user prefs file debug: config: read file /root/.spamassassin/user_prefs debug: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x84cd570) debug: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8c364ec) debug: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x8c154d0) debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x84cd570) implements 'parse_config' debug: plugin: Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8c364ec) implements 'parse_config' debug: using "/root/.spamassassin" for user state dir debug: bayes: 861 tie-ing to DB file R/O /root/.spamassassin/bayes_toks debug: bayes: 861 tie-ing to DB file R/O /root/.spamassassin/bayes_seen debug: bayes: found bayes db version 3 debug: using "/root/.spamassassin" for user state dir debug: Score set 3 chosen. debug: ---- MIME PARSER START ---- debug: main message type: text/plain debug: parsing normal part debug: added part, type: text/plain debug: ---- MIME PARSER END ---- debug: metadata: X-Spam-Relays-Trusted: debug: metadata: X-Spam-Relays-Untrusted: debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x84cd570) implements 'parsed_metadata' Net::DNS version is 0.31, but need 0.34dnsavailable-1 at /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/Dns.pm line 1230. debug: decoding: no encoding detected debug: Running tests for priority: 0 debug: running header regexp tests; score so far=0 debug: registering glue method for check_hashcash_double_spend (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8c364ec)) debug: registering glue method for check_for_spf_helo_pass (Mail::SpamAssassin::Plugin::SPF=HASH(0x8c154d0)) debug: all '*From' addrs: ignore@compiling.spamassassin.taint.org debug: registering glue method for check_hashcash_value (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8c364ec)) debug: all '*To' addrs: debug: registering glue method for check_for_spf_softfail (Mail::SpamAssassin::Plugin::SPF=HASH(0x8c154d0)) debug: registering glue method for check_for_spf_pass (Mail::SpamAssassin::Plugin::SPF=HASH(0x8c154d0)) debug: registering glue method for check_for_spf_helo_softfail (Mail::SpamAssassin::Plugin::SPF=HASH(0x8c154d0)) debug: registering glue method for check_for_spf_fail (Mail::SpamAssassin::Plugin::SPF=HASH(0x8c154d0)) debug: registering glue method for check_for_spf_helo_fail (Mail::SpamAssassin::Plugin::SPF=HASH(0x8c154d0)) debug: running body-text per-line regexp tests; score so far=-3.174 debug: running uri tests; score so far=-3.174 debug: bayes corpus size: nspam = 9097, nham = 248 debug: tokenize: header tokens for *F = "U*ignore D*compiling.spamassassin.taint.org D*spamassassin.taint.org D*taint.org D*org" debug: tokenize: header tokens for *m = " 1110885240 lint_rules " debug: tokenize: header tokens for *RT = " " debug: tokenize: header tokens for *RU = " " debug: bayes token 'H*F:D*org' => 0.999608806096528 debug: bayes token 'body' => 0.998754716981132 debug: bayes token 'somewhat' => 0.992426229508197 debug: bayes token 'H*Ad:D*org' => 0.978 debug: bayes: score = 0.751197816321349 debug: bayes: 861 untie-ing debug: bayes: 861 untie-ing db_toks debug: bayes: 861 untie-ing db_seen debug: registering glue method for check_uridnsbl (Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x84cd570)) debug: Razor2 is not available debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x84cd570) implements 'check_tick' debug: running raw-body-text per-line regexp tests; score so far=-2.802 debug: running full-text regexp tests; score so far=-2.802 debug: Razor2 is not available debug: Current PATH is: /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin debug: Pyzor is not available: pyzor not found debug: DCCifd is not available: no r/w dccifd socket found. debug: DCC is not available: no executable dccproc found. debug: Running tests for priority: 500 debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x84cd570) implements 'check_post_dnsbl' debug: running meta tests; score so far=-2.802 debug: running header regexp tests; score so far=-1.576 debug: running body-text per-line regexp tests; score so far=-1.576 debug: running uri tests; score so far=-1.576 debug: running raw-body-text per-line regexp tests; score so far=-1.576 debug: running full-text regexp tests; score so far=-1.576 debug: Running tests for priority: 1000 debug: running meta tests; score so far=-1.576 debug: running header regexp tests; score so far=-1.576 debug: using "/root/.spamassassin" for user state dir debug: lock: 861 created /root/.spamassassin/auto-whitelist.lock.mail.n-k-spedition.dk.861 debug: lock: 861 trying to get lock on /root/.spamassassin/auto-whitelist with 0 retries debug: lock: 861 link to /root/.spamassassin/auto-whitelist.lock: link ok debug: Tie-ing to DB file R/W in /root/.spamassassin/auto-whitelist debug: auto-whitelist (db-based): ignore@compiling.spamassassin.taint.org|ip=none scores 0/0 debug: AWL active, pre-score: -1.576, autolearn score: -1.576, mean: undef, IP: undef debug: DB addr list: untie-ing and unlocking. debug: DB addr list: file locked, breaking lock. debug: unlock: 861 unlink /root/.spamassassin/auto-whitelist.lock debug: Post AWL score: -1.576 debug: running body-text per-line regexp tests; score so far=-1.576 debug: running uri tests; score so far=-1.576 debug: running raw-body-text per-line regexp tests; score so far=-1.576 debug: running full-text regexp tests; score so far=-1.576 debug: is spam? score=-1.576 required=5 debug: tests=ALL_TRUSTED,BAYES_60,MISSING_HEADERS,MISSING_SUBJECT,NO_REAL_NAME debug: subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__SANE_MSGID,__UNUSABLE_MSGID Dhawal Doshy wrote: > Martin Hepworth wrote: > >> Anders >> >> yes. might want to do it with salearn --backup & --restore options rathe >> r than copy.. >> >> -- > > > Umm this is where bayesSQL has a huge advantage.. force-expire, sync, > backups and restores are much faster (< 5 seconds).. and the fact that > all your servers lookup to a single bayes_db. No expired files is > another feature. The overhead isn't much either. > > If you are not too keen on the mysql dependency, a couple of scripts > will help you backup / restore to sql from various servers on a nightly > basis thus keeping all your dbs in sync with each other. > > - dhawal > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- Med venlig hilsen Anders Kongsted Hovmark Data Krogsgårdsvej 56 6731 Tjæreborg Tlf.: 76 12 59 00 Email: ak@hovmark.dk Skype: akhovmark ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Andreas.Doerfler at KEMPTEN.DE Tue Mar 15 11:30:26 2005 From: Andreas.Doerfler at KEMPTEN.DE ([iso-8859-1] Dörfler Andreas) Date: Thu Jan 12 21:29:02 2006 Subject: Mailwatch Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] store clean messages. what was the sense behind that feature ? i see there only a dangerous weapon in the hand if childish admins greetings andy --free your mind, use open source http://www.mono-project.com ASCII ribbon campaign ( ) - against HTML email X & vCards / \ > If you want to 'store' ham, spam or high scoring spam then you need > 'store' in the actions list or ruleset. In which case it will > store the > entire message, attachments and all. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Mar 15 11:32:19 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:02 2006 Subject: Bayes is gone Message-ID: Anders in the tests - BAYES_60. so it's working fine. Also you've got ALL_TRUSTED firing. May I suggest you read the documentation on the SA network tests and set the internal_networks or trusted_networks correctly. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Anders Kongsted wrote: > Hi Dhawal, > > Our company is a support firm, with a lot of customers. The servers are > on diff. locations. So I don't think this is a great ideas! :-) But > thanks for your suggestion... > > But my problem is continues. The server don't use bayes. The debug shows > as below: > > debug: SpamAssassin version 3.0.2 > debug: Score set 0 chosen. > debug: running in taint mode? yes > debug: Running in taint mode, removing unsafe env vars, and resetting PATH > debug: PATH included '/usr/kerberos/sbin', keeping. > debug: PATH included '/usr/kerberos/bin', keeping. > debug: PATH included '/usr/local/sbin', keeping. > debug: PATH included '/usr/local/bin', keeping. > debug: PATH included '/sbin', keeping. > debug: PATH included '/bin', keeping. > debug: PATH included '/usr/sbin', keeping. > debug: PATH included '/usr/bin', keeping. > debug: PATH included '/usr/X11R6/bin', keeping. > debug: PATH included '/root/bin', which doesn't exist, dropping. > debug: Final PATH set to: > /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin > > debug: diag: module installed: DBI, version 1.32 > debug: diag: module installed: DB_File, version 1.806 > debug: diag: module installed: Digest::SHA1, version 2.01 > debug: diag: module installed: IO::Socket::UNIX, version 1.2 > debug: diag: module installed: MIME::Base64, version 2.12 > debug: diag: module installed: Net::DNS, version 0.31 > debug: diag: module not installed: Net::LDAP ('require' failed) > debug: diag: module not installed: Razor2::Client::Agent ('require' failed) > debug: diag: module installed: Storable, version 2.06 > debug: diag: module installed: URI, version 1.21 > debug: ignore: using a test message to lint rules > debug: using "/etc/mail/spamassassin/init.pre" for site rules init.pre > debug: config: read file /etc/mail/spamassassin/init.pre > debug: using "/usr/share/spamassassin" for default rules dir > debug: config: read file /usr/share/spamassassin/10_misc.cf > debug: config: read file /usr/share/spamassassin/20_anti_ratware.cf > debug: config: read file /usr/share/spamassassin/20_body_tests.cf > debug: config: read file /usr/share/spamassassin/20_compensate.cf > debug: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf > debug: config: read file /usr/share/spamassassin/20_drugs.cf > debug: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf > debug: config: read file /usr/share/spamassassin/20_head_tests.cf > debug: config: read file /usr/share/spamassassin/20_html_tests.cf > debug: config: read file /usr/share/spamassassin/20_meta_tests.cf > debug: config: read file /usr/share/spamassassin/20_phrases.cf > debug: config: read file /usr/share/spamassassin/20_porn.cf > debug: config: read file /usr/share/spamassassin/20_ratware.cf > debug: config: read file /usr/share/spamassassin/20_uri_tests.cf > debug: config: read file /usr/share/spamassassin/23_bayes.cf > debug: config: read file /usr/share/spamassassin/25_body_tests_es.cf > debug: config: read file /usr/share/spamassassin/25_hashcash.cf > debug: config: read file /usr/share/spamassassin/25_spf.cf > debug: config: read file /usr/share/spamassassin/25_uribl.cf > debug: config: read file /usr/share/spamassassin/30_text_de.cf > debug: config: read file /usr/share/spamassassin/30_text_fr.cf > debug: config: read file /usr/share/spamassassin/30_text_nl.cf > debug: config: read file /usr/share/spamassassin/30_text_pl.cf > debug: config: read file /usr/share/spamassassin/50_scores.cf > debug: config: read file /usr/share/spamassassin/60_whitelist.cf > debug: using "/etc/mail/spamassassin" for site rules dir > debug: config: read file /etc/mail/spamassassin/local.cf > debug: using "/root/.spamassassin" for user state dir > debug: using "/root/.spamassassin/user_prefs" for user prefs file > debug: config: read file /root/.spamassassin/user_prefs > debug: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC > debug: plugin: registered > Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x84cd570) > debug: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC > debug: plugin: registered > Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8c364ec) > debug: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC > debug: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x8c154d0) > debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x84cd570) > implements 'parse_config' > debug: plugin: Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8c364ec) > implements 'parse_config' > debug: using "/root/.spamassassin" for user state dir > debug: bayes: 861 tie-ing to DB file R/O /root/.spamassassin/bayes_toks > debug: bayes: 861 tie-ing to DB file R/O /root/.spamassassin/bayes_seen > debug: bayes: found bayes db version 3 > debug: using "/root/.spamassassin" for user state dir > debug: Score set 3 chosen. > debug: ---- MIME PARSER START ---- > debug: main message type: text/plain > debug: parsing normal part > debug: added part, type: text/plain > debug: ---- MIME PARSER END ---- > debug: metadata: X-Spam-Relays-Trusted: > debug: metadata: X-Spam-Relays-Untrusted: > debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x84cd570) > implements 'parsed_metadata' > Net::DNS version is 0.31, but need 0.34dnsavailable-1 at > /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/Dns.pm line 1230. > debug: decoding: no encoding detected > debug: Running tests for priority: 0 > debug: running header regexp tests; score so far=0 > debug: registering glue method for check_hashcash_double_spend > (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8c364ec)) > debug: registering glue method for check_for_spf_helo_pass > (Mail::SpamAssassin::Plugin::SPF=HASH(0x8c154d0)) > debug: all '*From' addrs: ignore@compiling.spamassassin.taint.org > debug: registering glue method for check_hashcash_value > (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8c364ec)) > debug: all '*To' addrs: > debug: registering glue method for check_for_spf_softfail > (Mail::SpamAssassin::Plugin::SPF=HASH(0x8c154d0)) > debug: registering glue method for check_for_spf_pass > (Mail::SpamAssassin::Plugin::SPF=HASH(0x8c154d0)) > debug: registering glue method for check_for_spf_helo_softfail > (Mail::SpamAssassin::Plugin::SPF=HASH(0x8c154d0)) > debug: registering glue method for check_for_spf_fail > (Mail::SpamAssassin::Plugin::SPF=HASH(0x8c154d0)) > debug: registering glue method for check_for_spf_helo_fail > (Mail::SpamAssassin::Plugin::SPF=HASH(0x8c154d0)) > debug: running body-text per-line regexp tests; score so far=-3.174 > debug: running uri tests; score so far=-3.174 > debug: bayes corpus size: nspam = 9097, nham = 248 > debug: tokenize: header tokens for *F = "U*ignore > D*compiling.spamassassin.taint.org D*spamassassin.taint.org D*taint.org > D*org" > debug: tokenize: header tokens for *m = " 1110885240 lint_rules " > debug: tokenize: header tokens for *RT = " " > debug: tokenize: header tokens for *RU = " " > debug: bayes token 'H*F:D*org' => 0.999608806096528 > debug: bayes token 'body' => 0.998754716981132 > debug: bayes token 'somewhat' => 0.992426229508197 > debug: bayes token 'H*Ad:D*org' => 0.978 > debug: bayes: score = 0.751197816321349 > debug: bayes: 861 untie-ing > debug: bayes: 861 untie-ing db_toks > debug: bayes: 861 untie-ing db_seen > debug: registering glue method for check_uridnsbl > (Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x84cd570)) > debug: Razor2 is not available > debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x84cd570) > implements 'check_tick' > debug: running raw-body-text per-line regexp tests; score so far=-2.802 > debug: running full-text regexp tests; score so far=-2.802 > debug: Razor2 is not available > debug: Current PATH is: > /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin > > debug: Pyzor is not available: pyzor not found > debug: DCCifd is not available: no r/w dccifd socket found. > debug: DCC is not available: no executable dccproc found. > debug: Running tests for priority: 500 > debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x84cd570) > implements 'check_post_dnsbl' > debug: running meta tests; score so far=-2.802 > debug: running header regexp tests; score so far=-1.576 > debug: running body-text per-line regexp tests; score so far=-1.576 > debug: running uri tests; score so far=-1.576 > debug: running raw-body-text per-line regexp tests; score so far=-1.576 > debug: running full-text regexp tests; score so far=-1.576 > debug: Running tests for priority: 1000 > debug: running meta tests; score so far=-1.576 > debug: running header regexp tests; score so far=-1.576 > debug: using "/root/.spamassassin" for user state dir > debug: lock: 861 created > /root/.spamassassin/auto-whitelist.lock.mail.n-k-spedition.dk.861 > debug: lock: 861 trying to get lock on > /root/.spamassassin/auto-whitelist with 0 retries > debug: lock: 861 link to /root/.spamassassin/auto-whitelist.lock: link ok > debug: Tie-ing to DB file R/W in /root/.spamassassin/auto-whitelist > debug: auto-whitelist (db-based): > ignore@compiling.spamassassin.taint.org|ip=none scores 0/0 > debug: AWL active, pre-score: -1.576, autolearn score: -1.576, mean: > undef, IP: undef > debug: DB addr list: untie-ing and unlocking. > debug: DB addr list: file locked, breaking lock. > debug: unlock: 861 unlink /root/.spamassassin/auto-whitelist.lock > debug: Post AWL score: -1.576 > debug: running body-text per-line regexp tests; score so far=-1.576 > debug: running uri tests; score so far=-1.576 > debug: running raw-body-text per-line regexp tests; score so far=-1.576 > debug: running full-text regexp tests; score so far=-1.576 > debug: is spam? score=-1.576 required=5 > debug: > tests=ALL_TRUSTED,BAYES_60,MISSING_HEADERS,MISSING_SUBJECT,NO_REAL_NAME > debug: > subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__SANE_MSGID,__UNUSABLE_MSGID > > > > Dhawal Doshy wrote: > >> Martin Hepworth wrote: >> >>> Anders >>> >>> yes. might want to do it with salearn --backup & --restore options rathe >>> r than copy.. >>> >>> -- >> >> >> >> Umm this is where bayesSQL has a huge advantage.. force-expire, sync, >> backups and restores are much faster (< 5 seconds).. and the fact that >> all your servers lookup to a single bayes_db. No expired files is >> another feature. The overhead isn't much either. >> >> If you are not too keen on the mysql dependency, a couple of scripts >> will help you backup / restore to sql from various servers on a nightly >> basis thus keeping all your dbs in sync with each other. >> >> - dhawal >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Tue Mar 15 11:31:25 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:29:02 2006 Subject: Bayes is gone Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Anders Kongsted wrote on Tue, 15 Mar 2005 11:22:39 +0100: > I have another mailscanner with a avange of 1000 SPAM-mails each day. Is > it posible to make af copy of the DB and place it on the server? > yes, if it is the same db version you can just copy over all the files starting with bayes_. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Tue Mar 15 11:31:24 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:29:02 2006 Subject: Abort delivery of mail in customconfig.pm Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ramprasad A Padmanabhan wrote on Tue, 15 Mar 2005 12:25:35 +0530: > Can someone give me pointers on > Wouldn't procmail be perfect for this job? Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Tue Mar 15 11:31:24 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:29:02 2006 Subject: spamhaus-XBL Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jason wrote on Tue, 15 Mar 2005 12:14:19 +0800: > When a > client send an email (not spam) with outlook express through our server, the > receipient received the message regarded as spam. And the reason is > "spamhaus-XBL". > Did you actually go and check there? If you do it tells you that IP is in CBL and if you go there: http://cbl.abuseat.org/ you can read in the first sentences: > We're getting a lot of reports of spurious blocking caused by sites using the CBL to block > authenticated access to smarthosts / outgoing mail servers. THE CBL is only designed to be > used on INCOMING mail, i.e. on the hosts that your MX records point to. > Another way of putting this is: "Do not use the CBL to block your own users". You should not use any kind of RBL for mail you relay for your users! I think the best way to use RBLs is directly on the MTA. Choose two you really trust on and let them work on the MTA and remove them all from MS or SA. (SMTP-AUTHed mail will be exempted from RBL checks in sendmail if you use feature check_delay or what it's called.) Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Tue Mar 15 11:34:00 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:29:02 2006 Subject: Mailwatch Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I would like to store spam for analysis, but some of my spam is from people in black lists, and can contain large attachments... And I don't want to store these atachments... ----- Original Message ----- From: "Dörfler Andreas" To: Sent: Tuesday, March 15, 2005 8:30 AM Subject: Re: Mailwatch > store clean messages. > what was the sense behind that feature ? > i see there only a dangerous weapon in the hand > if childish admins > > greetings > andy > > --free your mind, use open source > http://www.mono-project.com > > ASCII ribbon campaign ( ) > - against HTML email X > & vCards / \ > > > > > If you want to 'store' ham, spam or high scoring spam then you need > > 'store' in the actions list or ruleset. In which case it will > > store the > > entire message, attachments and all. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Mar 15 11:37:54 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:02 2006 Subject: ZMailer help please Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] How do I setup ZMailer so that it just sends all mail to another host? I have tried all sorts of things and just keep getting Original-Recipient: rfc822;anonymous@ecs.soton.ac.uk Final-Recipient: RFC822; anonymous@ecs.soton.ac.uk Action: failed Status: 5.0.0 Diagnostic-Code: X-LOCAL; 500 (nosuchuser) :-( -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at LISTS.COM.AR Tue Mar 15 12:14:59 2005 From: mailscanner at LISTS.COM.AR (Leonardo Helman) Date: Thu Jan 12 21:29:02 2006 Subject: ZMailer help please Message-ID: Hi You have several ways to do this. Try in scheduler.conf search for "PUNT", and uncomment I think this is what you want # Sometimes we may want to PUNT all out to somewhere without regarding # on what the routing said: # # smtp/* # maxchannel=199 # maxring=5 # command="smtp -F [192.89.123.25] -l ${LOGDIR}/smtp.punt" > How do I setup ZMailer so that it just sends all mail to another host? > I have tried all sorts of things and just keep getting > > Original-Recipient: rfc822;anonymous@ecs.soton.ac.uk > Final-Recipient: RFC822; anonymous@ecs.soton.ac.uk > Action: failed > Status: 5.0.0 > Diagnostic-Code: X-LOCAL; 500 (nosuchuser) > > :-( > > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Tue Mar 15 12:31:24 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:29:02 2006 Subject: Bayes is gone Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Martin Hepworth wrote on Tue, 15 Mar 2005 11:32:19 +0000: > in the tests - BAYES_60. so it's working fine. > Apart from that you should upgrade Net::DNS, at least, that's what SA tells you. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ramprasad at NETCORE.CO.IN Tue Mar 15 13:13:29 2005 From: ramprasad at NETCORE.CO.IN (Ramprasad A Padmanabhan) Date: Thu Jan 12 21:29:02 2006 Subject: Abort delivery of mail in customconfig.pm Message-ID: On Tue, 2005-03-15 at 17:01, Kai Schaetzl wrote: > Ramprasad A Padmanabhan wrote on Tue, 15 Mar 2005 12:25:35 +0530: > > > Can someone give me pointers on > > > > Wouldn't procmail be perfect for this job? > > Kai IMHO it would not. Suppose a mail is marked to many people, If a new procmail process is spawned for every recipient wont it be a waste , when it can be done at the mta level , where it is just one mail. Thanks Ram ---------------------------------------------------------- Netcore Solutions Pvt. Ltd. Website: http://www.netcore.co.in Spamtraps: http://cleanmail.netcore.co.in/directory.html ---------------------------------------------------------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From stef at L5NET.NET Tue Mar 15 13:14:52 2005 From: stef at L5NET.NET (Stef Morrell) Date: Thu Jan 12 21:29:02 2006 Subject: Problem with MailScanner, postfix and corrupt mails Message-ID: > line. Maybe I just got lucky... Or not. I've just had another one. Same format as usual. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Andreas.Doerfler at KEMPTEN.DE Tue Mar 15 13:17:18 2005 From: Andreas.Doerfler at KEMPTEN.DE ([iso-8859-1] Dörfler Andreas) Date: Thu Jan 12 21:29:02 2006 Subject: Problem with MailScanner, postfix and corrupt mails Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] u sure it isnt a postfix problem ? > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Stef Morrell > Sent: Tuesday, March 15, 2005 2:15 PM > > > line. Maybe I just got lucky... > > Or not. I've just had another one. Same format as usual. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ak at HOVMARK.DK Tue Mar 15 13:21:22 2005 From: ak at HOVMARK.DK (Anders Kongsted) Date: Thu Jan 12 21:29:02 2006 Subject: Bayes is gone Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I still don't get any score from Bayes (ex. bayes_50)... Any ideas why? //Anders Kai Schaetzl wrote: Martin Hepworth wrote on Tue, 15 Mar 2005 11:32:19 +0000: in the tests - BAYES_60. so it's working fine. Apart from that you should upgrade Net::DNS, at least, that's what SA tells you. Kai ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Mar 15 13:36:15 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:02 2006 Subject: Bayes is gone Message-ID: Anders have you got any bayes_path statements in your spam.assassin.prefs.conf? In which case the default path of /root/.spamassassin for the bayes DB will be wrong when called from MailScanner. You'll have to move the bayes DB stuff into the directory as per spam.assassin.prefs.conf. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Anders Kongsted wrote: > I still don't get any score from Bayes (ex. bayes_50)... Any ideas why? > > //Anders > > Kai Schaetzl wrote: > >>Martin Hepworth wrote on Tue, 15 Mar 2005 11:32:19 +0000: >> >> >> >>>in the tests - BAYES_60. so it's working fine. >>> >>> >>> >> >>Apart from that you should upgrade Net::DNS, at least, that's what SA >>tells you. >> >>Kai >> >> >> > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ryanw at FALSEHOPE.COM Tue Mar 15 13:39:36 2005 From: ryanw at FALSEHOPE.COM (Ryan Weaver) Date: Thu Jan 12 21:29:02 2006 Subject: perl-MailTools-1.66 Message-ID: Just wanted to ask, is it safe to upgrade from perl-MailTools-1.50 to perl-MailTools-1.66?? Thanks, Ryan ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Tue Mar 15 13:41:36 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:29:02 2006 Subject: New feature Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Would it be possible to create a new action like the 'store' action, but that stores the message withouth any attachments? This would be great for spam analysis and general mail analysis (that can be usefull in special ocasions), but would use less disk space... Regards Roger Jochem ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rgreen at TRAYERPRODUCTS.COM Tue Mar 15 13:54:05 2005 From: rgreen at TRAYERPRODUCTS.COM (Rodney Green) Date: Thu Jan 12 21:29:02 2006 Subject: SA Network Tests Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Is it possible to enable SA network tests when running it with MS? I've searched and only found reference to it in relation to running spamd, which I'm not using. Thanks, Rodney -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jase at SENSIS.COM Tue Mar 15 13:55:26 2005 From: jase at SENSIS.COM (Desai, Jason) Date: Thu Jan 12 21:29:02 2006 Subject: spam with inline gif image but filename of .com Message-ID: Yup - we've been getting a bunch of them too. Bitdefender and McAfee also do not detect it as viral. Perhaps it is just a poorly named attachment by the spammers? Jase Martin Hepworth wrote: > All > > Anyone seeing spam (with bayes poisoning attempts, and talking about > the Shuttle disaster last year etc) with an inline gif image > attached, but the filename being somthing.com or emailaddress.com? > The mimetype is gif. > > It's getting trapped by the filename trap in MS, but just wondering if > anyone else is getting these? > > Neither Sophos nor ClamAV is picking it up as viral. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Tue Mar 15 13:58:35 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:29:02 2006 Subject: perl-MailTools-1.66 Message-ID: I have been running 1.66 with both MS 4.39.6 and now 4.40.5 on Solaris 9, with no problems. Jeff Earickson Colby College On Tue, 15 Mar 2005, Ryan Weaver wrote: > Date: Tue, 15 Mar 2005 07:39:36 -0600 > From: Ryan Weaver > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: perl-MailTools-1.66 > > Just wanted to ask, is it safe to upgrade from perl-MailTools-1.50 to > perl-MailTools-1.66?? > > Thanks, > Ryan > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Mar 15 13:58:47 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:02 2006 Subject: SA Network Tests Message-ID: Rodney just put the spamd settings into spam.assassin.prefs.conf and MS will use them for the SA part. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Rodney Green wrote: > Is it possible to enable SA network tests when running it with MS? I've > searched and only found reference to it in relation to running spamd, > which I'm not using. > > Thanks, > Rodney > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rgreen at TRAYERPRODUCTS.COM Tue Mar 15 14:05:15 2005 From: rgreen at TRAYERPRODUCTS.COM (Rodney Green) Date: Thu Jan 12 21:29:02 2006 Subject: SA Network Tests Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Martin, Thanks, I'll look into how to do that. :-) I'm not familiar with spamd. Rodney Martin Hepworth wrote: > Rodney > > just put the spamd settings into spam.assassin.prefs.conf and MS will > use them for the SA part. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Rodney Green wrote: > >> Is it possible to enable SA network tests when running it with MS? I've >> searched and only found reference to it in relation to running spamd, >> which I'm not using. >> >> Thanks, >> Rodney >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Rodney Green Network/Security Administrator Trayer Products, Inc. E-Mail: rgreen@trayerproducts.com Phone: 607-734-8124 Ext. 343 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Tue Mar 15 14:08:17 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:02 2006 Subject: Bayes is gone Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth > Sent: den 15 mars 2005 14:36 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Bayes is gone > > > Anders > > have you got any bayes_path statements in your > spam.assassin.prefs.conf? > > In which case the default path of /root/.spamassassin for the bayes DB > will be wrong when called from MailScanner. You'll have to move the > bayes DB stuff into the directory as per spam.assassin.prefs.conf. ... Or if you don't run MailScanner as root, but perhaps don't have a specific bayes_path, then the place to look for your "active" bayes DB would be that users home directory... ~postfix/.bayes perhaps... A not that uncommon problem with chrooted postfix installs is that the postfix user generally don't have write perms for ~postfix, making it kind of strange where it'll put the bayes db:-). Creating the dir by hand and making it owned/writeable by the user is generally enough... and plopping in a starter db... -- Glenn > > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Anders Kongsted wrote: > > I still don't get any score from Bayes (ex. bayes_50)... > Any ideas why? > > > > //Anders > > > > Kai Schaetzl wrote: > > > >>Martin Hepworth wrote on Tue, 15 Mar 2005 11:32:19 +0000: > >> > >> > >> > >>>in the tests - BAYES_60. so it's working fine. > >>> > >>> > >>> > >> > >>Apart from that you should upgrade Net::DNS, at least, > that's what SA > >>tells you. > >> > >>Kai > >> > >> > >> > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > *Support MailScanner development - buy the book off the website!* > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Mar 15 14:10:18 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:02 2006 Subject: SA Network Tests Message-ID: Rodney what 'network tests' are you interested in? see the doccy at spamassassin.apache.org for the options you can put into spam.assassin.prefs.conf. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Rodney Green wrote: > Martin, > > Thanks, I'll look into how to do that. :-) I'm not familiar with spamd. > > Rodney > > Martin Hepworth wrote: > >> Rodney >> >> just put the spamd settings into spam.assassin.prefs.conf and MS will >> use them for the SA part. >> >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >> >> Rodney Green wrote: >> >>> Is it possible to enable SA network tests when running it with MS? I've >>> searched and only found reference to it in relation to running spamd, >>> which I'm not using. >>> >>> Thanks, >>> Rodney >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >> >> >> >> ********************************************************************** >> >> This email and any files transmitted with it are confidential and >> intended solely for the use of the individual or entity to whom they >> are addressed. If you have received this email in error please notify >> the system manager. >> >> This footnote confirms that this email message has been swept >> for the presence of computer viruses and is believed to be clean. >> >> ********************************************************************** >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > -- > Rodney Green > Network/Security Administrator > Trayer Products, Inc. > E-Mail: rgreen@trayerproducts.com > Phone: 607-734-8124 Ext. 343 > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rgreen at TRAYERPRODUCTS.COM Tue Mar 15 14:13:31 2005 From: rgreen at TRAYERPRODUCTS.COM (Rodney Green) Date: Thu Jan 12 21:29:02 2006 Subject: SA Network Tests Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Martin, Truthfully, I don't know yet. I'm not even sure of what's all available. I saw something stating that the network tests helped to reduce false negatives. So, something that would help with that would be great. Thanks, Rodney Martin Hepworth wrote: > Rodney > > what 'network tests' are you interested in? > > see the doccy at spamassassin.apache.org for the options you can put > into spam.assassin.prefs.conf. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Rodney Green wrote: > >> Martin, >> >> Thanks, I'll look into how to do that. :-) I'm not familiar with spamd. >> >> Rodney >> >> Martin Hepworth wrote: >> >>> Rodney >>> >>> just put the spamd settings into spam.assassin.prefs.conf and MS will >>> use them for the SA part. >>> >>> -- >>> Martin Hepworth >>> Snr Systems Administrator >>> Solid State Logic >>> Tel: +44 (0)1865 842300 >>> >>> >>> Rodney Green wrote: >>> >>>> Is it possible to enable SA network tests when running it with MS? I've >>>> searched and only found reference to it in relation to running spamd, >>>> which I'm not using. >>>> >>>> Thanks, >>>> Rodney >>>> >>>> -- >>>> This message has been scanned for viruses and >>>> dangerous content by MailScanner, and is >>>> believed to be clean. >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>> >>> >>> >>> >>> ********************************************************************** >>> >>> This email and any files transmitted with it are confidential and >>> intended solely for the use of the individual or entity to whom they >>> are addressed. If you have received this email in error please notify >>> the system manager. >>> >>> This footnote confirms that this email message has been swept >>> for the presence of computer viruses and is believed to be clean. >>> >>> ********************************************************************** >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> -- >> Rodney Green >> Network/Security Administrator >> Trayer Products, Inc. >> E-Mail: rgreen@trayerproducts.com >> Phone: 607-734-8124 Ext. 343 >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Rodney Green Network/Security Administrator Trayer Products, Inc. E-Mail: rgreen@trayerproducts.com Phone: 607-734-8124 Ext. 343 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pg at NEWHONEST.COM Tue Mar 15 14:24:06 2005 From: pg at NEWHONEST.COM (Jason) Date: Thu Jan 12 21:29:02 2006 Subject: spamhaus-XBL Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Frank, I'm now using sendmail, but actually considering switching to postfix. I would be most appreciate if you could send me the config. Thanks. Jason ----- Original Message ----- From: "Frank Louwers" To: Sent: Tuesday, March 15, 2005 5:46 PM Subject: Re: spamhaus-XBL > On Tue, Mar 15, 2005 at 05:43:40PM +0800, Jason wrote: >> Hi Frank, >> >> Wow, that seems very complicated. Could you tell me some more, or give >> me some indicative documents I can start with? > > what's your MTA? I could give you a postfix example if you like ... > > Kind Regards, > Frank Louwers > > -- > Openminds bvba www.openminds.be > Tweebruggenstraat 16 - 9000 Gent - Belgium > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Mar 15 14:25:02 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:02 2006 Subject: SA Network Tests Message-ID: Ah I see well network tests cover RBL's, URI-RBL's from surbl.org and perhaps even things like pyzor/dcc etc. I run a couple of RBL's and the URI-RBL's which are truely great. Not sure they'll help with FP's, but if bayes is FP-ing then enableing the network tests will reduce the bayes scores in SA 3.x. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Rodney Green wrote: > Martin, > > Truthfully, I don't know yet. I'm not even sure of what's all available. > I saw something stating that the network tests helped to reduce false > negatives. So, something that would help with that would be great. > > Thanks, > Rodney > > Martin Hepworth wrote: > >> Rodney >> >> what 'network tests' are you interested in? >> >> see the doccy at spamassassin.apache.org for the options you can put >> into spam.assassin.prefs.conf. >> >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >> >> Rodney Green wrote: >> >>> Martin, >>> >>> Thanks, I'll look into how to do that. :-) I'm not familiar with spamd. >>> >>> Rodney >>> >>> Martin Hepworth wrote: >>> >>>> Rodney >>>> >>>> just put the spamd settings into spam.assassin.prefs.conf and MS will >>>> use them for the SA part. >>>> >>>> -- >>>> Martin Hepworth >>>> Snr Systems Administrator >>>> Solid State Logic >>>> Tel: +44 (0)1865 842300 >>>> >>>> >>>> Rodney Green wrote: >>>> >>>>> Is it possible to enable SA network tests when running it with MS? >>>>> I've >>>>> searched and only found reference to it in relation to running spamd, >>>>> which I'm not using. >>>>> >>>>> Thanks, >>>>> Rodney >>>>> >>>>> -- >>>>> This message has been scanned for viruses and >>>>> dangerous content by MailScanner, and is >>>>> believed to be clean. >>>>> >>>>> ------------------------ MailScanner list ------------------------ >>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>> 'leave mailscanner' in the body of the email. >>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>>> >>>> >>>> >>>> ********************************************************************** >>>> >>>> This email and any files transmitted with it are confidential and >>>> intended solely for the use of the individual or entity to whom they >>>> are addressed. If you have received this email in error please notify >>>> the system manager. >>>> >>>> This footnote confirms that this email message has been swept >>>> for the presence of computer viruses and is believed to be clean. >>>> >>>> ********************************************************************** >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>> >>> -- >>> Rodney Green >>> Network/Security Administrator >>> Trayer Products, Inc. >>> E-Mail: rgreen@trayerproducts.com >>> Phone: 607-734-8124 Ext. 343 >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >> >> >> >> ********************************************************************** >> >> This email and any files transmitted with it are confidential and >> intended solely for the use of the individual or entity to whom they >> are addressed. If you have received this email in error please notify >> the system manager. >> >> This footnote confirms that this email message has been swept >> for the presence of computer viruses and is believed to be clean. >> >> ********************************************************************** >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > -- > Rodney Green > Network/Security Administrator > Trayer Products, Inc. > E-Mail: rgreen@trayerproducts.com > Phone: 607-734-8124 Ext. 343 > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Mar 15 14:26:48 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:02 2006 Subject: ZMailer help please Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I already have # Sometimes we may want to PUNT all out to somewhere without regarding # on what the routing said: # smtp/* maxchannel=199 maxring=5 command="smtp -F [152.78.69.153] -l ${LOGDIR}/smtp.punt" in scheduler.conf. It didn't help. And I stopped and restarted zmailer several times since then. Leonardo Helman wrote: >Hi > >You have several ways to do this. > >Try in scheduler.conf > >search for "PUNT", and uncomment > > >I think this is what you want > ># Sometimes we may want to PUNT all out to somewhere without regarding ># on what the routing said: ># ># smtp/* ># maxchannel=199 ># maxring=5 ># command="smtp -F [192.89.123.25] -l ${LOGDIR}/smtp.punt" > > > > > > >>How do I setup ZMailer so that it just sends all mail to another host? >>I have tried all sorts of things and just keep getting >> >>Original-Recipient: rfc822;anonymous@ecs.soton.ac.uk >>Final-Recipient: RFC822; anonymous@ecs.soton.ac.uk >>Action: failed >>Status: 5.0.0 >>Diagnostic-Code: X-LOCAL; 500 (nosuchuser) >> >>:-( >> >>-- >>Julian Field >>www.MailScanner.info >>MailScanner thanks transtec Computers for their support >>Buy the MailScanner book at www.MailScanner.info/store >> >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Mar 15 14:36:41 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:02 2006 Subject: ZMailer help please Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] In my /var/log/zmailer/scheduler I keep getting this: scheduler: scheduler daemon (2.99.55-patch1 #1: Tue Oct 16 21:22:07 CEST 2001) pid 25246 started at Tue, 15 Mar 2005 11:35:17 +0000 Synchronous startup completed, messages: 0 (0 skipped) recipients: 0 *********************************************************************** 20050315113600 Misformed diagnostic1: Incorrectly built binary which accesses errno or h_errno directly. Needs to be fixed. 20050315113610 Misformed diagnostic1: Incorrectly built binary which accesses errno or h_errno directly. Needs to be fixed. scheduler: exit(0): signal which looks pretty bad. I have tried rebuilding the RPM but it won't. I'm on an Opteron system. If I "ldd /usr/lib/zmailer/sendmail" I get this: Incorrectly built binary which accesses errno or h_errno directly. Needs to be fixed. linux-gate.so.1 => (0xffffe000) libresolv.so.2 => /lib/libresolv.so.2 (0x006af000) libc.so.6 => /lib/i686/libc.so.6 (0xf7ea9000) /lib/ld-linux.so.2 (0x001c4000) which also looks pretty bad. Is there any way out of this without rebuilding from the srpm (as it won't). If I try to rebuild the rpm I get this: + autoconf configure.in:1400: error: do not use LIBOBJS directly, use AC_LIBOBJ (see section `AC_LIBOBJ vs LIBOBJS' If this token and others are legitimate, please use m4_pattern_allow. See the Autoconf documentation. error: Bad exit status from /var/tmp/rpm-tmp.96735 (%prep) And I don't know enough about autoconf to know how to fix this. Any more ideas? Julian Field wrote: > I already have > # Sometimes we may want to PUNT all out to somewhere without regarding > # on what the routing said: > # > smtp/* > maxchannel=199 > maxring=5 > command="smtp -F [152.78.69.153] -l ${LOGDIR}/smtp.punt" > in scheduler.conf. It didn't help. And I stopped and restarted zmailer > several times since then. > > Leonardo Helman wrote: > >> Hi >> >> You have several ways to do this. >> >> Try in scheduler.conf >> >> search for "PUNT", and uncomment >> >> >> I think this is what you want >> >> # Sometimes we may want to PUNT all out to somewhere without regarding >> # on what the routing said: >> # >> # smtp/* >> # maxchannel=199 >> # maxring=5 >> # command="smtp -F [192.89.123.25] -l ${LOGDIR}/smtp.punt" >> >> >> >> >> >> >>> How do I setup ZMailer so that it just sends all mail to another host? >>> I have tried all sorts of things and just keep getting >>> >>> Original-Recipient: rfc822;anonymous@ecs.soton.ac.uk >>> Final-Recipient: RFC822; anonymous@ecs.soton.ac.uk >>> Action: failed >>> Status: 5.0.0 >>> Diagnostic-Code: X-LOCAL; 500 (nosuchuser) >>> >>> :-( >>> >>> -- >>> Julian Field >>> www.MailScanner.info >>> MailScanner thanks transtec Computers for their support >>> Buy the MailScanner book at www.MailScanner.info/store >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> >> > > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From whites at CMHA.NET Tue Mar 15 14:31:08 2005 From: whites at CMHA.NET (SRW) Date: Thu Jan 12 21:29:02 2006 Subject: Bad Filename Detected Message-ID: I received this message from mailscanner. My confusion begins with the fact the message is from my own domain to a one of my users. I tried to do a DNS lookup on the IP , which indicated there was no record. I am not sure where to begin to investigate? Thanks in advance! the following e-mails were found to have: Bad Filename Detected : Virus Detected Sender: postmaster@MYCOMPANY.net IP Address: 68.21.243.17 Recipient: cathyp@MYCOMPANY.net Subject: Mail System Error - Returned Mail MessageID: j24KJ7K08923 Report: document.txt .exe was infected: Worm.Mydoom.M-unp Very long filenames are good signs of attacks against Microsoft e-mail packages (document.txt .exe) Report: document.zip was infected: Worm.Mydoom.M-unp document.txt .exe was infected: Worm.Mydoom.M-unp Very long filenames are good signs of attacks against Microsoft e-mail packages (document.txt .exe) -- MailScanner Email Virus Scanner www.mailscanner.info ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rgreen at TRAYERPRODUCTS.COM Tue Mar 15 14:41:39 2005 From: rgreen at TRAYERPRODUCTS.COM (Rodney Green) Date: Thu Jan 12 21:29:02 2006 Subject: SA Network Tests Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] For the "Spam List =" configuration option in MailScanner.conf, it says you can use a ruleset file. What format would you use to list the RBLs? Martin Hepworth wrote: > Ah I see > > well network tests cover RBL's, URI-RBL's from surbl.org and perhaps > even things like pyzor/dcc etc. > > I run a couple of RBL's and the URI-RBL's which are truely great. > > Not sure they'll help with FP's, but if bayes is FP-ing then enableing > the network tests will reduce the bayes scores in SA 3.x. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Rodney Green wrote: > >> Martin, >> >> Truthfully, I don't know yet. I'm not even sure of what's all available. >> I saw something stating that the network tests helped to reduce false >> negatives. So, something that would help with that would be great. >> >> Thanks, >> Rodney >> >> Martin Hepworth wrote: >> >>> Rodney >>> >>> what 'network tests' are you interested in? >>> >>> see the doccy at spamassassin.apache.org for the options you can put >>> into spam.assassin.prefs.conf. >>> >>> -- >>> Martin Hepworth >>> Snr Systems Administrator >>> Solid State Logic >>> Tel: +44 (0)1865 842300 >>> >>> >>> Rodney Green wrote: >>> >>>> Martin, >>>> >>>> Thanks, I'll look into how to do that. :-) I'm not familiar with spamd. >>>> >>>> Rodney >>>> >>>> Martin Hepworth wrote: >>>> >>>>> Rodney >>>>> >>>>> just put the spamd settings into spam.assassin.prefs.conf and MS will >>>>> use them for the SA part. >>>>> >>>>> -- >>>>> Martin Hepworth >>>>> Snr Systems Administrator >>>>> Solid State Logic >>>>> Tel: +44 (0)1865 842300 >>>>> >>>>> >>>>> Rodney Green wrote: >>>>> >>>>>> Is it possible to enable SA network tests when running it with MS? >>>>>> I've >>>>>> searched and only found reference to it in relation to running spamd, >>>>>> which I'm not using. >>>>>> >>>>>> Thanks, >>>>>> Rodney >>>>>> >>>>>> -- >>>>>> This message has been scanned for viruses and >>>>>> dangerous content by MailScanner, and is >>>>>> believed to be clean. >>>>>> >>>>>> ------------------------ MailScanner list ------------------------ >>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>> 'leave mailscanner' in the body of the email. >>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>> >>>>>> Support MailScanner development - buy the book off the website! >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> ********************************************************************** >>>>> >>>>> This email and any files transmitted with it are confidential and >>>>> intended solely for the use of the individual or entity to whom they >>>>> are addressed. If you have received this email in error please notify >>>>> the system manager. >>>>> >>>>> This footnote confirms that this email message has been swept >>>>> for the presence of computer viruses and is believed to be clean. >>>>> >>>>> ********************************************************************** >>>>> >>>>> ------------------------ MailScanner list ------------------------ >>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>> 'leave mailscanner' in the body of the email. >>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>>> >>>> >>>> -- >>>> Rodney Green >>>> Network/Security Administrator >>>> Trayer Products, Inc. >>>> E-Mail: rgreen@trayerproducts.com >>>> Phone: 607-734-8124 Ext. 343 >>>> >>>> -- >>>> This message has been scanned for viruses and >>>> dangerous content by MailScanner, and is >>>> believed to be clean. >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>> >>> >>> >>> >>> ********************************************************************** >>> >>> This email and any files transmitted with it are confidential and >>> intended solely for the use of the individual or entity to whom they >>> are addressed. If you have received this email in error please notify >>> the system manager. >>> >>> This footnote confirms that this email message has been swept >>> for the presence of computer viruses and is believed to be clean. >>> >>> ********************************************************************** >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> -- >> Rodney Green >> Network/Security Administrator >> Trayer Products, Inc. >> E-Mail: rgreen@trayerproducts.com >> Phone: 607-734-8124 Ext. 343 >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Rodney Green Network/Security Administrator Trayer Products, Inc. E-Mail: rgreen@trayerproducts.com Phone: 607-734-8124 Ext. 343 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From frank at OPENMINDS.BE Tue Mar 15 14:43:51 2005 From: frank at OPENMINDS.BE (Frank Louwers) Date: Thu Jan 12 21:29:02 2006 Subject: spamhaus-XBL Message-ID: On Tue, Mar 15, 2005 at 10:24:06PM +0800, Jason wrote: > Frank, > > I'm now using sendmail, but actually considering switching to postfix. I > would be most appreciate if you could send me the config. Thanks. If you consider migrating to postfix, I recommend migrating to postfix 2.1.x. We still use 1.x on some hosts, including our main auth-smtp server. When reading the docs about integrating postfix 1.x and mailscanner, you'll notice you'll basicly need 2 postfixes: an "incomming" one that listens on port 25 and puts all mails in a queue, and and "outgoing" one that gets fed by MailScanner. The config files for the "incomming" one are in /etc/postfix.in, the files for the "outgoing" ones are in /etc/postfix. In my /etc/postfix.in/master.cf, I have: smtp inet n - n - - smtpd (norman entry, tells postfix to listen on port 25 for incomming smtp mails) and another entry: 587 inet n - n - - smtpd -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o content_filter=authsmtpheader This tells postfix to listen on port tcp/587 as well, with following restrictions: - require sasl_authenticated users, otherwise reject the ma - use "authsmtpheader" as contentfilter. Authsmtpheader is defined as follows (in the same master.cf file): authsmtpheader unix - n n - - pipe flags=Rhu user=mailboxes argv=/usr/local/sbin/authsmtpheader.pl ${recipient} ${sender} This is a copy of /usr/local/sbin/authsmtpheader.pl: --- begin /usr/local/sbin/authsmtpheader.pl #!/usr/bin/perl use strict; use Mail::Audit; # Audit mails ## apt-get install libmail-audit-perl if you use Debian ################################################ my $m_au = Mail::Audit->new( ); # Add Header $m_au->put_header('X-Openminds-Authenticated-By',"tango"); # We get recipient as ARGV[0]: my $recipient = $ARGV[0]; # We get sender as ARGV[1]: my $sender = $ARGV[1]; # Re-inject mail into postfix system. As we use /usr/sbin/sendmail, the "outgoing" postfix gets used. # This means: # - bypass mailscanner on local box # - all other mailscanners will see connections from tango, so no problems with clients on dynamic/blacklisted ips etc. $m_au->pipe("/usr/sbin/sendmail -i -f $sender $recipient"); ## Done exit(0); --- end /usr/local/sbin/authsmtpheader.pl I add the extra header for trackability and to add a -20 score to all mails that have it... Kind Regards, Frank Louwers -- Openminds bvba www.openminds.be Tweebruggenstraat 16 - 9000 Gent - Belgium ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Mar 15 14:50:39 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:02 2006 Subject: SA Network Tests Message-ID: Rodney don't so this here, do in in SA . edit spam.assassin.prefs.conf comment out the "skip_rbl_tests 1" line and turn off the RBL's you don't want by giving them a zero score...here's mine that only runs the xbl and orb ones.. score __RCVD_IN_NJABL 0.0 score RCVD_IN_NJABL_DUL 0.0 score RCVD_IN_NJABL_MULTI 0.0 score RCVD_IN_NJABL_PROXY 0.0 score RCVD_IN_NJABL_RELAY 0.0 score RCVD_IN_NJABL_SPAM 0.0 score RCVD_IN_NJABL_CGI 0.0 score __RCVD_IN_SORBS 0.0 score RCVD_IN_SORBS_HTTP 0.0 score RCVD_IN_SORBS_MISC 0.0 score RCVD_IN_SORBS_SMTP 0.0 score RCVD_IN_SORBS_SOCKS 0.0 score RCVD_IN_SORBS_WEB 0.0 score RCVD_IN_SORBS_BLOCK 0.0 score RCVD_IN_SORBS_ZOMBIE 0.0 score RCVD_IN_SORBS_DUL 0.0 score __RFC_IGNORANT_ENVFROM 0.0 score DNS_FROM_RFC_DSN 0.0 score DNS_FROM_RFC_POST 0.0 score DNS_FROM_RFC_ABUSE 0.0 score DNS_FROM_RFC_WHOIS 0.0 score DNS_FROM_RFC_BOGUSMX 0.0 score RCVD_IN_DSBL 0.0 score DNS_FROM_AHBL_RHSBL 0.0 score HABEAS_INFRINGER 0.0 score HABEAS_USER 0.0 score RCVD_IN_BSP_TRUSTED 0.0 score RCVD_IN_BSP_OTHER 0.0 score __SENDERBASE 0.0 score SB_NEW_BULK 0.0 score SB_NSP_VOLUME_SPIKE 0.0 score RCVD_IN_RSL 0.0 score RCVD_IN_MAPS_RBL 0.0 score RCVD_IN_MAPS_DUL 0.0 score RCVD_IN_MAPS_RSS 0.0 score RCVD_IN_MAPS_NML 0.0 Also make sure you set the trusted_networks and internal_networks options properly or it's likely to misfire and start letting the spam through http://spamassassin.apache.org/full/3.0.x/dist/doc/Mail_SpamAssassin_Conf.html#network_test_options -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Rodney Green wrote: > For the "Spam List =" configuration option in MailScanner.conf, it says > you can use a ruleset file. What format would you use to list the RBLs? > > > Martin Hepworth wrote: > >> Ah I see >> >> well network tests cover RBL's, URI-RBL's from surbl.org and perhaps >> even things like pyzor/dcc etc. >> >> I run a couple of RBL's and the URI-RBL's which are truely great. >> >> Not sure they'll help with FP's, but if bayes is FP-ing then enableing >> the network tests will reduce the bayes scores in SA 3.x. >> >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >> >> Rodney Green wrote: >> >>> Martin, >>> >>> Truthfully, I don't know yet. I'm not even sure of what's all available. >>> I saw something stating that the network tests helped to reduce false >>> negatives. So, something that would help with that would be great. >>> >>> Thanks, >>> Rodney >>> >>> Martin Hepworth wrote: >>> >>>> Rodney >>>> >>>> what 'network tests' are you interested in? >>>> >>>> see the doccy at spamassassin.apache.org for the options you can put >>>> into spam.assassin.prefs.conf. >>>> >>>> -- >>>> Martin Hepworth >>>> Snr Systems Administrator >>>> Solid State Logic >>>> Tel: +44 (0)1865 842300 >>>> >>>> >>>> Rodney Green wrote: >>>> >>>>> Martin, >>>>> >>>>> Thanks, I'll look into how to do that. :-) I'm not familiar with >>>>> spamd. >>>>> >>>>> Rodney >>>>> >>>>> Martin Hepworth wrote: >>>>> >>>>>> Rodney >>>>>> >>>>>> just put the spamd settings into spam.assassin.prefs.conf and MS will >>>>>> use them for the SA part. >>>>>> >>>>>> -- >>>>>> Martin Hepworth >>>>>> Snr Systems Administrator >>>>>> Solid State Logic >>>>>> Tel: +44 (0)1865 842300 >>>>>> >>>>>> >>>>>> Rodney Green wrote: >>>>>> >>>>>>> Is it possible to enable SA network tests when running it with MS? >>>>>>> I've >>>>>>> searched and only found reference to it in relation to running >>>>>>> spamd, >>>>>>> which I'm not using. >>>>>>> >>>>>>> Thanks, >>>>>>> Rodney >>>>>>> >>>>>>> -- >>>>>>> This message has been scanned for viruses and >>>>>>> dangerous content by MailScanner, and is >>>>>>> believed to be clean. >>>>>>> >>>>>>> ------------------------ MailScanner list ------------------------ >>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>> 'leave mailscanner' in the body of the email. >>>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>> >>>>>>> Support MailScanner development - buy the book off the website! >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> ********************************************************************** >>>>>> >>>>>> >>>>>> This email and any files transmitted with it are confidential and >>>>>> intended solely for the use of the individual or entity to whom they >>>>>> are addressed. If you have received this email in error please notify >>>>>> the system manager. >>>>>> >>>>>> This footnote confirms that this email message has been swept >>>>>> for the presence of computer viruses and is believed to be clean. >>>>>> >>>>>> ********************************************************************** >>>>>> >>>>>> >>>>>> ------------------------ MailScanner list ------------------------ >>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>> 'leave mailscanner' in the body of the email. >>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>> >>>>>> Support MailScanner development - buy the book off the website! >>>>>> >>>>> >>>>> -- >>>>> Rodney Green >>>>> Network/Security Administrator >>>>> Trayer Products, Inc. >>>>> E-Mail: rgreen@trayerproducts.com >>>>> Phone: 607-734-8124 Ext. 343 >>>>> >>>>> -- >>>>> This message has been scanned for viruses and >>>>> dangerous content by MailScanner, and is >>>>> believed to be clean. >>>>> >>>>> ------------------------ MailScanner list ------------------------ >>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>> 'leave mailscanner' in the body of the email. >>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>>> >>>> >>>> >>>> ********************************************************************** >>>> >>>> This email and any files transmitted with it are confidential and >>>> intended solely for the use of the individual or entity to whom they >>>> are addressed. If you have received this email in error please notify >>>> the system manager. >>>> >>>> This footnote confirms that this email message has been swept >>>> for the presence of computer viruses and is believed to be clean. >>>> >>>> ********************************************************************** >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>> >>> -- >>> Rodney Green >>> Network/Security Administrator >>> Trayer Products, Inc. >>> E-Mail: rgreen@trayerproducts.com >>> Phone: 607-734-8124 Ext. 343 >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >> >> >> >> ********************************************************************** >> >> This email and any files transmitted with it are confidential and >> intended solely for the use of the individual or entity to whom they >> are addressed. If you have received this email in error please notify >> the system manager. >> >> This footnote confirms that this email message has been swept >> for the presence of computer viruses and is believed to be clean. >> >> ********************************************************************** >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > -- > Rodney Green > Network/Security Administrator > Trayer Products, Inc. > E-Mail: rgreen@trayerproducts.com > Phone: 607-734-8124 Ext. 343 > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Mar 15 14:54:38 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:02 2006 Subject: Bad Filename Detected Message-ID: Hi the ip-address is that of the sending machine. most modern viruses and spam fake the from and to addresses in order to try and get the recipient to open the email. so in this case they use your domain in the from and to. Nothing new, don't worry unless you want to trace the ip-address of the sending machine and inform their ISP/admins. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 SRW wrote: > I received this message from mailscanner. My confusion begins with the fact > the message is from my own domain to a one of my users. I tried to do a DNS > lookup on the IP , which indicated there was no record. I am not sure where > to begin to investigate? > > Thanks in advance! > > > the following e-mails were found to have: Bad Filename Detected : Virus Detected > > Sender: postmaster@MYCOMPANY.net > IP Address: 68.21.243.17 > Recipient: cathyp@MYCOMPANY.net > Subject: Mail System Error - Returned Mail > MessageID: j24KJ7K08923 > Report: document.txt .exe was infected: Worm.Mydoom.M-unp > Very long filenames are good signs of attacks against Microsoft > e-mail packages (document.txt .exe) > Report: document.zip was infected: Worm.Mydoom.M-unp > document.txt .exe was infected: Worm.Mydoom.M-unp > Very long filenames are good signs of attacks against Microsoft > e-mail packages (document.txt .exe) > > > -- > MailScanner > Email Virus Scanner > www.mailscanner.info > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pg at NEWHONEST.COM Tue Mar 15 14:56:46 2005 From: pg at NEWHONEST.COM (Jason) Date: Thu Jan 12 21:29:02 2006 Subject: spamhaus-XBL Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Oh that's quite a lot of information. I think I need some time to totally understand them. Thanks a lot. my test server is centos 4.0, which has postfix2.1.5 Jason ----- Original Message ----- From: "Frank Louwers" To: Sent: Tuesday, March 15, 2005 10:43 PM Subject: Re: spamhaus-XBL > On Tue, Mar 15, 2005 at 10:24:06PM +0800, Jason wrote: >> Frank, >> >> I'm now using sendmail, but actually considering switching to postfix. I >> would be most appreciate if you could send me the config. Thanks. > > If you consider migrating to postfix, I recommend migrating to postfix > 2.1.x. We still use 1.x on some hosts, including our main auth-smtp > server. > > When reading the docs about integrating postfix 1.x and mailscanner, > you'll notice you'll basicly need 2 postfixes: an "incomming" one that > listens on port 25 and puts all mails in a queue, and and "outgoing" one > that gets fed by MailScanner. The config files for the "incomming" one > are in /etc/postfix.in, the files for the "outgoing" ones are in > /etc/postfix. > > In my /etc/postfix.in/master.cf, I have: > > smtp inet n - n - - smtpd > > (norman entry, tells postfix to listen on port 25 for incomming smtp > mails) and another entry: > > 587 inet n - n - - smtpd -o > smtpd_client_restrictions=permit_sasl_authenticated,reject -o > content_filter=authsmtpheader > > This tells postfix to listen on port tcp/587 as well, with following > restrictions: > - require sasl_authenticated users, otherwise reject the ma > - use "authsmtpheader" as contentfilter. > > Authsmtpheader is defined as follows (in the same master.cf file): > > authsmtpheader unix - n n - - pipe > flags=Rhu user=mailboxes argv=/usr/local/sbin/authsmtpheader.pl > ${recipient} ${sender} > > This is a copy of /usr/local/sbin/authsmtpheader.pl: > > --- begin /usr/local/sbin/authsmtpheader.pl > > #!/usr/bin/perl > use strict; > use Mail::Audit; # Audit mails > ## apt-get install libmail-audit-perl if you use Debian > > > ################################################ > > my $m_au = Mail::Audit->new( ); > > # Add Header > $m_au->put_header('X-Openminds-Authenticated-By',"tango"); > > # We get recipient as ARGV[0]: > my $recipient = $ARGV[0]; > > # We get sender as ARGV[1]: > my $sender = $ARGV[1]; > > # Re-inject mail into postfix system. As we use /usr/sbin/sendmail, the > "outgoing" postfix gets used. > # This means: > # - bypass mailscanner on local box > # - all other mailscanners will see connections from tango, so no > problems with clients on dynamic/blacklisted ips etc. > > $m_au->pipe("/usr/sbin/sendmail -i -f $sender $recipient"); > > ## Done > exit(0); > > --- end /usr/local/sbin/authsmtpheader.pl > > I add the extra header for trackability and to add a -20 score to all > mails that have it... > > Kind Regards, > Frank Louwers > > -- > Openminds bvba www.openminds.be > Tweebruggenstraat 16 - 9000 Gent - Belgium > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rgreen at TRAYERPRODUCTS.COM Tue Mar 15 15:03:48 2005 From: rgreen at TRAYERPRODUCTS.COM (Rodney Green) Date: Thu Jan 12 21:29:02 2006 Subject: SA Network Tests Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Martin, Thanks. Your list of scores only has those that are listed as 0 points. I don't have any of the listed scores in my spam.assassin.prefs.conf file. Rodney Martin Hepworth wrote: > Rodney > > don't so this here, do in in SA . > > edit spam.assassin.prefs.conf > > comment out the "skip_rbl_tests 1" line > > and turn off the RBL's you don't want by giving them a zero > score...here's mine that only runs the xbl and orb ones.. > > score __RCVD_IN_NJABL 0.0 > score RCVD_IN_NJABL_DUL 0.0 > score RCVD_IN_NJABL_MULTI 0.0 > score RCVD_IN_NJABL_PROXY 0.0 > score RCVD_IN_NJABL_RELAY 0.0 > score RCVD_IN_NJABL_SPAM 0.0 > score RCVD_IN_NJABL_CGI 0.0 > score __RCVD_IN_SORBS 0.0 > score RCVD_IN_SORBS_HTTP 0.0 > score RCVD_IN_SORBS_MISC 0.0 > score RCVD_IN_SORBS_SMTP 0.0 > score RCVD_IN_SORBS_SOCKS 0.0 > score RCVD_IN_SORBS_WEB 0.0 > score RCVD_IN_SORBS_BLOCK 0.0 > score RCVD_IN_SORBS_ZOMBIE 0.0 > score RCVD_IN_SORBS_DUL 0.0 > score __RFC_IGNORANT_ENVFROM 0.0 > score DNS_FROM_RFC_DSN 0.0 > score DNS_FROM_RFC_POST 0.0 > score DNS_FROM_RFC_ABUSE 0.0 > score DNS_FROM_RFC_WHOIS 0.0 > score DNS_FROM_RFC_BOGUSMX 0.0 > score RCVD_IN_DSBL 0.0 > score DNS_FROM_AHBL_RHSBL 0.0 > score HABEAS_INFRINGER 0.0 > score HABEAS_USER 0.0 > score RCVD_IN_BSP_TRUSTED 0.0 > score RCVD_IN_BSP_OTHER 0.0 > score __SENDERBASE 0.0 > score SB_NEW_BULK 0.0 > score SB_NSP_VOLUME_SPIKE 0.0 > score RCVD_IN_RSL 0.0 > score RCVD_IN_MAPS_RBL 0.0 > score RCVD_IN_MAPS_DUL 0.0 > score RCVD_IN_MAPS_RSS 0.0 > score RCVD_IN_MAPS_NML 0.0 > > > Also make sure you set the trusted_networks and internal_networks > options properly or it's likely to misfire and start letting the spam > through > http://spamassassin.apache.org/full/3.0.x/dist/doc/Mail_SpamAssassin_Conf.html#network_test_options > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Rodney Green wrote: > >> For the "Spam List =" configuration option in MailScanner.conf, it says >> you can use a ruleset file. What format would you use to list the RBLs? >> >> >> Martin Hepworth wrote: >> >>> Ah I see >>> >>> well network tests cover RBL's, URI-RBL's from surbl.org and perhaps >>> even things like pyzor/dcc etc. >>> >>> I run a couple of RBL's and the URI-RBL's which are truely great. >>> >>> Not sure they'll help with FP's, but if bayes is FP-ing then enableing >>> the network tests will reduce the bayes scores in SA 3.x. >>> >>> -- >>> Martin Hepworth >>> Snr Systems Administrator >>> Solid State Logic >>> Tel: +44 (0)1865 842300 >>> >>> >>> Rodney Green wrote: >>> >>>> Martin, >>>> >>>> Truthfully, I don't know yet. I'm not even sure of what's all >>>> available. >>>> I saw something stating that the network tests helped to reduce false >>>> negatives. So, something that would help with that would be great. >>>> >>>> Thanks, >>>> Rodney >>>> >>>> Martin Hepworth wrote: >>>> >>>>> Rodney >>>>> >>>>> what 'network tests' are you interested in? >>>>> >>>>> see the doccy at spamassassin.apache.org for the options you can put >>>>> into spam.assassin.prefs.conf. >>>>> >>>>> -- >>>>> Martin Hepworth >>>>> Snr Systems Administrator >>>>> Solid State Logic >>>>> Tel: +44 (0)1865 842300 >>>>> >>>>> >>>>> Rodney Green wrote: >>>>> >>>>>> Martin, >>>>>> >>>>>> Thanks, I'll look into how to do that. :-) I'm not familiar with >>>>>> spamd. >>>>>> >>>>>> Rodney >>>>>> >>>>>> Martin Hepworth wrote: >>>>>> >>>>>>> Rodney >>>>>>> >>>>>>> just put the spamd settings into spam.assassin.prefs.conf and MS >>>>>>> will >>>>>>> use them for the SA part. >>>>>>> >>>>>>> -- >>>>>>> Martin Hepworth >>>>>>> Snr Systems Administrator >>>>>>> Solid State Logic >>>>>>> Tel: +44 (0)1865 842300 >>>>>>> >>>>>>> >>>>>>> Rodney Green wrote: >>>>>>> >>>>>>>> Is it possible to enable SA network tests when running it with MS? >>>>>>>> I've >>>>>>>> searched and only found reference to it in relation to running >>>>>>>> spamd, >>>>>>>> which I'm not using. >>>>>>>> >>>>>>>> Thanks, >>>>>>>> Rodney >>>>>>>> >>>>>>>> -- >>>>>>>> This message has been scanned for viruses and >>>>>>>> dangerous content by MailScanner, and is >>>>>>>> believed to be clean. >>>>>>>> >>>>>>>> ------------------------ MailScanner list ------------------------ >>>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>>> 'leave mailscanner' in the body of the email. >>>>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>>> >>>>>>>> Support MailScanner development - buy the book off the website! >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> ********************************************************************** >>>>>>> >>>>>>> >>>>>>> >>>>>>> This email and any files transmitted with it are confidential and >>>>>>> intended solely for the use of the individual or entity to whom they >>>>>>> are addressed. If you have received this email in error please >>>>>>> notify >>>>>>> the system manager. >>>>>>> >>>>>>> This footnote confirms that this email message has been swept >>>>>>> for the presence of computer viruses and is believed to be clean. >>>>>>> >>>>>>> ********************************************************************** >>>>>>> >>>>>>> >>>>>>> >>>>>>> ------------------------ MailScanner list ------------------------ >>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>> 'leave mailscanner' in the body of the email. >>>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>> >>>>>>> Support MailScanner development - buy the book off the website! >>>>>>> >>>>>> >>>>>> -- >>>>>> Rodney Green >>>>>> Network/Security Administrator >>>>>> Trayer Products, Inc. >>>>>> E-Mail: rgreen@trayerproducts.com >>>>>> Phone: 607-734-8124 Ext. 343 >>>>>> >>>>>> -- >>>>>> This message has been scanned for viruses and >>>>>> dangerous content by MailScanner, and is >>>>>> believed to be clean. >>>>>> >>>>>> ------------------------ MailScanner list ------------------------ >>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>> 'leave mailscanner' in the body of the email. >>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>> >>>>>> Support MailScanner development - buy the book off the website! >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> ********************************************************************** >>>>> >>>>> This email and any files transmitted with it are confidential and >>>>> intended solely for the use of the individual or entity to whom they >>>>> are addressed. If you have received this email in error please notify >>>>> the system manager. >>>>> >>>>> This footnote confirms that this email message has been swept >>>>> for the presence of computer viruses and is believed to be clean. >>>>> >>>>> ********************************************************************** >>>>> >>>>> ------------------------ MailScanner list ------------------------ >>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>> 'leave mailscanner' in the body of the email. >>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>>> >>>> >>>> -- >>>> Rodney Green >>>> Network/Security Administrator >>>> Trayer Products, Inc. >>>> E-Mail: rgreen@trayerproducts.com >>>> Phone: 607-734-8124 Ext. 343 >>>> >>>> -- >>>> This message has been scanned for viruses and >>>> dangerous content by MailScanner, and is >>>> believed to be clean. >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>> >>> >>> >>> >>> ********************************************************************** >>> >>> This email and any files transmitted with it are confidential and >>> intended solely for the use of the individual or entity to whom they >>> are addressed. If you have received this email in error please notify >>> the system manager. >>> >>> This footnote confirms that this email message has been swept >>> for the presence of computer viruses and is believed to be clean. >>> >>> ********************************************************************** >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> -- >> Rodney Green >> Network/Security Administrator >> Trayer Products, Inc. >> E-Mail: rgreen@trayerproducts.com >> Phone: 607-734-8124 Ext. 343 >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Rodney Green Network/Security Administrator Trayer Products, Inc. E-Mail: rgreen@trayerproducts.com Phone: 607-734-8124 Ext. 343 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pg at NEWHONEST.COM Tue Mar 15 15:06:33 2005 From: pg at NEWHONEST.COM (Jason) Date: Thu Jan 12 21:29:02 2006 Subject: spamhaus-XBL Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Yeah, I have just removed the spam.list option from MailScanner, as a temporary solution before I can sucessfully use Frank's postfix config. Thank you all for all the valuable info. Jason ----- Original Message ----- From: "Drew Marshall" To: Sent: Tuesday, March 15, 2005 5:49 PM Subject: Re: spamhaus-XBL > Randal, Phil said: >> You've hit the nail right on the head with that one. >> >> The best way to use the Spamhaus XBL list is in spamassassin, not >> MailScanner, with a fairly low score (I wouldn't give it more than 1.5). >> Two many false positives from PCs in dial-up/ADSL IP address pools. > > And indeed it can be done quickly and easily with a single line > MailScanner.conf change and a re-start of MS, which would give you an > immediate solution. > > Drew > > -- > In line with our policy, this message has > been scanned for viruses and dangerous > content by MailScanner, and is believed to be clean. > www.themarshalls.co.uk/policy > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Andreas.Doerfler at KEMPTEN.DE Tue Mar 15 15:08:08 2005 From: Andreas.Doerfler at KEMPTEN.DE ([iso-8859-1] Dörfler Andreas) Date: Thu Jan 12 21:29:02 2006 Subject: SA Network Tests Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] put em in > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Rodney Green > Sent: Tuesday, March 15, 2005 4:04 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: SA Network Tests > > > Martin, > > Thanks. Your list of scores only has those that are listed as > 0 points. > I don't have any of the listed scores in my > spam.assassin.prefs.conf file. > > Rodney > > Martin Hepworth wrote: > > Rodney > > > > don't so this here, do in in SA . > > > > edit spam.assassin.prefs.conf > > > > comment out the "skip_rbl_tests 1" line > > > > and turn off the RBL's you don't want by giving them a zero > > score...here's mine that only runs the xbl and orb ones.. > > > > score __RCVD_IN_NJABL 0.0 > > score RCVD_IN_NJABL_DUL 0.0 > > score RCVD_IN_NJABL_MULTI 0.0 > > score RCVD_IN_NJABL_PROXY 0.0 > > score RCVD_IN_NJABL_RELAY 0.0 > > score RCVD_IN_NJABL_SPAM 0.0 > > score RCVD_IN_NJABL_CGI 0.0 > > score __RCVD_IN_SORBS 0.0 > > score RCVD_IN_SORBS_HTTP 0.0 > > score RCVD_IN_SORBS_MISC 0.0 > > score RCVD_IN_SORBS_SMTP 0.0 > > score RCVD_IN_SORBS_SOCKS 0.0 > > score RCVD_IN_SORBS_WEB 0.0 > > score RCVD_IN_SORBS_BLOCK 0.0 > > score RCVD_IN_SORBS_ZOMBIE 0.0 > > score RCVD_IN_SORBS_DUL 0.0 > > score __RFC_IGNORANT_ENVFROM 0.0 > > score DNS_FROM_RFC_DSN 0.0 > > score DNS_FROM_RFC_POST 0.0 > > score DNS_FROM_RFC_ABUSE 0.0 > > score DNS_FROM_RFC_WHOIS 0.0 > > score DNS_FROM_RFC_BOGUSMX 0.0 > > score RCVD_IN_DSBL 0.0 > > score DNS_FROM_AHBL_RHSBL 0.0 > > score HABEAS_INFRINGER 0.0 > > score HABEAS_USER 0.0 > > score RCVD_IN_BSP_TRUSTED 0.0 > > score RCVD_IN_BSP_OTHER 0.0 > > score __SENDERBASE 0.0 > > score SB_NEW_BULK 0.0 > > score SB_NSP_VOLUME_SPIKE 0.0 > > score RCVD_IN_RSL 0.0 > > score RCVD_IN_MAPS_RBL 0.0 > > score RCVD_IN_MAPS_DUL 0.0 > > score RCVD_IN_MAPS_RSS 0.0 > > score RCVD_IN_MAPS_NML 0.0 > > > > > > Also make sure you set the trusted_networks and internal_networks > > options properly or it's likely to misfire and start > letting the spam > > through > > > http://spamassassin.apache.org/full/3.0.x/dist/doc/Mail_SpamAs > sassin_Conf.html#network_test_options > > > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > > > Rodney Green wrote: > > > >> For the "Spam List =" configuration option in > MailScanner.conf, it says > >> you can use a ruleset file. What format would you use to > list the RBLs? > >> > >> > >> Martin Hepworth wrote: > >> > >>> Ah I see > >>> > >>> well network tests cover RBL's, URI-RBL's from surbl.org > and perhaps > >>> even things like pyzor/dcc etc. > >>> > >>> I run a couple of RBL's and the URI-RBL's which are truely great. > >>> > >>> Not sure they'll help with FP's, but if bayes is FP-ing > then enableing > >>> the network tests will reduce the bayes scores in SA 3.x. > >>> > >>> -- > >>> Martin Hepworth > >>> Snr Systems Administrator > >>> Solid State Logic > >>> Tel: +44 (0)1865 842300 > >>> > >>> > >>> Rodney Green wrote: > >>> > >>>> Martin, > >>>> > >>>> Truthfully, I don't know yet. I'm not even sure of what's all > >>>> available. > >>>> I saw something stating that the network tests helped to > reduce false > >>>> negatives. So, something that would help with that would > be great. > >>>> > >>>> Thanks, > >>>> Rodney > >>>> > >>>> Martin Hepworth wrote: > >>>> > >>>>> Rodney > >>>>> > >>>>> what 'network tests' are you interested in? > >>>>> > >>>>> see the doccy at spamassassin.apache.org for the > options you can put > >>>>> into spam.assassin.prefs.conf. > >>>>> > >>>>> -- > >>>>> Martin Hepworth > >>>>> Snr Systems Administrator > >>>>> Solid State Logic > >>>>> Tel: +44 (0)1865 842300 > >>>>> > >>>>> > >>>>> Rodney Green wrote: > >>>>> > >>>>>> Martin, > >>>>>> > >>>>>> Thanks, I'll look into how to do that. :-) I'm not > familiar with > >>>>>> spamd. > >>>>>> > >>>>>> Rodney > >>>>>> > >>>>>> Martin Hepworth wrote: > >>>>>> > >>>>>>> Rodney > >>>>>>> > >>>>>>> just put the spamd settings into > spam.assassin.prefs.conf and MS > >>>>>>> will > >>>>>>> use them for the SA part. > >>>>>>> > >>>>>>> -- > >>>>>>> Martin Hepworth > >>>>>>> Snr Systems Administrator > >>>>>>> Solid State Logic > >>>>>>> Tel: +44 (0)1865 842300 > >>>>>>> > >>>>>>> > >>>>>>> Rodney Green wrote: > >>>>>>> > >>>>>>>> Is it possible to enable SA network tests when > running it with MS? > >>>>>>>> I've > >>>>>>>> searched and only found reference to it in relation > to running > >>>>>>>> spamd, > >>>>>>>> which I'm not using. > >>>>>>>> > >>>>>>>> Thanks, > >>>>>>>> Rodney > >>>>>>>> > >>>>>>>> -- > >>>>>>>> This message has been scanned for viruses and > >>>>>>>> dangerous content by MailScanner, and is > >>>>>>>> believed to be clean. > >>>>>>>> > >>>>>>>> ------------------------ MailScanner list > ------------------------ > >>>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>>>>>>> 'leave mailscanner' in the body of the email. > >>>>>>>> Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and > >>>>>>>> the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >>>>>>>> > >>>>>>>> Support MailScanner development - buy the book off > the website! > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > ********************************************************************** > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> This email and any files transmitted with it are > confidential and > >>>>>>> intended solely for the use of the individual or > entity to whom they > >>>>>>> are addressed. If you have received this email in error please > >>>>>>> notify > >>>>>>> the system manager. > >>>>>>> > >>>>>>> This footnote confirms that this email message has been swept > >>>>>>> for the presence of computer viruses and is believed > to be clean. > >>>>>>> > >>>>>>> > ********************************************************************** > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> ------------------------ MailScanner list > ------------------------ > >>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>>>>>> 'leave mailscanner' in the body of the email. > >>>>>>> Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and > >>>>>>> the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >>>>>>> > >>>>>>> Support MailScanner development - buy the book off > the website! > >>>>>>> > >>>>>> > >>>>>> -- > >>>>>> Rodney Green > >>>>>> Network/Security Administrator > >>>>>> Trayer Products, Inc. > >>>>>> E-Mail: rgreen@trayerproducts.com > >>>>>> Phone: 607-734-8124 Ext. 343 > >>>>>> > >>>>>> -- > >>>>>> This message has been scanned for viruses and > >>>>>> dangerous content by MailScanner, and is > >>>>>> believed to be clean. > >>>>>> > >>>>>> ------------------------ MailScanner list > ------------------------ > >>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>>>>> 'leave mailscanner' in the body of the email. > >>>>>> Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and > >>>>>> the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >>>>>> > >>>>>> Support MailScanner development - buy the book off the website! > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > ********************************************************************** > >>>>> > >>>>> This email and any files transmitted with it are > confidential and > >>>>> intended solely for the use of the individual or entity > to whom they > >>>>> are addressed. If you have received this email in error > please notify > >>>>> the system manager. > >>>>> > >>>>> This footnote confirms that this email message has been swept > >>>>> for the presence of computer viruses and is believed to > be clean. > >>>>> > >>>>> > ********************************************************************** > >>>>> > >>>>> ------------------------ MailScanner list > ------------------------ > >>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>>>> 'leave mailscanner' in the body of the email. > >>>>> Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and > >>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >>>>> > >>>>> Support MailScanner development - buy the book off the website! > >>>>> > >>>> > >>>> -- > >>>> Rodney Green > >>>> Network/Security Administrator > >>>> Trayer Products, Inc. > >>>> E-Mail: rgreen@trayerproducts.com > >>>> Phone: 607-734-8124 Ext. 343 > >>>> > >>>> -- > >>>> This message has been scanned for viruses and > >>>> dangerous content by MailScanner, and is > >>>> believed to be clean. > >>>> > >>>> ------------------------ MailScanner list > ------------------------ > >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>>> 'leave mailscanner' in the body of the email. > >>>> Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and > >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >>>> > >>>> Support MailScanner development - buy the book off the website! > >>> > >>> > >>> > >>> > >>> > ********************************************************************** > >>> > >>> This email and any files transmitted with it are confidential and > >>> intended solely for the use of the individual or entity > to whom they > >>> are addressed. If you have received this email in error > please notify > >>> the system manager. > >>> > >>> This footnote confirms that this email message has been swept > >>> for the presence of computer viruses and is believed to be clean. > >>> > >>> > ********************************************************************** > >>> > >>> ------------------------ MailScanner list ------------------------ > >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>> 'leave mailscanner' in the body of the email. > >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >>> > >>> Support MailScanner development - buy the book off the website! > >>> > >> > >> -- > >> Rodney Green > >> Network/Security Administrator > >> Trayer Products, Inc. > >> E-Mail: rgreen@trayerproducts.com > >> Phone: 607-734-8124 Ext. 343 > >> > >> -- > >> This message has been scanned for viruses and > >> dangerous content by MailScanner, and is > >> believed to be clean. > >> > >> ------------------------ MailScanner list ------------------------ > >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >> 'leave mailscanner' in the body of the email. > >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> > >> Support MailScanner development - buy the book off the website! > > > > > > > ********************************************************************** > > > > This email and any files transmitted with it are confidential and > > intended solely for the use of the individual or entity to whom they > > are addressed. If you have received this email in error > please notify > > the system manager. > > > > This footnote confirms that this email message has been swept > > for the presence of computer viruses and is believed to be clean. > > > > > ********************************************************************** > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > -- > Rodney Green > Network/Security Administrator > Trayer Products, Inc. > E-Mail: rgreen@trayerproducts.com > Phone: 607-734-8124 Ext. 343 > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Mar 15 15:08:46 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:02 2006 Subject: SA Network Tests Message-ID: Rodney A score of zero turns off the rule. I only want two of th RBL's the run, so I turn off all the others by ADDING the scores to the file. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Rodney Green wrote: > Martin, > > Thanks. Your list of scores only has those that are listed as 0 points. > I don't have any of the listed scores in my spam.assassin.prefs.conf file. > > Rodney > > Martin Hepworth wrote: > >> Rodney >> >> don't so this here, do in in SA . >> >> edit spam.assassin.prefs.conf >> >> comment out the "skip_rbl_tests 1" line >> >> and turn off the RBL's you don't want by giving them a zero >> score...here's mine that only runs the xbl and orb ones.. >> >> score __RCVD_IN_NJABL 0.0 >> score RCVD_IN_NJABL_DUL 0.0 >> score RCVD_IN_NJABL_MULTI 0.0 >> score RCVD_IN_NJABL_PROXY 0.0 >> score RCVD_IN_NJABL_RELAY 0.0 >> score RCVD_IN_NJABL_SPAM 0.0 >> score RCVD_IN_NJABL_CGI 0.0 >> score __RCVD_IN_SORBS 0.0 >> score RCVD_IN_SORBS_HTTP 0.0 >> score RCVD_IN_SORBS_MISC 0.0 >> score RCVD_IN_SORBS_SMTP 0.0 >> score RCVD_IN_SORBS_SOCKS 0.0 >> score RCVD_IN_SORBS_WEB 0.0 >> score RCVD_IN_SORBS_BLOCK 0.0 >> score RCVD_IN_SORBS_ZOMBIE 0.0 >> score RCVD_IN_SORBS_DUL 0.0 >> score __RFC_IGNORANT_ENVFROM 0.0 >> score DNS_FROM_RFC_DSN 0.0 >> score DNS_FROM_RFC_POST 0.0 >> score DNS_FROM_RFC_ABUSE 0.0 >> score DNS_FROM_RFC_WHOIS 0.0 >> score DNS_FROM_RFC_BOGUSMX 0.0 >> score RCVD_IN_DSBL 0.0 >> score DNS_FROM_AHBL_RHSBL 0.0 >> score HABEAS_INFRINGER 0.0 >> score HABEAS_USER 0.0 >> score RCVD_IN_BSP_TRUSTED 0.0 >> score RCVD_IN_BSP_OTHER 0.0 >> score __SENDERBASE 0.0 >> score SB_NEW_BULK 0.0 >> score SB_NSP_VOLUME_SPIKE 0.0 >> score RCVD_IN_RSL 0.0 >> score RCVD_IN_MAPS_RBL 0.0 >> score RCVD_IN_MAPS_DUL 0.0 >> score RCVD_IN_MAPS_RSS 0.0 >> score RCVD_IN_MAPS_NML 0.0 >> >> >> Also make sure you set the trusted_networks and internal_networks >> options properly or it's likely to misfire and start letting the spam >> through >> http://spamassassin.apache.org/full/3.0.x/dist/doc/Mail_SpamAssassin_Conf.html#network_test_options >> >> >> >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >> >> Rodney Green wrote: >> >>> For the "Spam List =" configuration option in MailScanner.conf, it says >>> you can use a ruleset file. What format would you use to list the RBLs? >>> >>> >>> Martin Hepworth wrote: >>> >>>> Ah I see >>>> >>>> well network tests cover RBL's, URI-RBL's from surbl.org and perhaps >>>> even things like pyzor/dcc etc. >>>> >>>> I run a couple of RBL's and the URI-RBL's which are truely great. >>>> >>>> Not sure they'll help with FP's, but if bayes is FP-ing then enableing >>>> the network tests will reduce the bayes scores in SA 3.x. >>>> >>>> -- >>>> Martin Hepworth >>>> Snr Systems Administrator >>>> Solid State Logic >>>> Tel: +44 (0)1865 842300 >>>> >>>> >>>> Rodney Green wrote: >>>> >>>>> Martin, >>>>> >>>>> Truthfully, I don't know yet. I'm not even sure of what's all >>>>> available. >>>>> I saw something stating that the network tests helped to reduce false >>>>> negatives. So, something that would help with that would be great. >>>>> >>>>> Thanks, >>>>> Rodney >>>>> >>>>> Martin Hepworth wrote: >>>>> >>>>>> Rodney >>>>>> >>>>>> what 'network tests' are you interested in? >>>>>> >>>>>> see the doccy at spamassassin.apache.org for the options you can put >>>>>> into spam.assassin.prefs.conf. >>>>>> >>>>>> -- >>>>>> Martin Hepworth >>>>>> Snr Systems Administrator >>>>>> Solid State Logic >>>>>> Tel: +44 (0)1865 842300 >>>>>> >>>>>> >>>>>> Rodney Green wrote: >>>>>> >>>>>>> Martin, >>>>>>> >>>>>>> Thanks, I'll look into how to do that. :-) I'm not familiar with >>>>>>> spamd. >>>>>>> >>>>>>> Rodney >>>>>>> >>>>>>> Martin Hepworth wrote: >>>>>>> >>>>>>>> Rodney >>>>>>>> >>>>>>>> just put the spamd settings into spam.assassin.prefs.conf and MS >>>>>>>> will >>>>>>>> use them for the SA part. >>>>>>>> >>>>>>>> -- >>>>>>>> Martin Hepworth >>>>>>>> Snr Systems Administrator >>>>>>>> Solid State Logic >>>>>>>> Tel: +44 (0)1865 842300 >>>>>>>> >>>>>>>> >>>>>>>> Rodney Green wrote: >>>>>>>> >>>>>>>>> Is it possible to enable SA network tests when running it with MS? >>>>>>>>> I've >>>>>>>>> searched and only found reference to it in relation to running >>>>>>>>> spamd, >>>>>>>>> which I'm not using. >>>>>>>>> >>>>>>>>> Thanks, >>>>>>>>> Rodney >>>>>>>>> >>>>>>>>> -- >>>>>>>>> This message has been scanned for viruses and >>>>>>>>> dangerous content by MailScanner, and is >>>>>>>>> believed to be clean. >>>>>>>>> >>>>>>>>> ------------------------ MailScanner list ------------------------ >>>>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>>>> 'leave mailscanner' in the body of the email. >>>>>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>>>> >>>>>>>>> Support MailScanner development - buy the book off the website! >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> ********************************************************************** >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> This email and any files transmitted with it are confidential and >>>>>>>> intended solely for the use of the individual or entity to whom >>>>>>>> they >>>>>>>> are addressed. If you have received this email in error please >>>>>>>> notify >>>>>>>> the system manager. >>>>>>>> >>>>>>>> This footnote confirms that this email message has been swept >>>>>>>> for the presence of computer viruses and is believed to be clean. >>>>>>>> >>>>>>>> ********************************************************************** >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> ------------------------ MailScanner list ------------------------ >>>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>>> 'leave mailscanner' in the body of the email. >>>>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>>> >>>>>>>> Support MailScanner development - buy the book off the website! >>>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Rodney Green >>>>>>> Network/Security Administrator >>>>>>> Trayer Products, Inc. >>>>>>> E-Mail: rgreen@trayerproducts.com >>>>>>> Phone: 607-734-8124 Ext. 343 >>>>>>> >>>>>>> -- >>>>>>> This message has been scanned for viruses and >>>>>>> dangerous content by MailScanner, and is >>>>>>> believed to be clean. >>>>>>> >>>>>>> ------------------------ MailScanner list ------------------------ >>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>> 'leave mailscanner' in the body of the email. >>>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>> >>>>>>> Support MailScanner development - buy the book off the website! >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> ********************************************************************** >>>>>> >>>>>> >>>>>> This email and any files transmitted with it are confidential and >>>>>> intended solely for the use of the individual or entity to whom they >>>>>> are addressed. If you have received this email in error please notify >>>>>> the system manager. >>>>>> >>>>>> This footnote confirms that this email message has been swept >>>>>> for the presence of computer viruses and is believed to be clean. >>>>>> >>>>>> ********************************************************************** >>>>>> >>>>>> >>>>>> ------------------------ MailScanner list ------------------------ >>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>> 'leave mailscanner' in the body of the email. >>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>> >>>>>> Support MailScanner development - buy the book off the website! >>>>>> >>>>> >>>>> -- >>>>> Rodney Green >>>>> Network/Security Administrator >>>>> Trayer Products, Inc. >>>>> E-Mail: rgreen@trayerproducts.com >>>>> Phone: 607-734-8124 Ext. 343 >>>>> >>>>> -- >>>>> This message has been scanned for viruses and >>>>> dangerous content by MailScanner, and is >>>>> believed to be clean. >>>>> >>>>> ------------------------ MailScanner list ------------------------ >>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>> 'leave mailscanner' in the body of the email. >>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>>> >>>> >>>> >>>> ********************************************************************** >>>> >>>> This email and any files transmitted with it are confidential and >>>> intended solely for the use of the individual or entity to whom they >>>> are addressed. If you have received this email in error please notify >>>> the system manager. >>>> >>>> This footnote confirms that this email message has been swept >>>> for the presence of computer viruses and is believed to be clean. >>>> >>>> ********************************************************************** >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>> >>> -- >>> Rodney Green >>> Network/Security Administrator >>> Trayer Products, Inc. >>> E-Mail: rgreen@trayerproducts.com >>> Phone: 607-734-8124 Ext. 343 >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >> >> >> >> ********************************************************************** >> >> This email and any files transmitted with it are confidential and >> intended solely for the use of the individual or entity to whom they >> are addressed. If you have received this email in error please notify >> the system manager. >> >> This footnote confirms that this email message has been swept >> for the presence of computer viruses and is believed to be clean. >> >> ********************************************************************** >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > -- > Rodney Green > Network/Security Administrator > Trayer Products, Inc. > E-Mail: rgreen@trayerproducts.com > Phone: 607-734-8124 Ext. 343 > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rgreen at TRAYERPRODUCTS.COM Tue Mar 15 15:13:03 2005 From: rgreen at TRAYERPRODUCTS.COM (Rodney Green) Date: Thu Jan 12 21:29:02 2006 Subject: SA Network Tests Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ahh, I see. So they are on by default, unless set to zero. Thanks Martin! Martin Hepworth wrote: > Rodney > > A score of zero turns off the rule. > > I only want two of th RBL's the run, so I turn off all the others by > ADDING the scores to the file. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Rodney Green wrote: > >> Martin, >> >> Thanks. Your list of scores only has those that are listed as 0 points. >> I don't have any of the listed scores in my spam.assassin.prefs.conf >> file. >> >> Rodney >> >> Martin Hepworth wrote: >> >>> Rodney >>> >>> don't so this here, do in in SA . >>> >>> edit spam.assassin.prefs.conf >>> >>> comment out the "skip_rbl_tests 1" line >>> >>> and turn off the RBL's you don't want by giving them a zero >>> score...here's mine that only runs the xbl and orb ones.. >>> >>> score __RCVD_IN_NJABL 0.0 >>> score RCVD_IN_NJABL_DUL 0.0 >>> score RCVD_IN_NJABL_MULTI 0.0 >>> score RCVD_IN_NJABL_PROXY 0.0 >>> score RCVD_IN_NJABL_RELAY 0.0 >>> score RCVD_IN_NJABL_SPAM 0.0 >>> score RCVD_IN_NJABL_CGI 0.0 >>> score __RCVD_IN_SORBS 0.0 >>> score RCVD_IN_SORBS_HTTP 0.0 >>> score RCVD_IN_SORBS_MISC 0.0 >>> score RCVD_IN_SORBS_SMTP 0.0 >>> score RCVD_IN_SORBS_SOCKS 0.0 >>> score RCVD_IN_SORBS_WEB 0.0 >>> score RCVD_IN_SORBS_BLOCK 0.0 >>> score RCVD_IN_SORBS_ZOMBIE 0.0 >>> score RCVD_IN_SORBS_DUL 0.0 >>> score __RFC_IGNORANT_ENVFROM 0.0 >>> score DNS_FROM_RFC_DSN 0.0 >>> score DNS_FROM_RFC_POST 0.0 >>> score DNS_FROM_RFC_ABUSE 0.0 >>> score DNS_FROM_RFC_WHOIS 0.0 >>> score DNS_FROM_RFC_BOGUSMX 0.0 >>> score RCVD_IN_DSBL 0.0 >>> score DNS_FROM_AHBL_RHSBL 0.0 >>> score HABEAS_INFRINGER 0.0 >>> score HABEAS_USER 0.0 >>> score RCVD_IN_BSP_TRUSTED 0.0 >>> score RCVD_IN_BSP_OTHER 0.0 >>> score __SENDERBASE 0.0 >>> score SB_NEW_BULK 0.0 >>> score SB_NSP_VOLUME_SPIKE 0.0 >>> score RCVD_IN_RSL 0.0 >>> score RCVD_IN_MAPS_RBL 0.0 >>> score RCVD_IN_MAPS_DUL 0.0 >>> score RCVD_IN_MAPS_RSS 0.0 >>> score RCVD_IN_MAPS_NML 0.0 >>> >>> >>> Also make sure you set the trusted_networks and internal_networks >>> options properly or it's likely to misfire and start letting the spam >>> through >>> http://spamassassin.apache.org/full/3.0.x/dist/doc/Mail_SpamAssassin_Conf.html#network_test_options >>> >>> >>> >>> >>> -- >>> Martin Hepworth >>> Snr Systems Administrator >>> Solid State Logic >>> Tel: +44 (0)1865 842300 >>> >>> >>> Rodney Green wrote: >>> >>>> For the "Spam List =" configuration option in MailScanner.conf, it says >>>> you can use a ruleset file. What format would you use to list the RBLs? >>>> >>>> >>>> Martin Hepworth wrote: >>>> >>>>> Ah I see >>>>> >>>>> well network tests cover RBL's, URI-RBL's from surbl.org and perhaps >>>>> even things like pyzor/dcc etc. >>>>> >>>>> I run a couple of RBL's and the URI-RBL's which are truely great. >>>>> >>>>> Not sure they'll help with FP's, but if bayes is FP-ing then enableing >>>>> the network tests will reduce the bayes scores in SA 3.x. >>>>> >>>>> -- >>>>> Martin Hepworth >>>>> Snr Systems Administrator >>>>> Solid State Logic >>>>> Tel: +44 (0)1865 842300 >>>>> >>>>> >>>>> Rodney Green wrote: >>>>> >>>>>> Martin, >>>>>> >>>>>> Truthfully, I don't know yet. I'm not even sure of what's all >>>>>> available. >>>>>> I saw something stating that the network tests helped to reduce false >>>>>> negatives. So, something that would help with that would be great. >>>>>> >>>>>> Thanks, >>>>>> Rodney >>>>>> >>>>>> Martin Hepworth wrote: >>>>>> >>>>>>> Rodney >>>>>>> >>>>>>> what 'network tests' are you interested in? >>>>>>> >>>>>>> see the doccy at spamassassin.apache.org for the options you can put >>>>>>> into spam.assassin.prefs.conf. >>>>>>> >>>>>>> -- >>>>>>> Martin Hepworth >>>>>>> Snr Systems Administrator >>>>>>> Solid State Logic >>>>>>> Tel: +44 (0)1865 842300 >>>>>>> >>>>>>> >>>>>>> Rodney Green wrote: >>>>>>> >>>>>>>> Martin, >>>>>>>> >>>>>>>> Thanks, I'll look into how to do that. :-) I'm not familiar with >>>>>>>> spamd. >>>>>>>> >>>>>>>> Rodney >>>>>>>> >>>>>>>> Martin Hepworth wrote: >>>>>>>> >>>>>>>>> Rodney >>>>>>>>> >>>>>>>>> just put the spamd settings into spam.assassin.prefs.conf and MS >>>>>>>>> will >>>>>>>>> use them for the SA part. >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Martin Hepworth >>>>>>>>> Snr Systems Administrator >>>>>>>>> Solid State Logic >>>>>>>>> Tel: +44 (0)1865 842300 >>>>>>>>> >>>>>>>>> >>>>>>>>> Rodney Green wrote: >>>>>>>>> >>>>>>>>>> Is it possible to enable SA network tests when running it with >>>>>>>>>> MS? >>>>>>>>>> I've >>>>>>>>>> searched and only found reference to it in relation to running >>>>>>>>>> spamd, >>>>>>>>>> which I'm not using. >>>>>>>>>> >>>>>>>>>> Thanks, >>>>>>>>>> Rodney >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> This message has been scanned for viruses and >>>>>>>>>> dangerous content by MailScanner, and is >>>>>>>>>> believed to be clean. >>>>>>>>>> >>>>>>>>>> ------------------------ MailScanner list >>>>>>>>>> ------------------------ >>>>>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>>>>> 'leave mailscanner' in the body of the email. >>>>>>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) >>>>>>>>>> and >>>>>>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>>>>> >>>>>>>>>> Support MailScanner development - buy the book off the website! >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> ********************************************************************** >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> This email and any files transmitted with it are confidential and >>>>>>>>> intended solely for the use of the individual or entity to whom >>>>>>>>> they >>>>>>>>> are addressed. If you have received this email in error please >>>>>>>>> notify >>>>>>>>> the system manager. >>>>>>>>> >>>>>>>>> This footnote confirms that this email message has been swept >>>>>>>>> for the presence of computer viruses and is believed to be clean. >>>>>>>>> >>>>>>>>> ********************************************************************** >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> ------------------------ MailScanner list ------------------------ >>>>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>>>> 'leave mailscanner' in the body of the email. >>>>>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>>>> >>>>>>>>> Support MailScanner development - buy the book off the website! >>>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Rodney Green >>>>>>>> Network/Security Administrator >>>>>>>> Trayer Products, Inc. >>>>>>>> E-Mail: rgreen@trayerproducts.com >>>>>>>> Phone: 607-734-8124 Ext. 343 >>>>>>>> >>>>>>>> -- >>>>>>>> This message has been scanned for viruses and >>>>>>>> dangerous content by MailScanner, and is >>>>>>>> believed to be clean. >>>>>>>> >>>>>>>> ------------------------ MailScanner list ------------------------ >>>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>>> 'leave mailscanner' in the body of the email. >>>>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>>> >>>>>>>> Support MailScanner development - buy the book off the website! >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> ********************************************************************** >>>>>>> >>>>>>> >>>>>>> >>>>>>> This email and any files transmitted with it are confidential and >>>>>>> intended solely for the use of the individual or entity to whom they >>>>>>> are addressed. If you have received this email in error please >>>>>>> notify >>>>>>> the system manager. >>>>>>> >>>>>>> This footnote confirms that this email message has been swept >>>>>>> for the presence of computer viruses and is believed to be clean. >>>>>>> >>>>>>> ********************************************************************** >>>>>>> >>>>>>> >>>>>>> >>>>>>> ------------------------ MailScanner list ------------------------ >>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>> 'leave mailscanner' in the body of the email. >>>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>> >>>>>>> Support MailScanner development - buy the book off the website! >>>>>>> >>>>>> >>>>>> -- >>>>>> Rodney Green >>>>>> Network/Security Administrator >>>>>> Trayer Products, Inc. >>>>>> E-Mail: rgreen@trayerproducts.com >>>>>> Phone: 607-734-8124 Ext. 343 >>>>>> >>>>>> -- >>>>>> This message has been scanned for viruses and >>>>>> dangerous content by MailScanner, and is >>>>>> believed to be clean. >>>>>> >>>>>> ------------------------ MailScanner list ------------------------ >>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>> 'leave mailscanner' in the body of the email. >>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>> >>>>>> Support MailScanner development - buy the book off the website! >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> ********************************************************************** >>>>> >>>>> This email and any files transmitted with it are confidential and >>>>> intended solely for the use of the individual or entity to whom they >>>>> are addressed. If you have received this email in error please notify >>>>> the system manager. >>>>> >>>>> This footnote confirms that this email message has been swept >>>>> for the presence of computer viruses and is believed to be clean. >>>>> >>>>> ********************************************************************** >>>>> >>>>> ------------------------ MailScanner list ------------------------ >>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>> 'leave mailscanner' in the body of the email. >>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>>> >>>> >>>> -- >>>> Rodney Green >>>> Network/Security Administrator >>>> Trayer Products, Inc. >>>> E-Mail: rgreen@trayerproducts.com >>>> Phone: 607-734-8124 Ext. 343 >>>> >>>> -- >>>> This message has been scanned for viruses and >>>> dangerous content by MailScanner, and is >>>> believed to be clean. >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>> >>> >>> >>> >>> ********************************************************************** >>> >>> This email and any files transmitted with it are confidential and >>> intended solely for the use of the individual or entity to whom they >>> are addressed. If you have received this email in error please notify >>> the system manager. >>> >>> This footnote confirms that this email message has been swept >>> for the presence of computer viruses and is believed to be clean. >>> >>> ********************************************************************** >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> -- >> Rodney Green >> Network/Security Administrator >> Trayer Products, Inc. >> E-Mail: rgreen@trayerproducts.com >> Phone: 607-734-8124 Ext. 343 >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Rodney Green Network/Security Administrator Trayer Products, Inc. E-Mail: rgreen@trayerproducts.com Phone: 607-734-8124 Ext. 343 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Peter.Bates at LSHTM.AC.UK Tue Mar 15 15:16:03 2005 From: Peter.Bates at LSHTM.AC.UK (Peter Bates) Date: Thu Jan 12 21:29:02 2006 Subject: Using "Default Rules With Multiple Recipients" Message-ID: Hello all... I've had a butchers at the FAQ (sorry, a look, I don't know why I drop into slang) but didn't find a clear answer. Basically, I'm using Postfix and the HOLD method, and have a few addresses I now happily acknowledge are nothing but spamtraps, and which I want to forward elsewhere. I use the virtual_maps/virtusertable equivalent to forward to an external address. Because of the HOLD method, the message has to pass through MailScanner before being redirected (I've tried the REDIRECT Postfix method, seemingly without much success). So, I've been trying to use rules to avoid spam scanning for these addresses: Spam Checks = /etc/MailScanner/rules/scan.rules which has: To: dodgy-spam@blah no FromOrTo: default yes However, when the message is destined for multiple addresses, it doesn't get scanned for them, leading to some rather annoyed users. I've looked at: Use Default Rules With Multiple Recipients ... but am still unsure how to use it, considering the messages technically come in for x@lshtm.ac.uk, but then get forwarded out. If anyone still awake has any suggestions or is doing something similar, I'd be grateful for any suggestions. Thanks. ---------------------------------------------------------------------------------------------------> Peter Bates, Systems Support Officer, IT Services. London School of Hygiene & Tropical Medicine. Telephone:0207-958 8353 / Fax: 0207- 636 9838 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Tue Mar 15 15:15:41 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:29:02 2006 Subject: Released beta 4.40.4 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > Peter Russell wrote: > >> Julian, have the autolearn=notspam, autolearn=spam comments been removed >> from the MS output to the maillog? >> >> I see these on my old machine 4.29x but on latest stable they dont >> appear. Is this your design or SA 3.02? > > > They should still be in the code. I haven't removed them... > One more thing that should be enabled by default in spam.assassin.prefs.conf are: # Many users using OE / MS Outlook have hotmail configured, # SA wrongly detects valid mail as FORGED_MUA_OUTLOOK, last checked # there was no solution available in the SA user lists for this. score FORGED_MUA_OUTLOOK 0 Others please comment if this ought to be added in spam.assassin.prefs.conf - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From gdoris at rogers.com Tue Mar 15 15:19:03 2005 From: gdoris at rogers.com (Gerry Doris) Date: Thu Jan 12 21:29:02 2006 Subject: 4.40.5, Solaris 9, no problems Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > Jeff A. Earickson wrote: > >> Been working great, using unrar from http://www.rarlab.com/. >> You outta mention a URL for where to get unrar if your >> system (like mine) doesn't come with it. What's another comment >> in the MailScanner.conf file? >> > Good point. I have added a pointer to www.rarlab.com in the > MailScanner.conf. > > -- > Julian Field I'm using Fedora 2 and unrar wasn't on this box either. I did a yum update to install it. Gerry ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rgreen at TRAYERPRODUCTS.COM Tue Mar 15 15:23:47 2005 From: rgreen at TRAYERPRODUCTS.COM (Rodney Green) Date: Thu Jan 12 21:29:02 2006 Subject: SA Network Tests Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] In looking through some spam headers I've noticed scores for URIBLs: URIBL_OB_SURBL 3.21,URIBL_SBL 1.00, URIBL_SC_SURBL 4.26, URIBL_WS_SURBL 1.46 Where are these configured? I've been looking but cannot find where the scores are specified. Thanks Rodney Green wrote: > Ahh, I see. So they are on by default, unless set to zero. > > Thanks Martin! > > Martin Hepworth wrote: > >> Rodney >> >> A score of zero turns off the rule. >> >> I only want two of th RBL's the run, so I turn off all the others by >> ADDING the scores to the file. >> >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >> >> Rodney Green wrote: >> >>> Martin, >>> >>> Thanks. Your list of scores only has those that are listed as 0 points. >>> I don't have any of the listed scores in my spam.assassin.prefs.conf >>> file. >>> >>> Rodney >>> >>> Martin Hepworth wrote: >>> >>>> Rodney >>>> >>>> don't so this here, do in in SA . >>>> >>>> edit spam.assassin.prefs.conf >>>> >>>> comment out the "skip_rbl_tests 1" line >>>> >>>> and turn off the RBL's you don't want by giving them a zero >>>> score...here's mine that only runs the xbl and orb ones.. >>>> >>>> score __RCVD_IN_NJABL 0.0 >>>> score RCVD_IN_NJABL_DUL 0.0 >>>> score RCVD_IN_NJABL_MULTI 0.0 >>>> score RCVD_IN_NJABL_PROXY 0.0 >>>> score RCVD_IN_NJABL_RELAY 0.0 >>>> score RCVD_IN_NJABL_SPAM 0.0 >>>> score RCVD_IN_NJABL_CGI 0.0 >>>> score __RCVD_IN_SORBS 0.0 >>>> score RCVD_IN_SORBS_HTTP 0.0 >>>> score RCVD_IN_SORBS_MISC 0.0 >>>> score RCVD_IN_SORBS_SMTP 0.0 >>>> score RCVD_IN_SORBS_SOCKS 0.0 >>>> score RCVD_IN_SORBS_WEB 0.0 >>>> score RCVD_IN_SORBS_BLOCK 0.0 >>>> score RCVD_IN_SORBS_ZOMBIE 0.0 >>>> score RCVD_IN_SORBS_DUL 0.0 >>>> score __RFC_IGNORANT_ENVFROM 0.0 >>>> score DNS_FROM_RFC_DSN 0.0 >>>> score DNS_FROM_RFC_POST 0.0 >>>> score DNS_FROM_RFC_ABUSE 0.0 >>>> score DNS_FROM_RFC_WHOIS 0.0 >>>> score DNS_FROM_RFC_BOGUSMX 0.0 >>>> score RCVD_IN_DSBL 0.0 >>>> score DNS_FROM_AHBL_RHSBL 0.0 >>>> score HABEAS_INFRINGER 0.0 >>>> score HABEAS_USER 0.0 >>>> score RCVD_IN_BSP_TRUSTED 0.0 >>>> score RCVD_IN_BSP_OTHER 0.0 >>>> score __SENDERBASE 0.0 >>>> score SB_NEW_BULK 0.0 >>>> score SB_NSP_VOLUME_SPIKE 0.0 >>>> score RCVD_IN_RSL 0.0 >>>> score RCVD_IN_MAPS_RBL 0.0 >>>> score RCVD_IN_MAPS_DUL 0.0 >>>> score RCVD_IN_MAPS_RSS 0.0 >>>> score RCVD_IN_MAPS_NML 0.0 >>>> >>>> >>>> Also make sure you set the trusted_networks and internal_networks >>>> options properly or it's likely to misfire and start letting the spam >>>> through >>>> http://spamassassin.apache.org/full/3.0.x/dist/doc/Mail_SpamAssassin_Conf.html#network_test_options >>>> >>>> >>>> >>>> >>>> >>>> -- >>>> Martin Hepworth >>>> Snr Systems Administrator >>>> Solid State Logic >>>> Tel: +44 (0)1865 842300 >>>> >>>> >>>> Rodney Green wrote: >>>> >>>>> For the "Spam List =" configuration option in MailScanner.conf, it >>>>> says >>>>> you can use a ruleset file. What format would you use to list the >>>>> RBLs? >>>>> >>>>> >>>>> Martin Hepworth wrote: >>>>> >>>>>> Ah I see >>>>>> >>>>>> well network tests cover RBL's, URI-RBL's from surbl.org and perhaps >>>>>> even things like pyzor/dcc etc. >>>>>> >>>>>> I run a couple of RBL's and the URI-RBL's which are truely great. >>>>>> >>>>>> Not sure they'll help with FP's, but if bayes is FP-ing then >>>>>> enableing >>>>>> the network tests will reduce the bayes scores in SA 3.x. >>>>>> >>>>>> -- >>>>>> Martin Hepworth >>>>>> Snr Systems Administrator >>>>>> Solid State Logic >>>>>> Tel: +44 (0)1865 842300 >>>>>> >>>>>> >>>>>> Rodney Green wrote: >>>>>> >>>>>>> Martin, >>>>>>> >>>>>>> Truthfully, I don't know yet. I'm not even sure of what's all >>>>>>> available. >>>>>>> I saw something stating that the network tests helped to reduce >>>>>>> false >>>>>>> negatives. So, something that would help with that would be great. >>>>>>> >>>>>>> Thanks, >>>>>>> Rodney >>>>>>> >>>>>>> Martin Hepworth wrote: >>>>>>> >>>>>>>> Rodney >>>>>>>> >>>>>>>> what 'network tests' are you interested in? >>>>>>>> >>>>>>>> see the doccy at spamassassin.apache.org for the options you can >>>>>>>> put >>>>>>>> into spam.assassin.prefs.conf. >>>>>>>> >>>>>>>> -- >>>>>>>> Martin Hepworth >>>>>>>> Snr Systems Administrator >>>>>>>> Solid State Logic >>>>>>>> Tel: +44 (0)1865 842300 >>>>>>>> >>>>>>>> >>>>>>>> Rodney Green wrote: >>>>>>>> >>>>>>>>> Martin, >>>>>>>>> >>>>>>>>> Thanks, I'll look into how to do that. :-) I'm not familiar with >>>>>>>>> spamd. >>>>>>>>> >>>>>>>>> Rodney >>>>>>>>> >>>>>>>>> Martin Hepworth wrote: >>>>>>>>> >>>>>>>>>> Rodney >>>>>>>>>> >>>>>>>>>> just put the spamd settings into spam.assassin.prefs.conf and MS >>>>>>>>>> will >>>>>>>>>> use them for the SA part. >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Martin Hepworth >>>>>>>>>> Snr Systems Administrator >>>>>>>>>> Solid State Logic >>>>>>>>>> Tel: +44 (0)1865 842300 >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Rodney Green wrote: >>>>>>>>>> >>>>>>>>>>> Is it possible to enable SA network tests when running it with >>>>>>>>>>> MS? >>>>>>>>>>> I've >>>>>>>>>>> searched and only found reference to it in relation to running >>>>>>>>>>> spamd, >>>>>>>>>>> which I'm not using. >>>>>>>>>>> >>>>>>>>>>> Thanks, >>>>>>>>>>> Rodney >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> This message has been scanned for viruses and >>>>>>>>>>> dangerous content by MailScanner, and is >>>>>>>>>>> believed to be clean. >>>>>>>>>>> >>>>>>>>>>> ------------------------ MailScanner list >>>>>>>>>>> ------------------------ >>>>>>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>>>>>> 'leave mailscanner' in the body of the email. >>>>>>>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) >>>>>>>>>>> and >>>>>>>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>>>>>> >>>>>>>>>>> Support MailScanner development - buy the book off the website! >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> ********************************************************************** >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> This email and any files transmitted with it are confidential and >>>>>>>>>> intended solely for the use of the individual or entity to whom >>>>>>>>>> they >>>>>>>>>> are addressed. If you have received this email in error please >>>>>>>>>> notify >>>>>>>>>> the system manager. >>>>>>>>>> >>>>>>>>>> This footnote confirms that this email message has been swept >>>>>>>>>> for the presence of computer viruses and is believed to be clean. >>>>>>>>>> >>>>>>>>>> ********************************************************************** >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> ------------------------ MailScanner list >>>>>>>>>> ------------------------ >>>>>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>>>>> 'leave mailscanner' in the body of the email. >>>>>>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) >>>>>>>>>> and >>>>>>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>>>>> >>>>>>>>>> Support MailScanner development - buy the book off the website! >>>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Rodney Green >>>>>>>>> Network/Security Administrator >>>>>>>>> Trayer Products, Inc. >>>>>>>>> E-Mail: rgreen@trayerproducts.com >>>>>>>>> Phone: 607-734-8124 Ext. 343 >>>>>>>>> >>>>>>>>> -- >>>>>>>>> This message has been scanned for viruses and >>>>>>>>> dangerous content by MailScanner, and is >>>>>>>>> believed to be clean. >>>>>>>>> >>>>>>>>> ------------------------ MailScanner list ------------------------ >>>>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>>>> 'leave mailscanner' in the body of the email. >>>>>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>>>> >>>>>>>>> Support MailScanner development - buy the book off the website! >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> ********************************************************************** >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> This email and any files transmitted with it are confidential and >>>>>>>> intended solely for the use of the individual or entity to whom >>>>>>>> they >>>>>>>> are addressed. If you have received this email in error please >>>>>>>> notify >>>>>>>> the system manager. >>>>>>>> >>>>>>>> This footnote confirms that this email message has been swept >>>>>>>> for the presence of computer viruses and is believed to be clean. >>>>>>>> >>>>>>>> ********************************************************************** >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> ------------------------ MailScanner list ------------------------ >>>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>>> 'leave mailscanner' in the body of the email. >>>>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>>> >>>>>>>> Support MailScanner development - buy the book off the website! >>>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Rodney Green >>>>>>> Network/Security Administrator >>>>>>> Trayer Products, Inc. >>>>>>> E-Mail: rgreen@trayerproducts.com >>>>>>> Phone: 607-734-8124 Ext. 343 >>>>>>> >>>>>>> -- >>>>>>> This message has been scanned for viruses and >>>>>>> dangerous content by MailScanner, and is >>>>>>> believed to be clean. >>>>>>> >>>>>>> ------------------------ MailScanner list ------------------------ >>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>> 'leave mailscanner' in the body of the email. >>>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>> >>>>>>> Support MailScanner development - buy the book off the website! >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> ********************************************************************** >>>>>> >>>>>> >>>>>> This email and any files transmitted with it are confidential and >>>>>> intended solely for the use of the individual or entity to whom they >>>>>> are addressed. If you have received this email in error please notify >>>>>> the system manager. >>>>>> >>>>>> This footnote confirms that this email message has been swept >>>>>> for the presence of computer viruses and is believed to be clean. >>>>>> >>>>>> ********************************************************************** >>>>>> >>>>>> >>>>>> ------------------------ MailScanner list ------------------------ >>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>> 'leave mailscanner' in the body of the email. >>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>> >>>>>> Support MailScanner development - buy the book off the website! >>>>>> >>>>> >>>>> -- >>>>> Rodney Green >>>>> Network/Security Administrator >>>>> Trayer Products, Inc. >>>>> E-Mail: rgreen@trayerproducts.com >>>>> Phone: 607-734-8124 Ext. 343 >>>>> >>>>> -- >>>>> This message has been scanned for viruses and >>>>> dangerous content by MailScanner, and is >>>>> believed to be clean. >>>>> >>>>> ------------------------ MailScanner list ------------------------ >>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>> 'leave mailscanner' in the body of the email. >>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>>> >>>> >>>> >>>> ********************************************************************** >>>> >>>> This email and any files transmitted with it are confidential and >>>> intended solely for the use of the individual or entity to whom they >>>> are addressed. If you have received this email in error please notify >>>> the system manager. >>>> >>>> This footnote confirms that this email message has been swept >>>> for the presence of computer viruses and is believed to be clean. >>>> >>>> ********************************************************************** >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>> >>> -- >>> Rodney Green >>> Network/Security Administrator >>> Trayer Products, Inc. >>> E-Mail: rgreen@trayerproducts.com >>> Phone: 607-734-8124 Ext. 343 >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >> >> >> >> ********************************************************************** >> >> This email and any files transmitted with it are confidential and >> intended solely for the use of the individual or entity to whom they >> are addressed. If you have received this email in error please notify >> the system manager. >> >> This footnote confirms that this email message has been swept >> for the presence of computer viruses and is believed to be clean. >> >> ********************************************************************** >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > -- > Rodney Green > Network/Security Administrator > Trayer Products, Inc. > E-Mail: rgreen@trayerproducts.com > Phone: 607-734-8124 Ext. 343 > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Rodney Green Network/Security Administrator Trayer Products, Inc. E-Mail: rgreen@trayerproducts.com Phone: 607-734-8124 Ext. 343 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rgreen at TRAYERPRODUCTS.COM Tue Mar 15 15:53:04 2005 From: rgreen at TRAYERPRODUCTS.COM (Rodney Green) Date: Thu Jan 12 21:29:03 2006 Subject: SA Network Tests Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I guess I still don't have the full view of the "big picture" when it comes to MS and SA. I just found where the URIBLs are configured; in /usr/share/spamassassin/25_uribl.cf. I thought they had to be enabled in spam.assassin.prefs.conf. Rodney Green wrote: > In looking through some spam headers I've noticed scores for URIBLs: > > URIBL_OB_SURBL 3.21,URIBL_SBL 1.00, URIBL_SC_SURBL 4.26, URIBL_WS_SURBL > 1.46 > > Where are these configured? I've been looking but cannot find where the > scores are specified. > > Thanks > > Rodney Green wrote: > >> Ahh, I see. So they are on by default, unless set to zero. >> >> Thanks Martin! >> >> Martin Hepworth wrote: >> >>> Rodney >>> >>> A score of zero turns off the rule. >>> >>> I only want two of th RBL's the run, so I turn off all the others by >>> ADDING the scores to the file. >>> >>> -- >>> Martin Hepworth >>> Snr Systems Administrator >>> Solid State Logic >>> Tel: +44 (0)1865 842300 >>> >>> >>> Rodney Green wrote: >>> >>>> Martin, >>>> >>>> Thanks. Your list of scores only has those that are listed as 0 points. >>>> I don't have any of the listed scores in my spam.assassin.prefs.conf >>>> file. >>>> >>>> Rodney >>>> >>>> Martin Hepworth wrote: >>>> >>>>> Rodney >>>>> >>>>> don't so this here, do in in SA . >>>>> >>>>> edit spam.assassin.prefs.conf >>>>> >>>>> comment out the "skip_rbl_tests 1" line >>>>> >>>>> and turn off the RBL's you don't want by giving them a zero >>>>> score...here's mine that only runs the xbl and orb ones.. >>>>> >>>>> score __RCVD_IN_NJABL 0.0 >>>>> score RCVD_IN_NJABL_DUL 0.0 >>>>> score RCVD_IN_NJABL_MULTI 0.0 >>>>> score RCVD_IN_NJABL_PROXY 0.0 >>>>> score RCVD_IN_NJABL_RELAY 0.0 >>>>> score RCVD_IN_NJABL_SPAM 0.0 >>>>> score RCVD_IN_NJABL_CGI 0.0 >>>>> score __RCVD_IN_SORBS 0.0 >>>>> score RCVD_IN_SORBS_HTTP 0.0 >>>>> score RCVD_IN_SORBS_MISC 0.0 >>>>> score RCVD_IN_SORBS_SMTP 0.0 >>>>> score RCVD_IN_SORBS_SOCKS 0.0 >>>>> score RCVD_IN_SORBS_WEB 0.0 >>>>> score RCVD_IN_SORBS_BLOCK 0.0 >>>>> score RCVD_IN_SORBS_ZOMBIE 0.0 >>>>> score RCVD_IN_SORBS_DUL 0.0 >>>>> score __RFC_IGNORANT_ENVFROM 0.0 >>>>> score DNS_FROM_RFC_DSN 0.0 >>>>> score DNS_FROM_RFC_POST 0.0 >>>>> score DNS_FROM_RFC_ABUSE 0.0 >>>>> score DNS_FROM_RFC_WHOIS 0.0 >>>>> score DNS_FROM_RFC_BOGUSMX 0.0 >>>>> score RCVD_IN_DSBL 0.0 >>>>> score DNS_FROM_AHBL_RHSBL 0.0 >>>>> score HABEAS_INFRINGER 0.0 >>>>> score HABEAS_USER 0.0 >>>>> score RCVD_IN_BSP_TRUSTED 0.0 >>>>> score RCVD_IN_BSP_OTHER 0.0 >>>>> score __SENDERBASE 0.0 >>>>> score SB_NEW_BULK 0.0 >>>>> score SB_NSP_VOLUME_SPIKE 0.0 >>>>> score RCVD_IN_RSL 0.0 >>>>> score RCVD_IN_MAPS_RBL 0.0 >>>>> score RCVD_IN_MAPS_DUL 0.0 >>>>> score RCVD_IN_MAPS_RSS 0.0 >>>>> score RCVD_IN_MAPS_NML 0.0 >>>>> >>>>> >>>>> Also make sure you set the trusted_networks and internal_networks >>>>> options properly or it's likely to misfire and start letting the spam >>>>> through >>>>> http://spamassassin.apache.org/full/3.0.x/dist/doc/Mail_SpamAssassin_Conf.html#network_test_options >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Martin Hepworth >>>>> Snr Systems Administrator >>>>> Solid State Logic >>>>> Tel: +44 (0)1865 842300 >>>>> >>>>> >>>>> Rodney Green wrote: >>>>> >>>>>> For the "Spam List =" configuration option in MailScanner.conf, it >>>>>> says >>>>>> you can use a ruleset file. What format would you use to list the >>>>>> RBLs? >>>>>> >>>>>> >>>>>> Martin Hepworth wrote: >>>>>> >>>>>>> Ah I see >>>>>>> >>>>>>> well network tests cover RBL's, URI-RBL's from surbl.org and perhaps >>>>>>> even things like pyzor/dcc etc. >>>>>>> >>>>>>> I run a couple of RBL's and the URI-RBL's which are truely great. >>>>>>> >>>>>>> Not sure they'll help with FP's, but if bayes is FP-ing then >>>>>>> enableing >>>>>>> the network tests will reduce the bayes scores in SA 3.x. >>>>>>> >>>>>>> -- >>>>>>> Martin Hepworth >>>>>>> Snr Systems Administrator >>>>>>> Solid State Logic >>>>>>> Tel: +44 (0)1865 842300 >>>>>>> >>>>>>> >>>>>>> Rodney Green wrote: >>>>>>> >>>>>>>> Martin, >>>>>>>> >>>>>>>> Truthfully, I don't know yet. I'm not even sure of what's all >>>>>>>> available. >>>>>>>> I saw something stating that the network tests helped to reduce >>>>>>>> false >>>>>>>> negatives. So, something that would help with that would be great. >>>>>>>> >>>>>>>> Thanks, >>>>>>>> Rodney >>>>>>>> >>>>>>>> Martin Hepworth wrote: >>>>>>>> >>>>>>>>> Rodney >>>>>>>>> >>>>>>>>> what 'network tests' are you interested in? >>>>>>>>> >>>>>>>>> see the doccy at spamassassin.apache.org for the options you can >>>>>>>>> put >>>>>>>>> into spam.assassin.prefs.conf. >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Martin Hepworth >>>>>>>>> Snr Systems Administrator >>>>>>>>> Solid State Logic >>>>>>>>> Tel: +44 (0)1865 842300 >>>>>>>>> >>>>>>>>> >>>>>>>>> Rodney Green wrote: >>>>>>>>> >>>>>>>>>> Martin, >>>>>>>>>> >>>>>>>>>> Thanks, I'll look into how to do that. :-) I'm not familiar with >>>>>>>>>> spamd. >>>>>>>>>> >>>>>>>>>> Rodney >>>>>>>>>> >>>>>>>>>> Martin Hepworth wrote: >>>>>>>>>> >>>>>>>>>>> Rodney >>>>>>>>>>> >>>>>>>>>>> just put the spamd settings into spam.assassin.prefs.conf and MS >>>>>>>>>>> will >>>>>>>>>>> use them for the SA part. >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> Martin Hepworth >>>>>>>>>>> Snr Systems Administrator >>>>>>>>>>> Solid State Logic >>>>>>>>>>> Tel: +44 (0)1865 842300 >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Rodney Green wrote: >>>>>>>>>>> >>>>>>>>>>>> Is it possible to enable SA network tests when running it with >>>>>>>>>>>> MS? >>>>>>>>>>>> I've >>>>>>>>>>>> searched and only found reference to it in relation to running >>>>>>>>>>>> spamd, >>>>>>>>>>>> which I'm not using. >>>>>>>>>>>> >>>>>>>>>>>> Thanks, >>>>>>>>>>>> Rodney >>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>>> This message has been scanned for viruses and >>>>>>>>>>>> dangerous content by MailScanner, and is >>>>>>>>>>>> believed to be clean. >>>>>>>>>>>> >>>>>>>>>>>> ------------------------ MailScanner list >>>>>>>>>>>> ------------------------ >>>>>>>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>>>>>>> 'leave mailscanner' in the body of the email. >>>>>>>>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) >>>>>>>>>>>> and >>>>>>>>>>>> the archives >>>>>>>>>>>> (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>>>>>>> >>>>>>>>>>>> Support MailScanner development - buy the book off the website! >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> ********************************************************************** >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> This email and any files transmitted with it are confidential >>>>>>>>>>> and >>>>>>>>>>> intended solely for the use of the individual or entity to whom >>>>>>>>>>> they >>>>>>>>>>> are addressed. If you have received this email in error please >>>>>>>>>>> notify >>>>>>>>>>> the system manager. >>>>>>>>>>> >>>>>>>>>>> This footnote confirms that this email message has been swept >>>>>>>>>>> for the presence of computer viruses and is believed to be >>>>>>>>>>> clean. >>>>>>>>>>> >>>>>>>>>>> ********************************************************************** >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> ------------------------ MailScanner list >>>>>>>>>>> ------------------------ >>>>>>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>>>>>> 'leave mailscanner' in the body of the email. >>>>>>>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) >>>>>>>>>>> and >>>>>>>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>>>>>> >>>>>>>>>>> Support MailScanner development - buy the book off the website! >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Rodney Green >>>>>>>>>> Network/Security Administrator >>>>>>>>>> Trayer Products, Inc. >>>>>>>>>> E-Mail: rgreen@trayerproducts.com >>>>>>>>>> Phone: 607-734-8124 Ext. 343 >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> This message has been scanned for viruses and >>>>>>>>>> dangerous content by MailScanner, and is >>>>>>>>>> believed to be clean. >>>>>>>>>> >>>>>>>>>> ------------------------ MailScanner list >>>>>>>>>> ------------------------ >>>>>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>>>>> 'leave mailscanner' in the body of the email. >>>>>>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) >>>>>>>>>> and >>>>>>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>>>>> >>>>>>>>>> Support MailScanner development - buy the book off the website! >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> ********************************************************************** >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> This email and any files transmitted with it are confidential and >>>>>>>>> intended solely for the use of the individual or entity to whom >>>>>>>>> they >>>>>>>>> are addressed. If you have received this email in error please >>>>>>>>> notify >>>>>>>>> the system manager. >>>>>>>>> >>>>>>>>> This footnote confirms that this email message has been swept >>>>>>>>> for the presence of computer viruses and is believed to be clean. >>>>>>>>> >>>>>>>>> ********************************************************************** >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> ------------------------ MailScanner list ------------------------ >>>>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>>>> 'leave mailscanner' in the body of the email. >>>>>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>>>> >>>>>>>>> Support MailScanner development - buy the book off the website! >>>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Rodney Green >>>>>>>> Network/Security Administrator >>>>>>>> Trayer Products, Inc. >>>>>>>> E-Mail: rgreen@trayerproducts.com >>>>>>>> Phone: 607-734-8124 Ext. 343 >>>>>>>> >>>>>>>> -- >>>>>>>> This message has been scanned for viruses and >>>>>>>> dangerous content by MailScanner, and is >>>>>>>> believed to be clean. >>>>>>>> >>>>>>>> ------------------------ MailScanner list ------------------------ >>>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>>> 'leave mailscanner' in the body of the email. >>>>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>>> >>>>>>>> Support MailScanner development - buy the book off the website! >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> ********************************************************************** >>>>>>> >>>>>>> >>>>>>> >>>>>>> This email and any files transmitted with it are confidential and >>>>>>> intended solely for the use of the individual or entity to whom they >>>>>>> are addressed. If you have received this email in error please >>>>>>> notify >>>>>>> the system manager. >>>>>>> >>>>>>> This footnote confirms that this email message has been swept >>>>>>> for the presence of computer viruses and is believed to be clean. >>>>>>> >>>>>>> ********************************************************************** >>>>>>> >>>>>>> >>>>>>> >>>>>>> ------------------------ MailScanner list ------------------------ >>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>> 'leave mailscanner' in the body of the email. >>>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>> >>>>>>> Support MailScanner development - buy the book off the website! >>>>>>> >>>>>> >>>>>> -- >>>>>> Rodney Green >>>>>> Network/Security Administrator >>>>>> Trayer Products, Inc. >>>>>> E-Mail: rgreen@trayerproducts.com >>>>>> Phone: 607-734-8124 Ext. 343 >>>>>> >>>>>> -- >>>>>> This message has been scanned for viruses and >>>>>> dangerous content by MailScanner, and is >>>>>> believed to be clean. >>>>>> >>>>>> ------------------------ MailScanner list ------------------------ >>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>> 'leave mailscanner' in the body of the email. >>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>> >>>>>> Support MailScanner development - buy the book off the website! >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> ********************************************************************** >>>>> >>>>> This email and any files transmitted with it are confidential and >>>>> intended solely for the use of the individual or entity to whom they >>>>> are addressed. If you have received this email in error please notify >>>>> the system manager. >>>>> >>>>> This footnote confirms that this email message has been swept >>>>> for the presence of computer viruses and is believed to be clean. >>>>> >>>>> ********************************************************************** >>>>> >>>>> ------------------------ MailScanner list ------------------------ >>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>> 'leave mailscanner' in the body of the email. >>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>>> >>>> >>>> -- >>>> Rodney Green >>>> Network/Security Administrator >>>> Trayer Products, Inc. >>>> E-Mail: rgreen@trayerproducts.com >>>> Phone: 607-734-8124 Ext. 343 >>>> >>>> -- >>>> This message has been scanned for viruses and >>>> dangerous content by MailScanner, and is >>>> believed to be clean. >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>> >>> >>> >>> >>> ********************************************************************** >>> >>> This email and any files transmitted with it are confidential and >>> intended solely for the use of the individual or entity to whom they >>> are addressed. If you have received this email in error please notify >>> the system manager. >>> >>> This footnote confirms that this email message has been swept >>> for the presence of computer viruses and is believed to be clean. >>> >>> ********************************************************************** >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> -- >> Rodney Green >> Network/Security Administrator >> Trayer Products, Inc. >> E-Mail: rgreen@trayerproducts.com >> Phone: 607-734-8124 Ext. 343 >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > -- > Rodney Green > Network/Security Administrator > Trayer Products, Inc. > E-Mail: rgreen@trayerproducts.com > Phone: 607-734-8124 Ext. 343 > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Rodney Green Network/Security Administrator Trayer Products, Inc. E-Mail: rgreen@trayerproducts.com Phone: 607-734-8124 Ext. 343 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rgreen at TRAYERPRODUCTS.COM Tue Mar 15 16:05:05 2005 From: rgreen at TRAYERPRODUCTS.COM (Rodney Green) Date: Thu Jan 12 21:29:03 2006 Subject: What enables URIBLs? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, I see that the plugin for URIBLs is loaded in the init.pre file. I haven't modified that and for some reason SA started hitting on URIBL rules recently. Is there something in MailScanner.conf that controls whether or not URIBLs are used? Thanks, Rod -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Mar 15 16:29:16 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:03 2006 Subject: Using "Default Rules With Multiple Recipients" Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Use Default Rules With Multiple Recipients = yes should do what you want. It forces it to use the "default" rule if there are multiple recipients. Peter Bates wrote: >Hello all... > >I've had a butchers at the FAQ (sorry, a look, I don't know why I drop >into slang) but didn't find a clear answer. > >Basically, I'm using Postfix and the HOLD method, and have a few >addresses I now happily acknowledge are nothing but spamtraps, and which >I want to forward elsewhere. I use the virtual_maps/virtusertable >equivalent to forward to an external address. > >Because of the HOLD method, the message has to pass through MailScanner >before being redirected (I've tried the REDIRECT Postfix method, >seemingly without much success). > >So, I've been trying to use rules to avoid spam scanning for these >addresses: > >Spam Checks = /etc/MailScanner/rules/scan.rules > >which has: > >To: dodgy-spam@blah no >FromOrTo: default yes > >However, when the message is destined for multiple addresses, it >doesn't get scanned for them, leading to some rather annoyed users. > >I've looked at: > >Use Default Rules With Multiple Recipients > >... but am still unsure how to use it, considering the messages >technically come in for x@lshtm.ac.uk, but then get forwarded out. > >If anyone still awake has any suggestions or is doing something >similar, I'd be grateful for any suggestions. > >Thanks. > > >---------------------------------------------------------------------------------------------------> >Peter Bates, Systems Support Officer, IT Services. >London School of Hygiene & Tropical Medicine. >Telephone:0207-958 8353 / Fax: 0207- 636 9838 > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Mar 15 16:30:30 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:03 2006 Subject: What enables URIBLs? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rodney Green wrote: > I see that the plugin for URIBLs is loaded in the init.pre file. I > haven't modified that and for some reason SA started hitting on URIBL > rules recently. Is there something in MailScanner.conf that controls > whether or not URIBLs are used? No. Not outside anything you might have put into spam.assassin.prefs.conf anyway. Did you recently upgrade Net::DNS to at least 0.48? You need that otherwise the URIBL lookups won't work. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rgreen at TRAYERPRODUCTS.COM Tue Mar 15 16:33:54 2005 From: rgreen at TRAYERPRODUCTS.COM (Rodney Green) Date: Thu Jan 12 21:29:03 2006 Subject: What enables URIBLs? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > Rodney Green wrote: > >> I see that the plugin for URIBLs is loaded in the init.pre file. I >> haven't modified that and for some reason SA started hitting on URIBL >> rules recently. Is there something in MailScanner.conf that controls >> whether or not URIBLs are used? > > > No. Not outside anything you might have put into > spam.assassin.prefs.conf anyway. > Did you recently upgrade Net::DNS to at least 0.48? You need that > otherwise the URIBL lookups won't work. I haven't update Net::DNS. URIBLs are working. I'm just wondering where they are enabled. I'm also trying to find where their scores are configured. Thanks Julian -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Peter.Bates at LSHTM.AC.UK Tue Mar 15 16:34:08 2005 From: Peter.Bates at LSHTM.AC.UK (Peter Bates) Date: Thu Jan 12 21:29:03 2006 Subject: What enables URIBLs? Message-ID: Hello all... > rgreen@TRAYERPRODUCTS.COM 15/03/05 16:05:05 >>> >Hello, >I see that the plugin for URIBLs is loaded in the init.pre file. I >haven't modified that and for some reason SA started hitting on URIBL >rules recently. Is there something in MailScanner.conf that controls >whether or not URIBLs are used? A very useful command, Rod is: spamassassin -D --prefs-file=/etc/MailScanner/spam.assassin.prefs.conf --lint to the point that I have it alias'ed in my .bashrc. This runs the spamassassin command-line tool pointing to the prefs-file that is probably being used (by default by MailScanner) and shows what other things are being loaded. I think the general rule of thumb is: - don't touch the default rules in /usr/share/x or similar - if you want to change values for these, do so in spam.assassin.prefs.conf (like for example the reference to 'score RCVD_IN_RSL 0', etc.) And people often link /etc/mail/spamassassin/local.cf to the MailScanner spam.assassin.prefs.conf to avoid this confusion. As you've recently been talking about enabling the SA Network tests, URIBLs comes under this category (i.e. they're DNS-based tests, that only work with DNS 'available'). ---------------------------------------------------------------------------------------------------> Peter Bates, Systems Support Officer, IT Services. London School of Hygiene & Tropical Medicine. Telephone:0207-958 8353 / Fax: 0207- 636 9838 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jimc at LARIDIAN.COM Tue Mar 15 16:44:29 2005 From: jimc at LARIDIAN.COM (Jim Coates) Date: Thu Jan 12 21:29:03 2006 Subject: SA Timeouts Message-ID: Hello all; I recently upgraded SpamAssassin to 3.01 and have started having timeout issues. MailScanner's header report shows "X-MailScanner-SpamCheck: not spam, SpamAssassin (timed out)" I've been watching the CPU and memory utilization and it doesn't seem to be that the server is having its resources eaten up, so I'm not really sure what's causing it. I increased the spam check timeouts to 60 (they were 40 by default), but that doesn't seem to have corrected the problem. Any ideas as to what might be causing this? Thanks, Jim Coates Laridian, Inc. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Mar 15 16:50:32 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:03 2006 Subject: What enables URIBLs? Message-ID: Rodney if you've just enabled the network tests (commented outthe skip rbls in spam.assassin.prefs.conf) then that will start the URI-RBLs. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Rodney Green wrote: > Hello, > > I see that the plugin for URIBLs is loaded in the init.pre file. I > haven't modified that and for some reason SA started hitting on URIBL > rules recently. Is there something in MailScanner.conf that controls > whether or not URIBLs are used? > > Thanks, > Rod > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Mar 15 16:50:57 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:03 2006 Subject: SA Timeouts Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Are you getting loads of stuff left in /root/.spamassassin/bayes* ? Jim Coates wrote: >Hello all; > >I recently upgraded SpamAssassin to 3.01 and have started having timeout >issues. > >MailScanner's header report shows "X-MailScanner-SpamCheck: not spam, >SpamAssassin (timed out)" > >I've been watching the CPU and memory utilization and it doesn't seem to be >that the server is having its resources eaten up, so I'm not really sure >what's causing it. > >I increased the spam check timeouts to 60 (they were 40 by default), but >that doesn't seem to have corrected the problem. > >Any ideas as to what might be causing this? > > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Mar 15 16:52:10 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:03 2006 Subject: What enables URIBLs? Message-ID: Rodney scores will be in /usr/local/share/spamassassin/50_scores.cf if you want to change them do it in spam.assassin.prefs.conf -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Rodney Green wrote: > Julian Field wrote: > >> Rodney Green wrote: >> >>> I see that the plugin for URIBLs is loaded in the init.pre file. I >>> haven't modified that and for some reason SA started hitting on URIBL >>> rules recently. Is there something in MailScanner.conf that controls >>> whether or not URIBLs are used? >> >> >> >> No. Not outside anything you might have put into >> spam.assassin.prefs.conf anyway. >> Did you recently upgrade Net::DNS to at least 0.48? You need that >> otherwise the URIBL lookups won't work. > > > I haven't update Net::DNS. URIBLs are working. I'm just wondering where > they are enabled. I'm also trying to find where their scores are > configured. > > Thanks Julian > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Mar 15 16:53:41 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:03 2006 Subject: SA Network Tests Message-ID: Rodney disabling the skip_rbl option in spam.assassin.prefs.conf will enable ALL RBL's including the URI-rbls. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Rodney Green wrote: > I guess I still don't have the full view of the "big picture" when it > comes to MS and SA. I just found where the URIBLs are configured; in > /usr/share/spamassassin/25_uribl.cf. I thought they had to be enabled in > spam.assassin.prefs.conf. > > Rodney Green wrote: > >> In looking through some spam headers I've noticed scores for URIBLs: >> >> URIBL_OB_SURBL 3.21,URIBL_SBL 1.00, URIBL_SC_SURBL 4.26, URIBL_WS_SURBL >> 1.46 >> >> Where are these configured? I've been looking but cannot find where the >> scores are specified. >> >> Thanks >> >> Rodney Green wrote: >> >>> Ahh, I see. So they are on by default, unless set to zero. >>> >>> Thanks Martin! >>> >>> Martin Hepworth wrote: >>> >>>> Rodney >>>> >>>> A score of zero turns off the rule. >>>> >>>> I only want two of th RBL's the run, so I turn off all the others by >>>> ADDING the scores to the file. >>>> >>>> -- >>>> Martin Hepworth >>>> Snr Systems Administrator >>>> Solid State Logic >>>> Tel: +44 (0)1865 842300 >>>> >>>> >>>> Rodney Green wrote: >>>> >>>>> Martin, >>>>> >>>>> Thanks. Your list of scores only has those that are listed as 0 >>>>> points. >>>>> I don't have any of the listed scores in my spam.assassin.prefs.conf >>>>> file. >>>>> >>>>> Rodney >>>>> >>>>> Martin Hepworth wrote: >>>>> >>>>>> Rodney >>>>>> >>>>>> don't so this here, do in in SA . >>>>>> >>>>>> edit spam.assassin.prefs.conf >>>>>> >>>>>> comment out the "skip_rbl_tests 1" line >>>>>> >>>>>> and turn off the RBL's you don't want by giving them a zero >>>>>> score...here's mine that only runs the xbl and orb ones.. >>>>>> >>>>>> score __RCVD_IN_NJABL 0.0 >>>>>> score RCVD_IN_NJABL_DUL 0.0 >>>>>> score RCVD_IN_NJABL_MULTI 0.0 >>>>>> score RCVD_IN_NJABL_PROXY 0.0 >>>>>> score RCVD_IN_NJABL_RELAY 0.0 >>>>>> score RCVD_IN_NJABL_SPAM 0.0 >>>>>> score RCVD_IN_NJABL_CGI 0.0 >>>>>> score __RCVD_IN_SORBS 0.0 >>>>>> score RCVD_IN_SORBS_HTTP 0.0 >>>>>> score RCVD_IN_SORBS_MISC 0.0 >>>>>> score RCVD_IN_SORBS_SMTP 0.0 >>>>>> score RCVD_IN_SORBS_SOCKS 0.0 >>>>>> score RCVD_IN_SORBS_WEB 0.0 >>>>>> score RCVD_IN_SORBS_BLOCK 0.0 >>>>>> score RCVD_IN_SORBS_ZOMBIE 0.0 >>>>>> score RCVD_IN_SORBS_DUL 0.0 >>>>>> score __RFC_IGNORANT_ENVFROM 0.0 >>>>>> score DNS_FROM_RFC_DSN 0.0 >>>>>> score DNS_FROM_RFC_POST 0.0 >>>>>> score DNS_FROM_RFC_ABUSE 0.0 >>>>>> score DNS_FROM_RFC_WHOIS 0.0 >>>>>> score DNS_FROM_RFC_BOGUSMX 0.0 >>>>>> score RCVD_IN_DSBL 0.0 >>>>>> score DNS_FROM_AHBL_RHSBL 0.0 >>>>>> score HABEAS_INFRINGER 0.0 >>>>>> score HABEAS_USER 0.0 >>>>>> score RCVD_IN_BSP_TRUSTED 0.0 >>>>>> score RCVD_IN_BSP_OTHER 0.0 >>>>>> score __SENDERBASE 0.0 >>>>>> score SB_NEW_BULK 0.0 >>>>>> score SB_NSP_VOLUME_SPIKE 0.0 >>>>>> score RCVD_IN_RSL 0.0 >>>>>> score RCVD_IN_MAPS_RBL 0.0 >>>>>> score RCVD_IN_MAPS_DUL 0.0 >>>>>> score RCVD_IN_MAPS_RSS 0.0 >>>>>> score RCVD_IN_MAPS_NML 0.0 >>>>>> >>>>>> >>>>>> Also make sure you set the trusted_networks and internal_networks >>>>>> options properly or it's likely to misfire and start letting the spam >>>>>> through >>>>>> http://spamassassin.apache.org/full/3.0.x/dist/doc/Mail_SpamAssassin_Conf.html#network_test_options >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Martin Hepworth >>>>>> Snr Systems Administrator >>>>>> Solid State Logic >>>>>> Tel: +44 (0)1865 842300 >>>>>> >>>>>> >>>>>> Rodney Green wrote: >>>>>> >>>>>>> For the "Spam List =" configuration option in MailScanner.conf, it >>>>>>> says >>>>>>> you can use a ruleset file. What format would you use to list the >>>>>>> RBLs? >>>>>>> >>>>>>> >>>>>>> Martin Hepworth wrote: >>>>>>> >>>>>>>> Ah I see >>>>>>>> >>>>>>>> well network tests cover RBL's, URI-RBL's from surbl.org and >>>>>>>> perhaps >>>>>>>> even things like pyzor/dcc etc. >>>>>>>> >>>>>>>> I run a couple of RBL's and the URI-RBL's which are truely great. >>>>>>>> >>>>>>>> Not sure they'll help with FP's, but if bayes is FP-ing then >>>>>>>> enableing >>>>>>>> the network tests will reduce the bayes scores in SA 3.x. >>>>>>>> >>>>>>>> -- >>>>>>>> Martin Hepworth >>>>>>>> Snr Systems Administrator >>>>>>>> Solid State Logic >>>>>>>> Tel: +44 (0)1865 842300 >>>>>>>> >>>>>>>> >>>>>>>> Rodney Green wrote: >>>>>>>> >>>>>>>>> Martin, >>>>>>>>> >>>>>>>>> Truthfully, I don't know yet. I'm not even sure of what's all >>>>>>>>> available. >>>>>>>>> I saw something stating that the network tests helped to reduce >>>>>>>>> false >>>>>>>>> negatives. So, something that would help with that would be great. >>>>>>>>> >>>>>>>>> Thanks, >>>>>>>>> Rodney >>>>>>>>> >>>>>>>>> Martin Hepworth wrote: >>>>>>>>> >>>>>>>>>> Rodney >>>>>>>>>> >>>>>>>>>> what 'network tests' are you interested in? >>>>>>>>>> >>>>>>>>>> see the doccy at spamassassin.apache.org for the options you can >>>>>>>>>> put >>>>>>>>>> into spam.assassin.prefs.conf. >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Martin Hepworth >>>>>>>>>> Snr Systems Administrator >>>>>>>>>> Solid State Logic >>>>>>>>>> Tel: +44 (0)1865 842300 >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Rodney Green wrote: >>>>>>>>>> >>>>>>>>>>> Martin, >>>>>>>>>>> >>>>>>>>>>> Thanks, I'll look into how to do that. :-) I'm not familiar with >>>>>>>>>>> spamd. >>>>>>>>>>> >>>>>>>>>>> Rodney >>>>>>>>>>> >>>>>>>>>>> Martin Hepworth wrote: >>>>>>>>>>> >>>>>>>>>>>> Rodney >>>>>>>>>>>> >>>>>>>>>>>> just put the spamd settings into spam.assassin.prefs.conf >>>>>>>>>>>> and MS >>>>>>>>>>>> will >>>>>>>>>>>> use them for the SA part. >>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>>> Martin Hepworth >>>>>>>>>>>> Snr Systems Administrator >>>>>>>>>>>> Solid State Logic >>>>>>>>>>>> Tel: +44 (0)1865 842300 >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Rodney Green wrote: >>>>>>>>>>>> >>>>>>>>>>>>> Is it possible to enable SA network tests when running it with >>>>>>>>>>>>> MS? >>>>>>>>>>>>> I've >>>>>>>>>>>>> searched and only found reference to it in relation to running >>>>>>>>>>>>> spamd, >>>>>>>>>>>>> which I'm not using. >>>>>>>>>>>>> >>>>>>>>>>>>> Thanks, >>>>>>>>>>>>> Rodney >>>>>>>>>>>>> >>>>>>>>>>>>> -- >>>>>>>>>>>>> This message has been scanned for viruses and >>>>>>>>>>>>> dangerous content by MailScanner, and is >>>>>>>>>>>>> believed to be clean. >>>>>>>>>>>>> >>>>>>>>>>>>> ------------------------ MailScanner list >>>>>>>>>>>>> ------------------------ >>>>>>>>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>>>>>>>> 'leave mailscanner' in the body of the email. >>>>>>>>>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) >>>>>>>>>>>>> and >>>>>>>>>>>>> the archives >>>>>>>>>>>>> (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>>>>>>>> >>>>>>>>>>>>> Support MailScanner development - buy the book off the >>>>>>>>>>>>> website! >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> ********************************************************************** >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> This email and any files transmitted with it are confidential >>>>>>>>>>>> and >>>>>>>>>>>> intended solely for the use of the individual or entity to whom >>>>>>>>>>>> they >>>>>>>>>>>> are addressed. If you have received this email in error please >>>>>>>>>>>> notify >>>>>>>>>>>> the system manager. >>>>>>>>>>>> >>>>>>>>>>>> This footnote confirms that this email message has been swept >>>>>>>>>>>> for the presence of computer viruses and is believed to be >>>>>>>>>>>> clean. >>>>>>>>>>>> >>>>>>>>>>>> ********************************************************************** >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> ------------------------ MailScanner list >>>>>>>>>>>> ------------------------ >>>>>>>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>>>>>>> 'leave mailscanner' in the body of the email. >>>>>>>>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) >>>>>>>>>>>> and >>>>>>>>>>>> the archives >>>>>>>>>>>> (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>>>>>>> >>>>>>>>>>>> Support MailScanner development - buy the book off the website! >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> Rodney Green >>>>>>>>>>> Network/Security Administrator >>>>>>>>>>> Trayer Products, Inc. >>>>>>>>>>> E-Mail: rgreen@trayerproducts.com >>>>>>>>>>> Phone: 607-734-8124 Ext. 343 >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> This message has been scanned for viruses and >>>>>>>>>>> dangerous content by MailScanner, and is >>>>>>>>>>> believed to be clean. >>>>>>>>>>> >>>>>>>>>>> ------------------------ MailScanner list >>>>>>>>>>> ------------------------ >>>>>>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>>>>>> 'leave mailscanner' in the body of the email. >>>>>>>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) >>>>>>>>>>> and >>>>>>>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>>>>>> >>>>>>>>>>> Support MailScanner development - buy the book off the website! >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> ********************************************************************** >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> This email and any files transmitted with it are confidential and >>>>>>>>>> intended solely for the use of the individual or entity to whom >>>>>>>>>> they >>>>>>>>>> are addressed. If you have received this email in error please >>>>>>>>>> notify >>>>>>>>>> the system manager. >>>>>>>>>> >>>>>>>>>> This footnote confirms that this email message has been swept >>>>>>>>>> for the presence of computer viruses and is believed to be clean. >>>>>>>>>> >>>>>>>>>> ********************************************************************** >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> ------------------------ MailScanner list >>>>>>>>>> ------------------------ >>>>>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>>>>> 'leave mailscanner' in the body of the email. >>>>>>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) >>>>>>>>>> and >>>>>>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>>>>> >>>>>>>>>> Support MailScanner development - buy the book off the website! >>>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Rodney Green >>>>>>>>> Network/Security Administrator >>>>>>>>> Trayer Products, Inc. >>>>>>>>> E-Mail: rgreen@trayerproducts.com >>>>>>>>> Phone: 607-734-8124 Ext. 343 >>>>>>>>> >>>>>>>>> -- >>>>>>>>> This message has been scanned for viruses and >>>>>>>>> dangerous content by MailScanner, and is >>>>>>>>> believed to be clean. >>>>>>>>> >>>>>>>>> ------------------------ MailScanner list ------------------------ >>>>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>>>> 'leave mailscanner' in the body of the email. >>>>>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>>>> >>>>>>>>> Support MailScanner development - buy the book off the website! >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> ********************************************************************** >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> This email and any files transmitted with it are confidential and >>>>>>>> intended solely for the use of the individual or entity to whom >>>>>>>> they >>>>>>>> are addressed. If you have received this email in error please >>>>>>>> notify >>>>>>>> the system manager. >>>>>>>> >>>>>>>> This footnote confirms that this email message has been swept >>>>>>>> for the presence of computer viruses and is believed to be clean. >>>>>>>> >>>>>>>> ********************************************************************** >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> ------------------------ MailScanner list ------------------------ >>>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>>> 'leave mailscanner' in the body of the email. >>>>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>>> >>>>>>>> Support MailScanner development - buy the book off the website! >>>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Rodney Green >>>>>>> Network/Security Administrator >>>>>>> Trayer Products, Inc. >>>>>>> E-Mail: rgreen@trayerproducts.com >>>>>>> Phone: 607-734-8124 Ext. 343 >>>>>>> >>>>>>> -- >>>>>>> This message has been scanned for viruses and >>>>>>> dangerous content by MailScanner, and is >>>>>>> believed to be clean. >>>>>>> >>>>>>> ------------------------ MailScanner list ------------------------ >>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>> 'leave mailscanner' in the body of the email. >>>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>> >>>>>>> Support MailScanner development - buy the book off the website! >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> ********************************************************************** >>>>>> >>>>>> >>>>>> This email and any files transmitted with it are confidential and >>>>>> intended solely for the use of the individual or entity to whom they >>>>>> are addressed. If you have received this email in error please notify >>>>>> the system manager. >>>>>> >>>>>> This footnote confirms that this email message has been swept >>>>>> for the presence of computer viruses and is believed to be clean. >>>>>> >>>>>> ********************************************************************** >>>>>> >>>>>> >>>>>> ------------------------ MailScanner list ------------------------ >>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>> 'leave mailscanner' in the body of the email. >>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>> >>>>>> Support MailScanner development - buy the book off the website! >>>>>> >>>>> >>>>> -- >>>>> Rodney Green >>>>> Network/Security Administrator >>>>> Trayer Products, Inc. >>>>> E-Mail: rgreen@trayerproducts.com >>>>> Phone: 607-734-8124 Ext. 343 >>>>> >>>>> -- >>>>> This message has been scanned for viruses and >>>>> dangerous content by MailScanner, and is >>>>> believed to be clean. >>>>> >>>>> ------------------------ MailScanner list ------------------------ >>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>> 'leave mailscanner' in the body of the email. >>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>>> >>>> >>>> >>>> ********************************************************************** >>>> >>>> This email and any files transmitted with it are confidential and >>>> intended solely for the use of the individual or entity to whom they >>>> are addressed. If you have received this email in error please notify >>>> the system manager. >>>> >>>> This footnote confirms that this email message has been swept >>>> for the presence of computer viruses and is believed to be clean. >>>> >>>> ********************************************************************** >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>> >>> -- >>> Rodney Green >>> Network/Security Administrator >>> Trayer Products, Inc. >>> E-Mail: rgreen@trayerproducts.com >>> Phone: 607-734-8124 Ext. 343 >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> -- >> Rodney Green >> Network/Security Administrator >> Trayer Products, Inc. >> E-Mail: rgreen@trayerproducts.com >> Phone: 607-734-8124 Ext. 343 >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > -- > Rodney Green > Network/Security Administrator > Trayer Products, Inc. > E-Mail: rgreen@trayerproducts.com > Phone: 607-734-8124 Ext. 343 > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue Mar 15 16:37:13 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:03 2006 Subject: Mailwatch Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Roger Jochem wrote: > Thanks! > > I don't use store because the space it would require is to big, and if I > could strip the attachments ant then store this would work really fine! > > Maybe a new feature for MailScanner? :) > > ----- Original Message ----- > From: "Martin Hepworth" > To: > Sent: Tuesday, March 15, 2005 8:14 AM > Subject: Re: Mailwatch > > > >>Roger >> >>This is more a MS setup question. >> >>If you want to 'store' ham, spam or high scoring spam then you need >>'store' in the actions list or ruleset. In which case it will store the >>entire message, attachments and all. >> >>I don't think there's an option to strip the attachment and then store. >> >>-- >>Martin Hepworth >>Snr Systems Administrator >>Solid State Logic >>Tel: +44 (0)1865 842300 >> >> >>Roger Jochem wrote: >> >>>Does anybody has any way of changing Mailwatch for MailScanner so it can >>>archive the message body also? I don't want to archive any attachments, >>>only the body... Could it be done? >>>------------------------ MailScanner list ------------------------ >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>'leave mailscanner' in the body of the email. >>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) >>>and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>*Support MailScanner development - buy the book off the website!* >> >>********************************************************************** >> >>This email and any files transmitted with it are confidential and >>intended solely for the use of the individual or entity to whom they >>are addressed. If you have received this email in error please notify >>the system manager. >> >>This footnote confirms that this email message has been swept >>for the presence of computer viruses and is believed to be clean. >> >>********************************************************************** >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! > > Stripping the attachment seems to defeat the main reason to store. To send false positives on to their intended recipients. Are you worried about the quarrantine dir getting out of control? There is an option to only let the quarrantine dir hold x days worth of stuff. -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jimc at LARIDIAN.COM Tue Mar 15 16:55:43 2005 From: jimc at LARIDIAN.COM (Jim Coates) Date: Thu Jan 12 21:29:03 2006 Subject: SA Timeouts Message-ID: Sure am... Jim Coates -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Tuesday, March 15, 2005 10:51 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: SA Timeouts Are you getting loads of stuff left in /root/.spamassassin/bayes* ? Jim Coates wrote: >Hello all; > >I recently upgraded SpamAssassin to 3.01 and have started having >timeout issues. > >MailScanner's header report shows "X-MailScanner-SpamCheck: not spam, >SpamAssassin (timed out)" > >I've been watching the CPU and memory utilization and it doesn't seem >to be that the server is having its resources eaten up, so I'm not >really sure what's causing it. > >I increased the spam check timeouts to 60 (they were 40 by default), >but that doesn't seem to have corrected the problem. > >Any ideas as to what might be causing this? > > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rgreen at TRAYERPRODUCTS.COM Tue Mar 15 16:57:42 2005 From: rgreen at TRAYERPRODUCTS.COM (Rodney Green) Date: Thu Jan 12 21:29:03 2006 Subject: SA Network Tests Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Martin, That's the thing, I haven't disabled skip_rbl. It's still uncommented and set to 1. Thanks for your help, Rodney Martin Hepworth wrote: > Rodney > > disabling the skip_rbl option in spam.assassin.prefs.conf will enable > ALL RBL's including the URI-rbls. > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Rodney Green wrote: > >> I guess I still don't have the full view of the "big picture" when it >> comes to MS and SA. I just found where the URIBLs are configured; in >> /usr/share/spamassassin/25_uribl.cf. I thought they had to be enabled in >> spam.assassin.prefs.conf. >> >> Rodney Green wrote: >> >>> In looking through some spam headers I've noticed scores for URIBLs: >>> >>> URIBL_OB_SURBL 3.21,URIBL_SBL 1.00, URIBL_SC_SURBL 4.26, URIBL_WS_SURBL >>> 1.46 >>> >>> Where are these configured? I've been looking but cannot find where the >>> scores are specified. >>> >>> Thanks >>> >>> Rodney Green wrote: >>> >>>> Ahh, I see. So they are on by default, unless set to zero. >>>> >>>> Thanks Martin! >>>> >>>> Martin Hepworth wrote: >>>> >>>>> Rodney >>>>> >>>>> A score of zero turns off the rule. >>>>> >>>>> I only want two of th RBL's the run, so I turn off all the others by >>>>> ADDING the scores to the file. >>>>> >>>>> -- >>>>> Martin Hepworth >>>>> Snr Systems Administrator >>>>> Solid State Logic >>>>> Tel: +44 (0)1865 842300 >>>>> >>>>> >>>>> Rodney Green wrote: >>>>> >>>>>> Martin, >>>>>> >>>>>> Thanks. Your list of scores only has those that are listed as 0 >>>>>> points. >>>>>> I don't have any of the listed scores in my spam.assassin.prefs.conf >>>>>> file. >>>>>> >>>>>> Rodney >>>>>> >>>>>> Martin Hepworth wrote: >>>>>> >>>>>>> Rodney >>>>>>> >>>>>>> don't so this here, do in in SA . >>>>>>> >>>>>>> edit spam.assassin.prefs.conf >>>>>>> >>>>>>> comment out the "skip_rbl_tests 1" line >>>>>>> >>>>>>> and turn off the RBL's you don't want by giving them a zero >>>>>>> score...here's mine that only runs the xbl and orb ones.. >>>>>>> >>>>>>> score __RCVD_IN_NJABL 0.0 >>>>>>> score RCVD_IN_NJABL_DUL 0.0 >>>>>>> score RCVD_IN_NJABL_MULTI 0.0 >>>>>>> score RCVD_IN_NJABL_PROXY 0.0 >>>>>>> score RCVD_IN_NJABL_RELAY 0.0 >>>>>>> score RCVD_IN_NJABL_SPAM 0.0 >>>>>>> score RCVD_IN_NJABL_CGI 0.0 >>>>>>> score __RCVD_IN_SORBS 0.0 >>>>>>> score RCVD_IN_SORBS_HTTP 0.0 >>>>>>> score RCVD_IN_SORBS_MISC 0.0 >>>>>>> score RCVD_IN_SORBS_SMTP 0.0 >>>>>>> score RCVD_IN_SORBS_SOCKS 0.0 >>>>>>> score RCVD_IN_SORBS_WEB 0.0 >>>>>>> score RCVD_IN_SORBS_BLOCK 0.0 >>>>>>> score RCVD_IN_SORBS_ZOMBIE 0.0 >>>>>>> score RCVD_IN_SORBS_DUL 0.0 >>>>>>> score __RFC_IGNORANT_ENVFROM 0.0 >>>>>>> score DNS_FROM_RFC_DSN 0.0 >>>>>>> score DNS_FROM_RFC_POST 0.0 >>>>>>> score DNS_FROM_RFC_ABUSE 0.0 >>>>>>> score DNS_FROM_RFC_WHOIS 0.0 >>>>>>> score DNS_FROM_RFC_BOGUSMX 0.0 >>>>>>> score RCVD_IN_DSBL 0.0 >>>>>>> score DNS_FROM_AHBL_RHSBL 0.0 >>>>>>> score HABEAS_INFRINGER 0.0 >>>>>>> score HABEAS_USER 0.0 >>>>>>> score RCVD_IN_BSP_TRUSTED 0.0 >>>>>>> score RCVD_IN_BSP_OTHER 0.0 >>>>>>> score __SENDERBASE 0.0 >>>>>>> score SB_NEW_BULK 0.0 >>>>>>> score SB_NSP_VOLUME_SPIKE 0.0 >>>>>>> score RCVD_IN_RSL 0.0 >>>>>>> score RCVD_IN_MAPS_RBL 0.0 >>>>>>> score RCVD_IN_MAPS_DUL 0.0 >>>>>>> score RCVD_IN_MAPS_RSS 0.0 >>>>>>> score RCVD_IN_MAPS_NML 0.0 >>>>>>> >>>>>>> >>>>>>> Also make sure you set the trusted_networks and internal_networks >>>>>>> options properly or it's likely to misfire and start letting the >>>>>>> spam >>>>>>> through >>>>>>> http://spamassassin.apache.org/full/3.0.x/dist/doc/Mail_SpamAssassin_Conf.html#network_test_options >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Martin Hepworth >>>>>>> Snr Systems Administrator >>>>>>> Solid State Logic >>>>>>> Tel: +44 (0)1865 842300 >>>>>>> >>>>>>> >>>>>>> Rodney Green wrote: >>>>>>> >>>>>>>> For the "Spam List =" configuration option in MailScanner.conf, it >>>>>>>> says >>>>>>>> you can use a ruleset file. What format would you use to list the >>>>>>>> RBLs? >>>>>>>> >>>>>>>> >>>>>>>> Martin Hepworth wrote: >>>>>>>> >>>>>>>>> Ah I see >>>>>>>>> >>>>>>>>> well network tests cover RBL's, URI-RBL's from surbl.org and >>>>>>>>> perhaps >>>>>>>>> even things like pyzor/dcc etc. >>>>>>>>> >>>>>>>>> I run a couple of RBL's and the URI-RBL's which are truely great. >>>>>>>>> >>>>>>>>> Not sure they'll help with FP's, but if bayes is FP-ing then >>>>>>>>> enableing >>>>>>>>> the network tests will reduce the bayes scores in SA 3.x. >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Martin Hepworth >>>>>>>>> Snr Systems Administrator >>>>>>>>> Solid State Logic >>>>>>>>> Tel: +44 (0)1865 842300 >>>>>>>>> >>>>>>>>> >>>>>>>>> Rodney Green wrote: >>>>>>>>> >>>>>>>>>> Martin, >>>>>>>>>> >>>>>>>>>> Truthfully, I don't know yet. I'm not even sure of what's all >>>>>>>>>> available. >>>>>>>>>> I saw something stating that the network tests helped to reduce >>>>>>>>>> false >>>>>>>>>> negatives. So, something that would help with that would be >>>>>>>>>> great. >>>>>>>>>> >>>>>>>>>> Thanks, >>>>>>>>>> Rodney >>>>>>>>>> >>>>>>>>>> Martin Hepworth wrote: >>>>>>>>>> >>>>>>>>>>> Rodney >>>>>>>>>>> >>>>>>>>>>> what 'network tests' are you interested in? >>>>>>>>>>> >>>>>>>>>>> see the doccy at spamassassin.apache.org for the options you can >>>>>>>>>>> put >>>>>>>>>>> into spam.assassin.prefs.conf. >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> Martin Hepworth >>>>>>>>>>> Snr Systems Administrator >>>>>>>>>>> Solid State Logic >>>>>>>>>>> Tel: +44 (0)1865 842300 >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Rodney Green wrote: >>>>>>>>>>> >>>>>>>>>>>> Martin, >>>>>>>>>>>> >>>>>>>>>>>> Thanks, I'll look into how to do that. :-) I'm not familiar >>>>>>>>>>>> with >>>>>>>>>>>> spamd. >>>>>>>>>>>> >>>>>>>>>>>> Rodney >>>>>>>>>>>> >>>>>>>>>>>> Martin Hepworth wrote: >>>>>>>>>>>> >>>>>>>>>>>>> Rodney >>>>>>>>>>>>> >>>>>>>>>>>>> just put the spamd settings into spam.assassin.prefs.conf >>>>>>>>>>>>> and MS >>>>>>>>>>>>> will >>>>>>>>>>>>> use them for the SA part. >>>>>>>>>>>>> >>>>>>>>>>>>> -- >>>>>>>>>>>>> Martin Hepworth >>>>>>>>>>>>> Snr Systems Administrator >>>>>>>>>>>>> Solid State Logic >>>>>>>>>>>>> Tel: +44 (0)1865 842300 >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> Rodney Green wrote: >>>>>>>>>>>>> >>>>>>>>>>>>>> Is it possible to enable SA network tests when running it >>>>>>>>>>>>>> with >>>>>>>>>>>>>> MS? >>>>>>>>>>>>>> I've >>>>>>>>>>>>>> searched and only found reference to it in relation to >>>>>>>>>>>>>> running >>>>>>>>>>>>>> spamd, >>>>>>>>>>>>>> which I'm not using. >>>>>>>>>>>>>> >>>>>>>>>>>>>> Thanks, >>>>>>>>>>>>>> Rodney >>>>>>>>>>>>>> >>>>>>>>>>>>>> -- >>>>>>>>>>>>>> This message has been scanned for viruses and >>>>>>>>>>>>>> dangerous content by MailScanner, and is >>>>>>>>>>>>>> believed to be clean. >>>>>>>>>>>>>> >>>>>>>>>>>>>> ------------------------ MailScanner list >>>>>>>>>>>>>> ------------------------ >>>>>>>>>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>>>>>>>>> 'leave mailscanner' in the body of the email. >>>>>>>>>>>>>> Before posting, read the MAQ >>>>>>>>>>>>>> (http://www.mailscanner.biz/maq/) >>>>>>>>>>>>>> and >>>>>>>>>>>>>> the archives >>>>>>>>>>>>>> (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>>>>>>>>> >>>>>>>>>>>>>> Support MailScanner development - buy the book off the >>>>>>>>>>>>>> website! >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> ********************************************************************** >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> This email and any files transmitted with it are confidential >>>>>>>>>>>>> and >>>>>>>>>>>>> intended solely for the use of the individual or entity to >>>>>>>>>>>>> whom >>>>>>>>>>>>> they >>>>>>>>>>>>> are addressed. If you have received this email in error please >>>>>>>>>>>>> notify >>>>>>>>>>>>> the system manager. >>>>>>>>>>>>> >>>>>>>>>>>>> This footnote confirms that this email message has been swept >>>>>>>>>>>>> for the presence of computer viruses and is believed to be >>>>>>>>>>>>> clean. >>>>>>>>>>>>> >>>>>>>>>>>>> ********************************************************************** >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> ------------------------ MailScanner list >>>>>>>>>>>>> ------------------------ >>>>>>>>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>>>>>>>> 'leave mailscanner' in the body of the email. >>>>>>>>>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) >>>>>>>>>>>>> and >>>>>>>>>>>>> the archives >>>>>>>>>>>>> (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>>>>>>>> >>>>>>>>>>>>> Support MailScanner development - buy the book off the >>>>>>>>>>>>> website! >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>>> Rodney Green >>>>>>>>>>>> Network/Security Administrator >>>>>>>>>>>> Trayer Products, Inc. >>>>>>>>>>>> E-Mail: rgreen@trayerproducts.com >>>>>>>>>>>> Phone: 607-734-8124 Ext. 343 >>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>>> This message has been scanned for viruses and >>>>>>>>>>>> dangerous content by MailScanner, and is >>>>>>>>>>>> believed to be clean. >>>>>>>>>>>> >>>>>>>>>>>> ------------------------ MailScanner list >>>>>>>>>>>> ------------------------ >>>>>>>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>>>>>>> 'leave mailscanner' in the body of the email. >>>>>>>>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) >>>>>>>>>>>> and >>>>>>>>>>>> the archives >>>>>>>>>>>> (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>>>>>>> >>>>>>>>>>>> Support MailScanner development - buy the book off the website! >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> ********************************************************************** >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> This email and any files transmitted with it are confidential >>>>>>>>>>> and >>>>>>>>>>> intended solely for the use of the individual or entity to whom >>>>>>>>>>> they >>>>>>>>>>> are addressed. If you have received this email in error please >>>>>>>>>>> notify >>>>>>>>>>> the system manager. >>>>>>>>>>> >>>>>>>>>>> This footnote confirms that this email message has been swept >>>>>>>>>>> for the presence of computer viruses and is believed to be >>>>>>>>>>> clean. >>>>>>>>>>> >>>>>>>>>>> ********************************************************************** >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> ------------------------ MailScanner list >>>>>>>>>>> ------------------------ >>>>>>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>>>>>> 'leave mailscanner' in the body of the email. >>>>>>>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) >>>>>>>>>>> and >>>>>>>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>>>>>> >>>>>>>>>>> Support MailScanner development - buy the book off the website! >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Rodney Green >>>>>>>>>> Network/Security Administrator >>>>>>>>>> Trayer Products, Inc. >>>>>>>>>> E-Mail: rgreen@trayerproducts.com >>>>>>>>>> Phone: 607-734-8124 Ext. 343 >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> This message has been scanned for viruses and >>>>>>>>>> dangerous content by MailScanner, and is >>>>>>>>>> believed to be clean. >>>>>>>>>> >>>>>>>>>> ------------------------ MailScanner list >>>>>>>>>> ------------------------ >>>>>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>>>>> 'leave mailscanner' in the body of the email. >>>>>>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) >>>>>>>>>> and >>>>>>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>>>>> >>>>>>>>>> Support MailScanner development - buy the book off the website! >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> ********************************************************************** >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> This email and any files transmitted with it are confidential and >>>>>>>>> intended solely for the use of the individual or entity to whom >>>>>>>>> they >>>>>>>>> are addressed. If you have received this email in error please >>>>>>>>> notify >>>>>>>>> the system manager. >>>>>>>>> >>>>>>>>> This footnote confirms that this email message has been swept >>>>>>>>> for the presence of computer viruses and is believed to be clean. >>>>>>>>> >>>>>>>>> ********************************************************************** >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> ------------------------ MailScanner list ------------------------ >>>>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>>>> 'leave mailscanner' in the body of the email. >>>>>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>>>> >>>>>>>>> Support MailScanner development - buy the book off the website! >>>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Rodney Green >>>>>>>> Network/Security Administrator >>>>>>>> Trayer Products, Inc. >>>>>>>> E-Mail: rgreen@trayerproducts.com >>>>>>>> Phone: 607-734-8124 Ext. 343 >>>>>>>> >>>>>>>> -- >>>>>>>> This message has been scanned for viruses and >>>>>>>> dangerous content by MailScanner, and is >>>>>>>> believed to be clean. >>>>>>>> >>>>>>>> ------------------------ MailScanner list ------------------------ >>>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>>> 'leave mailscanner' in the body of the email. >>>>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>>> >>>>>>>> Support MailScanner development - buy the book off the website! >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> ********************************************************************** >>>>>>> >>>>>>> >>>>>>> >>>>>>> This email and any files transmitted with it are confidential and >>>>>>> intended solely for the use of the individual or entity to whom they >>>>>>> are addressed. If you have received this email in error please >>>>>>> notify >>>>>>> the system manager. >>>>>>> >>>>>>> This footnote confirms that this email message has been swept >>>>>>> for the presence of computer viruses and is believed to be clean. >>>>>>> >>>>>>> ********************************************************************** >>>>>>> >>>>>>> >>>>>>> >>>>>>> ------------------------ MailScanner list ------------------------ >>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>> 'leave mailscanner' in the body of the email. >>>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>> >>>>>>> Support MailScanner development - buy the book off the website! >>>>>>> >>>>>> >>>>>> -- >>>>>> Rodney Green >>>>>> Network/Security Administrator >>>>>> Trayer Products, Inc. >>>>>> E-Mail: rgreen@trayerproducts.com >>>>>> Phone: 607-734-8124 Ext. 343 >>>>>> >>>>>> -- >>>>>> This message has been scanned for viruses and >>>>>> dangerous content by MailScanner, and is >>>>>> believed to be clean. >>>>>> >>>>>> ------------------------ MailScanner list ------------------------ >>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>> 'leave mailscanner' in the body of the email. >>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>> >>>>>> Support MailScanner development - buy the book off the website! >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> ********************************************************************** >>>>> >>>>> This email and any files transmitted with it are confidential and >>>>> intended solely for the use of the individual or entity to whom they >>>>> are addressed. If you have received this email in error please notify >>>>> the system manager. >>>>> >>>>> This footnote confirms that this email message has been swept >>>>> for the presence of computer viruses and is believed to be clean. >>>>> >>>>> ********************************************************************** >>>>> >>>>> ------------------------ MailScanner list ------------------------ >>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>> 'leave mailscanner' in the body of the email. >>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>>> >>>> >>>> -- >>>> Rodney Green >>>> Network/Security Administrator >>>> Trayer Products, Inc. >>>> E-Mail: rgreen@trayerproducts.com >>>> Phone: 607-734-8124 Ext. 343 >>>> >>>> -- >>>> This message has been scanned for viruses and >>>> dangerous content by MailScanner, and is >>>> believed to be clean. >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>> >>> -- >>> Rodney Green >>> Network/Security Administrator >>> Trayer Products, Inc. >>> E-Mail: rgreen@trayerproducts.com >>> Phone: 607-734-8124 Ext. 343 >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> -- >> Rodney Green >> Network/Security Administrator >> Trayer Products, Inc. >> E-Mail: rgreen@trayerproducts.com >> Phone: 607-734-8124 Ext. 343 >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Rodney Green Network/Security Administrator Trayer Products, Inc. E-Mail: rgreen@trayerproducts.com Phone: 607-734-8124 Ext. 343 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From waldner at WALDNER.PRIV.AT Tue Mar 15 16:48:59 2005 From: waldner at WALDNER.PRIV.AT (Robert Waldner) Date: Thu Jan 12 21:29:03 2006 Subject: Problem with MailScanner, postfix and corrupt mails Message-ID: On Tue, 15 Mar 2005 14:17:18 +0100, =?iso-8859-1?Q?D=F6rfler_Andreas?= writes: >u sure it isnt a postfix problem ? It "smells" like a race condition of some kind, or a Perl bug. I only see this on machines that - are i386 - actually notice the mails in their load - run MailScanner - run postfix On machines that only meet three of the above criteria, this ain't a problem. cheeers, &rw -- -- -- I think of it as the world's biggest group-therapy session, and it's -- not working. - Malcolm Ray ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/PGP-SIGNATURE 196bytes. ] [ Unable to print this part. ] From roger at RUDNICK.COM.BR Tue Mar 15 16:59:49 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:29:03 2006 Subject: Mailwatch Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] This would solve my problem... Where is this option? ----- Original Message ----- From: "Scott Silva" To: Sent: Tuesday, March 15, 2005 1:37 PM Subject: Re: Mailwatch > Roger Jochem wrote: > > Thanks! > > > > I don't use store because the space it would require is to big, and if I > > could strip the attachments ant then store this would work really fine! > > > > Maybe a new feature for MailScanner? :) > > > > ----- Original Message ----- > > From: "Martin Hepworth" > > To: > > Sent: Tuesday, March 15, 2005 8:14 AM > > Subject: Re: Mailwatch > > > > > > > >>Roger > >> > >>This is more a MS setup question. > >> > >>If you want to 'store' ham, spam or high scoring spam then you need > >>'store' in the actions list or ruleset. In which case it will store the > >>entire message, attachments and all. > >> > >>I don't think there's an option to strip the attachment and then store. > >> > >>-- > >>Martin Hepworth > >>Snr Systems Administrator > >>Solid State Logic > >>Tel: +44 (0)1865 842300 > >> > >> > >>Roger Jochem wrote: > >> > >>>Does anybody has any way of changing Mailwatch for MailScanner so it can > >>>archive the message body also? I don't want to archive any attachments, > >>>only the body... Could it be done? > >>>------------------------ MailScanner list ------------------------ > >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>>'leave mailscanner' in the body of the email. > >>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > >>>and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >>> > >>>*Support MailScanner development - buy the book off the website!* > >> > >>********************************************************************** > >> > >>This email and any files transmitted with it are confidential and > >>intended solely for the use of the individual or entity to whom they > >>are addressed. If you have received this email in error please notify > >>the system manager. > >> > >>This footnote confirms that this email message has been swept > >>for the presence of computer viruses and is believed to be clean. > >> > >>********************************************************************** > >> > >>------------------------ MailScanner list ------------------------ > >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>'leave mailscanner' in the body of the email. > >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> > >>Support MailScanner development - buy the book off the website! > > > > > Stripping the attachment seems to defeat the main reason to store. To > send false positives on to their intended recipients. > Are you worried about the quarrantine dir getting out of control? > There is an option to only let the quarrantine dir hold x days worth of > stuff. > > -- > "If you have ever eaten crow, > It don't taste like chicken!!" > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Mar 15 17:02:24 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:03 2006 Subject: SA Network Tests Message-ID: Rodney hmm ok, must be on by default if you have the plugin installed and a recent Net::DNS. Either disable the plugin in init.pre or set the scores to zero.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Rodney Green wrote: > Martin, > > That's the thing, I haven't disabled skip_rbl. It's still uncommented > and set to 1. > > Thanks for your help, > Rodney > > Martin Hepworth wrote: > >> Rodney >> >> disabling the skip_rbl option in spam.assassin.prefs.conf will enable >> ALL RBL's including the URI-rbls. >> >> >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >> >> Rodney Green wrote: >> >>> I guess I still don't have the full view of the "big picture" when it >>> comes to MS and SA. I just found where the URIBLs are configured; in >>> /usr/share/spamassassin/25_uribl.cf. I thought they had to be enabled in >>> spam.assassin.prefs.conf. >>> >>> Rodney Green wrote: >>> >>>> In looking through some spam headers I've noticed scores for URIBLs: >>>> >>>> URIBL_OB_SURBL 3.21,URIBL_SBL 1.00, URIBL_SC_SURBL 4.26, URIBL_WS_SURBL >>>> 1.46 >>>> >>>> Where are these configured? I've been looking but cannot find where the >>>> scores are specified. >>>> >>>> Thanks >>>> >>>> Rodney Green wrote: >>>> >>>>> Ahh, I see. So they are on by default, unless set to zero. >>>>> >>>>> Thanks Martin! >>>>> >>>>> Martin Hepworth wrote: >>>>> >>>>>> Rodney >>>>>> >>>>>> A score of zero turns off the rule. >>>>>> >>>>>> I only want two of th RBL's the run, so I turn off all the others by >>>>>> ADDING the scores to the file. >>>>>> >>>>>> -- >>>>>> Martin Hepworth >>>>>> Snr Systems Administrator >>>>>> Solid State Logic >>>>>> Tel: +44 (0)1865 842300 >>>>>> >>>>>> >>>>>> Rodney Green wrote: >>>>>> >>>>>>> Martin, >>>>>>> >>>>>>> Thanks. Your list of scores only has those that are listed as 0 >>>>>>> points. >>>>>>> I don't have any of the listed scores in my spam.assassin.prefs.conf >>>>>>> file. >>>>>>> >>>>>>> Rodney >>>>>>> >>>>>>> Martin Hepworth wrote: >>>>>>> >>>>>>>> Rodney >>>>>>>> >>>>>>>> don't so this here, do in in SA . >>>>>>>> >>>>>>>> edit spam.assassin.prefs.conf >>>>>>>> >>>>>>>> comment out the "skip_rbl_tests 1" line >>>>>>>> >>>>>>>> and turn off the RBL's you don't want by giving them a zero >>>>>>>> score...here's mine that only runs the xbl and orb ones.. >>>>>>>> >>>>>>>> score __RCVD_IN_NJABL 0.0 >>>>>>>> score RCVD_IN_NJABL_DUL 0.0 >>>>>>>> score RCVD_IN_NJABL_MULTI 0.0 >>>>>>>> score RCVD_IN_NJABL_PROXY 0.0 >>>>>>>> score RCVD_IN_NJABL_RELAY 0.0 >>>>>>>> score RCVD_IN_NJABL_SPAM 0.0 >>>>>>>> score RCVD_IN_NJABL_CGI 0.0 >>>>>>>> score __RCVD_IN_SORBS 0.0 >>>>>>>> score RCVD_IN_SORBS_HTTP 0.0 >>>>>>>> score RCVD_IN_SORBS_MISC 0.0 >>>>>>>> score RCVD_IN_SORBS_SMTP 0.0 >>>>>>>> score RCVD_IN_SORBS_SOCKS 0.0 >>>>>>>> score RCVD_IN_SORBS_WEB 0.0 >>>>>>>> score RCVD_IN_SORBS_BLOCK 0.0 >>>>>>>> score RCVD_IN_SORBS_ZOMBIE 0.0 >>>>>>>> score RCVD_IN_SORBS_DUL 0.0 >>>>>>>> score __RFC_IGNORANT_ENVFROM 0.0 >>>>>>>> score DNS_FROM_RFC_DSN 0.0 >>>>>>>> score DNS_FROM_RFC_POST 0.0 >>>>>>>> score DNS_FROM_RFC_ABUSE 0.0 >>>>>>>> score DNS_FROM_RFC_WHOIS 0.0 >>>>>>>> score DNS_FROM_RFC_BOGUSMX 0.0 >>>>>>>> score RCVD_IN_DSBL 0.0 >>>>>>>> score DNS_FROM_AHBL_RHSBL 0.0 >>>>>>>> score HABEAS_INFRINGER 0.0 >>>>>>>> score HABEAS_USER 0.0 >>>>>>>> score RCVD_IN_BSP_TRUSTED 0.0 >>>>>>>> score RCVD_IN_BSP_OTHER 0.0 >>>>>>>> score __SENDERBASE 0.0 >>>>>>>> score SB_NEW_BULK 0.0 >>>>>>>> score SB_NSP_VOLUME_SPIKE 0.0 >>>>>>>> score RCVD_IN_RSL 0.0 >>>>>>>> score RCVD_IN_MAPS_RBL 0.0 >>>>>>>> score RCVD_IN_MAPS_DUL 0.0 >>>>>>>> score RCVD_IN_MAPS_RSS 0.0 >>>>>>>> score RCVD_IN_MAPS_NML 0.0 >>>>>>>> >>>>>>>> >>>>>>>> Also make sure you set the trusted_networks and internal_networks >>>>>>>> options properly or it's likely to misfire and start letting the >>>>>>>> spam >>>>>>>> through >>>>>>>> http://spamassassin.apache.org/full/3.0.x/dist/doc/Mail_SpamAssassin_Conf.html#network_test_options >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Martin Hepworth >>>>>>>> Snr Systems Administrator >>>>>>>> Solid State Logic >>>>>>>> Tel: +44 (0)1865 842300 >>>>>>>> >>>>>>>> >>>>>>>> Rodney Green wrote: >>>>>>>> >>>>>>>>> For the "Spam List =" configuration option in MailScanner.conf, it >>>>>>>>> says >>>>>>>>> you can use a ruleset file. What format would you use to list the >>>>>>>>> RBLs? >>>>>>>>> >>>>>>>>> >>>>>>>>> Martin Hepworth wrote: >>>>>>>>> >>>>>>>>>> Ah I see >>>>>>>>>> >>>>>>>>>> well network tests cover RBL's, URI-RBL's from surbl.org and >>>>>>>>>> perhaps >>>>>>>>>> even things like pyzor/dcc etc. >>>>>>>>>> >>>>>>>>>> I run a couple of RBL's and the URI-RBL's which are truely great. >>>>>>>>>> >>>>>>>>>> Not sure they'll help with FP's, but if bayes is FP-ing then >>>>>>>>>> enableing >>>>>>>>>> the network tests will reduce the bayes scores in SA 3.x. >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Martin Hepworth >>>>>>>>>> Snr Systems Administrator >>>>>>>>>> Solid State Logic >>>>>>>>>> Tel: +44 (0)1865 842300 >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Rodney Green wrote: >>>>>>>>>> >>>>>>>>>>> Martin, >>>>>>>>>>> >>>>>>>>>>> Truthfully, I don't know yet. I'm not even sure of what's all >>>>>>>>>>> available. >>>>>>>>>>> I saw something stating that the network tests helped to reduce >>>>>>>>>>> false >>>>>>>>>>> negatives. So, something that would help with that would be >>>>>>>>>>> great. >>>>>>>>>>> >>>>>>>>>>> Thanks, >>>>>>>>>>> Rodney >>>>>>>>>>> >>>>>>>>>>> Martin Hepworth wrote: >>>>>>>>>>> >>>>>>>>>>>> Rodney >>>>>>>>>>>> >>>>>>>>>>>> what 'network tests' are you interested in? >>>>>>>>>>>> >>>>>>>>>>>> see the doccy at spamassassin.apache.org for the options you >>>>>>>>>>>> can >>>>>>>>>>>> put >>>>>>>>>>>> into spam.assassin.prefs.conf. >>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>>> Martin Hepworth >>>>>>>>>>>> Snr Systems Administrator >>>>>>>>>>>> Solid State Logic >>>>>>>>>>>> Tel: +44 (0)1865 842300 >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Rodney Green wrote: >>>>>>>>>>>> >>>>>>>>>>>>> Martin, >>>>>>>>>>>>> >>>>>>>>>>>>> Thanks, I'll look into how to do that. :-) I'm not familiar >>>>>>>>>>>>> with >>>>>>>>>>>>> spamd. >>>>>>>>>>>>> >>>>>>>>>>>>> Rodney >>>>>>>>>>>>> >>>>>>>>>>>>> Martin Hepworth wrote: >>>>>>>>>>>>> >>>>>>>>>>>>>> Rodney >>>>>>>>>>>>>> >>>>>>>>>>>>>> just put the spamd settings into spam.assassin.prefs.conf >>>>>>>>>>>>>> and MS >>>>>>>>>>>>>> will >>>>>>>>>>>>>> use them for the SA part. >>>>>>>>>>>>>> >>>>>>>>>>>>>> -- >>>>>>>>>>>>>> Martin Hepworth >>>>>>>>>>>>>> Snr Systems Administrator >>>>>>>>>>>>>> Solid State Logic >>>>>>>>>>>>>> Tel: +44 (0)1865 842300 >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> Rodney Green wrote: >>>>>>>>>>>>>> >>>>>>>>>>>>>>> Is it possible to enable SA network tests when running it >>>>>>>>>>>>>>> with >>>>>>>>>>>>>>> MS? >>>>>>>>>>>>>>> I've >>>>>>>>>>>>>>> searched and only found reference to it in relation to >>>>>>>>>>>>>>> running >>>>>>>>>>>>>>> spamd, >>>>>>>>>>>>>>> which I'm not using. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Thanks, >>>>>>>>>>>>>>> Rodney >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>> This message has been scanned for viruses and >>>>>>>>>>>>>>> dangerous content by MailScanner, and is >>>>>>>>>>>>>>> believed to be clean. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> ------------------------ MailScanner list >>>>>>>>>>>>>>> ------------------------ >>>>>>>>>>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the >>>>>>>>>>>>>>> words: >>>>>>>>>>>>>>> 'leave mailscanner' in the body of the email. >>>>>>>>>>>>>>> Before posting, read the MAQ >>>>>>>>>>>>>>> (http://www.mailscanner.biz/maq/) >>>>>>>>>>>>>>> and >>>>>>>>>>>>>>> the archives >>>>>>>>>>>>>>> (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Support MailScanner development - buy the book off the >>>>>>>>>>>>>>> website! >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> ********************************************************************** >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> This email and any files transmitted with it are confidential >>>>>>>>>>>>>> and >>>>>>>>>>>>>> intended solely for the use of the individual or entity to >>>>>>>>>>>>>> whom >>>>>>>>>>>>>> they >>>>>>>>>>>>>> are addressed. If you have received this email in error >>>>>>>>>>>>>> please >>>>>>>>>>>>>> notify >>>>>>>>>>>>>> the system manager. >>>>>>>>>>>>>> >>>>>>>>>>>>>> This footnote confirms that this email message has been swept >>>>>>>>>>>>>> for the presence of computer viruses and is believed to be >>>>>>>>>>>>>> clean. >>>>>>>>>>>>>> >>>>>>>>>>>>>> ********************************************************************** >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> ------------------------ MailScanner list >>>>>>>>>>>>>> ------------------------ >>>>>>>>>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>>>>>>>>> 'leave mailscanner' in the body of the email. >>>>>>>>>>>>>> Before posting, read the MAQ >>>>>>>>>>>>>> (http://www.mailscanner.biz/maq/) >>>>>>>>>>>>>> and >>>>>>>>>>>>>> the archives >>>>>>>>>>>>>> (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>>>>>>>>> >>>>>>>>>>>>>> Support MailScanner development - buy the book off the >>>>>>>>>>>>>> website! >>>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> -- >>>>>>>>>>>>> Rodney Green >>>>>>>>>>>>> Network/Security Administrator >>>>>>>>>>>>> Trayer Products, Inc. >>>>>>>>>>>>> E-Mail: rgreen@trayerproducts.com >>>>>>>>>>>>> Phone: 607-734-8124 Ext. 343 >>>>>>>>>>>>> >>>>>>>>>>>>> -- >>>>>>>>>>>>> This message has been scanned for viruses and >>>>>>>>>>>>> dangerous content by MailScanner, and is >>>>>>>>>>>>> believed to be clean. >>>>>>>>>>>>> >>>>>>>>>>>>> ------------------------ MailScanner list >>>>>>>>>>>>> ------------------------ >>>>>>>>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>>>>>>>> 'leave mailscanner' in the body of the email. >>>>>>>>>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) >>>>>>>>>>>>> and >>>>>>>>>>>>> the archives >>>>>>>>>>>>> (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>>>>>>>> >>>>>>>>>>>>> Support MailScanner development - buy the book off the >>>>>>>>>>>>> website! >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> ********************************************************************** >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> This email and any files transmitted with it are confidential >>>>>>>>>>>> and >>>>>>>>>>>> intended solely for the use of the individual or entity to whom >>>>>>>>>>>> they >>>>>>>>>>>> are addressed. If you have received this email in error please >>>>>>>>>>>> notify >>>>>>>>>>>> the system manager. >>>>>>>>>>>> >>>>>>>>>>>> This footnote confirms that this email message has been swept >>>>>>>>>>>> for the presence of computer viruses and is believed to be >>>>>>>>>>>> clean. >>>>>>>>>>>> >>>>>>>>>>>> ********************************************************************** >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> ------------------------ MailScanner list >>>>>>>>>>>> ------------------------ >>>>>>>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>>>>>>> 'leave mailscanner' in the body of the email. >>>>>>>>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) >>>>>>>>>>>> and >>>>>>>>>>>> the archives >>>>>>>>>>>> (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>>>>>>> >>>>>>>>>>>> Support MailScanner development - buy the book off the website! >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> Rodney Green >>>>>>>>>>> Network/Security Administrator >>>>>>>>>>> Trayer Products, Inc. >>>>>>>>>>> E-Mail: rgreen@trayerproducts.com >>>>>>>>>>> Phone: 607-734-8124 Ext. 343 >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> This message has been scanned for viruses and >>>>>>>>>>> dangerous content by MailScanner, and is >>>>>>>>>>> believed to be clean. >>>>>>>>>>> >>>>>>>>>>> ------------------------ MailScanner list >>>>>>>>>>> ------------------------ >>>>>>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>>>>>> 'leave mailscanner' in the body of the email. >>>>>>>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) >>>>>>>>>>> and >>>>>>>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>>>>>> >>>>>>>>>>> Support MailScanner development - buy the book off the website! >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> ********************************************************************** >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> This email and any files transmitted with it are confidential and >>>>>>>>>> intended solely for the use of the individual or entity to whom >>>>>>>>>> they >>>>>>>>>> are addressed. If you have received this email in error please >>>>>>>>>> notify >>>>>>>>>> the system manager. >>>>>>>>>> >>>>>>>>>> This footnote confirms that this email message has been swept >>>>>>>>>> for the presence of computer viruses and is believed to be clean. >>>>>>>>>> >>>>>>>>>> ********************************************************************** >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> ------------------------ MailScanner list >>>>>>>>>> ------------------------ >>>>>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>>>>> 'leave mailscanner' in the body of the email. >>>>>>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) >>>>>>>>>> and >>>>>>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>>>>> >>>>>>>>>> Support MailScanner development - buy the book off the website! >>>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Rodney Green >>>>>>>>> Network/Security Administrator >>>>>>>>> Trayer Products, Inc. >>>>>>>>> E-Mail: rgreen@trayerproducts.com >>>>>>>>> Phone: 607-734-8124 Ext. 343 >>>>>>>>> >>>>>>>>> -- >>>>>>>>> This message has been scanned for viruses and >>>>>>>>> dangerous content by MailScanner, and is >>>>>>>>> believed to be clean. >>>>>>>>> >>>>>>>>> ------------------------ MailScanner list ------------------------ >>>>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>>>> 'leave mailscanner' in the body of the email. >>>>>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>>>> >>>>>>>>> Support MailScanner development - buy the book off the website! >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> ********************************************************************** >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> This email and any files transmitted with it are confidential and >>>>>>>> intended solely for the use of the individual or entity to whom >>>>>>>> they >>>>>>>> are addressed. If you have received this email in error please >>>>>>>> notify >>>>>>>> the system manager. >>>>>>>> >>>>>>>> This footnote confirms that this email message has been swept >>>>>>>> for the presence of computer viruses and is believed to be clean. >>>>>>>> >>>>>>>> ********************************************************************** >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> ------------------------ MailScanner list ------------------------ >>>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>>> 'leave mailscanner' in the body of the email. >>>>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>>> >>>>>>>> Support MailScanner development - buy the book off the website! >>>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Rodney Green >>>>>>> Network/Security Administrator >>>>>>> Trayer Products, Inc. >>>>>>> E-Mail: rgreen@trayerproducts.com >>>>>>> Phone: 607-734-8124 Ext. 343 >>>>>>> >>>>>>> -- >>>>>>> This message has been scanned for viruses and >>>>>>> dangerous content by MailScanner, and is >>>>>>> believed to be clean. >>>>>>> >>>>>>> ------------------------ MailScanner list ------------------------ >>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>> 'leave mailscanner' in the body of the email. >>>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>> >>>>>>> Support MailScanner development - buy the book off the website! >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> ********************************************************************** >>>>>> >>>>>> >>>>>> This email and any files transmitted with it are confidential and >>>>>> intended solely for the use of the individual or entity to whom they >>>>>> are addressed. If you have received this email in error please notify >>>>>> the system manager. >>>>>> >>>>>> This footnote confirms that this email message has been swept >>>>>> for the presence of computer viruses and is believed to be clean. >>>>>> >>>>>> ********************************************************************** >>>>>> >>>>>> >>>>>> ------------------------ MailScanner list ------------------------ >>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>> 'leave mailscanner' in the body of the email. >>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>> >>>>>> Support MailScanner development - buy the book off the website! >>>>>> >>>>> >>>>> -- >>>>> Rodney Green >>>>> Network/Security Administrator >>>>> Trayer Products, Inc. >>>>> E-Mail: rgreen@trayerproducts.com >>>>> Phone: 607-734-8124 Ext. 343 >>>>> >>>>> -- >>>>> This message has been scanned for viruses and >>>>> dangerous content by MailScanner, and is >>>>> believed to be clean. >>>>> >>>>> ------------------------ MailScanner list ------------------------ >>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>> 'leave mailscanner' in the body of the email. >>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>>> >>>> >>>> -- >>>> Rodney Green >>>> Network/Security Administrator >>>> Trayer Products, Inc. >>>> E-Mail: rgreen@trayerproducts.com >>>> Phone: 607-734-8124 Ext. 343 >>>> >>>> -- >>>> This message has been scanned for viruses and >>>> dangerous content by MailScanner, and is >>>> believed to be clean. >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>> >>> -- >>> Rodney Green >>> Network/Security Administrator >>> Trayer Products, Inc. >>> E-Mail: rgreen@trayerproducts.com >>> Phone: 607-734-8124 Ext. 343 >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >> >> >> >> ********************************************************************** >> >> This email and any files transmitted with it are confidential and >> intended solely for the use of the individual or entity to whom they >> are addressed. If you have received this email in error please notify >> the system manager. >> >> This footnote confirms that this email message has been swept >> for the presence of computer viruses and is believed to be clean. >> >> ********************************************************************** >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > -- > Rodney Green > Network/Security Administrator > Trayer Products, Inc. > E-Mail: rgreen@trayerproducts.com > Phone: 607-734-8124 Ext. 343 > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Mar 15 17:04:41 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:03 2006 Subject: Mailwatch Message-ID: Roger theres a script called clean.quarantine.cron which in mycase in in /opt/MailScanner/bin/cron edit the dir to clean, how long to keep andrun from cron -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Roger Jochem wrote: > This would solve my problem... Where is this option? > > ----- Original Message ----- > From: "Scott Silva" > To: > Sent: Tuesday, March 15, 2005 1:37 PM > Subject: Re: Mailwatch > > > >>Roger Jochem wrote: >> >>>Thanks! >>> >>>I don't use store because the space it would require is to big, and if I >>>could strip the attachments ant then store this would work really fine! >>> >>>Maybe a new feature for MailScanner? :) >>> >>>----- Original Message ----- >>>From: "Martin Hepworth" >>>To: >>>Sent: Tuesday, March 15, 2005 8:14 AM >>>Subject: Re: Mailwatch >>> >>> >>> >>> >>>>Roger >>>> >>>>This is more a MS setup question. >>>> >>>>If you want to 'store' ham, spam or high scoring spam then you need >>>>'store' in the actions list or ruleset. In which case it will store the >>>>entire message, attachments and all. >>>> >>>>I don't think there's an option to strip the attachment and then store. >>>> >>>>-- >>>>Martin Hepworth >>>>Snr Systems Administrator >>>>Solid State Logic >>>>Tel: +44 (0)1865 842300 >>>> >>>> >>>>Roger Jochem wrote: >>>> >>>> >>>>>Does anybody has any way of changing Mailwatch for MailScanner so it > > can > >>>>>archive the message body also? I don't want to archive any attachments, >>>>>only the body... Could it be done? >>>>>------------------------ MailScanner list ------------------------ >>>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>'leave mailscanner' in the body of the email. >>>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) >>>>>and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>> >>>>>*Support MailScanner development - buy the book off the website!* >>>> >>>>********************************************************************** >>>> >>>>This email and any files transmitted with it are confidential and >>>>intended solely for the use of the individual or entity to whom they >>>>are addressed. If you have received this email in error please notify >>>>the system manager. >>>> >>>>This footnote confirms that this email message has been swept >>>>for the presence of computer viruses and is believed to be clean. >>>> >>>>********************************************************************** >>>> >>>>------------------------ MailScanner list ------------------------ >>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>'leave mailscanner' in the body of the email. >>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>>Support MailScanner development - buy the book off the website! >>> >>> >>Stripping the attachment seems to defeat the main reason to store. To >>send false positives on to their intended recipients. >>Are you worried about the quarrantine dir getting out of control? >>There is an option to only let the quarrantine dir hold x days worth of >>stuff. >> >>-- >>"If you have ever eaten crow, >>It don't taste like chicken!!" >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Tue Mar 15 17:05:59 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:29:03 2006 Subject: Mailwatch Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks! ----- Original Message ----- From: "Martin Hepworth" To: Sent: Tuesday, March 15, 2005 2:04 PM Subject: Re: Mailwatch > Roger > theres a script called clean.quarantine.cron which in mycase in in > /opt/MailScanner/bin/cron > > edit the dir to clean, how long to keep andrun from cron > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Roger Jochem wrote: > > This would solve my problem... Where is this option? > > > > ----- Original Message ----- > > From: "Scott Silva" > > To: > > Sent: Tuesday, March 15, 2005 1:37 PM > > Subject: Re: Mailwatch > > > > > > > >>Roger Jochem wrote: > >> > >>>Thanks! > >>> > >>>I don't use store because the space it would require is to big, and if I > >>>could strip the attachments ant then store this would work really fine! > >>> > >>>Maybe a new feature for MailScanner? :) > >>> > >>>----- Original Message ----- > >>>From: "Martin Hepworth" > >>>To: > >>>Sent: Tuesday, March 15, 2005 8:14 AM > >>>Subject: Re: Mailwatch > >>> > >>> > >>> > >>> > >>>>Roger > >>>> > >>>>This is more a MS setup question. > >>>> > >>>>If you want to 'store' ham, spam or high scoring spam then you need > >>>>'store' in the actions list or ruleset. In which case it will store the > >>>>entire message, attachments and all. > >>>> > >>>>I don't think there's an option to strip the attachment and then store. > >>>> > >>>>-- > >>>>Martin Hepworth > >>>>Snr Systems Administrator > >>>>Solid State Logic > >>>>Tel: +44 (0)1865 842300 > >>>> > >>>> > >>>>Roger Jochem wrote: > >>>> > >>>> > >>>>>Does anybody has any way of changing Mailwatch for MailScanner so it > > > > can > > > >>>>>archive the message body also? I don't want to archive any attachments, > >>>>>only the body... Could it be done? > >>>>>------------------------ MailScanner list ------------------------ > >>>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>>>>'leave mailscanner' in the body of the email. > >>>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > >>>>>and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >>>>> > >>>>>*Support MailScanner development - buy the book off the website!* > >>>> > >>>>********************************************************************** > >>>> > >>>>This email and any files transmitted with it are confidential and > >>>>intended solely for the use of the individual or entity to whom they > >>>>are addressed. If you have received this email in error please notify > >>>>the system manager. > >>>> > >>>>This footnote confirms that this email message has been swept > >>>>for the presence of computer viruses and is believed to be clean. > >>>> > >>>>********************************************************************** > >>>> > >>>>------------------------ MailScanner list ------------------------ > >>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>>>'leave mailscanner' in the body of the email. > >>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >>>> > >>>>Support MailScanner development - buy the book off the website! > >>> > >>> > >>Stripping the attachment seems to defeat the main reason to store. To > >>send false positives on to their intended recipients. > >>Are you worried about the quarrantine dir getting out of control? > >>There is an option to only let the quarrantine dir hold x days worth of > >>stuff. > >> > >>-- > >>"If you have ever eaten crow, > >>It don't taste like chicken!!" > >> > >>------------------------ MailScanner list ------------------------ > >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>'leave mailscanner' in the body of the email. > >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> > >>Support MailScanner development - buy the book off the website! > > > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue Mar 15 16:47:57 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:03 2006 Subject: spamhaus-XBL Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jason wrote: > Hi, > > I'm using mailscanner-4.38.10-1, with sendmail and spamassassin. When a > client send an email (not spam) with outlook express through our server, > the > receipient received the message regarded as spam. And the reason is > "spamhaus-XBL". > > The IP of mail server is certainly not in the "spamhaus-XBL" list, but > the client may be, since it's a dynamic IP. And we certainly have no > control > of what ip was assigned to us by ISP. So, from my point of view, the ip of > the client should not be considered as spam host of not, right? But this > does not seem to be case. > > > The following is the header of the received emal : > > Return-Path: > Received: from edp008 ([219.132.219.6]) > (authenticated bits=0) > by mail.newhonest.com (8.12.11/8.12.11) with ESMTP id j2F3flTp027281 > for ; Tue, 15 Mar 2005 11:41:50 +0800 > Message-ID: <008601c52910$ee521720$4001a8c0@edp008> > From: "sender" sender@newhonest.com > To: "receipient" receipient@newhonest.com > Subject: {Spam?} test2 ,this is a external email > Date: Tue, 15 Mar 2005 11:41:49 +0800 > MIME-Version: 1.0 > Content-type: multipart/report; boundary="======19077==36171======" > X-Priority: 3 > X-MSMail-Priority: Normal > X-Mailer: Microsoft Outlook Express 6.00.2900.2180 > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 > X-MailScanner-Information: Please contact the ISP for more information > X-MailScanner: Found to be clean > X-MailScanner-SpamCheck: spam, spamhaus-XBL, SpamAssassin (score=1.529, > required 5, AWL -2.93, BAYES_20 -1.95, HTML_90_100 0.02, > HTML_MESSAGE 0.00, MIME_BASE64_TEXT 0.30, MIME_HTML_MOSTLY 1.02, > RCVD_IN_SORBS_DUL 1.99, RCVD_IN_XBL 3.08) > X-MailScanner-SpamScore: 1 > X-MailScanner-From: sender@newhonest.com > In MailScanner.conf look for the line that starts; Spam List = and remove spamhaus-XBL. Spamassassin will still score these lists, but MAilScanner will not call them spam just for being there. -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Mar 15 17:24:33 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:03 2006 Subject: SA Timeouts Message-ID: Sounds like SA is trying to tidy the bayes DB and timing out... make sure the following is set in MailScanner.conf # If you are using the Bayesian statistics engine on a busy server, # you may well need to force a Bayesian database rebuild and expiry # at regular intervals. This is measures in seconds. # 1 day = 86400 seconds. # To disable this feature set this to 0. Rebuild Bayes Every = 86400 # The Bayesian database rebuild and expiry may take a 2 or 3 minutes # to complete. During this time you can either wait, or simply # disable SpamAssassin checks until it has completed. Wait During Bayes Rebuild = yes and in spam.assassin.prefs.conf # MailScanner: When using the scheduled Bayes expiry feature, you probably # MailScanner: want to turn off auto-expiry as it will rarely complete before # MailScanner: it is killed for taking too long. You will just end up with # MailScanner: big bayes_toks.new files wasting space. # bayes_auto_expire 0 -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Jim Coates wrote: > Sure am... > > Jim Coates > > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf > Of Julian Field > Sent: Tuesday, March 15, 2005 10:51 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: SA Timeouts > > > Are you getting loads of stuff left in /root/.spamassassin/bayes* ? > > Jim Coates wrote: > > >>Hello all; >> >>I recently upgraded SpamAssassin to 3.01 and have started having >>timeout issues. >> >>MailScanner's header report shows "X-MailScanner-SpamCheck: not spam, >>SpamAssassin (timed out)" >> >>I've been watching the CPU and memory utilization and it doesn't seem >>to be that the server is having its resources eaten up, so I'm not >>really sure what's causing it. >> >>I increased the spam check timeouts to 60 (they were 40 by default), >>but that doesn't seem to have corrected the problem. >> >>Any ideas as to what might be causing this? >> >> > > > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > mailscanner' in the body of the email. Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Mar 15 17:32:46 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:03 2006 Subject: Problem with MailScanner, postfix and corrupt mails Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Robert Waldner wrote: On Tue, 15 Mar 2005 14:17:18 +0100, =?iso-8859-1?Q?D=F6rfler_Andreas?= writes: u sure it isnt a postfix problem ? It "smells" like a race condition of some kind, or a Perl bug. I only see this on machines that - are i386 - actually notice the mails in their load - run MailScanner - run postfix On machines that only meet three of the above criteria, this ain't a problem. There is only 1 statement in the code that print the "PreDataString" which is where this text is put. After writing it (once) it forks off a pipe to print the message body, then prints the "PostDataString". To get 2 copies of the PreDataString, something somewhere must duplicate it in the buffers. As 1 last attempt, try adding this: --- PFDiskStore.pm.old 2005-03-12 20:15:18.000000000 +0000 +++ PFDiskStore.pm 2005-03-15 17:30:47.980045912 +0000 @@ -261,6 +261,7 @@ if (not defined $pipe or not defined ($pid = fork)) { MailScanner::Log::WarnLog("Pipe creation failed in WriteHeader, %s", $!); } elsif ($pid) { # Parent + $Tf->flush(); # JKF 20050317 $pipe->reader(); # Read the pipe a line at a time and write an N record for each line. while(<$pipe>) { @@ -276,6 +277,7 @@ $Tf->flush(); # JKF 20050307 waitpid $pid, 0; } else { # Child + $Tf->flush(); # JKF 20050317 $pipe->writer(); $entity->print_body($pipe) or MailScanner::Log::WarnLog("WriteMIMEBody to %s possibly failed, %s", So there are just those 2 "+"-marked lines to add. If this doesn't fix it, then it really is beyond my control. I'm forcing it to flush the buffers absolutely everywhere, none of this should be needed. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rgreen at TRAYERPRODUCTS.COM Tue Mar 15 17:31:43 2005 From: rgreen at TRAYERPRODUCTS.COM (Rodney Green) Date: Thu Jan 12 21:29:03 2006 Subject: SA Network Tests Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I'm actually liking what it's doing. I'm going to leave it on. I was just wondering how it was turned on. Thanks Martin. Martin Hepworth wrote: > Rodney > > hmm ok, must be on by default if you have the plugin installed and a > recent Net::DNS. > > Either disable the plugin in init.pre or set the scores to zero.. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Rodney Green wrote: > >> Martin, >> >> That's the thing, I haven't disabled skip_rbl. It's still uncommented >> and set to 1. >> >> Thanks for your help, >> Rodney >> >> Martin Hepworth wrote: >> >>> Rodney >>> >>> disabling the skip_rbl option in spam.assassin.prefs.conf will enable >>> ALL RBL's including the URI-rbls. >>> >>> >>> -- >>> Martin Hepworth >>> Snr Systems Administrator >>> Solid State Logic >>> Tel: +44 (0)1865 842300 >>> >>> >>> Rodney Green wrote: >>> >>>> I guess I still don't have the full view of the "big picture" when it >>>> comes to MS and SA. I just found where the URIBLs are configured; in >>>> /usr/share/spamassassin/25_uribl.cf. I thought they had to be >>>> enabled in >>>> spam.assassin.prefs.conf. >>>> >>>> Rodney Green wrote: >>>> >>>>> In looking through some spam headers I've noticed scores for URIBLs: >>>>> >>>>> URIBL_OB_SURBL 3.21,URIBL_SBL 1.00, URIBL_SC_SURBL 4.26, >>>>> URIBL_WS_SURBL >>>>> 1.46 >>>>> >>>>> Where are these configured? I've been looking but cannot find where >>>>> the >>>>> scores are specified. >>>>> >>>>> Thanks >>>>> >>>>> Rodney Green wrote: >>>>> >>>>>> Ahh, I see. So they are on by default, unless set to zero. >>>>>> >>>>>> Thanks Martin! >>>>>> >>>>>> Martin Hepworth wrote: >>>>>> >>>>>>> Rodney >>>>>>> >>>>>>> A score of zero turns off the rule. >>>>>>> >>>>>>> I only want two of th RBL's the run, so I turn off all the others by >>>>>>> ADDING the scores to the file. >>>>>>> >>>>>>> -- >>>>>>> Martin Hepworth >>>>>>> Snr Systems Administrator >>>>>>> Solid State Logic >>>>>>> Tel: +44 (0)1865 842300 >>>>>>> >>>>>>> >>>>>>> Rodney Green wrote: >>>>>>> >>>>>>>> Martin, >>>>>>>> >>>>>>>> Thanks. Your list of scores only has those that are listed as 0 >>>>>>>> points. >>>>>>>> I don't have any of the listed scores in my >>>>>>>> spam.assassin.prefs.conf >>>>>>>> file. >>>>>>>> >>>>>>>> Rodney >>>>>>>> >>>>>>>> Martin Hepworth wrote: >>>>>>>> >>>>>>>>> Rodney >>>>>>>>> >>>>>>>>> don't so this here, do in in SA . >>>>>>>>> >>>>>>>>> edit spam.assassin.prefs.conf >>>>>>>>> >>>>>>>>> comment out the "skip_rbl_tests 1" line >>>>>>>>> >>>>>>>>> and turn off the RBL's you don't want by giving them a zero >>>>>>>>> score...here's mine that only runs the xbl and orb ones.. >>>>>>>>> >>>>>>>>> score __RCVD_IN_NJABL 0.0 >>>>>>>>> score RCVD_IN_NJABL_DUL 0.0 >>>>>>>>> score RCVD_IN_NJABL_MULTI 0.0 >>>>>>>>> score RCVD_IN_NJABL_PROXY 0.0 >>>>>>>>> score RCVD_IN_NJABL_RELAY 0.0 >>>>>>>>> score RCVD_IN_NJABL_SPAM 0.0 >>>>>>>>> score RCVD_IN_NJABL_CGI 0.0 >>>>>>>>> score __RCVD_IN_SORBS 0.0 >>>>>>>>> score RCVD_IN_SORBS_HTTP 0.0 >>>>>>>>> score RCVD_IN_SORBS_MISC 0.0 >>>>>>>>> score RCVD_IN_SORBS_SMTP 0.0 >>>>>>>>> score RCVD_IN_SORBS_SOCKS 0.0 >>>>>>>>> score RCVD_IN_SORBS_WEB 0.0 >>>>>>>>> score RCVD_IN_SORBS_BLOCK 0.0 >>>>>>>>> score RCVD_IN_SORBS_ZOMBIE 0.0 >>>>>>>>> score RCVD_IN_SORBS_DUL 0.0 >>>>>>>>> score __RFC_IGNORANT_ENVFROM 0.0 >>>>>>>>> score DNS_FROM_RFC_DSN 0.0 >>>>>>>>> score DNS_FROM_RFC_POST 0.0 >>>>>>>>> score DNS_FROM_RFC_ABUSE 0.0 >>>>>>>>> score DNS_FROM_RFC_WHOIS 0.0 >>>>>>>>> score DNS_FROM_RFC_BOGUSMX 0.0 >>>>>>>>> score RCVD_IN_DSBL 0.0 >>>>>>>>> score DNS_FROM_AHBL_RHSBL 0.0 >>>>>>>>> score HABEAS_INFRINGER 0.0 >>>>>>>>> score HABEAS_USER 0.0 >>>>>>>>> score RCVD_IN_BSP_TRUSTED 0.0 >>>>>>>>> score RCVD_IN_BSP_OTHER 0.0 >>>>>>>>> score __SENDERBASE 0.0 >>>>>>>>> score SB_NEW_BULK 0.0 >>>>>>>>> score SB_NSP_VOLUME_SPIKE 0.0 >>>>>>>>> score RCVD_IN_RSL 0.0 >>>>>>>>> score RCVD_IN_MAPS_RBL 0.0 >>>>>>>>> score RCVD_IN_MAPS_DUL 0.0 >>>>>>>>> score RCVD_IN_MAPS_RSS 0.0 >>>>>>>>> score RCVD_IN_MAPS_NML 0.0 >>>>>>>>> >>>>>>>>> >>>>>>>>> Also make sure you set the trusted_networks and internal_networks >>>>>>>>> options properly or it's likely to misfire and start letting the >>>>>>>>> spam >>>>>>>>> through >>>>>>>>> http://spamassassin.apache.org/full/3.0.x/dist/doc/Mail_SpamAssassin_Conf.html#network_test_options >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Martin Hepworth >>>>>>>>> Snr Systems Administrator >>>>>>>>> Solid State Logic >>>>>>>>> Tel: +44 (0)1865 842300 >>>>>>>>> >>>>>>>>> >>>>>>>>> Rodney Green wrote: >>>>>>>>> >>>>>>>>>> For the "Spam List =" configuration option in >>>>>>>>>> MailScanner.conf, it >>>>>>>>>> says >>>>>>>>>> you can use a ruleset file. What format would you use to list the >>>>>>>>>> RBLs? >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Martin Hepworth wrote: >>>>>>>>>> >>>>>>>>>>> Ah I see >>>>>>>>>>> >>>>>>>>>>> well network tests cover RBL's, URI-RBL's from surbl.org and >>>>>>>>>>> perhaps >>>>>>>>>>> even things like pyzor/dcc etc. >>>>>>>>>>> >>>>>>>>>>> I run a couple of RBL's and the URI-RBL's which are truely >>>>>>>>>>> great. >>>>>>>>>>> >>>>>>>>>>> Not sure they'll help with FP's, but if bayes is FP-ing then >>>>>>>>>>> enableing >>>>>>>>>>> the network tests will reduce the bayes scores in SA 3.x. >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> Martin Hepworth >>>>>>>>>>> Snr Systems Administrator >>>>>>>>>>> Solid State Logic >>>>>>>>>>> Tel: +44 (0)1865 842300 >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Rodney Green wrote: >>>>>>>>>>> >>>>>>>>>>>> Martin, >>>>>>>>>>>> >>>>>>>>>>>> Truthfully, I don't know yet. I'm not even sure of what's all >>>>>>>>>>>> available. >>>>>>>>>>>> I saw something stating that the network tests helped to reduce >>>>>>>>>>>> false >>>>>>>>>>>> negatives. So, something that would help with that would be >>>>>>>>>>>> great. >>>>>>>>>>>> >>>>>>>>>>>> Thanks, >>>>>>>>>>>> Rodney >>>>>>>>>>>> >>>>>>>>>>>> Martin Hepworth wrote: >>>>>>>>>>>> >>>>>>>>>>>>> Rodney >>>>>>>>>>>>> >>>>>>>>>>>>> what 'network tests' are you interested in? >>>>>>>>>>>>> >>>>>>>>>>>>> see the doccy at spamassassin.apache.org for the options you >>>>>>>>>>>>> can >>>>>>>>>>>>> put >>>>>>>>>>>>> into spam.assassin.prefs.conf. >>>>>>>>>>>>> >>>>>>>>>>>>> -- >>>>>>>>>>>>> Martin Hepworth >>>>>>>>>>>>> Snr Systems Administrator >>>>>>>>>>>>> Solid State Logic >>>>>>>>>>>>> Tel: +44 (0)1865 842300 >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> Rodney Green wrote: >>>>>>>>>>>>> >>>>>>>>>>>>>> Martin, >>>>>>>>>>>>>> >>>>>>>>>>>>>> Thanks, I'll look into how to do that. :-) I'm not familiar >>>>>>>>>>>>>> with >>>>>>>>>>>>>> spamd. >>>>>>>>>>>>>> >>>>>>>>>>>>>> Rodney >>>>>>>>>>>>>> >>>>>>>>>>>>>> Martin Hepworth wrote: >>>>>>>>>>>>>> >>>>>>>>>>>>>>> Rodney >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> just put the spamd settings into spam.assassin.prefs.conf >>>>>>>>>>>>>>> and MS >>>>>>>>>>>>>>> will >>>>>>>>>>>>>>> use them for the SA part. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>> Martin Hepworth >>>>>>>>>>>>>>> Snr Systems Administrator >>>>>>>>>>>>>>> Solid State Logic >>>>>>>>>>>>>>> Tel: +44 (0)1865 842300 >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Rodney Green wrote: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Is it possible to enable SA network tests when running it >>>>>>>>>>>>>>>> with >>>>>>>>>>>>>>>> MS? >>>>>>>>>>>>>>>> I've >>>>>>>>>>>>>>>> searched and only found reference to it in relation to >>>>>>>>>>>>>>>> running >>>>>>>>>>>>>>>> spamd, >>>>>>>>>>>>>>>> which I'm not using. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Thanks, >>>>>>>>>>>>>>>> Rodney >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>> This message has been scanned for viruses and >>>>>>>>>>>>>>>> dangerous content by MailScanner, and is >>>>>>>>>>>>>>>> believed to be clean. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> ------------------------ MailScanner list >>>>>>>>>>>>>>>> ------------------------ >>>>>>>>>>>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the >>>>>>>>>>>>>>>> words: >>>>>>>>>>>>>>>> 'leave mailscanner' in the body of the email. >>>>>>>>>>>>>>>> Before posting, read the MAQ >>>>>>>>>>>>>>>> (http://www.mailscanner.biz/maq/) >>>>>>>>>>>>>>>> and >>>>>>>>>>>>>>>> the archives >>>>>>>>>>>>>>>> (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Support MailScanner development - buy the book off the >>>>>>>>>>>>>>>> website! >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> ********************************************************************** >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> This email and any files transmitted with it are >>>>>>>>>>>>>>> confidential >>>>>>>>>>>>>>> and >>>>>>>>>>>>>>> intended solely for the use of the individual or entity to >>>>>>>>>>>>>>> whom >>>>>>>>>>>>>>> they >>>>>>>>>>>>>>> are addressed. If you have received this email in error >>>>>>>>>>>>>>> please >>>>>>>>>>>>>>> notify >>>>>>>>>>>>>>> the system manager. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> This footnote confirms that this email message has been >>>>>>>>>>>>>>> swept >>>>>>>>>>>>>>> for the presence of computer viruses and is believed to be >>>>>>>>>>>>>>> clean. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> ********************************************************************** >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> ------------------------ MailScanner list >>>>>>>>>>>>>>> ------------------------ >>>>>>>>>>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the >>>>>>>>>>>>>>> words: >>>>>>>>>>>>>>> 'leave mailscanner' in the body of the email. >>>>>>>>>>>>>>> Before posting, read the MAQ >>>>>>>>>>>>>>> (http://www.mailscanner.biz/maq/) >>>>>>>>>>>>>>> and >>>>>>>>>>>>>>> the archives >>>>>>>>>>>>>>> (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Support MailScanner development - buy the book off the >>>>>>>>>>>>>>> website! >>>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> -- >>>>>>>>>>>>>> Rodney Green >>>>>>>>>>>>>> Network/Security Administrator >>>>>>>>>>>>>> Trayer Products, Inc. >>>>>>>>>>>>>> E-Mail: rgreen@trayerproducts.com >>>>>>>>>>>>>> Phone: 607-734-8124 Ext. 343 >>>>>>>>>>>>>> >>>>>>>>>>>>>> -- >>>>>>>>>>>>>> This message has been scanned for viruses and >>>>>>>>>>>>>> dangerous content by MailScanner, and is >>>>>>>>>>>>>> believed to be clean. >>>>>>>>>>>>>> >>>>>>>>>>>>>> ------------------------ MailScanner list >>>>>>>>>>>>>> ------------------------ >>>>>>>>>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>>>>>>>>> 'leave mailscanner' in the body of the email. >>>>>>>>>>>>>> Before posting, read the MAQ >>>>>>>>>>>>>> (http://www.mailscanner.biz/maq/) >>>>>>>>>>>>>> and >>>>>>>>>>>>>> the archives >>>>>>>>>>>>>> (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>>>>>>>>> >>>>>>>>>>>>>> Support MailScanner development - buy the book off the >>>>>>>>>>>>>> website! >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> ********************************************************************** >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> This email and any files transmitted with it are confidential >>>>>>>>>>>>> and >>>>>>>>>>>>> intended solely for the use of the individual or entity to >>>>>>>>>>>>> whom >>>>>>>>>>>>> they >>>>>>>>>>>>> are addressed. If you have received this email in error please >>>>>>>>>>>>> notify >>>>>>>>>>>>> the system manager. >>>>>>>>>>>>> >>>>>>>>>>>>> This footnote confirms that this email message has been swept >>>>>>>>>>>>> for the presence of computer viruses and is believed to be >>>>>>>>>>>>> clean. >>>>>>>>>>>>> >>>>>>>>>>>>> ********************************************************************** >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> ------------------------ MailScanner list >>>>>>>>>>>>> ------------------------ >>>>>>>>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>>>>>>>> 'leave mailscanner' in the body of the email. >>>>>>>>>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) >>>>>>>>>>>>> and >>>>>>>>>>>>> the archives >>>>>>>>>>>>> (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>>>>>>>> >>>>>>>>>>>>> Support MailScanner development - buy the book off the >>>>>>>>>>>>> website! >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>>> Rodney Green >>>>>>>>>>>> Network/Security Administrator >>>>>>>>>>>> Trayer Products, Inc. >>>>>>>>>>>> E-Mail: rgreen@trayerproducts.com >>>>>>>>>>>> Phone: 607-734-8124 Ext. 343 >>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>>> This message has been scanned for viruses and >>>>>>>>>>>> dangerous content by MailScanner, and is >>>>>>>>>>>> believed to be clean. >>>>>>>>>>>> >>>>>>>>>>>> ------------------------ MailScanner list >>>>>>>>>>>> ------------------------ >>>>>>>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>>>>>>> 'leave mailscanner' in the body of the email. >>>>>>>>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) >>>>>>>>>>>> and >>>>>>>>>>>> the archives >>>>>>>>>>>> (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>>>>>>> >>>>>>>>>>>> Support MailScanner development - buy the book off the website! >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> ********************************************************************** >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> This email and any files transmitted with it are confidential >>>>>>>>>>> and >>>>>>>>>>> intended solely for the use of the individual or entity to whom >>>>>>>>>>> they >>>>>>>>>>> are addressed. If you have received this email in error please >>>>>>>>>>> notify >>>>>>>>>>> the system manager. >>>>>>>>>>> >>>>>>>>>>> This footnote confirms that this email message has been swept >>>>>>>>>>> for the presence of computer viruses and is believed to be >>>>>>>>>>> clean. >>>>>>>>>>> >>>>>>>>>>> ********************************************************************** >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> ------------------------ MailScanner list >>>>>>>>>>> ------------------------ >>>>>>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>>>>>> 'leave mailscanner' in the body of the email. >>>>>>>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) >>>>>>>>>>> and >>>>>>>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>>>>>> >>>>>>>>>>> Support MailScanner development - buy the book off the website! >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Rodney Green >>>>>>>>>> Network/Security Administrator >>>>>>>>>> Trayer Products, Inc. >>>>>>>>>> E-Mail: rgreen@trayerproducts.com >>>>>>>>>> Phone: 607-734-8124 Ext. 343 >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> This message has been scanned for viruses and >>>>>>>>>> dangerous content by MailScanner, and is >>>>>>>>>> believed to be clean. >>>>>>>>>> >>>>>>>>>> ------------------------ MailScanner list >>>>>>>>>> ------------------------ >>>>>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>>>>> 'leave mailscanner' in the body of the email. >>>>>>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) >>>>>>>>>> and >>>>>>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>>>>> >>>>>>>>>> Support MailScanner development - buy the book off the website! >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> ********************************************************************** >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> This email and any files transmitted with it are confidential and >>>>>>>>> intended solely for the use of the individual or entity to whom >>>>>>>>> they >>>>>>>>> are addressed. If you have received this email in error please >>>>>>>>> notify >>>>>>>>> the system manager. >>>>>>>>> >>>>>>>>> This footnote confirms that this email message has been swept >>>>>>>>> for the presence of computer viruses and is believed to be clean. >>>>>>>>> >>>>>>>>> ********************************************************************** >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> ------------------------ MailScanner list ------------------------ >>>>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>>>> 'leave mailscanner' in the body of the email. >>>>>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>>>> >>>>>>>>> Support MailScanner development - buy the book off the website! >>>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Rodney Green >>>>>>>> Network/Security Administrator >>>>>>>> Trayer Products, Inc. >>>>>>>> E-Mail: rgreen@trayerproducts.com >>>>>>>> Phone: 607-734-8124 Ext. 343 >>>>>>>> >>>>>>>> -- >>>>>>>> This message has been scanned for viruses and >>>>>>>> dangerous content by MailScanner, and is >>>>>>>> believed to be clean. >>>>>>>> >>>>>>>> ------------------------ MailScanner list ------------------------ >>>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>>> 'leave mailscanner' in the body of the email. >>>>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>>> >>>>>>>> Support MailScanner development - buy the book off the website! >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> ********************************************************************** >>>>>>> >>>>>>> >>>>>>> >>>>>>> This email and any files transmitted with it are confidential and >>>>>>> intended solely for the use of the individual or entity to whom they >>>>>>> are addressed. If you have received this email in error please >>>>>>> notify >>>>>>> the system manager. >>>>>>> >>>>>>> This footnote confirms that this email message has been swept >>>>>>> for the presence of computer viruses and is believed to be clean. >>>>>>> >>>>>>> ********************************************************************** >>>>>>> >>>>>>> >>>>>>> >>>>>>> ------------------------ MailScanner list ------------------------ >>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>> 'leave mailscanner' in the body of the email. >>>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>> >>>>>>> Support MailScanner development - buy the book off the website! >>>>>>> >>>>>> >>>>>> -- >>>>>> Rodney Green >>>>>> Network/Security Administrator >>>>>> Trayer Products, Inc. >>>>>> E-Mail: rgreen@trayerproducts.com >>>>>> Phone: 607-734-8124 Ext. 343 >>>>>> >>>>>> -- >>>>>> This message has been scanned for viruses and >>>>>> dangerous content by MailScanner, and is >>>>>> believed to be clean. >>>>>> >>>>>> ------------------------ MailScanner list ------------------------ >>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>> 'leave mailscanner' in the body of the email. >>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>> >>>>>> Support MailScanner development - buy the book off the website! >>>>>> >>>>> >>>>> -- >>>>> Rodney Green >>>>> Network/Security Administrator >>>>> Trayer Products, Inc. >>>>> E-Mail: rgreen@trayerproducts.com >>>>> Phone: 607-734-8124 Ext. 343 >>>>> >>>>> -- >>>>> This message has been scanned for viruses and >>>>> dangerous content by MailScanner, and is >>>>> believed to be clean. >>>>> >>>>> ------------------------ MailScanner list ------------------------ >>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>> 'leave mailscanner' in the body of the email. >>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>>> >>>> >>>> -- >>>> Rodney Green >>>> Network/Security Administrator >>>> Trayer Products, Inc. >>>> E-Mail: rgreen@trayerproducts.com >>>> Phone: 607-734-8124 Ext. 343 >>>> >>>> -- >>>> This message has been scanned for viruses and >>>> dangerous content by MailScanner, and is >>>> believed to be clean. >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>> >>> >>> >>> >>> ********************************************************************** >>> >>> This email and any files transmitted with it are confidential and >>> intended solely for the use of the individual or entity to whom they >>> are addressed. If you have received this email in error please notify >>> the system manager. >>> >>> This footnote confirms that this email message has been swept >>> for the presence of computer viruses and is believed to be clean. >>> >>> ********************************************************************** >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> -- >> Rodney Green >> Network/Security Administrator >> Trayer Products, Inc. >> E-Mail: rgreen@trayerproducts.com >> Phone: 607-734-8124 Ext. 343 >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Rodney Green Network/Security Administrator Trayer Products, Inc. E-Mail: rgreen@trayerproducts.com Phone: 607-734-8124 Ext. 343 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Mar 15 17:33:23 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:03 2006 Subject: SA Timeouts Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] What are the filenames of a few of them? Jim Coates wrote: >Sure am... > >Jim Coates > > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf >Of Julian Field >Sent: Tuesday, March 15, 2005 10:51 AM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: SA Timeouts > > >Are you getting loads of stuff left in /root/.spamassassin/bayes* ? > >Jim Coates wrote: > > > >>Hello all; >> >>I recently upgraded SpamAssassin to 3.01 and have started having >>timeout issues. >> >>MailScanner's header report shows "X-MailScanner-SpamCheck: not spam, >>SpamAssassin (timed out)" >> >>I've been watching the CPU and memory utilization and it doesn't seem >>to be that the server is having its resources eaten up, so I'm not >>really sure what's causing it. >> >>I increased the spam check timeouts to 60 (they were 40 by default), >>but that doesn't seem to have corrected the problem. >> >>Any ideas as to what might be causing this? >> >> >> >> > >-- >Julian Field >www.MailScanner.info >MailScanner thanks transtec Computers for their support >Buy the MailScanner book at www.MailScanner.info/store > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >------------------------ MailScanner list ------------------------ To >unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >mailscanner' in the body of the email. Before posting, read the MAQ >(http://www.mailscanner.biz/maq/) and the archives >(http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Mar 15 17:34:57 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:03 2006 Subject: Mailwatch Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Take a look at /etc/cron.daily/clean.quarantine. Comment out the line that disables it. You'll see it. You can also easily change the number of days it keeps the files. Roger Jochem wrote: >This would solve my problem... Where is this option? > >----- Original Message ----- >From: "Scott Silva" >To: >Sent: Tuesday, March 15, 2005 1:37 PM >Subject: Re: Mailwatch > > > > >>Roger Jochem wrote: >> >> >>>Thanks! >>> >>>I don't use store because the space it would require is to big, and if I >>>could strip the attachments ant then store this would work really fine! >>> >>>Maybe a new feature for MailScanner? :) >>> >>>----- Original Message ----- >>>From: "Martin Hepworth" >>>To: >>>Sent: Tuesday, March 15, 2005 8:14 AM >>>Subject: Re: Mailwatch >>> >>> >>> >>> >>> >>>>Roger >>>> >>>>This is more a MS setup question. >>>> >>>>If you want to 'store' ham, spam or high scoring spam then you need >>>>'store' in the actions list or ruleset. In which case it will store the >>>>entire message, attachments and all. >>>> >>>>I don't think there's an option to strip the attachment and then store. >>>> >>>>-- >>>>Martin Hepworth >>>>Snr Systems Administrator >>>>Solid State Logic >>>>Tel: +44 (0)1865 842300 >>>> >>>> >>>>Roger Jochem wrote: >>>> >>>> >>>> >>>>>Does anybody has any way of changing Mailwatch for MailScanner so it >>>>> >>>>> >can > > >>>>>archive the message body also? I don't want to archive any attachments, >>>>>only the body... Could it be done? >>>>>------------------------ MailScanner list ------------------------ >>>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>'leave mailscanner' in the body of the email. >>>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) >>>>>and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>> >>>>>*Support MailScanner development - buy the book off the website!* >>>>> >>>>> >>>>********************************************************************** >>>> >>>>This email and any files transmitted with it are confidential and >>>>intended solely for the use of the individual or entity to whom they >>>>are addressed. If you have received this email in error please notify >>>>the system manager. >>>> >>>>This footnote confirms that this email message has been swept >>>>for the presence of computer viruses and is believed to be clean. >>>> >>>>********************************************************************** >>>> >>>>------------------------ MailScanner list ------------------------ >>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>'leave mailscanner' in the body of the email. >>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>>Support MailScanner development - buy the book off the website! >>>> >>>> >>> >>> >>Stripping the attachment seems to defeat the main reason to store. To >>send false positives on to their intended recipients. >>Are you worried about the quarrantine dir getting out of control? >>There is an option to only let the quarrantine dir hold x days worth of >>stuff. >> >>-- >>"If you have ever eaten crow, >>It don't taste like chicken!!" >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jimc at LARIDIAN.COM Tue Mar 15 17:36:46 2005 From: jimc at LARIDIAN.COM (Jim Coates) Date: Thu Jan 12 21:29:03 2006 Subject: SA Timeouts Message-ID: Julian, They are all "bayes_toks.expire#####" files. Just today, I've had 103 of them (since midnight CST). Jim -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Tuesday, March 15, 2005 11:33 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: SA Timeouts What are the filenames of a few of them? Jim Coates wrote: >Sure am... > >Jim Coates > > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >Behalf Of Julian Field >Sent: Tuesday, March 15, 2005 10:51 AM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: SA Timeouts > > >Are you getting loads of stuff left in /root/.spamassassin/bayes* ? > >Jim Coates wrote: > > > >>Hello all; >> >>I recently upgraded SpamAssassin to 3.01 and have started having >>timeout issues. >> >>MailScanner's header report shows "X-MailScanner-SpamCheck: not spam, >>SpamAssassin (timed out)" >> >>I've been watching the CPU and memory utilization and it doesn't seem >>to be that the server is having its resources eaten up, so I'm not >>really sure what's causing it. >> >>I increased the spam check timeouts to 60 (they were 40 by default), >>but that doesn't seem to have corrected the problem. >> >>Any ideas as to what might be causing this? >> >> >> >> > >-- >Julian Field >www.MailScanner.info >MailScanner thanks transtec Computers for their support >Buy the MailScanner book at www.MailScanner.info/store > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >------------------------ MailScanner list ------------------------ To >unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >mailscanner' in the body of the email. Before posting, read the MAQ >(http://www.mailscanner.biz/maq/) and the archives >(http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >------------------------ MailScanner list ------------------------ To >unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >mailscanner' in the body of the email. Before posting, read the MAQ >(http://www.mailscanner.biz/maq/) and the archives >(http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Tue Mar 15 17:54:26 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:29:03 2006 Subject: Mailwatch Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] It works fine and solves my problem! Thanks... ----- Original Message ----- From: "Julian Field" To: Sent: Tuesday, March 15, 2005 2:34 PM Subject: Re: Mailwatch > Take a look at /etc/cron.daily/clean.quarantine. Comment out the line > that disables it. You'll see it. > You can also easily change the number of days it keeps the files. > > Roger Jochem wrote: > > >This would solve my problem... Where is this option? > > > >----- Original Message ----- > >From: "Scott Silva" > >To: > >Sent: Tuesday, March 15, 2005 1:37 PM > >Subject: Re: Mailwatch > > > > > > > > > >>Roger Jochem wrote: > >> > >> > >>>Thanks! > >>> > >>>I don't use store because the space it would require is to big, and if I > >>>could strip the attachments ant then store this would work really fine! > >>> > >>>Maybe a new feature for MailScanner? :) > >>> > >>>----- Original Message ----- > >>>From: "Martin Hepworth" > >>>To: > >>>Sent: Tuesday, March 15, 2005 8:14 AM > >>>Subject: Re: Mailwatch > >>> > >>> > >>> > >>> > >>> > >>>>Roger > >>>> > >>>>This is more a MS setup question. > >>>> > >>>>If you want to 'store' ham, spam or high scoring spam then you need > >>>>'store' in the actions list or ruleset. In which case it will store the > >>>>entire message, attachments and all. > >>>> > >>>>I don't think there's an option to strip the attachment and then store. > >>>> > >>>>-- > >>>>Martin Hepworth > >>>>Snr Systems Administrator > >>>>Solid State Logic > >>>>Tel: +44 (0)1865 842300 > >>>> > >>>> > >>>>Roger Jochem wrote: > >>>> > >>>> > >>>> > >>>>>Does anybody has any way of changing Mailwatch for MailScanner so it > >>>>> > >>>>> > >can > > > > > >>>>>archive the message body also? I don't want to archive any attachments, > >>>>>only the body... Could it be done? > >>>>>------------------------ MailScanner list ------------------------ > >>>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>>>>'leave mailscanner' in the body of the email. > >>>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > >>>>>and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >>>>> > >>>>>*Support MailScanner development - buy the book off the website!* > >>>>> > >>>>> > >>>>********************************************************************** > >>>> > >>>>This email and any files transmitted with it are confidential and > >>>>intended solely for the use of the individual or entity to whom they > >>>>are addressed. If you have received this email in error please notify > >>>>the system manager. > >>>> > >>>>This footnote confirms that this email message has been swept > >>>>for the presence of computer viruses and is believed to be clean. > >>>> > >>>>********************************************************************** > >>>> > >>>>------------------------ MailScanner list ------------------------ > >>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>>>'leave mailscanner' in the body of the email. > >>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >>>> > >>>>Support MailScanner development - buy the book off the website! > >>>> > >>>> > >>> > >>> > >>Stripping the attachment seems to defeat the main reason to store. To > >>send false positives on to their intended recipients. > >>Are you worried about the quarrantine dir getting out of control? > >>There is an option to only let the quarrantine dir hold x days worth of > >>stuff. > >> > >>-- > >>"If you have ever eaten crow, > >>It don't taste like chicken!!" > >> > >>------------------------ MailScanner list ------------------------ > >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>'leave mailscanner' in the body of the email. > >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> > >>Support MailScanner development - buy the book off the website! > >> > >> > > > >------------------------ MailScanner list ------------------------ > >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >'leave mailscanner' in the body of the email. > >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > >Support MailScanner development - buy the book off the website! > > > > > > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Mar 15 18:01:59 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:03 2006 Subject: SA Timeouts Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have hopefully fixed the bayes expiry problems in the latest beta of MailScanner. You will have to download and install that for the fix for this one. Or else put up with it until 1st April, when I will do the next stable release. Jim Coates wrote: >Julian, > >They are all "bayes_toks.expire#####" files. > >Just today, I've had 103 of them (since midnight CST). > >Jim > > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf >Of Julian Field >Sent: Tuesday, March 15, 2005 11:33 AM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: SA Timeouts > > >What are the filenames of a few of them? > >Jim Coates wrote: > > > >>Sure am... >> >>Jim Coates >> >> >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>Behalf Of Julian Field >>Sent: Tuesday, March 15, 2005 10:51 AM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: SA Timeouts >> >> >>Are you getting loads of stuff left in /root/.spamassassin/bayes* ? >> >>Jim Coates wrote: >> >> >> >> >> >>>Hello all; >>> >>>I recently upgraded SpamAssassin to 3.01 and have started having >>>timeout issues. >>> >>>MailScanner's header report shows "X-MailScanner-SpamCheck: not spam, >>>SpamAssassin (timed out)" >>> >>>I've been watching the CPU and memory utilization and it doesn't seem >>>to be that the server is having its resources eaten up, so I'm not >>>really sure what's causing it. >>> >>>I increased the spam check timeouts to 60 (they were 40 by default), >>>but that doesn't seem to have corrected the problem. >>> >>>Any ideas as to what might be causing this? >>> >>> >>> >>> >>> >>> >>-- >>Julian Field >>www.MailScanner.info >>MailScanner thanks transtec Computers for their support >>Buy the MailScanner book at www.MailScanner.info/store >> >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >>------------------------ MailScanner list ------------------------ To >>unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >>mailscanner' in the body of the email. Before posting, read the MAQ >>(http://www.mailscanner.biz/maq/) and the archives >>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >>------------------------ MailScanner list ------------------------ To >>unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >>mailscanner' in the body of the email. Before posting, read the MAQ >>(http://www.mailscanner.biz/maq/) and the archives >>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> >> >> > >-- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store Professional Support >Services at www.MailScanner.biz MailScanner thanks transtec Computers for >their support > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >------------------------ MailScanner list ------------------------ To >unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >mailscanner' in the body of the email. Before posting, read the MAQ >(http://www.mailscanner.biz/maq/) and the archives >(http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at LISTS.COM.AR Tue Mar 15 17:52:52 2005 From: mailscanner at LISTS.COM.AR (Leonardo Helman) Date: Thu Jan 12 21:29:03 2006 Subject: ZMailer help please Message-ID: Hi, you are having a problem with the program smtp, the scheduler is calling that in the line: command="smtp -F [152.78.69.153] -l ${LOGDIR}/smtp.punt" googled and found similar problems like Try to recompile smtp We always compile it from cvs If it still gives you problems, please email me in private, and we can try to solve this together. lhelman -at- pert -dot- com -dot- ar Saludos -- Leonardo Helman Pert Consultores Argentina On Tue, Mar 15, 2005 at 02:36:19PM +0000, Julian Field wrote: > In my /var/log/zmailer/scheduler I keep getting this: > > scheduler: scheduler daemon (2.99.55-patch1 #1: Tue Oct 16 21:22:07 CEST > 2001) > pid 25246 started at Tue, 15 Mar 2005 11:35:17 +0000 > > Synchronous startup completed, messages: 0 (0 skipped) recipients: 0 > *********************************************************************** > 20050315113600 Misformed diagnostic1: Incorrectly built binary which > accesses errno or h_errno directly. Needs to be fixed. > 20050315113610 Misformed diagnostic1: Incorrectly built binary which > accesses errno or h_errno directly. Needs to be fixed. > scheduler: exit(0): signal > > which looks pretty bad. I have tried rebuilding the RPM but it won't. > I'm on an Opteron system. > > If I "ldd /usr/lib/zmailer/sendmail" I get this: > Incorrectly built binary which accesses errno or h_errno directly. Needs > to be fixed. > linux-gate.so.1 => (0xffffe000) > libresolv.so.2 => /lib/libresolv.so.2 (0x006af000) > libc.so.6 => /lib/i686/libc.so.6 (0xf7ea9000) > /lib/ld-linux.so.2 (0x001c4000) > which also looks pretty bad. > > Is there any way out of this without rebuilding from the srpm (as it won't). > If I try to rebuild the rpm I get this: > + autoconf > configure.in:1400: error: do not use LIBOBJS directly, use AC_LIBOBJ > (see section `AC_LIBOBJ vs LIBOBJS' > If this token and others are legitimate, please use m4_pattern_allow. > See the Autoconf documentation. > error: Bad exit status from /var/tmp/rpm-tmp.96735 (%prep) > > And I don't know enough about autoconf to know how to fix this. > > Any more ideas? > > Julian Field wrote: > > >I already have > ># Sometimes we may want to PUNT all out to somewhere without regarding > ># on what the routing said: > ># > >smtp/* > > maxchannel=199 > > maxring=5 > > command="smtp -F [152.78.69.153] -l ${LOGDIR}/smtp.punt" > >in scheduler.conf. It didn't help. And I stopped and restarted zmailer > >several times since then. > > > >Leonardo Helman wrote: > > > >>Hi > >> > >>You have several ways to do this. > >> > >>Try in scheduler.conf > >> > >>search for "PUNT", and uncomment > >> > >> > >>I think this is what you want > >> > >># Sometimes we may want to PUNT all out to somewhere without regarding > >># on what the routing said: > >># > >># smtp/* > >># maxchannel=199 > >># maxring=5 > >># command="smtp -F [192.89.123.25] -l ${LOGDIR}/smtp.punt" > >> > >> > >> > >> > >> > >> > >>>How do I setup ZMailer so that it just sends all mail to another host? > >>>I have tried all sorts of things and just keep getting > >>> > >>>Original-Recipient: rfc822;anonymous@ecs.soton.ac.uk > >>>Final-Recipient: RFC822; anonymous@ecs.soton.ac.uk > >>>Action: failed > >>>Status: 5.0.0 > >>>Diagnostic-Code: X-LOCAL; 500 (nosuchuser) > >>> > >>>:-( > >>> > >>>-- > >>>Julian Field > >>>www.MailScanner.info > >>>MailScanner thanks transtec Computers for their support > >>>Buy the MailScanner book at www.MailScanner.info/store > >>> > >>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >>> > >>>------------------------ MailScanner list ------------------------ > >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>>'leave mailscanner' in the body of the email. > >>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >>> > >>>Support MailScanner development - buy the book off the website! > >>> > >>> > >> > >>------------------------ MailScanner list ------------------------ > >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>'leave mailscanner' in the body of the email. > >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> > >>Support MailScanner development - buy the book off the website! > >> > >> > >> > > > >-- > >Julian Field > >www.MailScanner.info > >MailScanner thanks transtec Computers for their support > >Buy the MailScanner book at www.MailScanner.info/store > > > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > >------------------------ MailScanner list ------------------------ > >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >'leave mailscanner' in the body of the email. > >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > >Support MailScanner development - buy the book off the website! > > > > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jimc at LARIDIAN.COM Tue Mar 15 18:02:28 2005 From: jimc at LARIDIAN.COM (Jim Coates) Date: Thu Jan 12 21:29:03 2006 Subject: SA Timeouts Message-ID: Julian, Will doing what Martin suggested help this? "Sounds like SA is trying to tidy the bayes DB and timing out... make sure the following is set in MailScanner.conf # If you are using the Bayesian statistics engine on a busy server, # you may well need to force a Bayesian database rebuild and expiry # at regular intervals. This is measures in seconds. # 1 day = 86400 seconds. # To disable this feature set this to 0. Rebuild Bayes Every = 86400 # The Bayesian database rebuild and expiry may take a 2 or 3 minutes # to complete. During this time you can either wait, or simply # disable SpamAssassin checks until it has completed. Wait During Bayes Rebuild = yes and in spam.assassin.prefs.conf # MailScanner: When using the scheduled Bayes expiry feature, you probably # MailScanner: want to turn off auto-expiry as it will rarely complete before # MailScanner: it is killed for taking too long. You will just end up with # MailScanner: big bayes_toks.new files wasting space. # bayes_auto_expire 0" Thanks, Jim Coates Laridian, Inc. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Tuesday, March 15, 2005 12:02 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: SA Timeouts I have hopefully fixed the bayes expiry problems in the latest beta of MailScanner. You will have to download and install that for the fix for this one. Or else put up with it until 1st April, when I will do the next stable release. Jim Coates wrote: >Julian, > >They are all "bayes_toks.expire#####" files. > >Just today, I've had 103 of them (since midnight CST). > >Jim > > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >Behalf Of Julian Field >Sent: Tuesday, March 15, 2005 11:33 AM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: SA Timeouts > > >What are the filenames of a few of them? > >Jim Coates wrote: > > > >>Sure am... >> >>Jim Coates >> >> >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>Behalf Of Julian Field >>Sent: Tuesday, March 15, 2005 10:51 AM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: SA Timeouts >> >> >>Are you getting loads of stuff left in /root/.spamassassin/bayes* ? >> >>Jim Coates wrote: >> >> >> >> >> >>>Hello all; >>> >>>I recently upgraded SpamAssassin to 3.01 and have started having >>>timeout issues. >>> >>>MailScanner's header report shows "X-MailScanner-SpamCheck: not spam, >>>SpamAssassin (timed out)" >>> >>>I've been watching the CPU and memory utilization and it doesn't seem >>>to be that the server is having its resources eaten up, so I'm not >>>really sure what's causing it. >>> >>>I increased the spam check timeouts to 60 (they were 40 by default), >>>but that doesn't seem to have corrected the problem. >>> >>>Any ideas as to what might be causing this? >>> >>> >>> >>> >>> >>> >>-- >>Julian Field >>www.MailScanner.info >>MailScanner thanks transtec Computers for their support >>Buy the MailScanner book at www.MailScanner.info/store >> >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >>------------------------ MailScanner list ------------------------ To >>unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >>mailscanner' in the body of the email. Before posting, read the MAQ >>(http://www.mailscanner.biz/maq/) and the archives >>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >>------------------------ MailScanner list ------------------------ To >>unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >>mailscanner' in the body of the email. Before posting, read the MAQ >>(http://www.mailscanner.biz/maq/) and the archives >>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> >> >> > >-- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store Professional >Support Services at www.MailScanner.biz MailScanner thanks transtec >Computers for their support > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >------------------------ MailScanner list ------------------------ To >unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >mailscanner' in the body of the email. Before posting, read the MAQ >(http://www.mailscanner.biz/maq/) and the archives >(http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >------------------------ MailScanner list ------------------------ To >unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >mailscanner' in the body of the email. Before posting, read the MAQ >(http://www.mailscanner.biz/maq/) and the archives >(http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From walkera at OFB.NET Tue Mar 15 18:15:36 2005 From: walkera at OFB.NET (Walker Aumann) Date: Thu Jan 12 21:29:03 2006 Subject: Missing checksum for MailScanner-4.40.5-1 for RedHat Message-ID: Maybe this was already mentioned in the release thread, but I didn't notice it. The signature file for the latest beta isn't available. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Mar 15 18:21:44 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:03 2006 Subject: SA Timeouts Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] No, the MailScanner-driven bayes rebuild in older versions did not lock out the other child processes successfully. In 4.40.5 this is fixed. What you can do is do the rebuild/expiry from a cron job at 3 in the morning. Jim Coates wrote: >Julian, > >Will doing what Martin suggested help this? > >"Sounds like SA is trying to tidy the bayes DB and timing out... > >make sure the following is set in MailScanner.conf > ># If you are using the Bayesian statistics engine on a busy server, # you >may well need to force a Bayesian database rebuild and expiry # at regular >intervals. This is measures in seconds. # 1 day = 86400 seconds. # To >disable this feature set this to 0. Rebuild Bayes Every = 86400 > ># The Bayesian database rebuild and expiry may take a 2 or 3 minutes # to >complete. During this time you can either wait, or simply # disable >SpamAssassin checks until it has completed. Wait During Bayes Rebuild = yes > > >and in spam.assassin.prefs.conf > ># MailScanner: When using the scheduled Bayes expiry feature, you probably # >MailScanner: want to turn off auto-expiry as it will rarely complete before ># MailScanner: it is killed for taking too long. You will just end up with # >MailScanner: big bayes_toks.new files wasting space. # bayes_auto_expire 0" > > >Thanks, >Jim Coates >Laridian, Inc. > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf >Of Julian Field >Sent: Tuesday, March 15, 2005 12:02 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: SA Timeouts > > >I have hopefully fixed the bayes expiry problems in the latest beta of >MailScanner. You will have to download and install that for the fix for this >one. Or else put up with it until 1st April, when I will do the next stable >release. > >Jim Coates wrote: > > > >>Julian, >> >>They are all "bayes_toks.expire#####" files. >> >>Just today, I've had 103 of them (since midnight CST). >> >>Jim >> >> >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>Behalf Of Julian Field >>Sent: Tuesday, March 15, 2005 11:33 AM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: SA Timeouts >> >> >>What are the filenames of a few of them? >> >>Jim Coates wrote: >> >> >> >> >> >>>Sure am... >>> >>>Jim Coates >>> >>> >>>-----Original Message----- >>>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>>Behalf Of Julian Field >>>Sent: Tuesday, March 15, 2005 10:51 AM >>>To: MAILSCANNER@JISCMAIL.AC.UK >>>Subject: Re: SA Timeouts >>> >>> >>>Are you getting loads of stuff left in /root/.spamassassin/bayes* ? >>> >>>Jim Coates wrote: >>> >>> >>> >>> >>> >>> >>> >>>>Hello all; >>>> >>>>I recently upgraded SpamAssassin to 3.01 and have started having >>>>timeout issues. >>>> >>>>MailScanner's header report shows "X-MailScanner-SpamCheck: not spam, >>>>SpamAssassin (timed out)" >>>> >>>>I've been watching the CPU and memory utilization and it doesn't seem >>>>to be that the server is having its resources eaten up, so I'm not >>>>really sure what's causing it. >>>> >>>>I increased the spam check timeouts to 60 (they were 40 by default), >>>>but that doesn't seem to have corrected the problem. >>>> >>>>Any ideas as to what might be causing this? >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>-- >>>Julian Field >>>www.MailScanner.info >>>MailScanner thanks transtec Computers for their support >>>Buy the MailScanner book at www.MailScanner.info/store >>> >>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>>------------------------ MailScanner list ------------------------ To >>>unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >>>mailscanner' in the body of the email. Before posting, read the MAQ >>>(http://www.mailscanner.biz/maq/) and the archives >>>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>Support MailScanner development - buy the book off the website! >>> >>>------------------------ MailScanner list ------------------------ To >>>unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >>>mailscanner' in the body of the email. Before posting, read the MAQ >>>(http://www.mailscanner.biz/maq/) and the archives >>>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>Support MailScanner development - buy the book off the website! >>> >>> >>> >>> >>> >>> >>> >>-- >>Julian Field >>www.MailScanner.info >>Buy the MailScanner book at www.MailScanner.info/store Professional >>Support Services at www.MailScanner.biz MailScanner thanks transtec >>Computers for their support >> >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >>------------------------ MailScanner list ------------------------ To >>unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >>mailscanner' in the body of the email. Before posting, read the MAQ >>(http://www.mailscanner.biz/maq/) and the archives >>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >>------------------------ MailScanner list ------------------------ To >>unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >>mailscanner' in the body of the email. Before posting, read the MAQ >>(http://www.mailscanner.biz/maq/) and the archives >>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> >> >> > >-- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store Professional Support >Services at www.MailScanner.biz MailScanner thanks transtec Computers for >their support > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >------------------------ MailScanner list ------------------------ To >unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >mailscanner' in the body of the email. Before posting, read the MAQ >(http://www.mailscanner.biz/maq/) and the archives >(http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Mar 15 18:24:35 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:04 2006 Subject: Missing checksum for MailScanner-4.40.5-1 for RedHat Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Fixed. Sorry for that omission. Walker Aumann wrote: >Maybe this was already mentioned in the release thread, but I didn't >notice it. The signature file for the latest beta isn't available. > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Tue Mar 15 18:26:36 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:29:04 2006 Subject: Subject gets blank Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian, A new test setup is deleting the 'Subject:' header completely from mails.. I am running the following: MS 4.40.5 SA 3.0.2 CentOS 4.0 razor / pyzor /dcc Where do i start troubleshooting? Debug = yes, gives the following Starting MailScanner... In Debugging mode, not forking... SA bayes lock is /var/spool/MailScanner/spamassassin/bayes.lock Bayes lock is at /var/spool/MailScanner/spamassassin/bayes.lock Stopping now as you are debugging me. Debug SpamAssassin = yes, gives what would have happened if i ran spamassassin -D ... < message - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jimc at LARIDIAN.COM Tue Mar 15 18:28:10 2005 From: jimc at LARIDIAN.COM (Jim Coates) Date: Thu Jan 12 21:29:04 2006 Subject: SA Timeouts Message-ID: Julian, Ok. Is there anything I need to disable to keep it from rebuilding outside of the cron job? And (sorry for being a noob), but what is the cron line for rebuilding bayes? Thanks, Jim -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Tuesday, March 15, 2005 12:22 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: SA Timeouts No, the MailScanner-driven bayes rebuild in older versions did not lock out the other child processes successfully. In 4.40.5 this is fixed. What you can do is do the rebuild/expiry from a cron job at 3 in the morning. Jim Coates wrote: >Julian, > >Will doing what Martin suggested help this? > >"Sounds like SA is trying to tidy the bayes DB and timing out... > >make sure the following is set in MailScanner.conf > ># If you are using the Bayesian statistics engine on a busy server, # >you may well need to force a Bayesian database rebuild and expiry # at >regular intervals. This is measures in seconds. # 1 day = 86400 >seconds. # To disable this feature set this to 0. Rebuild Bayes Every = >86400 > ># The Bayesian database rebuild and expiry may take a 2 or 3 minutes # >to complete. During this time you can either wait, or simply # disable >SpamAssassin checks until it has completed. Wait During Bayes Rebuild = >yes > > >and in spam.assassin.prefs.conf > ># MailScanner: When using the scheduled Bayes expiry feature, you >probably # >MailScanner: want to turn off auto-expiry as it will rarely complete before ># MailScanner: it is killed for taking too long. You will just end up with # >MailScanner: big bayes_toks.new files wasting space. # bayes_auto_expire 0" > > >Thanks, >Jim Coates >Laridian, Inc. > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >Behalf Of Julian Field >Sent: Tuesday, March 15, 2005 12:02 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: SA Timeouts > > >I have hopefully fixed the bayes expiry problems in the latest beta of >MailScanner. You will have to download and install that for the fix for >this one. Or else put up with it until 1st April, when I will do the >next stable release. > >Jim Coates wrote: > > > >>Julian, >> >>They are all "bayes_toks.expire#####" files. >> >>Just today, I've had 103 of them (since midnight CST). >> >>Jim >> >> >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>Behalf Of Julian Field >>Sent: Tuesday, March 15, 2005 11:33 AM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: SA Timeouts >> >> >>What are the filenames of a few of them? >> >>Jim Coates wrote: >> >> >> >> >> >>>Sure am... >>> >>>Jim Coates >>> >>> >>>-----Original Message----- >>>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>>Behalf Of Julian Field >>>Sent: Tuesday, March 15, 2005 10:51 AM >>>To: MAILSCANNER@JISCMAIL.AC.UK >>>Subject: Re: SA Timeouts >>> >>> >>>Are you getting loads of stuff left in /root/.spamassassin/bayes* ? >>> >>>Jim Coates wrote: >>> >>> >>> >>> >>> >>> >>> >>>>Hello all; >>>> >>>>I recently upgraded SpamAssassin to 3.01 and have started having >>>>timeout issues. >>>> >>>>MailScanner's header report shows "X-MailScanner-SpamCheck: not >>>>spam, SpamAssassin (timed out)" >>>> >>>>I've been watching the CPU and memory utilization and it doesn't >>>>seem to be that the server is having its resources eaten up, so I'm >>>>not really sure what's causing it. >>>> >>>>I increased the spam check timeouts to 60 (they were 40 by default), >>>>but that doesn't seem to have corrected the problem. >>>> >>>>Any ideas as to what might be causing this? >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>-- >>>Julian Field >>>www.MailScanner.info >>>MailScanner thanks transtec Computers for their support >>>Buy the MailScanner book at www.MailScanner.info/store >>> >>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>>------------------------ MailScanner list ------------------------ To >>>unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >>>mailscanner' in the body of the email. Before posting, read the MAQ >>>(http://www.mailscanner.biz/maq/) and the archives >>>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>Support MailScanner development - buy the book off the website! >>> >>>------------------------ MailScanner list ------------------------ To >>>unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >>>mailscanner' in the body of the email. Before posting, read the MAQ >>>(http://www.mailscanner.biz/maq/) and the archives >>>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>Support MailScanner development - buy the book off the website! >>> >>> >>> >>> >>> >>> >>> >>-- >>Julian Field >>www.MailScanner.info >>Buy the MailScanner book at www.MailScanner.info/store Professional >>Support Services at www.MailScanner.biz MailScanner thanks transtec >>Computers for their support >> >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >>------------------------ MailScanner list ------------------------ To >>unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >>mailscanner' in the body of the email. Before posting, read the MAQ >>(http://www.mailscanner.biz/maq/) and the archives >>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >>------------------------ MailScanner list ------------------------ To >>unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >>mailscanner' in the body of the email. Before posting, read the MAQ >>(http://www.mailscanner.biz/maq/) and the archives >>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> >> >> > >-- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store Professional >Support Services at www.MailScanner.biz MailScanner thanks transtec >Computers for their support > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >------------------------ MailScanner list ------------------------ To >unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >mailscanner' in the body of the email. Before posting, read the MAQ >(http://www.mailscanner.biz/maq/) and the archives >(http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >------------------------ MailScanner list ------------------------ To >unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >mailscanner' in the body of the email. Before posting, read the MAQ >(http://www.mailscanner.biz/maq/) and the archives >(http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Tue Mar 15 18:31:29 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:29:04 2006 Subject: What enables URIBLs? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rodney Green wrote on Tue, 15 Mar 2005 11:33:54 -0500: > I'm just wondering where > they are enabled. > They are indeed configured in init.pre. If you comment that line out all the URIBL tests won't be done. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Tue Mar 15 18:31:29 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:29:04 2006 Subject: Bayes is gone Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Anders Kongsted wrote on Tue, 15 Mar 2005 14:21:22 +0100: > I still don't get any score from Bayes (ex. bayes_50)... Any ideas why? > No, you were getting BAYES_60 as you recently posted. You may expect other Bayes figures for your messages, but this is another matter. From what you posted until now it looks like your Bayes is working. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Tue Mar 15 18:31:29 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:29:04 2006 Subject: SA Timeouts Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] and run a manual sa-learn --force-expire. Specify the config file on that command line if the MailScanner setup doesn't use the local.cf! Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Tue Mar 15 18:31:29 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:29:04 2006 Subject: What enables URIBLs? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Martin Hepworth wrote on Tue, 15 Mar 2005 16:50:32 +0000: > if you've just enabled the network tests (commented outthe skip rbls in > spam.assassin.prefs.conf) then that will start the URI-RBLs. > No, this doesn't enable them. Tests are independant. You can skip all RBL tests and still do the URIBL tests. It's just like I have set it here. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Tue Mar 15 18:31:29 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:29:04 2006 Subject: Abort delivery of mail in customconfig.pm Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ramprasad A Padmanabhan wrote on Tue, 15 Mar 2005 18:43:29 +0530: > IMHO it would not. > Suppose a mail is marked to many people, If a new procmail process is > spawned for every recipient wont it be a waste , when it can be done at > the mta level , where it is just one mail. > I agree, but it may nevertheless the best choice you have. I was thinking in another direction, I though you want to have some sort of "mailrobot" which gets a message and processes it. You seem to be doing something different. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Mar 15 18:41:34 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:04 2006 Subject: Subject gets blank Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] What MTA are you running? Are all the subject: headers gone, or only some? Dhawal Doshy wrote: > Julian, > > A new test setup is deleting the 'Subject:' header completely from > mails.. > > I am running the following: > MS 4.40.5 > SA 3.0.2 > CentOS 4.0 > razor / pyzor /dcc > > Where do i start troubleshooting? > > Debug = yes, gives the following > Starting MailScanner... > In Debugging mode, not forking... > SA bayes lock is /var/spool/MailScanner/spamassassin/bayes.lock > Bayes lock is at /var/spool/MailScanner/spamassassin/bayes.lock > Stopping now as you are debugging me. > > Debug SpamAssassin = yes, gives what would have happened if i ran > spamassassin -D ... < message > > - dhawal > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Tue Mar 15 18:52:42 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:29:04 2006 Subject: Subject gets blank Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] oops.. forgot to mention postfix 2.1.5, and as for the subject: headers i don't see any headers related to subject at all.. i am unable to confirm currently if the original message contained multiple subject headers, i'll check (or simulate) and confirm.. btw 'Debug SpamAssassin = yes' gives me 'mail 1 has no subject' in razor check and also returns 'MISSING_SUBJECT' in the SA tests. - dhawal Julian Field wrote: > What MTA are you running? Are all the subject: headers gone, or only some? > > Dhawal Doshy wrote: > >> Julian, >> >> A new test setup is deleting the 'Subject:' header completely from >> mails.. >> >> I am running the following: >> MS 4.40.5 >> SA 3.0.2 >> CentOS 4.0 >> razor / pyzor /dcc >> >> Where do i start troubleshooting? >> >> Debug = yes, gives the following >> Starting MailScanner... >> In Debugging mode, not forking... >> SA bayes lock is /var/spool/MailScanner/spamassassin/bayes.lock >> Bayes lock is at /var/spool/MailScanner/spamassassin/bayes.lock >> Stopping now as you are debugging me. >> >> Debug SpamAssassin = yes, gives what would have happened if i ran >> spamassassin -D ... < message >> >> - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Mar 15 19:00:39 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:04 2006 Subject: Subject gets blank Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Please apply this patch to /usr/lib/MailScanner/MailScanner/Postfix.pm: -----SNIP----- --- Postfix.pm.old 2005-03-12 20:15:18.000000000 +0000 +++ Postfix.pm 2005-03-15 18:58:57.631052633 +0000 @@ -621,7 +627,11 @@ $foundat = -1; while ($pos < @{$message->{metadata}}) { if ($message->{metadata}[$pos] =~ /^N$key/i) { - ($foundat = $pos), next if $foundat == -1; # Skip 1st occurrence + if ($foundat == -1) { # Skip 1st occurrence + $foundat = $pos; + $pos++; + next; + } # We have found the start of 1 occurrence of this header splice @{$message->{metadata}}, $pos, 1; # Delete continuation lines -----SNIP----- Dhawal Doshy wrote: > oops.. forgot to mention postfix 2.1.5, and as for the subject: headers > i don't see any headers related to subject at all.. > > i am unable to confirm currently if the original message contained > multiple subject headers, i'll check (or simulate) and confirm.. > > btw 'Debug SpamAssassin = yes' gives me 'mail 1 has no subject' in razor > check and also returns 'MISSING_SUBJECT' in the SA tests. > > - dhawal > > Julian Field wrote: > >> What MTA are you running? Are all the subject: headers gone, or only >> some? >> >> Dhawal Doshy wrote: >> >>> Julian, >>> >>> A new test setup is deleting the 'Subject:' header completely from >>> mails.. >>> >>> I am running the following: >>> MS 4.40.5 >>> SA 3.0.2 >>> CentOS 4.0 >>> razor / pyzor /dcc >>> >>> Where do i start troubleshooting? >>> >>> Debug = yes, gives the following >>> Starting MailScanner... >>> In Debugging mode, not forking... >>> SA bayes lock is /var/spool/MailScanner/spamassassin/bayes.lock >>> Bayes lock is at /var/spool/MailScanner/spamassassin/bayes.lock >>> Stopping now as you are debugging me. >>> >>> Debug SpamAssassin = yes, gives what would have happened if i ran >>> spamassassin -D ... < message >>> >>> - dhawal >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From joey at JOESMITH.NET Tue Mar 15 18:59:08 2005 From: joey at JOESMITH.NET (Joe Smith) Date: Thu Jan 12 21:29:04 2006 Subject: smtp server test? Message-ID: Any sendmail experts know of a milter that will check an inbound connection for a listening mail server? Gotta be 90+ percent of spammers and virus connections don't have a listening smtp server. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Mar 15 19:13:26 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:04 2006 Subject: smtp server test? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] If you do that, you won't ever get any mail from me for starters. My outgoing mail handlers don't listen for SMTP from the net as well, that is handled by other MX servers. Joe Smith wrote: >Any sendmail experts know of a milter that will check an inbound >connection for a listening mail server? Gotta be 90+ percent of >spammers and virus connections don't have a listening smtp server. > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Tue Mar 15 19:22:09 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:29:04 2006 Subject: Subject gets blank Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] It worked, not only was the subject fine this time it also managed to trim the other 3 extra subjects that I had added. In any case i'll be extensively testing this release for my env.. Thanks a lot.. - dhawal Julian Field wrote: > Please apply this patch to /usr/lib/MailScanner/MailScanner/Postfix.pm: > > -----SNIP----- > --- Postfix.pm.old 2005-03-12 20:15:18.000000000 +0000 > +++ Postfix.pm 2005-03-15 18:58:57.631052633 +0000 > @@ -621,7 +627,11 @@ > $foundat = -1; > while ($pos < @{$message->{metadata}}) { > if ($message->{metadata}[$pos] =~ /^N$key/i) { > - ($foundat = $pos), next if $foundat == -1; # Skip 1st occurrence > + if ($foundat == -1) { # Skip 1st occurrence > + $foundat = $pos; > + $pos++; > + next; > + } > # We have found the start of 1 occurrence of this header > splice @{$message->{metadata}}, $pos, 1; > # Delete continuation lines > -----SNIP----- > > Dhawal Doshy wrote: > >> oops.. forgot to mention postfix 2.1.5, and as for the subject: headers >> i don't see any headers related to subject at all.. >> >> i am unable to confirm currently if the original message contained >> multiple subject headers, i'll check (or simulate) and confirm.. >> >> btw 'Debug SpamAssassin = yes' gives me 'mail 1 has no subject' in razor >> check and also returns 'MISSING_SUBJECT' in the SA tests. >> >> - dhawal >> >> Julian Field wrote: >> >>> What MTA are you running? Are all the subject: headers gone, or only >>> some? >>> >>> Dhawal Doshy wrote: >>> >>>> Julian, >>>> >>>> A new test setup is deleting the 'Subject:' header completely from >>>> mails.. >>>> >>>> I am running the following: >>>> MS 4.40.5 >>>> SA 3.0.2 >>>> CentOS 4.0 >>>> razor / pyzor /dcc >>>> >>>> Where do i start troubleshooting? >>>> >>>> Debug = yes, gives the following >>>> Starting MailScanner... >>>> In Debugging mode, not forking... >>>> SA bayes lock is /var/spool/MailScanner/spamassassin/bayes.lock >>>> Bayes lock is at /var/spool/MailScanner/spamassassin/bayes.lock >>>> Stopping now as you are debugging me. >>>> >>>> Debug SpamAssassin = yes, gives what would have happened if i ran >>>> spamassassin -D ... < message >>>> >>>> - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue Mar 15 19:22:30 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:04 2006 Subject: smtp server test? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Joe Smith wrote: > Any sendmail experts know of a milter that will check an inbound > connection for a listening mail server? Gotta be 90+ percent of > spammers and virus connections don't have a listening smtp server. > I'm not sure if RFC's require a sending SMTP to also be a receiver. Some large senders probably have separate sending and receiving mailers, and you would get some false positives. You could test for reverse-resolution, but there are a few legit. mailers that have that broken also. -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From wintermutecx at gmail.com Tue Mar 15 19:46:04 2005 From: wintermutecx at gmail.com (Dave) Date: Thu Jan 12 21:29:04 2006 Subject: smtp server test? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Tue, 15 Mar 2005 11:22:30 -0800, Scott Silva wrote: > Joe Smith wrote: > > Any sendmail experts know of a milter that will check an inbound > > connection for a listening mail server? Gotta be 90+ percent of > > spammers and virus connections don't have a listening smtp server. > > > I'm not sure if RFC's require a sending SMTP to also be a receiver. > Some large senders probably have separate sending and receiving mailers, > and you would get some false positives. > You could test for reverse-resolution, but there are a few legit. > mailers that have that broken also. I'm not a large corp, just a small NPO and we have 2 mail servers, one inbound with Mailscanner and outbound on another IP/machine. So we would fail that check also. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Mar 15 19:58:12 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:04 2006 Subject: Subject gets blank Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks. The testing is exactly the point of my betas. Dhawal Doshy wrote: > It worked, not only was the subject fine this time it also managed to > trim the other 3 extra subjects that I had added. In any case i'll be > extensively testing this release for my env.. > > Thanks a lot.. > > - dhawal > > Julian Field wrote: > >> Please apply this patch to /usr/lib/MailScanner/MailScanner/Postfix.pm: >> >> -----SNIP----- >> --- Postfix.pm.old 2005-03-12 20:15:18.000000000 +0000 >> +++ Postfix.pm 2005-03-15 18:58:57.631052633 +0000 >> @@ -621,7 +627,11 @@ >> $foundat = -1; >> while ($pos < @{$message->{metadata}}) { >> if ($message->{metadata}[$pos] =~ /^N$key/i) { >> - ($foundat = $pos), next if $foundat == -1; # Skip 1st >> occurrence >> + if ($foundat == -1) { # Skip 1st occurrence >> + $foundat = $pos; >> + $pos++; >> + next; >> + } >> # We have found the start of 1 occurrence of this header >> splice @{$message->{metadata}}, $pos, 1; >> # Delete continuation lines >> -----SNIP----- >> >> Dhawal Doshy wrote: >> >>> oops.. forgot to mention postfix 2.1.5, and as for the subject: headers >>> i don't see any headers related to subject at all.. >>> >>> i am unable to confirm currently if the original message contained >>> multiple subject headers, i'll check (or simulate) and confirm.. >>> >>> btw 'Debug SpamAssassin = yes' gives me 'mail 1 has no subject' in >>> razor >>> check and also returns 'MISSING_SUBJECT' in the SA tests. >>> >>> - dhawal >>> >>> Julian Field wrote: >>> >>>> What MTA are you running? Are all the subject: headers gone, or only >>>> some? >>>> >>>> Dhawal Doshy wrote: >>>> >>>>> Julian, >>>>> >>>>> A new test setup is deleting the 'Subject:' header completely from >>>>> mails.. >>>>> >>>>> I am running the following: >>>>> MS 4.40.5 >>>>> SA 3.0.2 >>>>> CentOS 4.0 >>>>> razor / pyzor /dcc >>>>> >>>>> Where do i start troubleshooting? >>>>> >>>>> Debug = yes, gives the following >>>>> Starting MailScanner... >>>>> In Debugging mode, not forking... >>>>> SA bayes lock is /var/spool/MailScanner/spamassassin/bayes.lock >>>>> Bayes lock is at /var/spool/MailScanner/spamassassin/bayes.lock >>>>> Stopping now as you are debugging me. >>>>> >>>>> Debug SpamAssassin = yes, gives what would have happened if i ran >>>>> spamassassin -D ... < message >>>>> >>>>> - dhawal >>>> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Tue Mar 15 20:31:50 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:29:04 2006 Subject: SA Timeouts Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jim Coates wrote on Tue, 15 Mar 2005 12:28:10 -0600: > Is there anything I need to disable to keep it from rebuilding outside of > the cron job? You have to shut it off in the configfile. > > And (sorry for being a noob), but what is the cron line for rebuilding > bayes? > sa-learn -c configfilepath --force-expire Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Tue Mar 15 20:31:50 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:29:04 2006 Subject: smtp server test? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote on Tue, 15 Mar 2005 19:13:26 +0000: > If you do that, you won't ever get any mail from me for starters. My > outgoing mail handlers don't listen for SMTP from the net as well, that > is handled by other MX servers. > What you *can* do is check if the incoming mail address would be accepted for delivery on the MX for that domain. There are milters that do this. I personally am opposed to that, though, since it adds an extra SMTP connection for each incoming mail and on the remote side for many outgoing mails (depending on how many people use it). I think it is much easier and better to just reject all attempts from dialups etc., check for correct HELO and so on right at MTA level. This doesn't put the burden on innocent third parties. And it's quite successful. We rarely get viruses because most are sent over zombie machines which are either in dialup ranges or already listed as being a proxy/zombie etc. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dean at SAHRA.ARIZONA.EDU Tue Mar 15 20:34:39 2005 From: dean at SAHRA.ARIZONA.EDU (Dean Jones) Date: Thu Jan 12 21:29:04 2006 Subject: Problem with MailScanner, postfix and corrupt mails Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Robert Waldner wrote: > On Tue, 15 Mar 2005 14:17:18 +0100, =?iso-8859-1?Q?D=F6rfler_Andreas?= writes: > >>u sure it isnt a postfix problem ? > > > It "smells" like a race condition of some kind, or a Perl bug. I only > see this on machines that > - are i386 > - actually notice the mails in their load > - run MailScanner > - run postfix > > On machines that only meet three of the above criteria, this ain't a > problem. > I have this problem on: Solaris 9 Sparc, Postfix 2.1.5, Perl 5.8.4 and latest mailscanner stable. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jimc at LARIDIAN.COM Tue Mar 15 21:40:30 2005 From: jimc at LARIDIAN.COM (Jim Coates) Date: Thu Jan 12 21:29:04 2006 Subject: SA Timeouts Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Kai, Thanks... In the MailScanner.conf, I have Rebuild Bayes Every set to "0" and the Wait During Bayes Rebuild set to "no", so doesn't this already mean that it shouldn't be trying to rebuild itself? I do have bayes auto expire remarked out in the spam.assassin.prefs.conf file. If I change the auto expire setting, and then add the cron job (pointing to SA's local.cf I assume) will that then take care of the issue for now? Thanks, Jim Coates -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Kai Schaetzl Sent: Tuesday, March 15, 2005 2:32 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: SA Timeouts Jim Coates wrote on Tue, 15 Mar 2005 12:28:10 -0600: > Is there anything I need to disable to keep it from rebuilding outside > of > the cron job? You have to shut it off in the configfile. > > And (sorry for being a noob), but what is the cron line for rebuilding > bayes? > sa-learn -c configfilepath --force-expire Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Tue Mar 15 22:30:12 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:29:04 2006 Subject: 4.40.5, Solaris 9, no problems Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jeff A. Earickson wrote: > Been working great, using unrar from http://www.rarlab.com/. > You outta mention a URL for where to get unrar if your > system (like mine) doesn't come with it. What's another comment > in the MailScanner.conf file? It's the first hit if you google for "unrar". ;-) -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Tue Mar 15 22:31:27 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:29:04 2006 Subject: SA Timeouts Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jim Coates wrote on Tue, 15 Mar 2005 15:40:30 -0600: > In the MailScanner.conf, I have Rebuild Bayes Every set to "0" and the Wait > During Bayes Rebuild set to "no", so doesn't this already mean that it > shouldn't be trying to rebuild itself? It means that there is no minimum between the expiry tries and MS won't wait during a running expiry. That is what produces those many temporary files. It might just be enough to set this to yes (it should always be set to yes). Then MS should wait with using SA until the expire has finished. > > I do have bayes auto expire remarked out in the spam.assassin.prefs.conf > file. You have to set this to 0 if you want to stop it. Commented out means default = do it. > > If I change the auto expire setting, and then add the cron job (pointing to > SA's local.cf I assume) will that then take care of the issue for now? > It is possible. As you see above there are several ways to fix the problem, it depends on what the cause of the problem is. Run the command at least once directly before you run it over cron. There might be a problem, so that the expiry cannot finish. In this case running via cron will obviously not help. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From csweeney at OSUBUCKS.ORG Tue Mar 15 23:14:24 2005 From: csweeney at OSUBUCKS.ORG (Chris Sweeney) Date: Thu Jan 12 21:29:04 2006 Subject: smtp server test? Message-ID: You also have to think of major ISP and corps that have multiple email servers. MANY MANY of them I know of have separate incomming and outgoing machines and many times multiple machines. For security and redundency many only accept connections to one port per server, so if its an outgoing server, no ports are open to incomming connections. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Tuesday, March 15, 2005 2:13 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: smtp server test? If you do that, you won't ever get any mail from me for starters. My outgoing mail handlers don't listen for SMTP from the net as well, that is handled by other MX servers. Joe Smith wrote: >Any sendmail experts know of a milter that will check an inbound >connection for a listening mail server? Gotta be 90+ percent of >spammers and virus connections don't have a listening smtp server. > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Tue Mar 15 23:24:33 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:29:04 2006 Subject: smtp server test? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Again we have seperate machines for this we would fail your test. But your MTA and SA can do plenty of other usefull tests. Have a read of your MTA doco and read through the list ofs test on spamassassin.org to see what they are. Good luck Pete Chris Sweeney wrote: > You also have to think of major ISP and corps that have multiple email > servers. MANY MANY of them I know of have separate incomming and outgoing > machines and many times multiple machines. For security and redundency many > only accept connections to one port per server, so if its an outgoing > server, no ports are open to incomming connections. > > > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf > Of Julian Field > Sent: Tuesday, March 15, 2005 2:13 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: smtp server test? > > If you do that, you won't ever get any mail from me for starters. My > outgoing mail handlers don't listen for SMTP from the net as well, that is > handled by other MX servers. > > Joe Smith wrote: > > >>Any sendmail experts know of a milter that will check an inbound >>connection for a listening mail server? Gotta be 90+ percent of >>spammers and virus connections don't have a listening smtp server. >> >> > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store Professional Support > Services at www.MailScanner.biz MailScanner thanks transtec Computers for > their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, and is believed to be clean. > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jimc at LARIDIAN.COM Tue Mar 15 23:29:49 2005 From: jimc at LARIDIAN.COM (Jim Coates) Date: Thu Jan 12 21:29:04 2006 Subject: SA Timeouts Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] hmmm... I have the bayes_auto_expire set to "0" now (no longer commented out). I restarted MailScanner, but for some reason these expiry files are still being created at a fairly rapid pace. I'm getting 1 every 6 minutes or so. Jim -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Kai Schaetzl Sent: Tuesday, March 15, 2005 4:31 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: SA Timeouts Jim Coates wrote on Tue, 15 Mar 2005 15:40:30 -0600: > In the MailScanner.conf, I have Rebuild Bayes Every set to "0" and the > Wait > During Bayes Rebuild set to "no", so doesn't this already mean that it > shouldn't be trying to rebuild itself? It means that there is no minimum between the expiry tries and MS won't wait during a running expiry. That is what produces those many temporary files. It might just be enough to set this to yes (it should always be set to yes). Then MS should wait with using SA until the expire has finished. > > I do have bayes auto expire remarked out in the > spam.assassin.prefs.conf > file. You have to set this to 0 if you want to stop it. Commented out means default = do it. > > If I change the auto expire setting, and then add the cron job > (pointing to > SA's local.cf I assume) will that then take care of the issue for now? > It is possible. As you see above there are several ways to fix the problem, it depends on what the cause of the problem is. Run the command at least once directly before you run it over cron. There might be a problem, so that the expiry cannot finish. In this case running via cron will obviously not help. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue Mar 15 23:54:13 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:04 2006 Subject: SA Timeouts Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jim Coates wrote: > hmmm... > I have the bayes_auto_expire set to "0" now (no longer commented out). > > I restarted MailScanner, but for some reason these expiry files are still > being created at a fairly rapid pace. > > I'm getting 1 every 6 minutes or so. > > Jim > > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf > Of Kai Schaetzl > Sent: Tuesday, March 15, 2005 4:31 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: SA Timeouts > > > Jim Coates wrote on Tue, 15 Mar 2005 15:40:30 -0600: > > >>In the MailScanner.conf, I have Rebuild Bayes Every set to "0" and the >>Wait >>During Bayes Rebuild set to "no", so doesn't this already mean that it >>shouldn't be trying to rebuild itself? > > > It means that there is no minimum between the expiry tries and MS won't wait > > during a running expiry. That is what produces those many temporary files. > It > might just be enough to set this to yes (it should always be set to yes). > Then > MS should wait with using SA until the expire has finished. > > >> >>I do have bayes auto expire remarked out in the >>spam.assassin.prefs.conf >>file. > > > You have to set this to 0 if you want to stop it. Commented out means > default > = do it. > > >> >>If I change the auto expire setting, and then add the cron job >>(pointing to >>SA's local.cf I assume) will that then take care of the issue for now? >> > > > It is possible. As you see above there are several ways to fix the problem, > it > depends on what the cause of the problem is. Run the command at least once > directly before you run it over cron. There might be a problem, so that the > expiry cannot finish. In this case running via cron will obviously not help. > > > > Kai > Why not stop MailScanner, do a forced expire from a command prompt, and after it finishes, restart MailScanner. It might be so munged up that it can no longer work properly. -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ramprasad at NETCORE.CO.IN Wed Mar 16 06:10:46 2005 From: ramprasad at NETCORE.CO.IN (Ramprasad A Padmanabhan) Date: Thu Jan 12 21:29:04 2006 Subject: Abort delivery of mail in customconfig.pm Message-ID: > I agree, but it may nevertheless the best choice you have. I was thinking > in another direction, I though you want to have some sort of "mailrobot" > which gets a message and processes it. You seem to be doing something > different. > > Kai Ok Can you tell me how to abort a mail in CustomConfig Thanks Ram ---------------------------------------------------------- Netcore Solutions Pvt. Ltd. Website: http://www.netcore.co.in Spamtraps: http://cleanmail.netcore.co.in/directory.html ---------------------------------------------------------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From waldner at WALDNER.PRIV.AT Wed Mar 16 06:09:52 2005 From: waldner at WALDNER.PRIV.AT (Robert Waldner) Date: Thu Jan 12 21:29:04 2006 Subject: Problem with MailScanner, postfix and corrupt mails Message-ID: On Tue, 15 Mar 2005 13:34:39 MST, Dean Jones writes: >> It "smells" like a race condition of some kind, or a Perl bug. I only >> see this on machines that >> - are i386 >> - actually notice the mails in their load >> - run MailScanner >> - run postfix >> >> On machines that only meet three of the above criteria, this ain't a >> problem. >I have this problem on: > >Solaris 9 Sparc, Postfix 2.1.5, Perl 5.8.4 and latest mailscanner stable. Interesting. On my private box, Debian on sun4u, quite loaded, I don't see this problem. cheers, &rw -- -- A sendmail / by any other name -- Would still / HELO just.as.swe.et -- - Greg ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/PGP-SIGNATURE 196bytes. ] [ Unable to print this part. ] From waldner at WALDNER.PRIV.AT Wed Mar 16 06:14:08 2005 From: waldner at WALDNER.PRIV.AT (Robert Waldner) Date: Thu Jan 12 21:29:04 2006 Subject: Problem with MailScanner, postfix and corrupt mails Message-ID: On Tue, 15 Mar 2005 17:32:46 GMT, Julian Field writes: >There is only 1 statement in the code that print the "PreDataString" >which is where this text is put. After writing it (once) it forks off a >pipe to print the message body, then prints the "PostDataString". To get >2 copies of the PreDataString, something somewhere must duplicate it in >the buffers. >So there are just those 2 "+"-marked lines to add. >If this doesn't fix it, then it really is beyond my control. I'm forcing >it to flush the buffers absolutely everywhere, none of this should be >needed. Thanks. I'll apply the patch as soon as I get to work. cheers, &rw -- -- sometimes transcode changes or adds new -- features while your are encoding. -- - Thomas Oestreich ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/PGP-SIGNATURE 196bytes. ] [ Unable to print this part. ] From pete at ENITECH.COM.AU Wed Mar 16 06:54:22 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:29:04 2006 Subject: Problem with MailScanner, postfix and corrupt mails Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] HI Jules, am using POstfix 2.1.5 on rhel4 - no problems with postfix whatsoever. Does it help you to have access to my 3 machines (and soon to be 4) that are running this version to inspect/compare etc? PLease let me know, would love to help in anyway i can - just not sure if i can :) Pete Robert Waldner wrote: > On Tue, 15 Mar 2005 17:32:46 GMT, Julian Field writes: > >>There is only 1 statement in the code that print the "PreDataString" >>which is where this text is put. After writing it (once) it forks off a >>pipe to print the message body, then prints the "PostDataString". To get >>2 copies of the PreDataString, something somewhere must duplicate it in >>the buffers. > > > >>So there are just those 2 "+"-marked lines to add. >>If this doesn't fix it, then it really is beyond my control. I'm forcing >>it to flush the buffers absolutely everywhere, none of this should be >>needed. > > > Thanks. I'll apply the patch as soon as I get to work. > > cheers, > &rw > -- > -- sometimes transcode changes or adds new > -- features while your are encoding. > -- - Thomas Oestreich > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ak at HOVMARK.DK Wed Mar 16 07:49:52 2005 From: ak at HOVMARK.DK (Anders Kongsted) Date: Thu Jan 12 21:29:04 2006 Subject: Bayes is gone Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Kai, I don't get a score from bayes from that server, but on another server I had installed, I often see ex bayes_99. Here is an example from the server with problems. It is marked as SPAM. **** spam, SpamAssassin (bedommelse=19.44,pakraevet 6, autolearn=spam, DEAR_FRIEND 0.77,DNS_FROM_RFC_ABUSE 0.37, FORGED_MUA_OUTLOOK 3.04,FORGED_YAHOO_RCVD 2.17, MIME_BOUND_DD_DIGITS 4.23,MIME_MISSING_BOUNDARY 0.25, MISSING_MIMEOLE 0.00,MSGID_SPAM_CAPS 3.22, RCVD_HELO_IP_MISMATCH 0.62,RCVD_IN_BL_SPAMCOP_NET 1.83, RCVD_IN_SBL 1.05,RCVD_NUMERIC_HELO 1.53, X_MSMAIL_PRIORITY_HIGH 0.27,X_PRIORITY_HIGH 0.09) **** And from another mail there is NOT marked as SPAM **** ikke spam, SpamAssassin (bedommelse=0.528,pakraevet 6, AWL -0.32, EXTRA_MPART_TYPE 0.22, HTML_90_100 0.19,HTML_MESSAGE 0.00, PLING_PLING 0.43) **** Does Bayes put anything in the test??? Kai Schaetzl wrote: Anders Kongsted wrote on Tue, 15 Mar 2005 14:21:22 +0100: I still don't get any score from Bayes (ex. bayes_50)... Any ideas why? No, you were getting BAYES_60 as you recently posted. You may expect other Bayes figures for your messages, but this is another matter. From what you posted until now it looks like your Bayes is working. Kai ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bg.mahesh at INDIAINFO.COM Wed Mar 16 08:48:55 2005 From: bg.mahesh at INDIAINFO.COM (BG Mahesh) Date: Thu Jan 12 21:29:04 2006 Subject: W32.Netsky.P@mm!enc not being detected Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] hi I am using the following setup, Redhat Linux Sendmail 8.12.10 MailScanner 4.39.5-1 ClamAV 0.83 SA 3.0.2 Since few hours all emails that are infected with W32.Netsky.P@mm!enc are landing in our mailbox. freshclam.log looks normal to me. How do I solve this problem? -- B.G. Mahesh bg.mahesh@indiainfo.com http://www.indiainfo.com/ -- ______________________________________________ IndiaInfo Mail - the free e-mail service with a difference! www.indiainfo.com Check out our value-added Premium features, such as an extra 20MB for mail storage, POP3, e-mail forwarding, and ads-free mailboxes! Powered by Outblaze ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Mar 16 08:52:36 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:04 2006 Subject: Problem with MailScanner, postfix and corrupt mails Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks for the offer, but I've got plenty of machines which don't show the problem :-) You are running the same configuration as my new test server, and I can't reproduce it either. Thanks anyway. Pete Russell wrote: > HI Jules, am using POstfix 2.1.5 on rhel4 - no problems with postfix > whatsoever. Does it help you to have access to my 3 machines (and soon > to be 4) that are running this version to inspect/compare etc? > > PLease let me know, would love to help in anyway i can - just not sure > if i can :) > > Pete > > > > Robert Waldner wrote: > >> On Tue, 15 Mar 2005 17:32:46 GMT, Julian Field writes: >> >>> There is only 1 statement in the code that print the "PreDataString" >>> which is where this text is put. After writing it (once) it forks off a >>> pipe to print the message body, then prints the "PostDataString". To >>> get >>> 2 copies of the PreDataString, something somewhere must duplicate it in >>> the buffers. >> >> >> >> >>> So there are just those 2 "+"-marked lines to add. >>> If this doesn't fix it, then it really is beyond my control. I'm >>> forcing >>> it to flush the buffers absolutely everywhere, none of this should be >>> needed. >> >> >> >> Thanks. I'll apply the patch as soon as I get to work. >> >> cheers, >> &rw >> -- >> -- sometimes transcode changes or adds new >> -- features while your are encoding. >> -- - Thomas Oestreich >> >> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dh at UPTIME.AT Wed Mar 16 09:01:28 2005 From: dh at UPTIME.AT ([ISO-8859-1] David Höhn) Date: Thu Jan 12 21:29:04 2006 Subject: W32.Netsky.P@mm!enc not being detected Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 BG Mahesh wrote: | hi | | I am using the following setup, | | Redhat Linux | Sendmail 8.12.10 | MailScanner 4.39.5-1 | ClamAV 0.83 | SA 3.0.2 | | Since few hours all emails that are infected with W32.Netsky.P@mm!enc are landing in our mailbox. | Install a commercial Virus Scanner. _never_ rely on one scanning engine alone. - -d - -- nee anata wo mitsukete soshite nidoto wasurezu ~ donna ni munega itakutemo soba ni iru no ~ zutto...zutto...zutto Key fingerprint = FD77 F0B7 5C65 F546 EB08 A4EC 3CCA 1A32 7E24 291E -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (Darwin) iD8DBQFCN/XoPMoaMn4kKR4RA9TTAJ9phNW8OqKMo6r5vsQhbhZus25YzgCeJd1i uZ0t5Oi61LcY0A8uCs3dZ20= =CQqW -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bg.mahesh at INDIAINFO.COM Wed Mar 16 09:24:22 2005 From: bg.mahesh at INDIAINFO.COM (BG Mahesh) Date: Thu Jan 12 21:29:04 2006 Subject: W32.Netsky.P@mm!enc not being detected Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > | hi > | > | I am using the following setup, > | > | Redhat Linux > | Sendmail 8.12.10 > | MailScanner 4.39.5-1 > | ClamAV 0.83 > | SA 3.0.2 > | > | Since few hours all emails that are infected with W32.Netsky.P@mm!enc > are landing in our mailbox. > | > Install a commercial Virus Scanner. _never_ rely on one scanning engine > alone. > > - -d AVG from Grisoft.com seems to be most affordable. Will the following combination work well, SA MailScaner AVG Linux Email Server Edition -- B.G. Mahesh bg.mahesh@indiainfo.com http://www.indiainfo.com/ -- ______________________________________________ IndiaInfo Mail - the free e-mail service with a difference! www.indiainfo.com Check out our value-added Premium features, such as an extra 20MB for mail storage, POP3, e-mail forwarding, and ads-free mailboxes! Powered by Outblaze ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Andreas.Doerfler at KEMPTEN.DE Wed Mar 16 09:38:06 2005 From: Andreas.Doerfler at KEMPTEN.DE ([iso-8859-1] Dörfler Andreas) Date: Thu Jan 12 21:29:04 2006 Subject: W32.Netsky.P@mm!enc not being detected Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] use clamav-list for problems with virus detection clamav knows the virus: ClamAV: document.txt .exe contains Worm.SomeFool.P greetings andy --free your mind, use open source http://www.mono-project.com ASCII ribbon campaign ( ) - against HTML email X & vCards / \ > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of BG Mahesh > Sent: Wednesday, March 16, 2005 9:49 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: W32.Netsky.P@mm!enc not being detected > > > hi > > I am using the following setup, > > Redhat Linux > Sendmail 8.12.10 > MailScanner 4.39.5-1 > ClamAV 0.83 > SA 3.0.2 > > Since few hours all emails that are infected with > W32.Netsky.P@mm!enc are landing in our mailbox. > > freshclam.log looks normal to me. > > How do I solve this problem? > -- > B.G. Mahesh > bg.mahesh@indiainfo.com > http://www.indiainfo.com/ > > -- > ______________________________________________ > IndiaInfo Mail - the free e-mail service with a difference! www.indiainfo.com Check out our value-added Premium features, such as an extra 20MB for mail storage, POP3, e-mail forwarding, and ads-free mailboxes! Powered by Outblaze ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Wed Mar 16 09:48:45 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:04 2006 Subject: Bayes is gone Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] So did you determine which bayes db your MailScanner is using? Is it the one in ~root/.bayes? Did you successfully move a copy from one of the working boxes to this one? -- Glenn -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Anders Kongsted Sent: den 16 mars 2005 08:50 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Bayes is gone Hi Kai, I don't get a score from bayes from that server, but on another server I had installed, I often see ex bayes_99. Here is an example from the server with problems. It is marked as SPAM. **** spam, SpamAssassin (bedømmelse=19.44,påkrævet 6, autolearn=spam, DEAR_FRIEND 0.77,DNS_FROM_RFC_ABUSE 0.37, FORGED_MUA_OUTLOOK 3.04,FORGED_YAHOO_RCVD 2.17, MIME_BOUND_DD_DIGITS 4.23,MIME_MISSING_BOUNDARY 0.25, MISSING_MIMEOLE 0.00,MSGID_SPAM_CAPS 3.22, RCVD_HELO_IP_MISMATCH 0.62,RCVD_IN_BL_SPAMCOP_NET 1.83, RCVD_IN_SBL 1.05,RCVD_NUMERIC_HELO 1.53, X_MSMAIL_PRIORITY_HIGH 0.27,X_PRIORITY_HIGH 0.09) **** And from another mail there is NOT marked as SPAM **** ikke spam, SpamAssassin (bedømmelse=0.528,påkrævet 6, AWL -0.32, EXTRA_MPART_TYPE 0.22, HTML_90_100 0.19,HTML_MESSAGE 0.00, PLING_PLING 0.43) **** Does Bayes put anything in the test??? Kai Schaetzl wrote: Anders Kongsted wrote on Tue, 15 Mar 2005 14:21:22 +0100: I still don't get any score from Bayes (ex. bayes_50)... Any ideas why? No, you were getting BAYES_60 as you recently posted. You may expect other Bayes figures for your messages, but this is another matter. From what you posted until now it looks like your Bayes is working. Kai ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ^@ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Wed Mar 16 10:28:42 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:29:04 2006 Subject: W32.Netsky.P@mm!enc not being detected Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Are you a non profit org? Could use antivir if you are, also can use bitdefender and clamav, 2 of those are commercial, you would have 3 scanners, and you will be surprised (as i was) at the variances in detection. Pete BG Mahesh wrote: >>| hi >>| >>| I am using the following setup, >>| >>| Redhat Linux >>| Sendmail 8.12.10 >>| MailScanner 4.39.5-1 >>| ClamAV 0.83 >>| SA 3.0.2 >>| >>| Since few hours all emails that are infected with W32.Netsky.P@mm!enc >> are landing in our mailbox. >>| >>Install a commercial Virus Scanner. _never_ rely on one scanning engine >>alone. >> >>- -d > > > AVG from Grisoft.com seems to be most affordable. Will the following combination work well, > > SA > MailScaner > AVG Linux Email Server Edition > > > > -- > B.G. Mahesh > bg.mahesh@indiainfo.com > http://www.indiainfo.com/ > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Mar 16 10:33:11 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:04 2006 Subject: SA Timeouts Message-ID: hmm ok - makes note of this, explains why this didn't worl very well on my old 600mhz (load av 2) and works just fine on the new 2.8ghz (load ave 0.1 and its doing other stuff as well). -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Julian Field wrote: > No, the MailScanner-driven bayes rebuild in older versions did not lock > out the other child processes successfully. In 4.40.5 this is fixed. > > What you can do is do the rebuild/expiry from a cron job at 3 in the > morning. > > Jim Coates wrote: > >> Julian, >> >> Will doing what Martin suggested help this? >> >> "Sounds like SA is trying to tidy the bayes DB and timing out... >> >> make sure the following is set in MailScanner.conf >> >> # If you are using the Bayesian statistics engine on a busy server, # you >> may well need to force a Bayesian database rebuild and expiry # at >> regular >> intervals. This is measures in seconds. # 1 day = 86400 seconds. # To >> disable this feature set this to 0. Rebuild Bayes Every = 86400 >> >> # The Bayesian database rebuild and expiry may take a 2 or 3 minutes # to >> complete. During this time you can either wait, or simply # disable >> SpamAssassin checks until it has completed. Wait During Bayes Rebuild >> = yes >> >> >> and in spam.assassin.prefs.conf >> >> # MailScanner: When using the scheduled Bayes expiry feature, you >> probably # >> MailScanner: want to turn off auto-expiry as it will rarely complete >> before >> # MailScanner: it is killed for taking too long. You will just end up >> with # >> MailScanner: big bayes_toks.new files wasting space. # >> bayes_auto_expire 0" >> >> >> Thanks, >> Jim Coates >> Laridian, Inc. >> >> -----Original Message----- >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >> Behalf >> Of Julian Field >> Sent: Tuesday, March 15, 2005 12:02 PM >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: SA Timeouts >> >> >> I have hopefully fixed the bayes expiry problems in the latest beta of >> MailScanner. You will have to download and install that for the fix >> for this >> one. Or else put up with it until 1st April, when I will do the next >> stable >> release. >> >> Jim Coates wrote: >> >> >> >>> Julian, >>> >>> They are all "bayes_toks.expire#####" files. >>> >>> Just today, I've had 103 of them (since midnight CST). >>> >>> Jim >>> >>> >>> -----Original Message----- >>> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>> Behalf Of Julian Field >>> Sent: Tuesday, March 15, 2005 11:33 AM >>> To: MAILSCANNER@JISCMAIL.AC.UK >>> Subject: Re: SA Timeouts >>> >>> >>> What are the filenames of a few of them? >>> >>> Jim Coates wrote: >>> >>> >>> >>> >>> >>>> Sure am... >>>> >>>> Jim Coates >>>> >>>> >>>> -----Original Message----- >>>> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>>> Behalf Of Julian Field >>>> Sent: Tuesday, March 15, 2005 10:51 AM >>>> To: MAILSCANNER@JISCMAIL.AC.UK >>>> Subject: Re: SA Timeouts >>>> >>>> >>>> Are you getting loads of stuff left in /root/.spamassassin/bayes* ? >>>> >>>> Jim Coates wrote: >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>>> Hello all; >>>>> >>>>> I recently upgraded SpamAssassin to 3.01 and have started having >>>>> timeout issues. >>>>> >>>>> MailScanner's header report shows "X-MailScanner-SpamCheck: not spam, >>>>> SpamAssassin (timed out)" >>>>> >>>>> I've been watching the CPU and memory utilization and it doesn't seem >>>>> to be that the server is having its resources eaten up, so I'm not >>>>> really sure what's causing it. >>>>> >>>>> I increased the spam check timeouts to 60 (they were 40 by default), >>>>> but that doesn't seem to have corrected the problem. >>>>> >>>>> Any ideas as to what might be causing this? >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>> -- >>>> Julian Field >>>> www.MailScanner.info >>>> MailScanner thanks transtec Computers for their support >>>> Buy the MailScanner book at www.MailScanner.info/store >>>> >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>> >>>> ------------------------ MailScanner list ------------------------ To >>>> unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >>>> mailscanner' in the body of the email. Before posting, read the MAQ >>>> (http://www.mailscanner.biz/maq/) and the archives >>>> (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> ------------------------ MailScanner list ------------------------ To >>>> unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >>>> mailscanner' in the body of the email. Before posting, read the MAQ >>>> (http://www.mailscanner.biz/maq/) and the archives >>>> (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>> -- >>> Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store Professional >>> Support Services at www.MailScanner.biz MailScanner thanks transtec >>> Computers for their support >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> ------------------------ MailScanner list ------------------------ To >>> unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >>> mailscanner' in the body of the email. Before posting, read the MAQ >>> (http://www.mailscanner.biz/maq/) and the archives >>> (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >>> ------------------------ MailScanner list ------------------------ To >>> unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >>> mailscanner' in the body of the email. Before posting, read the MAQ >>> (http://www.mailscanner.biz/maq/) and the archives >>> (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >>> >>> >>> >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store Professional >> Support >> Services at www.MailScanner.biz MailScanner thanks transtec Computers for >> their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> ------------------------ MailScanner list ------------------------ To >> unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave >> mailscanner' in the body of the email. Before posting, read the MAQ >> (http://www.mailscanner.biz/maq/) and the archives >> (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Mar 16 10:42:12 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:04 2006 Subject: Bayes is gone Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Anders Ok, test with the MailScanner SA prefs file... spamassassin -D --lint -p /spam.assassin.pref.conf and see where it thinks the bayes DB should be. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Anders Kongsted wrote: > Hi Kai, > > I don't get a score from bayes from that server, but on another server I > had installed, I often see ex bayes_99. > > Here is an example from the server with problems. It is marked as SPAM. > **** > spam, SpamAssassin (bedømmelse=19.44,påkrævet 6, autolearn=spam, > DEAR_FRIEND 0.77,DNS_FROM_RFC_ABUSE 0.37, FORGED_MUA_OUTLOOK > 3.04,FORGED_YAHOO_RCVD 2.17, MIME_BOUND_DD_DIGITS > 4.23,MIME_MISSING_BOUNDARY 0.25, MISSING_MIMEOLE 0.00,MSGID_SPAM_CAPS > 3.22, RCVD_HELO_IP_MISMATCH 0.62,RCVD_IN_BL_SPAMCOP_NET 1.83, > RCVD_IN_SBL 1.05,RCVD_NUMERIC_HELO 1.53, X_MSMAIL_PRIORITY_HIGH > 0.27,X_PRIORITY_HIGH 0.09) > **** > > And from another mail there is NOT marked as SPAM > **** > ikke spam, SpamAssassin (bedømmelse=0.528,påkrævet 6, AWL -0.32, > EXTRA_MPART_TYPE 0.22, HTML_90_100 0.19,HTML_MESSAGE 0.00, PLING_PLING 0.43) > **** > > Does Bayes put anything in the test??? > > > Kai Schaetzl wrote: > >>Anders Kongsted wrote on Tue, 15 Mar 2005 14:21:22 +0100: >> >> >> >>>I still don't get any score from Bayes (ex. bayes_50)... Any ideas why? >>> >>> >>> >> >>No, you were getting BAYES_60 as you recently posted. You may expect other >>Bayes figures for your messages, but this is another matter. From what you >>posted until now it looks like your Bayes is working. >> >>Kai >> >> >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From housey at SME-ECOM.CO.UK Wed Mar 16 10:50:36 2005 From: housey at SME-ECOM.CO.UK (Paul Houselander) Date: Thu Jan 12 21:29:04 2006 Subject: Dont Scan if from certain IP Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Ive got a server running mailscanner (call it server1) that scans a domain for spam. In Mailscanner.conf I have Use SpamAssassin = %rules-dir%/spam.rules In spam.rules I have To: default no To: *@domain.co.uk yes This server just relays mail onto another server (server2) which also runs Mailscanner. I dont want mail that has been scanned on server 1 to be scanned again on server2 so have Use SpamAssassin = %rules-dir%/spam.rules in MailScanner.conf and To: default no From: 1.2.3.4 AND To: *@domain.co.uk no (where 1.2.3.4 is the ip of server1) To: *@domain.co.uk yes in spam.rules Problem is the mail gets scanned on both, is this the correct way to achieve what im trying to do? Thanks Paul ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Andreas.Doerfler at KEMPTEN.DE Wed Mar 16 10:51:16 2005 From: Andreas.Doerfler at KEMPTEN.DE ([iso-8859-1] Dörfler Andreas) Date: Thu Jan 12 21:29:04 2006 Subject: Dont Scan if from certain IP Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] default must be the last entry, not the first To: *@domain.co.uk yes To: default no greetings andy --free your mind, use open source http://www.mono-project.com ASCII ribbon campaign ( ) - against HTML email X & vCards / \ > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Paul Houselander > Sent: Wednesday, March 16, 2005 11:51 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Dont Scan if from certain IP > > > Hi > > Ive got a server running mailscanner (call it server1) that > scans a domain > for spam. In Mailscanner.conf I have > > Use SpamAssassin = %rules-dir%/spam.rules > > In spam.rules I have > > To: default no > To: *@domain.co.uk yes > > This server just relays mail onto another server (server2) > which also runs > Mailscanner. I dont want mail that has been scanned on server 1 to be > scanned again on server2 so have > > Use SpamAssassin = %rules-dir%/spam.rules in MailScanner.conf > > and > > To: default no > From: 1.2.3.4 AND To: *@domain.co.uk no (where 1.2.3.4 is the > ip of server1) > To: *@domain.co.uk yes > > in spam.rules > > Problem is the mail gets scanned on both, is this the correct > way to achieve > what im trying to do? > > Thanks > > Paul > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Andreas.Doerfler at KEMPTEN.DE Wed Mar 16 10:55:14 2005 From: Andreas.Doerfler at KEMPTEN.DE ([iso-8859-1] Dörfler Andreas) Date: Thu Jan 12 21:29:04 2006 Subject: Dont Scan if from certain IP Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] sorry, forgot: afaik u must configure Spam Checks = %rules-dir%/spam.check.rules Use SpamAssassin only disables spamassassin bot no the spamcheck in general > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Dörfler Andreas > Sent: Wednesday, March 16, 2005 11:51 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Dont Scan if from certain IP > > > default must be the last entry, not the first > > To: *@domain.co.uk yes > To: default no > > greetings > andy > > --free your mind, use open source > http://www.mono-project.com > > ASCII ribbon campaign ( ) > - against HTML email X > & vCards / \ > > > > -----Original Message----- > > From: MailScanner mailing list > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Paul Houselander > > Sent: Wednesday, March 16, 2005 11:51 AM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Dont Scan if from certain IP > > > > > > Hi > > > > Ive got a server running mailscanner (call it server1) that > > scans a domain > > for spam. In Mailscanner.conf I have > > > > Use SpamAssassin = %rules-dir%/spam.rules > > > > In spam.rules I have > > > > To: default no > > To: *@domain.co.uk yes > > > > This server just relays mail onto another server (server2) > > which also runs > > Mailscanner. I dont want mail that has been scanned on > server 1 to be > > scanned again on server2 so have > > > > Use SpamAssassin = %rules-dir%/spam.rules in MailScanner.conf > > > > and > > > > To: default no > > From: 1.2.3.4 AND To: *@domain.co.uk no (where 1.2.3.4 is the > > ip of server1) > > To: *@domain.co.uk yes > > > > in spam.rules > > > > Problem is the mail gets scanned on both, is this the correct > > way to achieve > > what im trying to do? > > > > Thanks > > > > Paul > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From housey at SME-ECOM.CO.UK Wed Mar 16 11:05:37 2005 From: housey at SME-ECOM.CO.UK (Paul Houselander) Date: Thu Jan 12 21:29:04 2006 Subject: Dont Scan if from certain IP Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Its defintly spamassasin which is getting called on both boxes as the X-MailScanner-SpamCheck header has 2 entries. I set up a test box with no mailscanner on it and relayed the mails to it instead and only 1 entry appeared in X-MailScanner-SpamCheck so its the second box which is adding it. Any other ideals? Thanks Paul -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Dörfler Andreas Sent: 16 March 2005 10:55 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Dont Scan if from certain IP sorry, forgot: afaik u must configure Spam Checks = %rules-dir%/spam.check.rules Use SpamAssassin only disables spamassassin bot no the spamcheck in general > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Dörfler Andreas > Sent: Wednesday, March 16, 2005 11:51 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Dont Scan if from certain IP > > > default must be the last entry, not the first > > To: *@domain.co.uk yes > To: default no > > greetings > andy > > --free your mind, use open source > http://www.mono-project.com > > ASCII ribbon campaign ( ) > - against HTML email X > & vCards / \ > > > > -----Original Message----- > > From: MailScanner mailing list > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Paul Houselander > > Sent: Wednesday, March 16, 2005 11:51 AM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Dont Scan if from certain IP > > > > > > Hi > > > > Ive got a server running mailscanner (call it server1) that > > scans a domain > > for spam. In Mailscanner.conf I have > > > > Use SpamAssassin = %rules-dir%/spam.rules > > > > In spam.rules I have > > > > To: default no > > To: *@domain.co.uk yes > > > > This server just relays mail onto another server (server2) > > which also runs > > Mailscanner. I dont want mail that has been scanned on > server 1 to be > > scanned again on server2 so have > > > > Use SpamAssassin = %rules-dir%/spam.rules in MailScanner.conf > > > > and > > > > To: default no > > From: 1.2.3.4 AND To: *@domain.co.uk no (where 1.2.3.4 is the > > ip of server1) > > To: *@domain.co.uk yes > > > > in spam.rules > > > > Problem is the mail gets scanned on both, is this the correct > > way to achieve > > what im trying to do? > > > > Thanks > > > > Paul > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From housey at SME-ECOM.CO.UK Wed Mar 16 11:05:36 2005 From: housey at SME-ECOM.CO.UK (Paul Houselander) Date: Thu Jan 12 21:29:05 2006 Subject: Dont Scan if from certain IP Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Emm Just tried setting the default to the last entry and its still getting scanned twice. I maybe wrong but I thought it didnt matter where the default entry was in the rules file. Cheers Paul -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Dörfler Andreas Sent: 16 March 2005 10:51 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Dont Scan if from certain IP default must be the last entry, not the first To: *@domain.co.uk yes To: default no greetings andy --free your mind, use open source http://www.mono-project.com ASCII ribbon campaign ( ) - against HTML email X & vCards / \ > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Paul Houselander > Sent: Wednesday, March 16, 2005 11:51 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Dont Scan if from certain IP > > > Hi > > Ive got a server running mailscanner (call it server1) that > scans a domain > for spam. In Mailscanner.conf I have > > Use SpamAssassin = %rules-dir%/spam.rules > > In spam.rules I have > > To: default no > To: *@domain.co.uk yes > > This server just relays mail onto another server (server2) > which also runs > Mailscanner. I dont want mail that has been scanned on server 1 to be > scanned again on server2 so have > > Use SpamAssassin = %rules-dir%/spam.rules in MailScanner.conf > > and > > To: default no > From: 1.2.3.4 AND To: *@domain.co.uk no (where 1.2.3.4 is the > ip of server1) > To: *@domain.co.uk yes > > in spam.rules > > Problem is the mail gets scanned on both, is this the correct > way to achieve > what im trying to do? > > Thanks > > Paul > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Wed Mar 16 11:16:22 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:05 2006 Subject: Problem with MailScanner, postfix and corrupt mails Message-ID: Got one friday... They're extremely rare it seems. I noticed something a bit curious about it in the logs: Mar 11 19:25:04 mail postfix/cleanup[9377]: B551923DCC: message-id=<522842524315.TIN93887@ Mar 11 19:25:14 mail MailScanner[5361]: New Batch: Scanning 1 messages, 9167 bytes Mar 11 19:25:16 mail postfix/smtpd[9375]: disconnect from 82-41-95-49.cable.ubr02.dund.blueyonder.co.uk[82.41.95.49] Mar 11 19:25:24 mail MailScanner[5361]: Spam Checks: Found 1 spam messages Mar 11 19:25:24 mail MailScanner[5361]: Virus and Content Scanning: Starting Mar 11 19:25:29 mail MailScanner[5361]: Requeue: to A1CE723DDB Mar 11 19:25:29 mail postfix/qmgr[16986]: A1CE723DDB: from=, size=18870, nrcpt=1 (queue active) Mar 11 19:25:29 mail MailScanner[5361]: Uninfected: Delivered 1 messages Mar 11 19:25:29 mail MailScanner[5361]: Logging message B551923DCC.D5385 to SQL Note the message ID. Perhaps doesn't matter(?). Since it is a spam message, I've got both the mangled A1CE723DDB and the nonmangled (but decoded, since I run MW) B551923DCC.D5385 ... and the SQL/MailWatch logentry for it. If you want it Jules, you can have it (off list). -- Glenn > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field > Sent: den 16 mars 2005 09:53 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Problem with MailScanner, postfix and corrupt mails > > > Thanks for the offer, but I've got plenty of machines which don't show > the problem :-) > You are running the same configuration as my new test server, and I > can't reproduce it either. > > Thanks anyway. > > Pete Russell wrote: > > > HI Jules, am using POstfix 2.1.5 on rhel4 - no problems with postfix > > whatsoever. Does it help you to have access to my 3 > machines (and soon > > to be 4) that are running this version to inspect/compare etc? > > > > PLease let me know, would love to help in anyway i can - > just not sure > > if i can :) > > > > Pete > > > > > > > > Robert Waldner wrote: > > > >> On Tue, 15 Mar 2005 17:32:46 GMT, Julian Field writes: > >> > >>> There is only 1 statement in the code that print the > "PreDataString" > >>> which is where this text is put. After writing it (once) > it forks off a > >>> pipe to print the message body, then prints the > "PostDataString". To > >>> get > >>> 2 copies of the PreDataString, something somewhere must > duplicate it in > >>> the buffers. > >> > >> > >> > >> > >>> So there are just those 2 "+"-marked lines to add. > >>> If this doesn't fix it, then it really is beyond my control. I'm > >>> forcing > >>> it to flush the buffers absolutely everywhere, none of > this should be > >>> needed. > >> > >> > >> > >> Thanks. I'll apply the patch as soon as I get to work. > >> > >> cheers, > >> &rw > >> -- > >> -- sometimes transcode changes or adds new > >> -- features while your are encoding. > >> -- - Thomas Oestreich > >> > >> > >> > >> ------------------------ MailScanner list ------------------------ > >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >> 'leave mailscanner' in the body of the email. > >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> > >> Support MailScanner development - buy the book off the website! > > > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Mar 16 11:17:57 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:05 2006 Subject: Dont Scan if from certain IP Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] the rule file for server 1 should be something like.. To: *@domain.com yes FromOrTo: default no and driven from the Spam Checks option in MailScanner.conf should be fine. For server 2 From: 1.2.3.4 AND To: *@domain.co.uk no To: *@domain.co.uk yes FromOrToTo: default no Again driven from the Spam Checks option. Rule will process th rule file until it reaches a match. Therefore the most retrictive rules need to be placed first in the rule file. So if default is first in the file, that will match and no other checks will be done. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Paul Houselander wrote: > Emm > > Just tried setting the default to the last entry and its still getting > scanned twice. > > I maybe wrong but I thought it didnt matter where the default entry was in > the rules file. > > Cheers > Paul > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Dörfler Andreas > Sent: 16 March 2005 10:51 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Dont Scan if from certain IP > > > default must be the last entry, not the first > > To: *@domain.co.uk yes > To: default no > > greetings > andy > > --free your mind, use open source > http://www.mono-project.com > > ASCII ribbon campaign ( ) > - against HTML email X > & vCards / \ > > > >>-----Original Message----- >>From: MailScanner mailing list >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Paul Houselander >>Sent: Wednesday, March 16, 2005 11:51 AM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Dont Scan if from certain IP >> >> >>Hi >> >>Ive got a server running mailscanner (call it server1) that >>scans a domain >>for spam. In Mailscanner.conf I have >> >>Use SpamAssassin = %rules-dir%/spam.rules >> >>In spam.rules I have >> >>To: default no >>To: *@domain.co.uk yes >> >>This server just relays mail onto another server (server2) >>which also runs >>Mailscanner. I dont want mail that has been scanned on server 1 to be >>scanned again on server2 so have >> >>Use SpamAssassin = %rules-dir%/spam.rules in MailScanner.conf >> >>and >> >>To: default no >>From: 1.2.3.4 AND To: *@domain.co.uk no (where 1.2.3.4 is the >>ip of server1) >>To: *@domain.co.uk yes >> >>in spam.rules >> >>Problem is the mail gets scanned on both, is this the correct >>way to achieve >>what im trying to do? >> >>Thanks >> >>Paul >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Wed Mar 16 11:18:09 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:29:05 2006 Subject: Dont Scan if from certain IP Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Shouldnt this >>To: *@domain.co.uk yes >>To: default no be >>To: *@domain.co.uk yes >>FromOrTo: default no Paul Houselander wrote: > Its defintly spamassasin which is getting called on both boxes as the > X-MailScanner-SpamCheck header has 2 entries. > > I set up a test box with no mailscanner on it and relayed the mails to it > instead and only 1 entry appeared in X-MailScanner-SpamCheck so its the > second box which is adding it. > > Any other ideals? > > Thanks > > Paul > > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Dörfler Andreas > Sent: 16 March 2005 10:55 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Dont Scan if from certain IP > > > sorry, forgot: > afaik u must configure > > Spam Checks = %rules-dir%/spam.check.rules > > Use SpamAssassin only disables spamassassin bot > no the spamcheck in general > > >>-----Original Message----- >>From: MailScanner mailing list >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Dörfler Andreas >>Sent: Wednesday, March 16, 2005 11:51 AM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: Dont Scan if from certain IP >> >> >>default must be the last entry, not the first >> >>To: *@domain.co.uk yes >>To: default no >> >>greetings >>andy >> >>--free your mind, use open source >>http://www.mono-project.com >> >>ASCII ribbon campaign ( ) >> - against HTML email X >> & vCards / \ >> >> >> >>>-----Original Message----- >>>From: MailScanner mailing list >>>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Paul Houselander >>>Sent: Wednesday, March 16, 2005 11:51 AM >>>To: MAILSCANNER@JISCMAIL.AC.UK >>>Subject: Dont Scan if from certain IP >>> >>> >>>Hi >>> >>>Ive got a server running mailscanner (call it server1) that >>>scans a domain >>>for spam. In Mailscanner.conf I have >>> >>>Use SpamAssassin = %rules-dir%/spam.rules >>> >>>In spam.rules I have >>> >>>To: default no >>>To: *@domain.co.uk yes >>> >>>This server just relays mail onto another server (server2) >>>which also runs >>>Mailscanner. I dont want mail that has been scanned on >> >>server 1 to be >> >>>scanned again on server2 so have >>> >>>Use SpamAssassin = %rules-dir%/spam.rules in MailScanner.conf >>> >>>and >>> >>>To: default no >>>From: 1.2.3.4 AND To: *@domain.co.uk no (where 1.2.3.4 is the >>>ip of server1) >>>To: *@domain.co.uk yes >>> >>>in spam.rules >>> >>>Problem is the mail gets scanned on both, is this the correct >>>way to achieve >>>what im trying to do? >>> >>>Thanks >>> >>>Paul >>> >>>------------------------ MailScanner list ------------------------ >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>'leave mailscanner' in the body of the email. >>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>Support MailScanner development - buy the book off the website! >>> >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From tcarstensen at EXITEC.DE Wed Mar 16 11:11:28 2005 From: tcarstensen at EXITEC.DE (Thomas Carstensen) Date: Thu Jan 12 21:29:05 2006 Subject: maximum attachment size ignored Message-ID: hi, i use mailscanner 4.34.8-4 on a rh7.3 system i configured Maximum Message Size = 6291456 --> for 6MB Maximum Attachment Size = 5242880 --> for 5MB after a restart of the mailscanner i can still send attachments larger than 5MB, for testing i send a 15MB attachment, which was still delivered, no hint in the loh. any help? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Mar 16 11:27:00 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:05 2006 Subject: Problem with MailScanner, postfix and corrupt mails Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Steen, Glenn wrote: >Got one friday... They're extremely rare it seems. > >I noticed something a bit curious about it in the logs: > >Mar 11 19:25:04 mail postfix/cleanup[9377]: B551923DCC: >message-id=<522842524315.TIN93887@ >Mar 11 19:25:14 mail MailScanner[5361]: New Batch: Scanning 1 messages, >9167 bytes >Mar 11 19:25:16 mail postfix/smtpd[9375]: disconnect from >82-41-95-49.cable.ubr02.dund.blueyonder.co.uk[82.41.95.49] >Mar 11 19:25:24 mail MailScanner[5361]: Spam Checks: Found 1 spam >messages >Mar 11 19:25:24 mail MailScanner[5361]: Virus and Content Scanning: >Starting >Mar 11 19:25:29 mail MailScanner[5361]: Requeue: to A1CE723DDB >Mar 11 19:25:29 mail postfix/qmgr[16986]: A1CE723DDB: >from=, size=18870, nrcpt=1 (queue active) >Mar 11 19:25:29 mail MailScanner[5361]: Uninfected: Delivered 1 messages >Mar 11 19:25:29 mail MailScanner[5361]: Logging message B551923DCC.D5385 >to SQL > >Note the message ID. Perhaps doesn't matter(?). > > The D5385 on the end is intentional. Postfix re-uses its queue numbers too quickly, so I have to force them to be unique for processing and quarantine purposes. Everyone else just ensures that their queue numbers really are unique, but not Wietse of course.... >Since it is a spam message, I've got both the mangled A1CE723DDB and the >nonmangled (but decoded, since I run MW) B551923DCC.D5385 ... and the >SQL/MailWatch logentry for it. If you want it Jules, you can have it >(off >list). > > Yes, please send it. It will probably look like the others, but I will check anyway. >-- Glenn > > > >>-----Original Message----- >>From: MailScanner mailing list >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>Sent: den 16 mars 2005 09:53 >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: Problem with MailScanner, postfix and corrupt mails >> >> >>Thanks for the offer, but I've got plenty of machines which don't show >>the problem :-) >>You are running the same configuration as my new test server, and I >>can't reproduce it either. >> >>Thanks anyway. >> >>Pete Russell wrote: >> >> >> >>>HI Jules, am using POstfix 2.1.5 on rhel4 - no problems with postfix >>>whatsoever. Does it help you to have access to my 3 >>> >>> >>machines (and soon >> >> >>>to be 4) that are running this version to inspect/compare etc? >>> >>>PLease let me know, would love to help in anyway i can - >>> >>> >>just not sure >> >> >>>if i can :) >>> >>>Pete >>> >>> >>> >>>Robert Waldner wrote: >>> >>> >>> >>>>On Tue, 15 Mar 2005 17:32:46 GMT, Julian Field writes: >>>> >>>> >>>> >>>>>There is only 1 statement in the code that print the >>>>> >>>>> >>"PreDataString" >> >> >>>>>which is where this text is put. After writing it (once) >>>>> >>>>> >>it forks off a >> >> >>>>>pipe to print the message body, then prints the >>>>> >>>>> >>"PostDataString". To >> >> >>>>>get >>>>>2 copies of the PreDataString, something somewhere must >>>>> >>>>> >>duplicate it in >> >> >>>>>the buffers. >>>>> >>>>> >>>> >>>> >>>> >>>> >>>>>So there are just those 2 "+"-marked lines to add. >>>>>If this doesn't fix it, then it really is beyond my control. I'm >>>>>forcing >>>>>it to flush the buffers absolutely everywhere, none of >>>>> >>>>> >>this should be >> >> >>>>>needed. >>>>> >>>>> >>>> >>>>Thanks. I'll apply the patch as soon as I get to work. >>>> >>>>cheers, >>>>&rw >>>>-- >>>>-- sometimes transcode changes or adds new >>>>-- features while your are encoding. >>>>-- - Thomas Oestreich >>>> >>>> >>>> >>>>------------------------ MailScanner list ------------------------ >>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>'leave mailscanner' in the body of the email. >>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>>Support MailScanner development - buy the book off the website! >>>> >>>> >>>------------------------ MailScanner list ------------------------ >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>'leave mailscanner' in the body of the email. >>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>Support MailScanner development - buy the book off the website! >>> >>> >>> >>-- >>Julian Field >>www.MailScanner.info >>MailScanner thanks transtec Computers for their support >>Buy the MailScanner book at www.MailScanner.info/store >> >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Wed Mar 16 11:31:26 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:29:05 2006 Subject: SA Timeouts Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jim Coates wrote on Tue, 15 Mar 2005 17:29:49 -0600: > I have the bayes_auto_expire set to "0" now (no longer commented out). > As Scott suggest, whenever you have a bayes problem one should run the problem command manually to see the actual output. So, do an expire to see if there are any problems. You should stop MS during that time. I don't know why you still get those files although you switched auto-expiry off. I often tend to think that people actually use two SA setups on MS machines and that it's therefore easy to confuse the two and work on the wrong one. That's why I only have one, I'm always sure I work on the one and only ... Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Wed Mar 16 11:31:26 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:29:05 2006 Subject: Abort delivery of mail in customconfig.pm Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ramprasad A Padmanabhan wrote on Wed, 16 Mar 2005 11:40:46 +0530: > Ok Can you tell me how to abort a mail in CustomConfig > No, I'm not familiar with the inner programming of MS or CustomConfig. That's why I pointed to procmail. There is a Delete rule, I suppose you could just use a direct call to that function (whereever it hides) to terminate your processing. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Wed Mar 16 11:31:26 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:29:05 2006 Subject: Bayes is gone Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Anders Kongsted wrote on Wed, 16 Mar 2005 08:49:52 +0100: > Does Bayes put anything in the test??? > No. I remember you presented a scan output to us and that showed BAYES_60. Do I recall this wrong? The obvious way for troubleshooting is to run -D --lint and if you see that Bayes gets used, continue the tests without the lint and actual messages. Remember: you have to *ALWAYS* specify the SA config file that MS uses on the command line, otherwise you will use a *different* configuration. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Wed Mar 16 11:37:54 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:05 2006 Subject: Problem with MailScanner, postfix and corrupt mails Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field > Sent: den 16 mars 2005 12:27 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Problem with MailScanner, postfix and corrupt mails > > > Steen, Glenn wrote: > > >Got one friday... They're extremely rare it seems. > > > >I noticed something a bit curious about it in the logs: > > > >Mar 11 19:25:04 mail postfix/cleanup[9377]: B551923DCC: > >message-id=<522842524315.TIN93887@ > >Mar 11 19:25:14 mail MailScanner[5361]: New Batch: Scanning > 1 messages, > >9167 bytes > >Mar 11 19:25:16 mail postfix/smtpd[9375]: disconnect from > >82-41-95-49.cable.ubr02.dund.blueyonder.co.uk[82.41.95.49] > >Mar 11 19:25:24 mail MailScanner[5361]: Spam Checks: Found 1 spam > >messages > >Mar 11 19:25:24 mail MailScanner[5361]: Virus and Content Scanning: > >Starting > >Mar 11 19:25:29 mail MailScanner[5361]: Requeue: to A1CE723DDB > >Mar 11 19:25:29 mail postfix/qmgr[16986]: A1CE723DDB: > >from=, size=18870, nrcpt=1 > (queue active) > >Mar 11 19:25:29 mail MailScanner[5361]: Uninfected: > Delivered 1 messages > >Mar 11 19:25:29 mail MailScanner[5361]: Logging message > B551923DCC.D5385 > >to SQL > > > >Note the message ID. Perhaps doesn't matter(?). > > > > > The D5385 on the end is intentional. Postfix re-uses its queue numbers > too quickly, so I have to force them to be unique for processing and > quarantine purposes. Everyone else just ensures that their > queue numbers > really are unique, but not Wietse of course.... :-) I should've been more clear... I do know about the queue file ID "qualifier", since I was the one reporting the initial problem....;-) I was rather looking at the mangled/incomplete: message-id=<522842524315.TIN93887@ (as reported by postfix/cleanup) which might perhaps indicate something. Or perhaps not. > > >Since it is a spam message, I've got both the mangled > A1CE723DDB and the > >nonmangled (but decoded, since I run MW) B551923DCC.D5385 ... and the > >SQL/MailWatch logentry for it. If you want it Jules, you can have it > >(off > >list). > > > > > Yes, please send it. It will probably look like the others, but I will > check anyway. Will send as soon as I've gotten some lunch. -- Glenn > > >-- Glenn > > > > > > > >>-----Original Message----- > >>From: MailScanner mailing list > >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field > >>Sent: den 16 mars 2005 09:53 > >>To: MAILSCANNER@JISCMAIL.AC.UK > >>Subject: Re: Problem with MailScanner, postfix and corrupt mails > >> > >> > >>Thanks for the offer, but I've got plenty of machines which > don't show > >>the problem :-) > >>You are running the same configuration as my new test server, and I > >>can't reproduce it either. > >> > >>Thanks anyway. > >> > >>Pete Russell wrote: > >> > >> > >> > >>>HI Jules, am using POstfix 2.1.5 on rhel4 - no problems > with postfix > >>>whatsoever. Does it help you to have access to my 3 > >>> > >>> > >>machines (and soon > >> > >> > >>>to be 4) that are running this version to inspect/compare etc? > >>> > >>>PLease let me know, would love to help in anyway i can - > >>> > >>> > >>just not sure > >> > >> > >>>if i can :) > >>> > >>>Pete > >>> > >>> > >>> > >>>Robert Waldner wrote: > >>> > >>> > >>> > >>>>On Tue, 15 Mar 2005 17:32:46 GMT, Julian Field writes: > >>>> > >>>> > >>>> > >>>>>There is only 1 statement in the code that print the > >>>>> > >>>>> > >>"PreDataString" > >> > >> > >>>>>which is where this text is put. After writing it (once) > >>>>> > >>>>> > >>it forks off a > >> > >> > >>>>>pipe to print the message body, then prints the > >>>>> > >>>>> > >>"PostDataString". To > >> > >> > >>>>>get > >>>>>2 copies of the PreDataString, something somewhere must > >>>>> > >>>>> > >>duplicate it in > >> > >> > >>>>>the buffers. > >>>>> > >>>>> > >>>> > >>>> > >>>> > >>>> > >>>>>So there are just those 2 "+"-marked lines to add. > >>>>>If this doesn't fix it, then it really is beyond my control. I'm > >>>>>forcing > >>>>>it to flush the buffers absolutely everywhere, none of > >>>>> > >>>>> > >>this should be > >> > >> > >>>>>needed. > >>>>> > >>>>> > >>>> > >>>>Thanks. I'll apply the patch as soon as I get to work. > >>>> > >>>>cheers, > >>>>&rw > >>>>-- > >>>>-- sometimes transcode changes or adds new > >>>>-- features while your are encoding. > >>>>-- - Thomas Oestreich > >>>> > >>>> > >>>> > >>>>------------------------ MailScanner list ------------------------ > >>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>>>'leave mailscanner' in the body of the email. > >>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >>>> > >>>>Support MailScanner development - buy the book off the website! > >>>> > >>>> > >>>------------------------ MailScanner list ------------------------ > >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>>'leave mailscanner' in the body of the email. > >>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >>> > >>>Support MailScanner development - buy the book off the website! > >>> > >>> > >>> > >>-- > >>Julian Field > >>www.MailScanner.info > >>MailScanner thanks transtec Computers for their support > >>Buy the MailScanner book at www.MailScanner.info/store > >> > >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >> > >>------------------------ MailScanner list ------------------------ > >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>'leave mailscanner' in the body of the email. > >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> > >>Support MailScanner development - buy the book off the website! > >> > >> > >> > > > >------------------------ MailScanner list ------------------------ > >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >'leave mailscanner' in the body of the email. > >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > >Support MailScanner development - buy the book off the website! > > > > > > > > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Mar 16 11:41:28 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:05 2006 Subject: Abort delivery of mail in customconfig.pm Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Your best bet is to probably just set $message->{deleted} = 1; in your Custom Function. And please accept my apologies for top-posting, I already know I am going to rot in hell :-) Kai Schaetzl wrote: >Ramprasad A Padmanabhan wrote on Wed, 16 Mar 2005 11:40:46 +0530: > > > >>Ok Can you tell me how to abort a mail in CustomConfig >> >> >> > >No, I'm not familiar with the inner programming of MS or CustomConfig. >That's why I pointed to procmail. There is a Delete rule, I suppose you >could just use a direct call to that function (whereever it hides) to >terminate your processing. > >Kai > > > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Wed Mar 16 11:48:00 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:29:05 2006 Subject: Problem with MailScanner, postfix and corrupt mails Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Steen, Glenn said: > I should've been more clear... I do know about the queue file ID > "qualifier", since I was the one reporting the initial problem....;-) > > I was rather looking at the mangled/incomplete: > message-id=<522842524315.TIN93887@ > (as reported by postfix/cleanup) which might perhaps indicate something. > Or perhaps not. Looks more like a broken spambot as the cleanup process is ahead of MailScanner (Hence our other problem with the aliasing of virtual aliases). Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From waldner at WALDNER.PRIV.AT Wed Mar 16 11:49:11 2005 From: waldner at WALDNER.PRIV.AT (Robert Waldner) Date: Thu Jan 12 21:29:05 2006 Subject: Problem with MailScanner, postfix and corrupt mails Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Wed, 16 Mar 2005 07:14:08 +0100, Robert Waldner writes: > >>So there are just those 2 "+"-marked lines to add. >>If this doesn't fix it, then it really is beyond my control. I'm forcing >>it to flush the buffers absolutely everywhere, none of this should be >>needed. >Thanks. I'll apply the patch as soon as I get to work. Didn't help, another mail just got corrupted. A question for the others who see this problem: is one you having this with perl 5.*6*, or are you all on 5.8? When the problem started here in August (didn't notice until shortly ago), it just /might/ have been the same time as the 5.6 -> 5.8 upgrade. If it's only affecting 5.8 I'll invest half a day to rebuild a machine with 5.6 to see if it helps any. cheers, &rw -- -- "I drink until I reboot" -- - Bender ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/PGP-SIGNATURE 196bytes. ] [ Unable to print this part. ] From stef at L5NET.NET Wed Mar 16 12:10:58 2005 From: stef at L5NET.NET (Stef Morrell) Date: Thu Jan 12 21:29:05 2006 Subject: Problem with MailScanner, postfix and corrupt mails Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Robert Waldner > Sent: 16 March 2005 11:49 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Problem with MailScanner, postfix and corrupt mails > > If it's only affecting 5.8 I'll invest half a day to rebuild > a machine with 5.6 to see if it helps any. 5.8.6 Here. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Mar 16 12:14:44 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:05 2006 Subject: Problem with MailScanner, postfix and corrupt mails Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Robert Waldner wrote: >On Wed, 16 Mar 2005 07:14:08 +0100, Robert Waldner writes: > > >> >> >> >>>So there are just those 2 "+"-marked lines to add. >>>If this doesn't fix it, then it really is beyond my control. I'm forcing >>>it to flush the buffers absolutely everywhere, none of this should be >>>needed. >>> >>> > > > >>Thanks. I'll apply the patch as soon as I get to work. >> >> > >Didn't help, another mail just got corrupted. > >A question for the others who see this problem: is one you having this > with perl 5.*6*, or are you all on 5.8? When the problem started here > in August (didn't notice until shortly ago), it just /might/ have been > the same time as the 5.6 -> 5.8 upgrade. >If it's only affecting 5.8 I'll invest half a day to rebuild a machine > with 5.6 to see if it helps any. > > I have just changed the code a bit, in case Perl was mis-parsing it. ---SNIP--- --- Postfix.pm.old 2005-03-15 19:03:33.000000000 +0000 +++ Postfix.pm 2005-03-16 12:12:45.844918032 +0000 @@ -881,6 +881,7 @@ #print STDERR "In PreDataString\n"; # Output all the metadata records up until (& including) the M record. $linenum = 0; + $result = ''; foreach (@{$message->{metadata}}) { /^(.)(.*)$/; ($type, $data) = ($1, $2); @@ -917,10 +918,11 @@ # Store the length of th estring so far as we need to return it $preNlen = length($result); + my $totallines = scalar(@{$message->{metadata}}); # Add the headers - foreach(; $linenum<@{$message->{metadata}}; $linenum++) { - $_ = $message->{metadata}[$linenum]; - /^(.)(.*)$/; + for ($linenum=$linenum; $linenum<$totallines; $linenum++) { + #$_ = $message->{metadata}[$linenum]; + $message->{metadata}[$linenum] =~ /^(.)(.*)$/; ($type, $data) = ($1, $2); #print STDERR "PreData2 Type $type Data $data\n"; last if $type eq 'X'; ---SNIP--- -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Wed Mar 16 12:15:34 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:05 2006 Subject: Problem with MailScanner, postfix and corrupt mails Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Robert Waldner > Sent: den 16 mars 2005 12:49 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Problem with MailScanner, postfix and corrupt mails > > > > On Wed, 16 Mar 2005 07:14:08 +0100, Robert Waldner writes: > > > >>So there are just those 2 "+"-marked lines to add. > >>If this doesn't fix it, then it really is beyond my > control. I'm forcing > >>it to flush the buffers absolutely everywhere, none of this > should be > >>needed. > > >Thanks. I'll apply the patch as soon as I get to work. > > Didn't help, another mail just got corrupted. > > A question for the others who see this problem: is one you > having this > with perl 5.*6*, or are you all on 5.8? When the problem > started here > in August (didn't notice until shortly ago), it just /might/ > have been > the same time as the 5.6 -> 5.8 upgrade. > If it's only affecting 5.8 I'll invest half a day to rebuild a machine > with 5.6 to see if it helps any. 5.8.5 -- Glenn > cheers, > &rw > -- > -- "I drink until I reboot" > -- - Bender > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Wed Mar 16 12:21:43 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:29:05 2006 Subject: notices Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I normally send notices to the administrator (me) in MailScanner only from viruses originated from my internal network, and this works fine. But if I do this, MailWatch don't shows virus statistics with the virus names on it for the viruses sended to my network from outsiders. It only shows "virus". And if I turn on notices for all viruses in MailScanner, MailWatch works fine, but I receive lots of emails with virus warnings that don't have any use for me... Any sugestions on how to solve this problem? Roger Jochem ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Wed Mar 16 12:34:02 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:05 2006 Subject: Bayes is gone Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Kai Schaetzl > Sent: den 16 mars 2005 12:31 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Bayes is gone > > > Anders Kongsted wrote on Wed, 16 Mar 2005 08:49:52 +0100: > > > Does Bayes put anything in the test??? > > > > No. I remember you presented a scan output to us and that > showed BAYES_60. > Do I recall this wrong? I don't think you are Kai (in fact still have that message around, iterpreted it the same). What might be is is Anders runs his MTA as something other than root... eximuser, postfix or whatever... Then MS would default to use that users $HOME/.bayes, not roots. So to "amend" your excellent advice a bit: be sure to run the lint as the user the MTA/MailScanner is running. -- Glenn > The obvious way for troubleshooting is to run -D --lint and > if you see > that Bayes gets used, continue the tests without the lint and actual > messages. Remember: you have to *ALWAYS* specify the SA > config file that > MS uses on the command line, otherwise you will use a *different* > configuration. > > Kai > > -- > Kai Schätzl, Berlin, Germany > Get your web at Conactive Internet Services: http://www.conactive.com > IE-Center: http://ie5.de & http://msie.winware.org > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Wed Mar 16 13:05:23 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:05 2006 Subject: notices Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Roger Jochem > Sent: den 16 mars 2005 13:22 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: notices > > > I normally send notices to the administrator (me) in > MailScanner only from > viruses originated from my internal network, and this works > fine. But if I > do this, MailWatch don't shows virus statistics with the > virus names on it > for the viruses sended to my network from outsiders. It only > shows "virus". > And if I turn on notices for all viruses in MailScanner, > MailWatch works > fine, but I receive lots of emails with virus warnings that > don't have any > use for me... > > Any sugestions on how to solve this problem? Forward notice to a "/dev/null-alias" for all the rest, or set up a junkmail filter for 'em in your MUA. -- Glenn > Roger Jochem > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Wed Mar 16 13:17:45 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:29:05 2006 Subject: notices Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I will try the fist one... Today my ruleset contains only From: 192.168.0. yes Default: no Can I change this to From: 192.168.0. roger@rudnick.com.br Default: /dev/null ? ----- Original Message ----- From: "Steen, Glenn" To: Sent: Wednesday, March 16, 2005 10:05 AM Subject: Re: notices > > -----Original Message----- > > From: MailScanner mailing list > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Roger Jochem > > Sent: den 16 mars 2005 13:22 > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: notices > > > > > > I normally send notices to the administrator (me) in > > MailScanner only from > > viruses originated from my internal network, and this works > > fine. But if I > > do this, MailWatch don't shows virus statistics with the > > virus names on it > > for the viruses sended to my network from outsiders. It only > > shows "virus". > > And if I turn on notices for all viruses in MailScanner, > > MailWatch works > > fine, but I receive lots of emails with virus warnings that > > don't have any > > use for me... > > > > Any sugestions on how to solve this problem? > Forward notice to a "/dev/null-alias" for all the rest, or set up > a junkmail filter for 'em in your MUA. > > -- Glenn > > > Roger Jochem > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Wed Mar 16 13:43:00 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:05 2006 Subject: Problem with MailScanner, postfix and corrupt mails Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field > Sent: den 16 mars 2005 12:27 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Problem with MailScanner, postfix and corrupt mails > > > Steen, Glenn wrote: > > >Got one friday... They're extremely rare it seems. > > > >I noticed something a bit curious about it in the logs: > > > >Mar 11 19:25:04 mail postfix/cleanup[9377]: B551923DCC: > >message-id=<522842524315.TIN93887@ > >Mar 11 19:25:14 mail MailScanner[5361]: New Batch: Scanning > 1 messages, > >9167 bytes > >Mar 11 19:25:16 mail postfix/smtpd[9375]: disconnect from > >82-41-95-49.cable.ubr02.dund.blueyonder.co.uk[82.41.95.49] > >Mar 11 19:25:24 mail MailScanner[5361]: Spam Checks: Found 1 spam > >messages > >Mar 11 19:25:24 mail MailScanner[5361]: Virus and Content Scanning: > >Starting > >Mar 11 19:25:29 mail MailScanner[5361]: Requeue: to A1CE723DDB > >Mar 11 19:25:29 mail postfix/qmgr[16986]: A1CE723DDB: > >from=, size=18870, nrcpt=1 > (queue active) > >Mar 11 19:25:29 mail MailScanner[5361]: Uninfected: > Delivered 1 messages > >Mar 11 19:25:29 mail MailScanner[5361]: Logging message > B551923DCC.D5385 > >to SQL > > > >Note the message ID. Perhaps doesn't matter(?). > > > > > The D5385 on the end is intentional. Postfix re-uses its queue numbers > too quickly, so I have to force them to be unique for processing and > quarantine purposes. Everyone else just ensures that their > queue numbers > really are unique, but not Wietse of course.... > > >Since it is a spam message, I've got both the mangled > A1CE723DDB and the > >nonmangled (but decoded, since I run MW) B551923DCC.D5385 ... and the > >SQL/MailWatch logentry for it. If you want it Jules, you can have it > >(off > >list). > > > > > Yes, please send it. It will probably look like the others, but I will > check anyway. Did you get them OK? Any immediate reflections? -- Glenn > > >-- Glenn > > > > > > > >>-----Original Message----- > >>From: MailScanner mailing list > >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field > >>Sent: den 16 mars 2005 09:53 > >>To: MAILSCANNER@JISCMAIL.AC.UK > >>Subject: Re: Problem with MailScanner, postfix and corrupt mails > >> > >> > >>Thanks for the offer, but I've got plenty of machines which > don't show > >>the problem :-) > >>You are running the same configuration as my new test server, and I > >>can't reproduce it either. > >> > >>Thanks anyway. > >> > >>Pete Russell wrote: > >> > >> > >> > >>>HI Jules, am using POstfix 2.1.5 on rhel4 - no problems > with postfix > >>>whatsoever. Does it help you to have access to my 3 > >>> > >>> > >>machines (and soon > >> > >> > >>>to be 4) that are running this version to inspect/compare etc? > >>> > >>>PLease let me know, would love to help in anyway i can - > >>> > >>> > >>just not sure > >> > >> > >>>if i can :) > >>> > >>>Pete > >>> > >>> > >>> > >>>Robert Waldner wrote: > >>> > >>> > >>> > >>>>On Tue, 15 Mar 2005 17:32:46 GMT, Julian Field writes: > >>>> > >>>> > >>>> > >>>>>There is only 1 statement in the code that print the > >>>>> > >>>>> > >>"PreDataString" > >> > >> > >>>>>which is where this text is put. After writing it (once) > >>>>> > >>>>> > >>it forks off a > >> > >> > >>>>>pipe to print the message body, then prints the > >>>>> > >>>>> > >>"PostDataString". To > >> > >> > >>>>>get > >>>>>2 copies of the PreDataString, something somewhere must > >>>>> > >>>>> > >>duplicate it in > >> > >> > >>>>>the buffers. > >>>>> > >>>>> > >>>> > >>>> > >>>> > >>>> > >>>>>So there are just those 2 "+"-marked lines to add. > >>>>>If this doesn't fix it, then it really is beyond my control. I'm > >>>>>forcing > >>>>>it to flush the buffers absolutely everywhere, none of > >>>>> > >>>>> > >>this should be > >> > >> > >>>>>needed. > >>>>> > >>>>> > >>>> > >>>>Thanks. I'll apply the patch as soon as I get to work. > >>>> > >>>>cheers, > >>>>&rw > >>>>-- > >>>>-- sometimes transcode changes or adds new > >>>>-- features while your are encoding. > >>>>-- - Thomas Oestreich > >>>> > >>>> > >>>> > >>>>------------------------ MailScanner list ------------------------ > >>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>>>'leave mailscanner' in the body of the email. > >>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >>>> > >>>>Support MailScanner development - buy the book off the website! > >>>> > >>>> > >>>------------------------ MailScanner list ------------------------ > >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>>'leave mailscanner' in the body of the email. > >>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >>> > >>>Support MailScanner development - buy the book off the website! > >>> > >>> > >>> > >>-- > >>Julian Field > >>www.MailScanner.info > >>MailScanner thanks transtec Computers for their support > >>Buy the MailScanner book at www.MailScanner.info/store > >> > >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >> > >>------------------------ MailScanner list ------------------------ > >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>'leave mailscanner' in the body of the email. > >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> > >>Support MailScanner development - buy the book off the website! > >> > >> > >> > > > >------------------------ MailScanner list ------------------------ > >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >'leave mailscanner' in the body of the email. > >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > >Support MailScanner development - buy the book off the website! > > > > > > > > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Wed Mar 16 13:39:55 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:05 2006 Subject: notices Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Roger Jochem > Sent: den 16 mars 2005 14:18 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: notices > > > I will try the fist one... > > Today my ruleset contains only > > From: 192.168.0. yes > Default: no You have this on "Send Notices", right? Change this to "yes" instead of the ruleset. > > Can I change this to > > From: 192.168.0. roger@rudnick.com.br > Default: /dev/null Don't think so... You'd need do it like: From: 192.168.0. roger@rudnick.com.br FromOrTo: default devnull@your.dom.ain ... and have this for the "Notices To =" setting... and define an alias like devnull: /dev/null in your MTA. -- Glenn > > ? > > ----- Original Message ----- > From: "Steen, Glenn" > To: > Sent: Wednesday, March 16, 2005 10:05 AM > Subject: Re: notices > > > > > -----Original Message----- > > > From: MailScanner mailing list > > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Roger Jochem > > > Sent: den 16 mars 2005 13:22 > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > Subject: notices > > > > > > > > > I normally send notices to the administrator (me) in > > > MailScanner only from > > > viruses originated from my internal network, and this works > > > fine. But if I > > > do this, MailWatch don't shows virus statistics with the > > > virus names on it > > > for the viruses sended to my network from outsiders. It only > > > shows "virus". > > > And if I turn on notices for all viruses in MailScanner, > > > MailWatch works > > > fine, but I receive lots of emails with virus warnings that > > > don't have any > > > use for me... > > > > > > Any sugestions on how to solve this problem? > > Forward notice to a "/dev/null-alias" for all the rest, or set up > > a junkmail filter for 'em in your MUA. > > > > -- Glenn > > > > > Roger Jochem > > > > > > ------------------------ MailScanner list ------------------------ > > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > > 'leave mailscanner' in the body of the email. > > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Mar 16 14:00:08 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:05 2006 Subject: Problem with MailScanner, postfix and corrupt mails Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Steen, Glenn wrote: >>-----Original Message----- >>From: MailScanner mailing list >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>Sent: den 16 mars 2005 12:27 >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: Problem with MailScanner, postfix and corrupt mails >> >> >>Steen, Glenn wrote: >> >> >> >>>Got one friday... They're extremely rare it seems. >>> >>>I noticed something a bit curious about it in the logs: >>> >>>Mar 11 19:25:04 mail postfix/cleanup[9377]: B551923DCC: >>>message-id=<522842524315.TIN93887@ >>>Mar 11 19:25:14 mail MailScanner[5361]: New Batch: Scanning >>> >>> >>1 messages, >> >> >>>9167 bytes >>>Mar 11 19:25:16 mail postfix/smtpd[9375]: disconnect from >>>82-41-95-49.cable.ubr02.dund.blueyonder.co.uk[82.41.95.49] >>>Mar 11 19:25:24 mail MailScanner[5361]: Spam Checks: Found 1 spam >>>messages >>>Mar 11 19:25:24 mail MailScanner[5361]: Virus and Content Scanning: >>>Starting >>>Mar 11 19:25:29 mail MailScanner[5361]: Requeue: to A1CE723DDB >>>Mar 11 19:25:29 mail postfix/qmgr[16986]: A1CE723DDB: >>>from=, size=18870, nrcpt=1 >>> >>> >>(queue active) >> >> >>>Mar 11 19:25:29 mail MailScanner[5361]: Uninfected: >>> >>> >>Delivered 1 messages >> >> >>>Mar 11 19:25:29 mail MailScanner[5361]: Logging message >>> >>> >>B551923DCC.D5385 >> >> >>>to SQL >>> >>>Note the message ID. Perhaps doesn't matter(?). >>> >>> >>> >>> >>The D5385 on the end is intentional. Postfix re-uses its queue numbers >>too quickly, so I have to force them to be unique for processing and >>quarantine purposes. Everyone else just ensures that their >>queue numbers >>really are unique, but not Wietse of course.... >> >> >> >>>Since it is a spam message, I've got both the mangled >>> >>> >>A1CE723DDB and the >> >> >>>nonmangled (but decoded, since I run MW) B551923DCC.D5385 ... and the >>>SQL/MailWatch logentry for it. If you want it Jules, you can have it >>>(off >>>list). >>> >>> >>> >>> >>Yes, please send it. It will probably look like the others, but I will >>check anyway. >> >> > >Did you get them OK? Any immediate reflections? > > See my posting of about 12:14 or so. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From joey at JOESMITH.NET Wed Mar 16 14:30:59 2005 From: joey at JOESMITH.NET (Joe Smith) Date: Thu Jan 12 21:29:05 2006 Subject: smtp server test? Message-ID: >Date: Tue, 15 Mar 2005 19:13:26 +0000 >From: Julian Field >Subject: Re: smtp server test? > >If you do that, you won't ever get any mail from me for starters. My >outgoing mail handlers don't listen for SMTP from the net as well, that >is handled by other MX servers. I do everything on a scoring basis, so this would just be another score in the pile. Perhaps another function, maybe called ScanMX would look at the domains list of MX servers and nullify or negative score a connection with MX servers listed in the same ip subnets. Mail from billybob@billybob.com from ip 192.168.2.10 no listening smtp server +3.00 ScanMX billybob.com MX1 192.168.2.11 MX2 192.168.2.12 ScanMX result -3.00 or ScanMX billybob.com MX1 10.1.1.2 MX2 10.2.1.1 ScanMX result +3.00 This would also help eliminate those pesky mailservers that bypass MX lookups and go straight to the domain ip. Usually virus or spam. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Wed Mar 16 14:46:11 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:29:05 2006 Subject: 4.40.5: IPBlock 451 versus 550 Message-ID: Julian, Just curious as to why you changed IPBlock from fatal rejections to tmpfail. I've had a couple of spammers pounding on my system with crap that would have ordinarily been booted by IPBlock for good. Now they just keep trying. I've modified my copy of CustomConfig.pm in 4.40.5 to do the 550 rejections again. Jeff Earickson Colby College ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bagt at TVS2NET.CH Wed Mar 16 15:04:18 2005 From: bagt at TVS2NET.CH (Bagt) Date: Thu Jan 12 21:29:05 2006 Subject: Sender Notices Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] a syntax error appears in /var/log/mail Mar 15 21:17:04 MailScanner[28625]: Syntax error in first field in line 2 of ruleset /etc/MailScanner/rules/send.notification.rules Mar 15 21:17:04 MailScanner[28625]: Syntax error in first field in line 3 of ruleset /etc/MailScanner/rules/send.notification.rules send.notification.rules =============== Virus: default no Filename: default yes Dangerous Content: default yes It's a space ou name error in the first field ? > What's wrong with the solution you have come up with? > > Bagt wrote: > >> Hi, >> >> I will notice Mailscanner's administrator for blocked messages, not >> for the >> virus but for only unaccetable attachment and for others infections. >> >> It's possible to write a file's rules like this for "Send Notices" in >> MailScanner.conf : >> >> Virus: default no >> Filename : default yes >> Dangerous Content : yes >> >> Have you an another solution ? >> >> Can you add a configuration option in futur release to separate >> notices ? >> >> Thanks for your response. >> >> Cleo >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rabie at CT.DDSECURITY.CO.ZA Wed Mar 16 14:57:05 2005 From: rabie at CT.DDSECURITY.CO.ZA (Rabie van der Merwe) Date: Thu Jan 12 21:29:05 2006 Subject: Allow mail unscanned from localhost. Message-ID: I did a quick check throught the archives and couldn't find anything persay, so if there is something (please don't shoot:) ) then just point me in the right direction. I have MailScanner with sendmail, and have got MailWatch going as well, however I want to release stuff from the quarantine (anything files, spam etc etc etc) and the way MailWatch is doing it currently is by making a smtp connection to the local smtp server, so MailScanner then scans the mail again. I there somewere in MailScanner that I can set a rule that if from 127.0.0.1 do not scan this message in any way shape or form? I have found in their archives some suggestions, but it somehow breaks MailScanner, and it allows ALL files through the scanner. (They suggested a filetype and filename rule based on the From email address that pointed to a modified filename and type rule file that allowed everything, and then a default which points to normal filetype and name rules) Regards Rabie ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Mar 16 15:17:22 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:05 2006 Subject: Allow mail unscanned from localhost. Message-ID: Rabie in MailScanner.conf make sure the following rule file is defined for the Spam Checks option. Spam Checks = %rules-dir%/spam.rules in the spam.rules file place the following.. From: 127.0.0.1 no FromOrTo: default yes -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Rabie van der Merwe wrote: > I did a quick check throught the archives and couldn't find anything persay, > so if there is something (please don't shoot:) ) then just point me in the > right direction. > > I have MailScanner with sendmail, and have got MailWatch going as well, > however > I want to release stuff from the quarantine (anything files, spam etc etc > etc) > and the way MailWatch is doing it currently is by making a smtp connection > to > the local smtp server, so MailScanner then scans the mail again. > > I there somewere in MailScanner that I can set a rule that if from 127.0.0.1 > do not scan this message in any way shape or form? > > I have found in their archives some suggestions, but it somehow breaks > MailScanner, > and it allows ALL files through the scanner. (They suggested a filetype and > filename > rule based on the From email address that pointed to a modified filename and > type > rule file that allowed everything, and then a default which points to normal > filetype > and name rules) > > Regards > Rabie > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Andreas.Doerfler at KEMPTEN.DE Wed Mar 16 15:29:30 2005 From: Andreas.Doerfler at KEMPTEN.DE ([iso-8859-1] Dörfler Andreas) Date: Thu Jan 12 21:29:05 2006 Subject: Allow mail unscanned from localhost. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Allow IFrame Tags = %rules-dir%/iframe.tags.rules From: 127.0.0.1 yes FromOrTo: default disarm ##### Allow Script Tags = %rules-dir%/script.tags.rules From: 127.0.0.1 yes FromOrTo: default disarm #### Allow Object Codebase Tags = %rules-dir%/codebase.tags.rules From: 127.0.0.1 yes FromOrTo: default disarm #### Filename Rules = %rules-dir%/filename.rules From: 127.0.0.1 /etc/MailScanner/filename.rules.allowall.conf FromOrTo: default /etc/MailScanner/filename.rules.conf # filename.rules.allowall.conf: allow .* - - # filename.rules.conf: default from installation #### Filetype Rules = %rules-dir%/filetype.rules From: 127.0.0.1 /etc/MailScanner/filetype.rules.allowall.conf FromOrTo: default /etc/MailScanner/filetype.rules.conf # filename.rules.allowall.conf: allow .* - - # filetype.rules.conf: default from installation #### Spam Checks = %rules-dir%/spam.check.rules From: 127.0.0.1 no FromOrTo: default yes done it in the past from the list archive, dont know hos the author greetings andy --free your mind, use open source http://www.mono-project.com ASCII ribbon campaign ( ) - against HTML email X & vCards / \ > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Rabie van der Merwe > Sent: Wednesday, March 16, 2005 3:57 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Allow mail unscanned from localhost. > > > I did a quick check throught the archives and couldn't find > anything persay, > so if there is something (please don't shoot:) ) then just > point me in the > right direction. > > I have MailScanner with sendmail, and have got MailWatch > going as well, > however > I want to release stuff from the quarantine (anything files, > spam etc etc > etc) > and the way MailWatch is doing it currently is by making a > smtp connection > to > the local smtp server, so MailScanner then scans the mail again. > > I there somewere in MailScanner that I can set a rule that if > from 127.0.0.1 > do not scan this message in any way shape or form? > > I have found in their archives some suggestions, but it somehow breaks > MailScanner, > and it allows ALL files through the scanner. (They suggested > a filetype and > filename > rule based on the From email address that pointed to a > modified filename and > type > rule file that allowed everything, and then a default which > points to normal > filetype > and name rules) > > Regards > Rabie > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Wed Mar 16 15:34:10 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:05 2006 Subject: Allow mail unscanned from localhost. Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth > Sent: den 16 mars 2005 16:17 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Allow mail unscanned from localhost. > > > Rabie > > in MailScanner.conf make sure the following rule file is > defined for the > Spam Checks option. > > Spam Checks = %rules-dir%/spam.rules > > in the spam.rules file place the following.. > > > From: 127.0.0.1 no > FromOrTo: default yes > Well, that covers spam... Do the same for Virus Scanning = %rules-dir%/virus.rules and have virus.rules look the same as the above... restart MS and you're done. Mind you, that would turn off all scanning for mails originating from localhost... -- Glenn > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Rabie van der Merwe wrote: > > I did a quick check throught the archives and couldn't find > anything persay, > > so if there is something (please don't shoot:) ) then just > point me in the > > right direction. > > > > I have MailScanner with sendmail, and have got MailWatch > going as well, > > however > > I want to release stuff from the quarantine (anything > files, spam etc etc > > etc) > > and the way MailWatch is doing it currently is by making a > smtp connection > > to > > the local smtp server, so MailScanner then scans the mail again. > > > > I there somewere in MailScanner that I can set a rule that > if from 127.0.0.1 > > do not scan this message in any way shape or form? > > > > I have found in their archives some suggestions, but it > somehow breaks > > MailScanner, > > and it allows ALL files through the scanner. (They > suggested a filetype and > > filename > > rule based on the From email address that pointed to a > modified filename and > > type > > rule file that allowed everything, and then a default which > points to normal > > filetype > > and name rules) > > > > Regards > > Rabie > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Wed Mar 16 16:48:43 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:29:05 2006 Subject: notices Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks! I tested it and worked fine!! Regards Roger Jochem ----- Original Message ----- From: "Steen, Glenn" To: Sent: Wednesday, March 16, 2005 10:39 AM Subject: Re: notices > > -----Original Message----- > > From: MailScanner mailing list > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Roger Jochem > > Sent: den 16 mars 2005 14:18 > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: notices > > > > > > I will try the fist one... > > > > Today my ruleset contains only > > > > From: 192.168.0. yes > > Default: no > You have this on "Send Notices", right? > Change this to "yes" instead of the ruleset. > > > > > Can I change this to > > > > From: 192.168.0. roger@rudnick.com.br > > Default: /dev/null > Don't think so... You'd need do it like: > From: 192.168.0. roger@rudnick.com.br > FromOrTo: default devnull@your.dom.ain > > ... and have this for the "Notices To =" setting... > and define an alias like > devnull: /dev/null > in your MTA. > > -- Glenn > > > > ? > > > > ----- Original Message ----- > > From: "Steen, Glenn" > > To: > > Sent: Wednesday, March 16, 2005 10:05 AM > > Subject: Re: notices > > > > > > > > -----Original Message----- > > > > From: MailScanner mailing list > > > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Roger Jochem > > > > Sent: den 16 mars 2005 13:22 > > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > > Subject: notices > > > > > > > > > > > > I normally send notices to the administrator (me) in > > > > MailScanner only from > > > > viruses originated from my internal network, and this works > > > > fine. But if I > > > > do this, MailWatch don't shows virus statistics with the > > > > virus names on it > > > > for the viruses sended to my network from outsiders. It only > > > > shows "virus". > > > > And if I turn on notices for all viruses in MailScanner, > > > > MailWatch works > > > > fine, but I receive lots of emails with virus warnings that > > > > don't have any > > > > use for me... > > > > > > > > Any sugestions on how to solve this problem? > > > Forward notice to a "/dev/null-alias" for all the rest, or set up > > > a junkmail filter for 'em in your MUA. > > > > > > -- Glenn > > > > > > > Roger Jochem > > > > > > > > ------------------------ MailScanner list ------------------------ > > > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > > > 'leave mailscanner' in the body of the email. > > > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > > ------------------------ MailScanner list ------------------------ > > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > > 'leave mailscanner' in the body of the email. > > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > > > Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Mar 16 16:54:13 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:05 2006 Subject: 4.40.5: IPBlock 451 versus 550 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Someone asked me to, on the basis that most spammers don't run real MTA's and therefore won't try again if they get a tmpfail anyway. I will change it back to 550 again, but I might put it in a variable somewhere so it's easier to change. Jeff A. Earickson wrote: > Julian, > > Just curious as to why you changed IPBlock from fatal rejections > to tmpfail. I've had a couple of spammers pounding on my system > with crap that would have ordinarily been booted by IPBlock for > good. Now they just keep trying. I've modified my copy of > CustomConfig.pm in 4.40.5 to do the 550 rejections again. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From waldner at WALDNER.PRIV.AT Wed Mar 16 16:46:19 2005 From: waldner at WALDNER.PRIV.AT (Robert Waldner) Date: Thu Jan 12 21:29:05 2006 Subject: Problem with MailScanner, postfix and corrupt mails Message-ID: On Wed, 16 Mar 2005 12:14:44 GMT, Julian Field writes: >>A question for the others who see this problem: is one you having this >> with perl 5.*6*, or are you all on 5.8? When the problem started here >> in August (didn't notice until shortly ago), it just /might/ have been >> the same time as the 5.6 -> 5.8 upgrade. >>If it's only affecting 5.8 I'll invest half a day to rebuild a machine >> with 5.6 to see if it helps any. >I have just changed the code a bit, in case Perl was mis-parsing it. I applied the patch (thanks, Julian!), but just got another one. If I don't hear about someone having this problem with 5.6, I'll start rebuilding a test-box with that tomorrow. cheers, &rw -- -- Next phase: penalties. How about -- 5 million hand-written apology letters? /. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/PGP-SIGNATURE 196bytes. ] [ Unable to print this part. ] From ak at HOVMARK.DK Wed Mar 16 17:14:52 2005 From: ak at HOVMARK.DK (Anders Kongsted) Date: Thu Jan 12 21:29:05 2006 Subject: SV: Bayes is gone Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] SORRY! (Must be the right word to start with)... I didn't read one of the mails good enough. I did 2 mistakes. 1: I wasn't logged in as postfix (MailScanner runs as postfix) 2: I'm not sure that I used the right config-file to make a "spamassassin -D --lint"... But anyway - now it's working. The BayesDB under Postfix wasn't learned up - it was the wrong BayesDB there was learned up - and wasn't used..... Anyway... Thanks A LOT for helping to anyone! :-) Have a nice day / evening... :-) Anders, Denmark -----Oprindelig meddelelse----- Fra: MailScanner mailing list [mailto:MAILSCANNER@jiscmail.ac.uk] På vegne af Steen, Glenn Sendt: 16. marts 2005 13:34 Til: MAILSCANNER@jiscmail.ac.uk Emne: Re: Bayes is gone > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Kai Schaetzl > Sent: den 16 mars 2005 12:31 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Bayes is gone > > > Anders Kongsted wrote on Wed, 16 Mar 2005 08:49:52 +0100: > > > Does Bayes put anything in the test??? > > > > No. I remember you presented a scan output to us and that > showed BAYES_60. > Do I recall this wrong? I don't think you are Kai (in fact still have that message around, iterpreted it the same). What might be is is Anders runs his MTA as something other than root... eximuser, postfix or whatever... Then MS would default to use that users $HOME/.bayes, not roots. So to "amend" your excellent advice a bit: be sure to run the lint as the user the MTA/MailScanner is running. -- Glenn > The obvious way for troubleshooting is to run -D --lint and > if you see > that Bayes gets used, continue the tests without the lint and actual > messages. Remember: you have to *ALWAYS* specify the SA > config file that > MS uses on the command line, otherwise you will use a *different* > configuration. > > Kai > > -- > Kai Schätzl, Berlin, Germany > Get your web at Conactive Internet Services: http://www.conactive.com > IE-Center: http://ie5.de & http://msie.winware.org > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Mar 16 17:16:12 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:05 2006 Subject: Sender Notices Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] That's not how you do rulesets. You specify a ruleset for each of the configuration options you want fine control over. But several configuration items can use the same ruleset file if you like, so you have multiple options controlled from one file. So for example, in MailScanner.conf put Send Notices = %rules-dir%/send.notices.rules (%rules-dir% is just an abbreviation for whatever value it is set to near the top of MailScanner.conf) Then in the send.notices.rules you might put From: @yourdomain.com yes FromOrTo: default no This would cause notices to be sent about problems in mail from anyone in the yourdomain.com domain, while having a default value of no, hence stopping notices about mail from other places. There are examples of rulesets in the book, the MAQ, the FAQ and the %rules-dir% directory. So instead of having an option that looks like Send Notices = the-value-you-want you can put Send Notices = %rules-dir%/a-filename.rules and then in each line of the a-filename.rules file, From/To/FromOrTo/FromAndTo/Virus address-pattern the-value-you-want and I would advise you to always specify a "default" rule to catch all the mails not caught by any of your other rules: FromOrTo: default the-default-value-you-want Most of the rules use the-value-you-want given in the first rule that matches the email details. So it makes logical sense to put the default rule at the end of the file. But if you are auto-generating the ruleset files from a database or some script you wrote, you might want to put the default rule at the beginning, which is also fine and works the same. The "default" rule is used whenever none of the other rules match, regardless of where it is in the rules file. If a few people want to have a go at writing another "Rules Tutorial", feel free and we will get it into the wiki which is under development. The more docs in there the better! Bagt wrote: > a syntax error appears in /var/log/mail > > Mar 15 21:17:04 MailScanner[28625]: Syntax error in first field in line > 2 of ruleset /etc/MailScanner/rules/send.notification.rules > Mar 15 21:17:04 MailScanner[28625]: Syntax error in first field in line > 3 of ruleset /etc/MailScanner/rules/send.notification.rules > > send.notification.rules > =============== > Virus: default no > Filename: default yes > Dangerous Content: default yes > > It's a space ou name error in the first field ? > >> What's wrong with the solution you have come up with? >> >> Bagt wrote: >> >>> Hi, >>> >>> I will notice Mailscanner's administrator for blocked messages, not >>> for the >>> virus but for only unaccetable attachment and for others infections. >>> >>> It's possible to write a file's rules like this for "Send Notices" in >>> MailScanner.conf : >>> >>> Virus: default no >>> Filename : default yes >>> Dangerous Content : yes >>> >>> Have you an another solution ? >>> >>> Can you add a configuration option in futur release to separate >>> notices ? >>> >>> Thanks for your response. >>> >>> Cleo >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> -- >> Julian Field >> www.MailScanner.info >> MailScanner thanks transtec Computers for their support >> Buy the MailScanner book at www.MailScanner.info/store >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From t.d.lee at DURHAM.AC.UK Wed Mar 16 17:41:25 2005 From: t.d.lee at DURHAM.AC.UK (David Lee) Date: Thu Jan 12 21:29:06 2006 Subject: 4.40.5: IPBlock 451 versus 550 Message-ID: On Wed, 16 Mar 2005, Julian Field wrote: > Jeff A. Earickson wrote: > >> Just curious as to why you changed IPBlock from fatal rejections >> to tmpfail. I've had a couple of spammers pounding on my system >> with crap that would have ordinarily been booted by IPBlock for >> good. Now they just keep trying. I've modified my copy of >> CustomConfig.pm in 4.40.5 to do the 550 rejections again. > > Someone asked me to, on the basis that most spammers don't run real > MTA's and therefore won't try again if they get a tmpfail anyway. > > I will change it back to 550 again, but I might put it in a variable > somewhere so it's easier to change. I note that Mirapoint (www.mirapoint.com) has a feature called MailHurdle which deliberately uses 4xx-like temporary failures to try to stall spammers. The idea seems to be to return a 4xx-like failure to connections from hitherto new/unknown places, and notes that the connection attempt has been made ("if I haven't met you before, then 4xx."). A large proportion of spam engines simply won't bother to retry. By contrast, legitimate email (yes, and some residual spam) would always try again a few minutes later, and so when it does, this time the call is accepted ("I've just met you, so I accept you 200-like"). That "new/unknown places" might be a variety of things (a brief Google didn't reveal too much detail) such as one or a combination of IP-address, envelope-From, envelope-To. (Obviously, some spam engines might be a bit more determined, and might actually obey the 4xx retry, but this "hurdle" idea would at least mean that simple-minded spammers that don't do 4xx subtleties wouldn't bother us again for the time being.) I wonder whether something along the lines of "CustomConfig.pm &IPBlock" might be able to accomplish this? -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : University of Durham : : http://www.dur.ac.uk/t.d.lee/ South Road : : Durham : : Phone: +44 191 334 2752 U.K. : ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Mar 16 18:18:01 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:06 2006 Subject: 4.40.5: IPBlock 451 versus 550 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] David Lee wrote: > On Wed, 16 Mar 2005, Julian Field wrote: > >> Jeff A. Earickson wrote: >> >>> Just curious as to why you changed IPBlock from fatal rejections >>> to tmpfail. I've had a couple of spammers pounding on my system >>> with crap that would have ordinarily been booted by IPBlock for >>> good. Now they just keep trying. I've modified my copy of >>> CustomConfig.pm in 4.40.5 to do the 550 rejections again. >> >> >> Someone asked me to, on the basis that most spammers don't run real >> MTA's and therefore won't try again if they get a tmpfail anyway. >> >> I will change it back to 550 again, but I might put it in a variable >> somewhere so it's easier to change. > > > I note that Mirapoint (www.mirapoint.com) has a feature called MailHurdle > which deliberately uses 4xx-like temporary failures to try to stall > spammers. > > The idea seems to be to return a 4xx-like failure to connections from > hitherto new/unknown places, and notes that the connection attempt has > been made ("if I haven't met you before, then 4xx."). A large proportion > of spam engines simply won't bother to retry. > > By contrast, legitimate email (yes, and some residual spam) would always > try again a few minutes later, and so when it does, this time the call is > accepted ("I've just met you, so I accept you 200-like"). > > That "new/unknown places" might be a variety of things (a brief Google > didn't reveal too much detail) such as one or a combination of > IP-address, > envelope-From, envelope-To. > > (Obviously, some spam engines might be a bit more determined, and might > actually obey the 4xx retry, but this "hurdle" idea would at least mean > that simple-minded spammers that don't do 4xx subtleties wouldn't bother > us again for the time being.) > > I wonder whether something along the lines of "CustomConfig.pm &IPBlock" > might be able to accomplish this? Very interesting idea. I will have a think. Unfortunately I would have to accept the first mail in order for it to get into MailScanner at all. And that may defeat the idea altogether. Any thoughts? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From hermit921 at YAHOO.COM Wed Mar 16 18:21:41 2005 From: hermit921 at YAHOO.COM (hermit921) Date: Thu Jan 12 21:29:06 2006 Subject: 4.40.5: IPBlock 451 versus 550 Message-ID: You can't do this in MailScanner - it needs to be done before the message is accepted by the MTA. People do this in various ways, and most seem to be quite happy with the results. hermit921 At 10:18 AM 3/16/2005, Julian Field wrote: >David Lee wrote: > >>On Wed, 16 Mar 2005, Julian Field wrote: >> >>>Jeff A. Earickson wrote: >>> >>>>Just curious as to why you changed IPBlock from fatal rejections >>>>to tmpfail. I've had a couple of spammers pounding on my system >>>>with crap that would have ordinarily been booted by IPBlock for >>>>good. Now they just keep trying. I've modified my copy of >>>>CustomConfig.pm in 4.40.5 to do the 550 rejections again. >>> >>> >>>Someone asked me to, on the basis that most spammers don't run real >>>MTA's and therefore won't try again if they get a tmpfail anyway. >>> >>>I will change it back to 550 again, but I might put it in a variable >>>somewhere so it's easier to change. >> >> >>I note that Mirapoint (www.mirapoint.com) has a feature called MailHurdle >>which deliberately uses 4xx-like temporary failures to try to stall >>spammers. >> >>The idea seems to be to return a 4xx-like failure to connections from >>hitherto new/unknown places, and notes that the connection attempt has >>been made ("if I haven't met you before, then 4xx."). A large proportion >>of spam engines simply won't bother to retry. >> >>By contrast, legitimate email (yes, and some residual spam) would always >>try again a few minutes later, and so when it does, this time the call is >>accepted ("I've just met you, so I accept you 200-like"). >> >>That "new/unknown places" might be a variety of things (a brief Google >>didn't reveal too much detail) such as one or a combination of >>IP-address, >>envelope-From, envelope-To. >> >>(Obviously, some spam engines might be a bit more determined, and might >>actually obey the 4xx retry, but this "hurdle" idea would at least mean >>that simple-minded spammers that don't do 4xx subtleties wouldn't bother >>us again for the time being.) >> >>I wonder whether something along the lines of "CustomConfig.pm &IPBlock" >>might be able to accomplish this? > >Very interesting idea. I will have a think. Unfortunately I would have >to accept the first mail in order for it to get into MailScanner at all. >And that may defeat the idea altogether. Any thoughts? > >-- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From richard.siddall at ELIRION.NET Wed Mar 16 18:28:08 2005 From: richard.siddall at ELIRION.NET (Richard Siddall) Date: Thu Jan 12 21:29:06 2006 Subject: 4.40.5: IPBlock 451 versus 550 Message-ID: Julian Field wrote: > > Very interesting idea. I will have a think. Unfortunately I would have > to accept the first mail in order for it to get into MailScanner at all. > And that may defeat the idea altogether. Any thoughts? > It sounds much like greylisting in DCC. I think a milter or the equivalent would be more appropriate than handling it in MailScanner. Regards, Richard. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Mar 16 18:30:09 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:06 2006 Subject: Guestbook closed Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have had to close down the Guest Book on www.mailscanner.info due to incessant, relentless spamming. It can still be read, but you can no longer add any comments to it directly. If you want to add a comment, please email it to me and I will temporarily open it and then clean up the mess again afterwards. It's kind of ironic that I have had to do this :-( -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lars+lister.mailscanner at ADVENTURAS.NO Wed Mar 16 19:02:35 2005 From: lars+lister.mailscanner at ADVENTURAS.NO (Lars Kristiansen) Date: Thu Jan 12 21:29:06 2006 Subject: 4.40.5: IPBlock 451 versus 550 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > Julian Field wrote: >> >> Very interesting idea. I will have a think. Unfortunately I would have >> to accept the first mail in order for it to get into MailScanner at all. >> And that may defeat the idea altogether. Any thoughts? >> > > It sounds much like greylisting in DCC. I think a milter or the > equivalent would be more appropriate than handling it in MailScanner. Have seen on other lists that greylisting is not considered to be very polite by some. Especially big isp's can get huge increases in their mailqueues. As far as I understand. Works well for the receiving side at the moment, but may loose its value when some of bigger isp's find out that they have to upgrade their hardware to keep up. Then they may start to stretch the rules of the protocol to countermeasure, has been said. -- Hilsen Lars > > Regards, > > Richard. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From gib at TMISNET.COM Wed Mar 16 19:15:53 2005 From: gib at TMISNET.COM (Gib Gilbertson Jr.) Date: Thu Jan 12 21:29:06 2006 Subject: Guestbook closed Message-ID: Hi Julian. At 06:30 PM 16/03/2005 +0000, you wrote: >I have had to close down the Guest Book on www.mailscanner.info due to >incessant, relentless spamming. > >It can still be read, but you can no longer add any comments to it directly. > >If you want to add a comment, please email it to me and I will >temporarily open it and then clean up the mess again afterwards. > >It's kind of ironic that I have had to do this :-( > >-- Your not alone. I had to delete the one for my domain bacause of this problem. 10 or 15 messages a day about gambling or viagra added to it.. LOL gib Gib Gilbertson Jr. Tierramiga Info Systems 619-287-8647 Support http://www.tmisnet.com San Diego's Friendly ISP ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Wed Mar 16 20:13:32 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:29:06 2006 Subject: postfix - problems with 'subject' Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] This was fixed yesterday by Julian.. Please apply this patch to /usr/lib/MailScanner/MailScanner/Postfix.pm: -----SNIP----- --- Postfix.pm.old 2005-03-12 20:15:18.000000000 +0000 +++ Postfix.pm 2005-03-15 18:58:57.631052633 +0000 @@ -621,7 +627,11 @@ $foundat = -1; while ($pos < @{$message->{metadata}}) { if ($message->{metadata}[$pos] =~ /^N$key/i) { - ($foundat = $pos), next if $foundat == -1; # Skip 1st occurrence + if ($foundat == -1) { # Skip 1st occurrence + $foundat = $pos; + $pos++; + next; + } # We have found the start of 1 occurrence of this header splice @{$message->{metadata}}, $pos, 1; # Delete continuation lines -----SNIP----- - dhawal Craig White wrote: > CentOS 4 > # rpm -q postfix > postfix-2.1.5-2.3.RHEL4.1 > http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/rpm/MailScanner-4.40.5-1.rpm.tar.gz > > if I put in postfix/main.cf > > header_checks = regexp:/etc/postfix/header_checks > and > # tail -n 1 /etc/postfix/header_checks > /^Received:/ HOLD > > it permits MailScanner to operate on incoming mails (moving them from > 'hold' to 'incoming after checking) > > But what I lose is anything that is in the 'Subject' header and it's > making me crazy > > I have set all > > Scanned Modify Subject = no # end > > Virus Modify Subject = no > > Filename Modify Subject = no > > Spam Modify Subject = no > > How do I get it to stop wiping out the subject in the header? > > Craig > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vlad at MAZEK.COM Wed Mar 16 14:46:56 2005 From: vlad at MAZEK.COM (Vlad Mazek) Date: Thu Jan 12 21:29:06 2006 Subject: smtp server test? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] While I agree with the majority of the replies on this thread, our statistics indicate that the majority of dangerous content that gets directly relayed to our servers comes from machines with no reverse dns at all (drop connection) or consumer-grade connections (cable, dsl). Try running statistics on your server to find out exactly where your spam is coming from. On ExchangeDefender, 61.7% of dropped connections came from hosts with no reverse dns, 22.6% came from dialup/cable/dsl. That means that out of all the mail we received, 84.3% was from the people that either shouldn't be running a mail server at all or are hardly competent to even run DNS. Try checking where most your spam comes from before you invest the time to solve the problem that doesn't exist. On my list of priorities for this week is to write filters that quarantine mail from domains that have been registered in the past 7 days. Every week we get a TON of hosts with .biz/.info tld that relay exactly 250 messages each. They never trigger a score high enough for adaptive RBL's to pick them up. -Vlad Mazek ExchangeDefender.com > >This would also help eliminate those pesky mailservers that bypass MX >lookups and go straight to the domain ip. Usually virus or spam. > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dean at SAHRA.ARIZONA.EDU Wed Mar 16 21:01:49 2005 From: dean at SAHRA.ARIZONA.EDU (Dean Jones) Date: Thu Jan 12 21:29:06 2006 Subject: Problem with MailScanner, postfix and corrupt mails Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Robert Waldner wrote: > I applied the patch (thanks, Julian!), but just got another one. > > If I don't hear about someone having this problem with 5.6, I'll start > rebuilding a test-box with that tomorrow. > 5.8.4 here. been runnin 5.8 since i brought this server up. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Wed Mar 16 21:44:42 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:29:06 2006 Subject: Guestbook closed Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Take a bit of effort to do this? So i guess people do spend money on gambling and viagra after see this sp[am? or the spammers would bother? Does anyone have any stats on how successful spam is a money making tool? Gib Gilbertson Jr. wrote: > Hi Julian. > > At 06:30 PM 16/03/2005 +0000, you wrote: > >> I have had to close down the Guest Book on www.mailscanner.info due to >> incessant, relentless spamming. >> >> It can still be read, but you can no longer add any comments to it >> directly. >> >> If you want to add a comment, please email it to me and I will >> temporarily open it and then clean up the mess again afterwards. >> >> It's kind of ironic that I have had to do this :-( >> >> -- > > > Your not alone. I had to delete the one for my domain bacause of this > problem. 10 or 15 messages a day about gambling or viagra added to it.. LOL > > gib > > > > Gib Gilbertson Jr. > Tierramiga Info Systems > 619-287-8647 Support > http://www.tmisnet.com > San Diego's Friendly ISP > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rzewnickie at RFA.ORG Wed Mar 16 22:38:05 2005 From: rzewnickie at RFA.ORG (Eric Dantan Rzewnicki) Date: Thu Jan 12 21:29:06 2006 Subject: sa-learn hangs -- SOLVED Message-ID: On Fri, Mar 11, 2005 at 07:31:29PM -0500, Eric Dantan Rzewnicki wrote: > I've upgraded to spamassassin 3.0.2. I'm using the fsl > spam.assassin.prefs.conf from http://www.fsl.com/support/. > As far as I can tell spamassassin is working well with MailScanner > 4.39.6. > However, trying to run sa-learn to train on spam or ham just hangs. > sa-learn --dump magic -p /opt/MailScanner/etc/spam.assassin.prefs.conf > works fine and shows that the bayes database is growing as it should > through autolearning. > However if I run: > sa-learn --showdots --mbox --ham -p /opt/MailScanner/etc/spam.assassin.prefs.conf > sa-learn just hangs. Same happens for --spam. > strace shows it stuck on a read(0, > Any ideas? Maybe this has been discussed recently and I missed it ... But, in case anyone else comes across this, I had an old sa-learn in /usr/local/bin which comes before the /usr/bin in my PATH. After getting rid of the old one everything is fine. Note: even though the old one was getting called, it was reporting spamassassin version 3.0.2 I guess because it uses the new Mail::SpamAssassin stuff. -- Eric Dantan Rzewnicki | Systems Administrator Technical Operations Division | Radio Free Asia 2025 M Street, NW | Washington, DC 20036 | 202-530-4900 CONFIDENTIAL COMMUNICATION This e-mail message is intended only for the use of the addressee and may contain information that is privileged and confidential. Any unauthorized dissemination, distribution, or copying is strictly prohibited. If you receive this transmission in error, please contact network@rfa.org. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Wed Mar 16 22:45:55 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:29:06 2006 Subject: Guestbook closed Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Peter Russell wrote: > Take a bit of effort to do this? Not really, it's scriptable. > So i guess people do spend money on > gambling and viagra after see this sp[am? or the spammers would bother? Yes, although the effort is so low it only takes 1 buyer to make it worth posting a few hundred thousand ads. And never underestimate the number of stupid people out there who will believe anything they read. After all, look at how successful email viruses are. Even badly written ones manage to get enough people to click the attachment that they propagate. > Does anyone have any stats on how successful spam is a money making tool? > Stats? no. However, there are plenty of interviews in the press with various spammers who are making quite a good profit. Most of these outfits are selling sugar pills in place of real Viagra, so the price paid by the customer is almost pure profit. The big fish like Alan Ralsky turn in quite a significant profit each year. Eddy Marin once claimed a quarter with $750,000 in revenue 80% being profit (that would scale to 2.4 million in profit per year). ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rzewnickie at RFA.ORG Wed Mar 16 22:51:50 2005 From: rzewnickie at RFA.ORG (Eric Dantan Rzewnicki) Date: Thu Jan 12 21:29:06 2006 Subject: sa-learn hangs -- SOLVED Message-ID: On Wed, Mar 16, 2005 at 05:38:05PM -0500, Eric Dantan Rzewnicki wrote: > On Fri, Mar 11, 2005 at 07:31:29PM -0500, Eric Dantan Rzewnicki wrote: > > I've upgraded to spamassassin 3.0.2. I'm using the fsl > > spam.assassin.prefs.conf from http://www.fsl.com/support/. > > As far as I can tell spamassassin is working well with MailScanner > > 4.39.6. > > However, trying to run sa-learn to train on spam or ham just hangs. > > sa-learn --dump magic -p /opt/MailScanner/etc/spam.assassin.prefs.conf > > works fine and shows that the bayes database is growing as it should > Maybe this has been discussed recently and I missed it ... But, in case > anyone else comes across this, I had an old sa-learn in /usr/local/bin > which comes before the /usr/bin in my PATH. After getting rid of the old > one everything is fine. Note: even though the old one was getting > called, it was reporting spamassassin version 3.0.2 I guess because it > uses the new Mail::SpamAssassin stuff. Is there any other residue that might have been left behind in the upgrade from SA 2.64 to 3.0.2 that anyone here has been bitten by? -- Eric Dantan Rzewnicki | Systems Administrator Technical Operations Division | Radio Free Asia 2025 M Street, NW | Washington, DC 20036 | 202-530-4900 CONFIDENTIAL COMMUNICATION This e-mail message is intended only for the use of the addressee and may contain information that is privileged and confidential. Any unauthorized dissemination, distribution, or copying is strictly prohibited. If you receive this transmission in error, please contact network@rfa.org. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Wed Mar 16 22:57:25 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:29:06 2006 Subject: Guestbook closed Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I think your post should be deleted from the archiveds, for tempting us all over to the dark side. :) Just imagine if Jules turned his talents? Work 2 years and retire? Gotta be easier than stopping spam for decades? Matt Kettler wrote: > Peter Russell wrote: > >> Take a bit of effort to do this? > > > Not really, it's scriptable. > >> So i guess people do spend money on >> gambling and viagra after see this sp[am? or the spammers would bother? > > > Yes, although the effort is so low it only takes 1 buyer to make it > worth posting a few hundred thousand ads. > > And never underestimate the number of stupid people out there who will > believe anything they read. After all, look at how successful email > viruses are. Even badly written ones manage to get enough people to > click the attachment that they propagate. > >> Does anyone have any stats on how successful spam is a money making tool? >> > Stats? no. However, there are plenty of interviews in the press with > various spammers who are making quite a good profit. Most of these > outfits are selling sugar pills in place of real Viagra, so the price > paid by the customer is almost pure profit. > > The big fish like Alan Ralsky turn in quite a significant profit each > year. Eddy Marin once claimed a quarter with $750,000 in revenue 80% > being profit (that would scale to 2.4 million in profit per year). > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cmckee at MCKEEIT.COM Thu Mar 17 01:48:06 2005 From: cmckee at MCKEEIT.COM (Courtney McKee) Date: Thu Jan 12 21:29:06 2006 Subject: Releasing from quarantine Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hey all, Been using MailScanner in multiple locations for a while now and I’m very impressed. Recently I started having the following problem at a single location: 1. Spam is tagged and quarantined. 2. Via MailWatch I attempt to release a mis-tagged message. 3. I choose release and SA Learn as Ham --> Submit 4. I get the following error message: Quarantine Command Results Result Messages: SA Learn: Learned from 0 message(s) (1 message(s) examined). Error Messages: Release: error Error: Y MailScanner doesn’t release the email. I’ve checked the mailscanner archives and followed each of the instructions with regard to Bayes files and directory permissions to no avail. I tailed the maillog and messages files and they give no information. I’ve compared mailscanner.conf with other sites and they are exactly the same. I’ve also done the same with the spam.assassin.prefs.conf file to no avail. At the end of my tether here. Should I reinstall? Should I burn the server down? I just had a baby last week and frankly I’m at my wits end. Suggestions? -- Courtney McKee ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Thu Mar 17 02:33:26 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:29:06 2006 Subject: Releasing from quarantine Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] You should check out the mailwatch list. This has been covered before, it is usally a permissions issue on the quarantine dirs. are you sure there isnt a groovier error message, or is that all you get? Courtney McKee wrote: > Hey all, > > Been using MailScanner in multiple locations for a while now and I^Òm > very impressed. Recently I started having the following problem at a > single location: > > 1. Spam is tagged and quarantined. > 2. Via MailWatch I attempt to release a mis-tagged message. > 3. I choose release and SA Learn as Ham --> Submit > 4. I get the following error message: > Quarantine Command Results Result Messages: > SA Learn: Learned from 0 message(s) (1 message(s) examined). > Error Messages: Release: error > Error: Y > > MailScanner doesn^Òt release the email. I^Òve checked the mailscanner > archives and followed each of the instructions with regard to Bayes > files and directory permissions to no avail. I tailed the maillog and > messages files and they give no information. > I^Òve compared mailscanner.conf with other sites and they are exactly > the same. I^Òve also done the same with the spam.assassin.prefs.conf > file to no avail. > At the end of my tether here. Should I reinstall? Should I burn the > server down? I just had a baby last week and frankly I^Òm at my wits > end. Suggestions? > > -- > Courtney McKee > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From james at GRAYONLINE.ID.AU Thu Mar 17 03:28:47 2005 From: james at GRAYONLINE.ID.AU (James Gray) Date: Thu Jan 12 21:29:06 2006 Subject: Message strangeness from ZDnet Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I subscribe to a couple of ZDnet news letters. Unfortunately, they are being screwed up by "something" and I'm pretty sure that "something" is MailScanner. By screwed up I mean this: http://files.grayonline.id.au/screen-shot.png (158Kb) In short - the text for each story has been wiped out :( When I look at the message source, all the story texts have been replaced with either: or The only things MailScanner picked up were a phishing fraud (but that was displayed properly), and something about disarming HTML. Here's what the mail log says (host, process name and PID editted out): Mar 17 13:42:23 New Batch: Scanning 1 messages, 23008 bytes Mar 17 13:42:23 MCP Checks completed at 23008 bytes per second Mar 17 13:42:23 Spam Checks: Starting Mar 17 13:42:23 Message 1DBkxp-0005DE-00 from 210.193.131.43 (newsletters@newsletters.zdnet.com.au) is whitelisted Mar 17 13:42:32 Message 1DBkxp-0005DE-00 from 210.193.131.43 (newsletters@newsletters.zdnet.com.au) to grayonline.id.au is not spam (whitelisted), SpamAssassin (score=-10.663, required 5, autolearn=not spam, AWL 2.86, BAYES_00 -2.60, FROM_ZDNET_AU -15.00, HTML_80_90 0.15, HTML_FONT_BIG 0.14, HTML_FONT_INVISIBLE 0.04, HTML_MESSAGE 0.00, MIME_HTML_ONLY 0.18, URI_PROMO_ADJ 0.61, URI_REDIRECTOR 0.01, URI_SUS_DYNAMIC 2.96) Mar 17 13:42:32 Spam Checks completed at 2556 bytes per second Mar 17 13:42:32 Virus and Content Scanning: Starting Mar 17 13:42:34 Virus Scanning completed at 11504 bytes per second Mar 17 13:42:34 Found phishing fraud from chkpt.zdnet.com claiming to be www.aiia.com.au in 1DBkxp-0005DE-00 Mar 17 13:42:34 Content Checks: Detected and have disarmed HTML message in 1DBkxp-0005DE-00 from newsletters@newsletters.zdnet.com.au Mar 17 13:42:34 Uninfected: Delivered 1 messages Mar 17 13:42:34 Virus Processing completed at 23008 bytes per second Mar 17 13:42:34 Disinfection completed at 23008 bytes per second Mar 17 13:42:34 Batch completed at 2091 bytes per second (23008 / 11) Notice the "Content Checks:" at 13:42:34 - what did it disarm and how do I stop it? I know this will involve a set of rules but which option in MailScanner.conf controls it?? I've added the "chkpt.zdnet.com" to the phishing.safe.sites.conf but I have to wait for the next news letter to see if that fixes anything. All thoughts, observations and suggestions welcome :) Cheers, James -- He had that rare weird electricity about him -- that extremely wild and heavy presence that you only see in a person who has abandoned all hope of ever behaving "normally." -- Hunter S. Thompson, "Fear and Loathing '72" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From krisk at WALFORD.ASN.AU Thu Mar 17 03:44:44 2005 From: krisk at WALFORD.ASN.AU (Kris Kopicki) Date: Thu Jan 12 21:29:06 2006 Subject: Can't set GID Message-ID: Hi, I'm trying to setup MailScanner under Mac OS X 10.3.x Server (ie with postfix). I get the following when running check_mailscanner: ps: illegal option -- f usage: ps [-aChjlmMrSTuvwx] [-O|o fmt] [-p pid] [-t tty] [-U user] [-N system] [-W swap] ps [-L] Starting MailScanner... Can't set GID 27 at /opt/MailScanner/bin/MailScanner line 862. The first message I fixed by adding "Darwin" to the UNAME checks with the same configuration as BSD in check_mailscanner. The second error I'm not sure about. Can't seem to find any info about it. Any ideas would be much appreciated. -------------------------------------- Kris Kopicki Network Manager Walford Anglican School for Girls Inc. 316 Unley Road, Hyde Park SA 5061 Australia Web: http://www.walford.asn.au Phone: 61-8-82726555 Fax: 61-8-82720313 Mobile: 61407790415 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vachanta at GMAIL.COM Thu Mar 17 04:12:50 2005 From: vachanta at GMAIL.COM (Venkata Achanta) Date: Thu Jan 12 21:29:06 2006 Subject: Bayes Poisoning - How to combat ? Message-ID: not spam, SpamAssassin (score=1.891, required 2.5, BAYES_40 -1.10, HTML_10_20 0.25, HTML_MESSAGE 0.00, MIME_HTML_ONLY 0.18, RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK 1.51, URIBL_SBL 1.00) I have a bunch of machines running MS and recently the **untagged** spam rate has gone up on most of the boxes. After some examination, i found that the bayes is getting a negative score in all the spam that is getting through, which is a clear symptom of bayes poison. Apart from -deleting the bayesian DBs everytime and starting over again, -Turning off bayes in spamassassin Is there a better fix for a situation like that ? Thanks much, Venkata Achanta ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Thu Mar 17 04:28:58 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:29:06 2006 Subject: Bayes Poisoning - How to combat ? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Try using some rules from rulesemporium, one of them is this: http://www.rulesemporium.com/rules/70_sare_bayes_poison_nxm.cf You could also setup a spam harvesting site OR some fake email-ids for collecting spam purely for learning and not rely on autolearn=spam. A small bumping up of the SURBL scores will also do wonders, since bayes is no more as effective as it used to be. - dhawal Venkata Achanta wrote: > not spam, SpamAssassin (score=1.891, required 2.5, > BAYES_40 -1.10, HTML_10_20 0.25, HTML_MESSAGE 0.00, > MIME_HTML_ONLY 0.18, RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK 1.51, > URIBL_SBL 1.00) > > I have a bunch of machines running MS and recently the **untagged** spam > rate has gone up on most of the boxes. After some examination, i found that > the bayes is getting a negative score in all the spam that is getting > through, which is a clear symptom of bayes poison. > > Apart from > -deleting the bayesian DBs everytime and starting over again, > -Turning off bayes in spamassassin > > Is there a better fix for a situation like that ? > > Thanks much, > Venkata Achanta ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From erik.myllymaki at aviawest.com Thu Mar 17 05:40:35 2005 From: erik.myllymaki at aviawest.com (Erik Myllymaki) Date: Thu Jan 12 21:29:06 2006 Subject: question about archive format Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] What file format are emails in archived by Mailscanner stored in? Basically I want to use Python to Perl to parse through 6 months worth and send some to a SQL database. Are they a generic mail file that many tools can work with? Thanks ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Mar 17 07:52:20 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:06 2006 Subject: Message strangeness from ZDnet Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] My best guess is that they were either part of a form, or were IFrames. As shipped, MailScanner disarms IFrames (they have been used in *so* many attacks!). You can set more of the "Log" options to "yes" to see more in your logs. The phishing fraud detector did exactly what it was supposed to, and yes you probably should just add chkpt.zdnet.com to your phishing.safe.sites.conf file. James Gray wrote: >I subscribe to a couple of ZDnet news letters. Unfortunately, they are >being screwed up by "something" and I'm pretty sure that "something" is >MailScanner. By screwed up I mean this: >http://files.grayonline.id.au/screen-shot.png (158Kb) > >In short - the text for each story has been wiped out :( When I look at the >message source, all the story texts have been replaced with either: > or > > >The only things MailScanner picked up were a phishing fraud (but that was >displayed properly), and something about disarming HTML. > >Here's what the mail log says (host, process name and PID editted out): >Mar 17 13:42:23 New Batch: Scanning 1 messages, 23008 bytes >Mar 17 13:42:23 MCP Checks completed at 23008 bytes per second >Mar 17 13:42:23 Spam Checks: Starting >Mar 17 13:42:23 Message 1DBkxp-0005DE-00 from 210.193.131.43 > (newsletters@newsletters.zdnet.com.au) is whitelisted >Mar 17 13:42:32 Message 1DBkxp-0005DE-00 from 210.193.131.43 > (newsletters@newsletters.zdnet.com.au) to grayonline.id.au > is not spam (whitelisted), SpamAssassin (score=-10.663, > required 5, autolearn=not spam, AWL 2.86, BAYES_00 -2.60, > FROM_ZDNET_AU -15.00, HTML_80_90 0.15, HTML_FONT_BIG 0.14, > HTML_FONT_INVISIBLE 0.04, HTML_MESSAGE 0.00, MIME_HTML_ONLY > 0.18, URI_PROMO_ADJ 0.61, URI_REDIRECTOR 0.01, > URI_SUS_DYNAMIC 2.96) >Mar 17 13:42:32 Spam Checks completed at 2556 bytes per second >Mar 17 13:42:32 Virus and Content Scanning: Starting >Mar 17 13:42:34 Virus Scanning completed at 11504 bytes per second >Mar 17 13:42:34 Found phishing fraud from chkpt.zdnet.com claiming to be > www.aiia.com.au in 1DBkxp-0005DE-00 >Mar 17 13:42:34 Content Checks: Detected and have disarmed HTML message in > 1DBkxp-0005DE-00 from newsletters@newsletters.zdnet.com.au >Mar 17 13:42:34 Uninfected: Delivered 1 messages >Mar 17 13:42:34 Virus Processing completed at 23008 bytes per second >Mar 17 13:42:34 Disinfection completed at 23008 bytes per second >Mar 17 13:42:34 Batch completed at 2091 bytes per second (23008 / 11) > >Notice the "Content Checks:" at 13:42:34 - what did it disarm and how do I >stop it? I know this will involve a set of rules but which option in >MailScanner.conf controls it?? I've added the "chkpt.zdnet.com" to the >phishing.safe.sites.conf but I have to wait for the next news letter to see >if that fixes anything. > >All thoughts, observations and suggestions welcome :) > >Cheers, > >James >-- >He had that rare weird electricity about him -- that extremely wild and >heavy presence that you only see in a person who has abandoned all hope >of ever behaving "normally." > -- Hunter S. Thompson, "Fear and Loathing '72" > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Mar 17 07:54:14 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:06 2006 Subject: Can't set GID Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I would suggest you either aren't running as root properly (do "sudo su -" and not just "sudo su") or GID 27 doesn't exist in /etc/group. Kris Kopicki wrote: > Hi, > > I'm trying to setup MailScanner under Mac OS X 10.3.x Server (ie with > postfix). I get the following when running check_mailscanner: > > ps: illegal option -- f > usage: ps [-aChjlmMrSTuvwx] [-O|o fmt] [-p pid] [-t tty] [-U user] > [-N system] [-W swap] > ps [-L] > Starting MailScanner... > Can't set GID 27 at /opt/MailScanner/bin/MailScanner line 862. > > The first message I fixed by adding "Darwin" to the UNAME checks with > the same configuration as BSD in check_mailscanner. > > The second error I'm not sure about. Can't seem to find any info about > it. Any ideas would be much appreciated. > > -------------------------------------- > Kris Kopicki > Network Manager > Walford Anglican School for Girls Inc. > 316 Unley Road, Hyde Park > SA 5061 Australia > > Web: http://www.walford.asn.au > Phone: 61-8-82726555 > Fax: 61-8-82720313 > Mobile: 61407790415 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Mar 17 07:55:23 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:06 2006 Subject: question about archive format Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Depending on your MailScanner configuration, they are either raw queue files for your MTA, or the standard RFC/822 format messages. Have a look at one. Erik Myllymaki wrote: > What file format are emails in archived by Mailscanner stored in? > > Basically I want to use Python to Perl to parse through 6 months worth > and send some to a SQL database. Are they a generic mail file that many > tools can work with? > > Thanks > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From krisk at WALFORD.ASN.AU Thu Mar 17 08:19:02 2005 From: krisk at WALFORD.ASN.AU (Kris Kopicki) Date: Thu Jan 12 21:29:06 2006 Subject: Can't set GID Message-ID: You are correct I was using sudo -s. However these still give the same result. Also gid 27 looks fine in /etc/groups to me. My perl is a little rusty, so I'm not entirely sure what that function is doing. Cheers, Kris On 17/03/2005, at 6:24 PM, Julian Field wrote: > I would suggest you either aren't running as root properly (do "sudo su > -" and not just "sudo su") or GID 27 doesn't exist in /etc/group. > > Kris Kopicki wrote: > >> Hi, >> >> I'm trying to setup MailScanner under Mac OS X 10.3.x Server (ie with >> postfix). I get the following when running check_mailscanner: >> >> ps: illegal option -- f >> usage: ps [-aChjlmMrSTuvwx] [-O|o fmt] [-p pid] [-t tty] [-U user] >> [-N system] [-W swap] >> ps [-L] >> Starting MailScanner... >> Can't set GID 27 at /opt/MailScanner/bin/MailScanner line 862. >> >> The first message I fixed by adding "Darwin" to the UNAME checks with >> the same configuration as BSD in check_mailscanner. >> >> The second error I'm not sure about. Can't seem to find any info about >> it. Any ideas would be much appreciated. >> >> -------------------------------------- >> Kris Kopicki >> Network Manager >> Walford Anglican School for Girls Inc. >> 316 Unley Road, Hyde Park >> SA 5061 Australia >> >> Web: http://www.walford.asn.au >> Phone: 61-8-82726555 >> Fax: 61-8-82720313 >> Mobile: 61407790415 >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -------------------------------------- Kris Kopicki Network Manager Walford Anglican School for Girls Inc. 316 Unley Road, Hyde Park SA 5061 Australia Web: http://www.walford.asn.au Phone: 61-8-82726555 Fax: 61-8-82720313 Mobile: 61407790415 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From waldner at WALDNER.PRIV.AT Thu Mar 17 08:42:19 2005 From: waldner at WALDNER.PRIV.AT (Robert Waldner) Date: Thu Jan 12 21:29:06 2006 Subject: Presentation about MailScanner Message-ID: Hi! I'll be giving a talk/presentation about MailScanner at LinuxWochen in Vienna, Austria[0]. If someone here has already done so, and would be willing to share her/ his slides/notes/whatever to help me in preparing, that would be much appreciated. That also goes for reusing a couple pages of the book, if Julian has no objections... 0: http://www.linuxwochen.at/ cheers, &rw -- -- Funny, I thought countries were formed by the biggest warlords eating -- all the smaller warlords until they ran into a warlord they couldn't -- run over, and called the place they met the natural border, while the -- peasants tried to avoid getting killed in the process. Peter Da Silva ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/PGP-SIGNATURE 196bytes. ] [ Unable to print this part. ] From Jan-Peter.Koopmann at SECEIDOS.DE Thu Mar 17 09:14:12 2005 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:29:06 2006 Subject: 4.40.5: IPBlock 451 versus 550 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Wednesday, March 16, 2005 6:41 PM David Lee wrote: > I note that Mirapoint (www.mirapoint.com) has a feature called > MailHurdle which deliberately uses 4xx-like temporary failures to try > to stall spammers. Unless I misunderstand something here this method is calles greylisting and is many things but new. Should be installed on the MTA however and not in MailScanner. There are many guidelines and packages for all important MTAs. It is generally very effective but has a big problem at least for commercial clients: > By contrast, legitimate email (yes, and some residual spam) would > always try again a few minutes later, and so when it does, this time > the call is accepted ("I've just met you, so I accept you 200-like"). The problem is "a few minutes". Depending on how the sending MTA is setup, this can be anything. The default for many MTAs is 15 minutes, but if the Administrator chose 60 minutes etc. this means that the first message will take at least 60 minutes to be delivered. This is not acceptable for most business users I have met. Regards, JP ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From james at grayonline.id.au Thu Mar 17 09:17:21 2005 From: james at grayonline.id.au (James Gray) Date: Thu Jan 12 21:29:06 2006 Subject: Message strangeness from ZDnet Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Thu, 17 Mar 2005 06:52 pm, Julian Field wrote: > My best guess is that they were either part of a form, or were IFrames. > As shipped, MailScanner disarms IFrames (they have been used in *so* > many attacks!). You can set more of the "Log" options to "yes" to see > more in your logs. Agreed - I normally disarm forms, iframes, and block scripts. I've made all of these into rule files, and allowed stuff from ZDnet. I'll see what happens tomorrow. Thanks for the suggestions (I've increased the logging options too). Cheers, James -- One can't proceed from the informal to the formal by formal means. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Mar 17 09:40:02 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:06 2006 Subject: Presentation about MailScanner Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Robert Waldner wrote: >I'll be giving a talk/presentation about MailScanner at LinuxWochen in > Vienna, Austria[0]. > > Yay! >If someone here has already done so, and would be willing to share her/ > his slides/notes/whatever to help me in preparing, that would be much > appreciated. > > You can find my previous presentations at www.sng.ecs.soton.ac.uk/mailscanner/Presentations You are welcome to use whatever you like from there, but I do ask that you keep a MailScanner logo somewhere and give me a credit (end of your talk is fine). >That also goes for reusing a couple pages of the book, if Julian has no > objections... > > That's okay, just so long as there isn't too much lifted from it :-) -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Thu Mar 17 10:18:50 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:06 2006 Subject: Releasing from quarantine Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Peter Russell > Sent: den 17 mars 2005 03:33 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Releasing from quarantine > > > You should check out the mailwatch list. This has been > covered before, > it is usally a permissions issue on the quarantine dirs. > > are you sure there isnt a groovier error message, or is that > all you get? This is a known issue with a known solution;). Search the MailScanner archives for "Problems releasing a message" for the current solution (it's unfortunately not in one message... I'm a "messy thinker", so the solution might look messy:-). The problem is all in MailWath, and has to do with how it interacts with your MTA. Most common with postfix where you require a fully qualified HELO, and the pear Mail::factory("smtp") will default to "localhost". ... This will also happen if you do specify a 'localhost' (used for HELO), but don't qualify the QUARANTINE_FROM_ADDR. Changes needed are: In conf.php: define(QUARANTINE_MAIL_HOST, "mail.example.com"); define(QUARANTINE_MAIL_HELO, "whatever.example.com"); define(QUARANTINE_FROM_ADDR, 'postmaster@example.com'); (QUARANTINE_MAIL_HOST and QUARANTINE_MAIL_HELO can be the same or differ, depending on your needs). in details.php, somewhere near line 271 (or so, I've got other changes too:-)... Just search for "Mail::factory", you'll work it out... Make it look like: // Fix by Glenn Steen, to set an arbitrary smtp host $mail_param = array('host' => QUARANTINE_MAIL_HOST, 'localhost' => QUARANTINE_MAIL_HELO); $body = $mime->get(); $hdrs = $mime->headers($hdrs); $mail =& Mail::factory('smtp',$mail_param); Make sure to undo the autowrapping my MUA is sure to do;). And BTW, why are you working with this with a new kid at home! This should be the fatiguing, but still great "learn to know" stage... Well, my boys are 8 and 10 (years), so I might be remembering only the good things, sort of:-). HtH -- Glenn > > > > > > Courtney McKee wrote: > > Hey all, > > > > Been using MailScanner in multiple locations for a while > now and I'm > > very impressed. Recently I started having the following > problem at a > > single location: > > > > 1. Spam is tagged and quarantined. > > 2. Via MailWatch I attempt to release a mis-tagged message. > > 3. I choose release and SA Learn as Ham --> Submit > > 4. I get the following error message: > > Quarantine Command Results Result Messages: > > SA Learn: Learned from 0 message(s) (1 message(s) examined). > > Error Messages: Release: error > > Error: Y > > > > MailScanner doesn't release the email. I've checked the > mailscanner > > archives and followed each of the instructions with regard to Bayes > > files and directory permissions to no avail. I tailed the > maillog and > > messages files and they give no information. > > I've compared mailscanner.conf with other sites and they > are exactly > > the same. I've also done the same with the > spam.assassin.prefs.conf > > file to no avail. > > At the end of my tether here. Should I reinstall? > Should I burn the > > server down? I just had a baby last week and frankly I'm > at my wits > > end. Suggestions? > > > > -- > > Courtney McKee > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > *Support MailScanner development - buy the book off the website!* > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Thu Mar 17 10:31:25 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:29:06 2006 Subject: Guestbook closed Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Matt Kettler wrote on Wed, 16 Mar 2005 17:45:55 -0500: > Not really, it's scriptable. > And if it's scripted you can combat it. F.i. put one of those "type these numbers as they appear" tests right before the form. Some portal and wiki software offers that already, but I don't know of a guestbook system with this yet. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Thu Mar 17 10:31:25 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:29:06 2006 Subject: Bayes Poisoning - How to combat ? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dhawal Doshy wrote on Thu, 17 Mar 2005 09:58:58 +0530: > since bayes > is no more as effective as it used to be. > Oh, it is. Nearly all of our spam gets "bayes_99ed". It's the single most effective rule. It depends on your bayes db. F.i. ours has tokens back more than 12 months. If you follow the sa-talk list you will also see that there are high doubts that "bayes poison" actually works. If your bayes db fails on many spams than this can have many causes f.i. you didn't learn enough to it recently, or the wrong stuff or you are losing tokens too quickly by expiry or your customers do get a lot of mail which contains tokens which are also in spam or ... "bayes poison" is just the least worse explanation. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Thu Mar 17 10:31:25 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:29:06 2006 Subject: Message strangeness from ZDnet Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] James Gray wrote on Thu, 17 Mar 2005 20:17:21 +1100: > Agreed - I normally disarm forms, iframes, and block scripts. I've made all > of these into rule files, and allowed stuff from ZDnet. I'll see what > happens tomorrow. Thanks for the suggestions (I've increased the logging > options too). > Some companies provide non-HTML newsletters, you could check if zdnet does as well ... Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From waldner at WALDNER.PRIV.AT Thu Mar 17 10:24:00 2005 From: waldner at WALDNER.PRIV.AT (Robert Waldner) Date: Thu Jan 12 21:29:06 2006 Subject: Presentation about MailScanner Message-ID: On Thu, 17 Mar 2005 09:40:02 GMT, Julian Field writes: >>I'll be giving a talk/presentation about MailScanner at LinuxWochen in >> Vienna, Austria[0]. >Yay! ;) >>If someone here has already done so, and would be willing to share her/ >> his slides/notes/whatever to help me in preparing, that would be much >> appreciated. >You can find my previous presentations at >www.sng.ecs.soton.ac.uk/mailscanner/Presentations > >You are welcome to use whatever you like from there, but I do ask that >you keep a MailScanner logo somewhere and give me a credit (end of your >talk is fine). Of course, I mean, since it /is/ a talk about MailScanner in particular, it wouldn't do not giving it (and its main author) due credit. >>That also goes for reusing a couple pages of the book, if Julian has no >> objections... >That's okay, just so long as there isn't too much lifted from it :-) It's mostly about the diagrams. Redoing those completely from scratch would be a royal PITA. Of the rest I'll mostly "borrow" ideas and concepts, doing my own presentations is good practice and the talk's gonna be in german anyway. Thanks Julian! cheers, &rw -- -- Prof: So the American government went to IBM to come up with -- a data encryption standard and they came up with ... -- Student: EBCDIC! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/PGP-SIGNATURE 196bytes. ] [ Unable to print this part. ] From ramprasad at NETCORE.CO.IN Fri Mar 18 06:50:20 2005 From: ramprasad at NETCORE.CO.IN (Ramprasad A Padmanabhan) Date: Thu Jan 12 21:29:06 2006 Subject: Guestbook closed Message-ID: On Thu, 2005-03-17 at 00:00, Julian Field wrote: > I have had to close down the Guest Book on www.mailscanner.info due to > incessant, relentless spamming. > > It can still be read, but you can no longer add any comments to it directly. > > If you want to add a comment, please email it to me and I will > temporarily open it and then clean up the mess again afterwards. > > It's kind of ironic that I have had to do this :-( > Why dont you add an image verification for every post. Atleast spammers can let robots do the spam Rgds Ram ---------------------------------------------------------- Netcore Solutions Pvt. Ltd. Website: http://www.netcore.co.in Spamtraps: http://cleanmail.netcore.co.in/directory.html ---------------------------------------------------------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at ecs.soton.ac.uk Fri Mar 18 11:35:38 2005 From: mailscanner at ecs.soton.ac.uk (mailscanner@ecs.soton.ac.uk) Date: Thu Jan 12 21:29:06 2006 Subject: Test message by Jules Message-ID: This was sent at 11:36 GMT on Friday morning. Please ignore. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rabie at CT.DDSECURITY.CO.ZA Thu Mar 17 12:08:50 2005 From: rabie at CT.DDSECURITY.CO.ZA (Rabie van der Merwe) Date: Thu Jan 12 21:29:06 2006 Subject: Allow mail unscanned from localhost. Message-ID: Thanx too all, it works, herewith all the changes that where required for MailScanner 4.39. Also to make this more foolproof, one could add a 'AND From: quarantine@mydomain.com' to the 'From: 127.0.0.1' (or whatever the email address is of the sender of the quarantine proccess and should do this if you have users on the local box who send mail. Changes to MailScanner.conf: Virus Scanning = %rules-dir%/virus.scan.rules Dangerous Content Scanning = %rules-dir%/dangerous.content.scan.rules Filename Rules = %rules-dir%/filename.rules Filetype Rules = %rules-dir%/filetype.rules Spam Checks = %rules-dir%/spam.check.rules Files: virus.scan.rules: From: 127.0.0.1 no FromOrTo: default yes dangerous.content.scan.rules: From: 127.0.0.1 no FromOrTo: default yes spam.check.rules From: 127.0.0.1 no FromOrTo: default yes filename.rules From: 127.0.0.1 /etc/MailScanner/filename.rules.allowall.conf FromOrTo: default /etc/MailScanner/filename.rules.conf filetype.rules: From: 127.0.0.1 /etc/MailScanner/filetype.rules.allowall.conf FromOrTo: default /etc/MailScanner/filetype.rules.conf filename.rules.allowall.conf: allow .* - - filetype.rules.allowall.conf: allow .* - - Regards Rabie ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Fri Mar 18 09:00:07 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:06 2006 Subject: McAfee users... update now... Message-ID: Just a heads up... As I'm sure most of you already know, there's been a little ... vulnerability ... reported for engine 4320. Alert info: http://xforce.iss.net/xforce/alerts/id/190 http://images.mcafee.com/misc/McAfee_Security_Bulletin_05-march-17.pdf http://us.mcafee.com/root/support.asp?id=4320_faqs What it boils down to is that you need update to 4400 ASAP if you haven't already done so (if you have a "grant number" you can easily do this with a "product upgrade"). Rgrds -- Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From t.d.lee at DURHAM.AC.UK Thu Mar 17 15:05:46 2005 From: t.d.lee at DURHAM.AC.UK (David Lee) Date: Thu Jan 12 21:29:06 2006 Subject: 4.40.5: IPBlock 451 versus 550 Message-ID: On Wed, 16 Mar 2005, Julian Field wrote: > David Lee wrote: > >> [...] >> The idea seems to be to return a 4xx-like failure to connections from >> hitherto new/unknown places, and notes that the connection attempt has >> been made ("if I haven't met you before, then 4xx."). A large proportion >> of spam engines simply won't bother to retry. >> >> By contrast, legitimate email (yes, and some residual spam) would always >> try again a few minutes later, and so when it does, this time the call is >> accepted ("I've just met you, so I accept you 200-like"). >> [...] > > Very interesting idea. I will have a think. Unfortunately I would have > to accept the first mail in order for it to get into MailScanner at all. > And that may defeat the idea altogether. Any thoughts? Of course. (Hits self over the head with clue-stick.) And thanks to a couple of other folk who also kindly showed me the obvious (and to yet others who showed that it might have bad side-effects on some perfectly legitimate sending ISPs). -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : University of Durham : : http://www.dur.ac.uk/t.d.lee/ South Road : : Durham : : Phone: +44 191 334 2752 U.K. : ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Thu Mar 17 11:28:23 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:06 2006 Subject: 4.40.5: IPBlock 451 versus 550 Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Jan-Peter Koopmann > Sent: den 17 mars 2005 10:14 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: 4.40.5: IPBlock 451 versus 550 > > > On Wednesday, March 16, 2005 6:41 PM David Lee wrote: > > > I note that Mirapoint (www.mirapoint.com) has a feature called > > MailHurdle which deliberately uses 4xx-like temporary > failures to try > > to stall spammers. > > Unless I misunderstand something here this method is calles > greylisting and is many things but new. Should be installed > on the MTA however and not in MailScanner. There are many > guidelines and packages for all important MTAs. It is > generally very effective but has a big problem at least for > commercial clients: > > > By contrast, legitimate email (yes, and some residual spam) would > > always try again a few minutes later, and so when it does, this time > > the call is accepted ("I've just met you, so I accept you > 200-like"). > > The problem is "a few minutes". Depending on how the sending > MTA is setup, this can be anything. The default for many MTAs > is 15 minutes, but if the Administrator chose 60 minutes etc. > this means that the first message will take at least 60 > minutes to be delivered. This is not acceptable for most > business users I have met. > > Regards, > JP I suspect the greeting pause feature of sendmail 8.13.1 would have pretty much the same effect, no? As in "countermeasure using the fact that it isn't a real MTA in the other end"... -- Glenn > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cmckee at MCKEEIT.COM Thu Mar 17 17:17:46 2005 From: cmckee at MCKEEIT.COM (Courtney McKee) Date: Thu Jan 12 21:29:06 2006 Subject: Releasing from quarantine Message-ID: Glenn, Thanks so much, but still no joy. I edited both mailwatch files as you suggested and I'm still having the same problems. Is there a command line prompt command I can issue to release mail from the mailscanner spam archive, just to test that I can still release mail from Mailscanner? Is there another avenue of repair that I can attempt? I'm thinking about reinstalling MailWatch, would that be correct? Should I install the MailScanner webmin module and attempt to release from there? At wits end. BTW, I'm doing all of this from home via SSH, so my son Cooper Seamus is sitting on my lap and watching his mom be a frustrated nerd. Thanks, Courtney >> -----Original Message----- >> From: MailScanner mailing list >> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Peter Russell >> Sent: den 17 mars 2005 03:33 >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: Releasing from quarantine >> >> >> You should check out the mailwatch list. This has been >> covered before, >> it is usally a permissions issue on the quarantine dirs. >> >> are you sure there isnt a groovier error message, or is that >> all you get? > > This is a known issue with a known solution;). > > Search the MailScanner archives for "Problems releasing a message" > for the current solution (it's unfortunately not in one message... > I'm a "messy thinker", so the solution might look messy:-). > > The problem is all in MailWath, and has to do with how it interacts > with your MTA. > Most common with postfix where you require a fully qualified HELO, > and the pear Mail::factory("smtp") will default to "localhost". > ... This will also happen if you do specify a 'localhost' (used > for HELO), but don't qualify the QUARANTINE_FROM_ADDR. > > Changes needed are: > In conf.php: > define(QUARANTINE_MAIL_HOST, "mail.example.com"); > define(QUARANTINE_MAIL_HELO, "whatever.example.com"); > define(QUARANTINE_FROM_ADDR, 'postmaster@example.com'); > (QUARANTINE_MAIL_HOST and QUARANTINE_MAIL_HELO can be the same or > differ, depending on your needs). > > in details.php, somewhere near line 271 (or so, I've got other > changes too:-)... Just search for "Mail::factory", you'll work it > out... Make it look like: > // Fix by Glenn Steen, to set an arbitrary smtp host > $mail_param = array('host' => QUARANTINE_MAIL_HOST, 'localhost' => > QUARANTINE_MAIL_HELO); > $body = $mime->get(); > $hdrs = $mime->headers($hdrs); > $mail =& Mail::factory('smtp',$mail_param); > > Make sure to undo the autowrapping my MUA is sure to do;). > > And BTW, why are you working with this with a new kid at home! > This should be the fatiguing, but still great "learn to know" > stage... Well, my boys are 8 and 10 (years), so I might be > remembering only the good things, sort of:-). > > HtH > -- Glenn >> >> >> >> >> >> Courtney McKee wrote: >>> Hey all, >>> >>> Been using MailScanner in multiple locations for a while >> now and I'm >>> very impressed. Recently I started having the following >> problem at a >>> single location: >>> >>> 1. Spam is tagged and quarantined. >>> 2. Via MailWatch I attempt to release a mis-tagged message. >>> 3. I choose release and SA Learn as Ham --> Submit >>> 4. I get the following error message: >>> Quarantine Command Results Result Messages: >>> SA Learn: Learned from 0 message(s) (1 message(s) examined). >>> Error Messages: Release: error >>> Error: Y >>> >>> MailScanner doesn't release the email. I've checked the >> mailscanner >>> archives and followed each of the instructions with regard to Bayes >>> files and directory permissions to no avail. I tailed the >> maillog and >>> messages files and they give no information. >>> I've compared mailscanner.conf with other sites and they >> are exactly >>> the same. I've also done the same with the >> spam.assassin.prefs.conf >>> file to no avail. >>> At the end of my tether here. Should I reinstall? >> Should I burn the >>> server down? I just had a baby last week and frankly I'm >> at my wits >>> end. Suggestions? >>> >>> -- >>> Courtney McKee >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) >>> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> *Support MailScanner development - buy the book off the website!* >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- Courtney McKee McKee IT 406.498.4317 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rakesh at NETCORE.CO.IN Fri Mar 18 06:17:40 2005 From: rakesh at NETCORE.CO.IN (Rakesh) Date: Thu Jan 12 21:29:06 2006 Subject: Message strangeness from ZDnet Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Well just an alert, whitelisting chkpt.zdnet.com in your phishing.safe.sites.conf might be a bit risky. I just came across this link which serves as Open redirector for chkpt.zdnet.com. Just click on the link below to get redirection to the MailScanner site from Zdnet. You can also replace www.mailscanner.info with your favourite site to get the redirection. MailScanner phishing fraud is probably doing the right thing on trapping down this kind of redirector. http://chkpt.zdnet.com/chkpt/wenot/www.mailscanner.info/ Till this redirector is fixed, whitelisting it may be a bit risky. Julian Field wrote: > My best guess is that they were either part of a form, or were IFrames. > As shipped, MailScanner disarms IFrames (they have been used in *so* > many attacks!). You can set more of the "Log" options to "yes" to see > more in your logs. > > The phishing fraud detector did exactly what it was supposed to, and yes > you probably should just add chkpt.zdnet.com to your > phishing.safe.sites.conf file. > > James Gray wrote: > >> I subscribe to a couple of ZDnet news letters. Unfortunately, they are >> being screwed up by "something" and I'm pretty sure that "something" is >> MailScanner. By screwed up I mean this: >> http://files.grayonline.id.au/screen-shot.png (158Kb) >> >> In short - the text for each story has been wiped out :( When I look >> at the >> message source, all the story texts have been replaced with either: >> or >> >> >> The only things MailScanner picked up were a phishing fraud (but that >> was >> displayed properly), and something about disarming HTML. >> >> Mar 17 13:42:34 Found phishing fraud from chkpt.zdnet.com claiming to be >> www.aiia.com.au in 1DBkxp-0005DE-00 >> Mar 17 13:42:34 Content Checks: Detected and have disarmed HTML >> message in >> 1DBkxp-0005DE-00 from >> newsletters@newsletters.zdnet.com.au >> >> Notice the "Content Checks:" at 13:42:34 - what did it disarm and how >> do I >> stop it? I know this will involve a set of rules but which option in >> MailScanner.conf controls it?? I've added the "chkpt.zdnet.com" to the >> phishing.safe.sites.conf but I have to wait for the next news letter >> to see >> if that fixes anything. > -- Regards, Rakesh B. Pal Emergic CleanMail Team. Netcore Solutions Pvt. Ltd. ======================================================================== "First they ignore you. Then they laugh at you. Then they fight you. Then you win." - M. Gandhi ======================================================================== ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Fri Mar 18 08:37:52 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:29:06 2006 Subject: Has the list died? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Is the list still working or is there nothing going on out there?? I think that must be just about 30 hours with out a post! I don't think I've blacklisted it in error! Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Fri Mar 18 12:24:09 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:06 2006 Subject: Releasing from quarantine Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Courtney McKee > Sent: den 17 mars 2005 18:18 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Releasing from quarantine > > > Glenn, > > Thanks so much, but still no joy. I edited both mailwatch > files as you > suggested and I'm still having the same problems. Did you restart httpd after the edit? > Is there a command line prompt command I can issue to > release mail from > the mailscanner spam archive, just to test that I can still > release mail > from Mailscanner? sendmail -t < /path/to/message_file Note that this is _not_ what MailWatch does. > Is there another avenue of repair that I can attempt? I'm > thinking about > reinstalling MailWatch, would that be correct? Should I install the > MailScanner webmin module and attempt to release from there? Well, to determine exactly why this isn't working, you can always "play MTA" with telnet... telnet localhost 25 ehlo localhost mail from: rcpt to: data From: root To: someone Subject: test test . quit .... And of course wait for the return codes from your MTA. Should reveal exactly where your problem is at. Perhaps you have a local firewall (netfilter/iptables) that don't allow smtp on lo? > At wits end. > BTW, I'm doing all of this from home via SSH, so my son > Cooper Seamus is > sitting on my lap and watching his mom be a frustrated nerd. :-). ... Early indoctrination... I like it (as Stalin said)... -- Glenn > Thanks, > Courtney > > > > > >> -----Original Message----- > >> From: MailScanner mailing list > >> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Peter Russell > >> Sent: den 17 mars 2005 03:33 > >> To: MAILSCANNER@JISCMAIL.AC.UK > >> Subject: Re: Releasing from quarantine > >> > >> > >> You should check out the mailwatch list. This has been > >> covered before, > >> it is usally a permissions issue on the quarantine dirs. > >> > >> are you sure there isnt a groovier error message, or is that > >> all you get? > > > > This is a known issue with a known solution;). > > > > Search the MailScanner archives for "Problems releasing a message" > > for the current solution (it's unfortunately not in one message... > > I'm a "messy thinker", so the solution might look messy:-). > > > > The problem is all in MailWath, and has to do with how it interacts > > with your MTA. > > Most common with postfix where you require a fully qualified HELO, > > and the pear Mail::factory("smtp") will default to "localhost". > > ... This will also happen if you do specify a 'localhost' (used > > for HELO), but don't qualify the QUARANTINE_FROM_ADDR. > > > > Changes needed are: > > In conf.php: > > define(QUARANTINE_MAIL_HOST, "mail.example.com"); > > define(QUARANTINE_MAIL_HELO, "whatever.example.com"); > > define(QUARANTINE_FROM_ADDR, 'postmaster@example.com'); > > (QUARANTINE_MAIL_HOST and QUARANTINE_MAIL_HELO can be the same or > > differ, depending on your needs). > > > > in details.php, somewhere near line 271 (or so, I've got other > > changes too:-)... Just search for "Mail::factory", you'll work it > > out... Make it look like: > > // Fix by Glenn Steen, to set an arbitrary smtp host > > $mail_param = array('host' => QUARANTINE_MAIL_HOST, > 'localhost' => > > QUARANTINE_MAIL_HELO); > > $body = $mime->get(); > > $hdrs = $mime->headers($hdrs); > > $mail =& Mail::factory('smtp',$mail_param); > > > > Make sure to undo the autowrapping my MUA is sure to do;). > > > > And BTW, why are you working with this with a new kid at home! > > This should be the fatiguing, but still great "learn to know" > > stage... Well, my boys are 8 and 10 (years), so I might be > > remembering only the good things, sort of:-). > > > > HtH > > -- Glenn > >> > >> > >> > >> > >> > >> Courtney McKee wrote: > >>> Hey all, > >>> > >>> Been using MailScanner in multiple locations for a while > >> now and I'm > >>> very impressed. Recently I started having the following > >> problem at a > >>> single location: > >>> > >>> 1. Spam is tagged and quarantined. > >>> 2. Via MailWatch I attempt to release a mis-tagged message. > >>> 3. I choose release and SA Learn as Ham --> Submit > >>> 4. I get the following error message: > >>> Quarantine Command Results Result Messages: > >>> SA Learn: Learned from 0 message(s) (1 message(s) examined). > >>> Error Messages: Release: error > >>> Error: Y > >>> > >>> MailScanner doesn't release the email. I've checked the > >> mailscanner > >>> archives and followed each of the instructions with > regard to Bayes > >>> files and directory permissions to no avail. I tailed the > >> maillog and > >>> messages files and they give no information. > >>> I've compared mailscanner.conf with other sites and they > >> are exactly > >>> the same. I've also done the same with the > >> spam.assassin.prefs.conf > >>> file to no avail. > >>> At the end of my tether here. Should I reinstall? > >> Should I burn the > >>> server down? I just had a baby last week and frankly I'm > >> at my wits > >>> end. Suggestions? > >>> > >>> -- > >>> Courtney McKee > >>> > >>> ------------------------ MailScanner list ------------------------ > >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>> 'leave mailscanner' in the body of the email. > >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > >>> and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.h> tml). > >>> > >>> > *Support MailScanner development - buy the > book off the website!* > >> > >> ------------------------ MailScanner list ------------------------ > >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >> 'leave mailscanner' in the body of the email. > >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> > >> Support MailScanner development - buy the book off the website! > >> > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > -- > Courtney McKee > McKee IT > 406.498.4317 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Mar 18 11:32:16 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:06 2006 Subject: test email Message-ID: I wonder if the list is working yet? -- -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Fri Mar 18 12:29:29 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:06 2006 Subject: Has the list died? Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Drew Marshall > Sent: den 18 mars 2005 09:38 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Has the list died? > > > Is the list still working or is there nothing going on out > there?? I think > that must be just about 30 hours with out a post! I don't think I've > blacklisted it in error! postqueue -p has shown stuff like 451: 4.3.0 Problem running virus-scanner (in reply to end of DATA command)) for approx. that time. Seems to be fixed now. Perhaps a good time for Jules to "make them an offer they cannot refuse":-). It'd be good advertising if the site hosting the list actually used MS... -- Glenn > > Drew > > -- > In line with our policy, this message has > been scanned for viruses and dangerous > content by MailScanner, and is believed to be clean. > www.themarshalls.co.uk/policy > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rabie at CT.DDSECURITY.CO.ZA Fri Mar 18 12:34:54 2005 From: rabie at CT.DDSECURITY.CO.ZA (Rabie van der Merwe) Date: Thu Jan 12 21:29:06 2006 Subject: Has the list died? Message-ID: The list mailservers was dening all messages with a: Deferred: 451 4.3.0 Problem running virus-scanner Regards Rabie -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Drew Marshall Sent: 18 March 2005 10:38 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Has the list died? Is the list still working or is there nothing going on out there?? I think that must be just about 30 hours with out a post! I don't think I've blacklisted it in error! Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Howard at HARPER-ADAMS.AC.UK Thu Mar 17 16:31:19 2005 From: Howard at HARPER-ADAMS.AC.UK (Howard Robinson) Date: Thu Jan 12 21:29:06 2006 Subject: (Fwd) Re: Non nesting rules Message-ID: Apologies to all who tried the whitelisting method detailed below that I so confidently posted to the list. It does not work quite correctly. It was fine when I tested it but the To: entry and the From: entry I used were the first lines!!! I have had reports of emails in the two lists still being marked as spam and after much head scratching I move the entries to part way down the list and it stopped working! I assume there must be a delimiter between entries on the list but so far I've not found it. Archives here I come. ------- Forwarded Message Follows ------- From: Howard Robinson To: MAILSCANNER@JISCMAIL.AC.UK. Subject: Re: Non nesting rules Date sent: Thu, 3 Feb 2005 16:40:00 -0000 Thanks to Julian and several others who replied to this subject earlier in the week. (It may be teaching Grandmothers to suck eggs - that is still legal in the UK- but for newbies and more timid users, like me, it may be useful). The problem was allowing 4 staff to accept email from 60 off campus addresses without being spam checked. I could have added a line for each combination but that would have been hard to maintain - 4*60 = 240 lines at the moment! The solution below means only two lists need amending should more staff or students need adding or the in-decipherable email address on the hand written list given to me need correcting . A stop and restart of mailscanner was necessary. In MaiLScanner.conf Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules In %rules-dir%/spam.whitelist.rules # This is where you can build a Spam WhiteList # Addresses matching in here, with the value # "yes" will never be marked as spam. # Next line is wrapped over two lines in the email but one # in the real file To: /etc/MailScanner/lists/harperstaff and From: /etc/MailScanner/lists/offcampuslist yes FromOrTo: default no In /etc/MailScanner/lists/harperstaff I have 1 address per line harperusera@mydomain harperuserb@mydomain harperuserc@mydomain harperuserd@mydomain in /etc/MailScanner/lists/offcampuslist I have 1 addess per line OffcampususerA@domain1 OffcampususerB@domain1 OffcampususerC@domain2 OffcampususerD@domain123 ...etc I have tried this using a Yahoo account and my harper account as a test and it works fine. Mailwatch shows whitelisted emails in a lovely shade of green.(-; Thanks to Julian et al for a great package By the way got the book and I am finding it useful. Regards Howard Robinson (Senior Technical Development Officer) Harper Adams University College Edgmond Newport Shropshire TF10 8NB UK E-mail: hrobinson@harper-adams.ac.uk Tel. : +44(0)1952 820280 Via switchboard : +44(0)1952 815253 Direct line Fax. : +44(0)1952 814783 College Web site http://www.harper-adams.ac.uk ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jfalgout at OGOV.NET Thu Mar 17 16:00:15 2005 From: jfalgout at OGOV.NET (Jeff Falgout) Date: Thu Jan 12 21:29:06 2006 Subject: How did this spam make it through? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] A user sent me a nasty-spam(tm) that made it through MS (headers below). SA scored it a 24.772, but it was whitelisted. I've searched through all of my whitelists and can find nothing related. What does have me baffled is that the first Received line: Received: from 206.247.49.30 ([219.144.239.84]) by ww11.co.jefferson.co.us (8.13.1/8.13.1) with SMTP id j2HEXJ40003797; 206.247.49.30, which shows up as the hostname for 219.144.239.84 (I believe I'm reading that correctly), is the ip address of the machine ww11.co.jefferson.co.us - the primary MX. Did this spam get whitelisted because it saw it's ip address somewhere in the first Recieved line and thought it came from itself? How can I fix this or is it a new technique? Jeff Return-path: Received: from ww11.co.jefferson.co.us [172.18.2.30] by GC6.jefferson.co.us; Thu, 17 Mar 2005 07:34:17 -0700 Received: from 206.247.49.30 ([219.144.239.84]) by ww11.co.jefferson.co.us (8.13.1/8.13.1) with SMTP id j2HEXJ40003797; Thu, 17 Mar 2005 07:33:37 -0700 Message-Id: <200503171433.j2HEXJ40003797@ww11.co.jefferson.co.us> Received: from [108.94.24.232] by dutiful%DIGITS.beetle.219.144.239.84 via HTTP; Thu, 17 Mar 2005 06:33:39 -0800 Reply-To: "boardermail.com" From: "boardermail.com" To: Subject: Here it is Date: Thu, 17 Mar 2005 06:33:39 -0800 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--3842810193altf8696" X-JeffCo-MailScanner-Information: Please contact the Help Desk for more information X-JeffCo-MailScanner: Found to be clean X-JeffCo-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin (score=24.722, required 4, autolearn=spam, BAYES_50 0.00, DCC_CHECK 2.17, DNS_FROM_RFC_WHOIS 0.30, MSGID_FROM_MTA_HEADER 0.05, MSGID_FROM_MTA_ID 1.72, RCVD_HELO_IP_MISMATCH 2.18, RCVD_IN_BL_SPAMCOP_NET 1.22, RCVD_IN_DSBL 1.00, RCVD_IN_XBL 3.08, RCVD_NUMERIC_HELO 1.25, SOMETHING_FOR_ADULTS 0.01, UNRESOLVED_TEMPLATE 2.87, URIBL_AB_SURBL 0.42, URIBL_OB_SURBL 3.21, URIBL_SBL 1.00, URIBL_SC_SURBL 4.26) X-MailScanner-From: doran@didamail.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From brian.duncan at KMZR.COM Thu Mar 17 15:05:53 2005 From: brian.duncan at KMZR.COM (Duncan, Brian M.) Date: Thu Jan 12 21:29:06 2006 Subject: Spam that puts extra Subject lines in to avoid being quarantined/caught. Message-ID: Trying another time to mail the list about this type of Spamming. We are starting to get allot more of these and I could not find anything in the archives dealing with this. (I looked again) Far down below is the original message I sent the list. Basically what I am seeing is Spammers that put two subject lines into the message. Mailscanner only tags one of them. (99% of these have been ones that fail RBL check) We have rules setup in exchange that, then say if message subject has xxx in it, stick it in their Suspect folder. (Exchange is only paying attention to the LAST subject line in the headers) Anyway to get sendmail/Mailscanner to either cut out multiple subject lines, or to mark ALL of the subject lines in the headers? This is with mailscanner-4.35.11-1 Another example: Received: from everest by nuuk.nshoster.com with local (Exim 4.44)id 1DBgQp-0003Ae-0D; Wed, 16 Mar 2005 16:51:59 -0500 To: info@udnepal.com, richard@rotary1900.org From: fatima@beaconsfield.libdems.org.uk, bobby@studentnet.lv Cc: fatima@beaconsfield.libdems.org.uk REPLY-TO: info@udnepal.com Subject: {FAILED SC} Online Reservation Inquiry submitted by Content-Type: multipart/mixed; boundary=feawnqj Subject: Pharm discount Message-Id: Date: Wed, 16 Mar 2005 16:51:59 -0500 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - nuuk.nshoster.com X-AntiAbuse: Original Domain - kmzr.com X-AntiAbuse: Originator/Caller UID/GID - [32079 32079] / [47 12] X-AntiAbuse: Sender Address Domain - nuuk.nshoster.com X-Source: X-Source-Args: X-Source-Dir: X-KMZR-MailScanner-Information: X-MailScanner-SpamCheck: spam, SpamAssassin (score=9.369, required 7,BAYES_80 2.09, DISGUISE_VIAGRA 1.00, DRUGS_ANXIETY 0.10,DRUGS_ANXIETY_EREC 0.04, DRUGS_ERECTILE 0.22,HEADER_COUNT_CTYPE 1.77, HTML_20_30 0.23, HTML_MESSAGE 0.00,HTML_MIME_NO_HTML_TAG 0.14, MIME_BASE64_TEXT 0.30,MIME_HEADER_CTYPE_ONLY 0.11, MIME_HTML_ONLY 0.18,URIBL_OB_SURBL 3.21) X-MailScanner-SpamScore: sssssssss X-MailScanner-From: everest@nuuk.nshoster.com Return-Path: everest@nuuk.nshoster.com X-OriginalArrivalTime: 16 Mar 2005 21:57:53.0994 (UTC) FILETIME=[3479F2A0:01C52A73] -----Original Message----- From: Duncan, Brian M. Sent: Friday, January 28, 2005 10:45 AM To: 'MAILSCANNER@JISCMAIL.AC.UK' Subject: Removing MULTIPLE subject lines in a message. Forgive me if this has been covered in the mailing list. I searched the archives without any results.. We are starting to receive messages now with multiple subject lines. (Ones with 2 subject lines total) In our environment we just modify the subject line on ANY message that is determined to be Spam. (Black listed, or scores higher then 7) We then rely on Exchange to move any messages with our modification into a local folder for the end users that is for Spam. (So they can look over) The problem we are seeing now is that Outlook/Exchange only seems to pay attention to the LAST subject line in a message. When one of these messages with 2 subject lines comes through, it gets caught. The 1st subject line is re-written, then it's forwarded to our Exchange server. The exchange server/outlook client only lists the LAST subject line from the message. So it winds up in their INBOX. If you look through the headers you can see.. I was wondering if there is an easy way to handle this on the Sendmail/MailScanner side.. Thanks! I will include headers of a message we have this problem with: Received: from RJX ([218.107.2.59])by venus.KMZR.COM (8.11.6/8.11.2) with SMTP id j0SDSbL06054;Fri, 28 Jan 2005 07:28:38 -0600 Message-Id: <200501281328.j0SDSbL06054@venus.KMZR.COM> Received: from abac.com ([28.90.248.212]) by crisscross.iupi.pt (InterMail vK.4.04.00.00 813-535-420 license 5uz341wo5802c0kq1v5mts5394z8rdj1) with ESMTP id <75579863733746.EUMI071.cosy@abac.com> for ; Fri, 28 Jan 2005 11:21:00 -0200 Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Fri, 28 Jan 2005 19:25:00 +0600 Received: from 24.240.198.188 by ami.demagogue.hotmail.msn.com with HTTP;Fri, 28 Jan 2005 14:27:00 +0100 GMT X-Originating-IP: [18.219.66.153] X-Originating-Email: [combat@abac.com] From: "Augusta Wood" , "Augusta Wood" To: mccord@kmzr.com, "Mccord" Subject: {FAILED SC} Spyware Aiert - January 25th Date: Fri, 28 Jan 2005 14:26:00 +0100 Mime-Version: 1.0 Received: from abac.com ([100.144.236.240]) by crisscross.iupi.pt (InterMail vK.4.04.00.00 218-712-387 license 5uz341wo5802c0kq1v5mts5394z8rdj1) with ESMTP id <67078592714268.CCLC9817.crisscross.iupi.pt> for ; Fri, 28 Jan 2005 17:26:00 +0400 Subject: Spyware Aiert - January 25th Sender: "Augusta Wood" X-KMZR-MailScanner-Information: X-MailScanner-SpamCheck: spam, SpamAssassin (score=22.075, required 7,autolearn=spam, BAYES_80 2.09, INVALID_TZ_GMT 0.20, LONGWORD 0.30,LONGWORDS 2.26, MR_NOT_ATTRIBUTED_IP 0.20, MR_STRANGE_QUESTION 1.50,MSGID_FROM_MTA_HEADER 0.05, MSGID_FROM_MTA_ID 1.72, NO_RDNS2 0.01,RCVD_IN_DSBL 3.81, RCVD_IN_SORBS 1.00, URIBL_OB_SURBL 3.21,URIBL_SC_SURBL 4.26, URIBL_WS_SURBL 1.46) X-MailScanner-SpamScore: ssssssssssssssssssssss X-MailScanner-From: reevesxfkyy@topteam.bg Return-Path: Reevesxfkyy@topteam.bg X-OriginalArrivalTime: 28 Jan 2005 13:30:17.0277 (UTC) FILETIME=[81717ED0:01C5053D] Brian M. Duncan Katten Muchin Zavis Rosenman 525 West Monroe Street Chicago IL 60661-3693 312-577-8045 brian.duncan@kmzr.com =========================================================== Important: This electronic mail message and any attached files contain information intended for the exclusive use of the individual or entity to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information may be subject to legal restriction or sanction. Please notify the sender, by electronic mail or telephone, of any unintended recipients and delete the original message without making any copies. =========================================================== ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jstevens at ATHENSDISTRIBUTING.COM Fri Mar 18 13:03:52 2005 From: jstevens at ATHENSDISTRIBUTING.COM (James R. Stevens) Date: Thu Jan 12 21:29:06 2006 Subject: McAfee users... update now... Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] If we are using ePo, wonâ^À^Ùt the engine update automatically happen? I`ll verify that when I get to the office. -----Original Message----- From: "Steen, Glenn" Sent: 3/18/05 6:01:19 AM To: "MAILSCANNER@JISCMAIL.AC.UK" Subject: McAfee users... update now... Just a heads up... As I'm sure most of you already know, there's been a little ... vulnerability ... reported for engine 4320. Alert info: http://xforce.iss.net/xforce/alerts/id/190 http://images.mcafee.com/misc/McAfee_Security_Bulletin_05-march-17.pdf http://us.mcafee.com/root/support.asp?id=4320_faqs What it boils down to is that you need update to 4400 ASAP if you haven't already done so (if you have a "grant number" you can easily do this with a "product upgrade"). Rgrds -- Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by Athens Hyperion Scanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by Athens Hyperion Scanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Fri Mar 18 13:13:37 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:06 2006 Subject: McAfee users... update now... Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of James R. Stevens > Sent: den 18 mars 2005 14:04 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: McAfee users... update now... > > > If we are using ePo, won't the engine update automatically happen? > I`ll verify that when I get to the office. Only for machines truly managed by ePo. It's been a while since I looked at ePo (a loser^H^H^H^H^Hcollegue of mine is saddled with that), but back then you couldn't manage VirusScan commandline for Unix via ePo. And since I let MS manage DAT updates, I don't see much point in even trying... After all, engine updates are far apart and easy to do. If ePo does it for you, then more power to you, but I suspect there are quite a few who do use VirusScan, but not ePo. -- Glenn > > -----Original Message----- > From: "Steen, Glenn" > Sent: 3/18/05 6:01:19 AM > To: "MAILSCANNER@JISCMAIL.AC.UK" > Subject: McAfee users... update now... > > Just a heads up... > > As I'm sure most of you already know, there's been a little ... > vulnerability ... reported for engine 4320. > Alert info: > http://xforce.iss.net/xforce/alerts/id/190 > http://images.mcafee.com/misc/McAfee_Security_Bulletin_05-march-17.pdf > http://us.mcafee.com/root/support.asp?id=4320_faqs > > What it boils down to is that you need update to 4400 ASAP if you > haven't already done so (if you have a "grant number" you can easily > do this with a "product upgrade"). > > Rgrds > -- Glenn > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by Athens Hyperion Scanner, and is > believed to be clean. > > > -- > This message has been scanned for viruses and > dangerous content by Athens Hyperion Scanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From devonharding at gmail.com Thu Mar 17 15:30:40 2005 From: devonharding at gmail.com (Devon Harding) Date: Thu Jan 12 21:29:06 2006 Subject: SA Timeouts Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I'm getting these timeouts as well, only my Bayes are not filled up. What really causes SA timeouts? On Wed, 16 Mar 2005 12:31:26 +0100, Kai Schaetzl wrote: > Jim Coates wrote on Tue, 15 Mar 2005 17:29:49 -0600: > > > I have the bayes_auto_expire set to "0" now (no longer commented out). > > > > As Scott suggest, whenever you have a bayes problem one should run the > problem command manually to see the actual output. So, do an expire to see > if there are any problems. You should stop MS during that time. I don't > know why you still get those files although you switched auto-expiry off. > I often tend to think that people actually use two SA setups on MS > machines and that it's therefore easy to confuse the two and work on the > wrong one. That's why I only have one, I'm always sure I work on the one > and only ... > > Kai > > -- > Kai Schätzl, Berlin, Germany > Get your web at Conactive Internet Services: http://www.conactive.com > IE-Center: http://ie5.de & http://msie.winware.org > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From stef at L5NET.NET Fri Mar 18 13:20:48 2005 From: stef at L5NET.NET (Stef Morrell) Date: Thu Jan 12 21:29:06 2006 Subject: Spam that puts extra Subject lines in to avoid being quarantined/caught. Message-ID: This is taken care of in the new beta, 4.40.5 From mike at CAMAROSS.NET Fri Mar 18 13:32:12 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:29:07 2006 Subject: How did this spam make it through? Message-ID: I use milter-sender on my MX's and it catches these ploys: Mar 18 07:15:36 avwall2 sendmail[5439]: j2IDFVLc005439: Milter: from=, reject=550 5.7.1 HELO 207.44.250.10 claims to be us 'avwall2.bladeware.com' [207.44.250.10], but the connection [199.211.133.143] is not us Mike -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Jeff Falgout Sent: Thursday, March 17, 2005 10:00 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: How did this spam make it through? A user sent me a nasty-spam(tm) that made it through MS (headers below). SA scored it a 24.772, but it was whitelisted. I've searched through all of my whitelists and can find nothing related. What does have me baffled is that the first Received line: Received: from 206.247.49.30 ([219.144.239.84]) by ww11.co.jefferson.co.us (8.13.1/8.13.1) with SMTP id j2HEXJ40003797; 206.247.49.30, which shows up as the hostname for 219.144.239.84 (I believe I'm reading that correctly), is the ip address of the machine ww11.co.jefferson.co.us - the primary MX. Did this spam get whitelisted because it saw it's ip address somewhere in the first Recieved line and thought it came from itself? How can I fix this or is it a new technique? Jeff Return-path: Received: from ww11.co.jefferson.co.us [172.18.2.30] by GC6.jefferson.co.us; Thu, 17 Mar 2005 07:34:17 -0700 Received: from 206.247.49.30 ([219.144.239.84]) by ww11.co.jefferson.co.us (8.13.1/8.13.1) with SMTP id j2HEXJ40003797; Thu, 17 Mar 2005 07:33:37 -0700 Message-Id: <200503171433.j2HEXJ40003797@ww11.co.jefferson.co.us> Received: from [108.94.24.232] by dutiful%DIGITS.beetle.219.144.239.84 via HTTP; Thu, 17 Mar 2005 06:33:39 -0800 Reply-To: "boardermail.com" From: "boardermail.com" To: Subject: Here it is Date: Thu, 17 Mar 2005 06:33:39 -0800 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--3842810193altf8696" X-JeffCo-MailScanner-Information: Please contact the Help Desk for more information X-JeffCo-MailScanner: Found to be clean X-JeffCo-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin (score=24.722, required 4, autolearn=spam, BAYES_50 0.00, DCC_CHECK 2.17, DNS_FROM_RFC_WHOIS 0.30, MSGID_FROM_MTA_HEADER 0.05, MSGID_FROM_MTA_ID 1.72, RCVD_HELO_IP_MISMATCH 2.18, RCVD_IN_BL_SPAMCOP_NET 1.22, RCVD_IN_DSBL 1.00, RCVD_IN_XBL 3.08, RCVD_NUMERIC_HELO 1.25, SOMETHING_FOR_ADULTS 0.01, UNRESOLVED_TEMPLATE 2.87, URIBL_AB_SURBL 0.42, URIBL_OB_SURBL 3.21, URIBL_SBL 1.00, URIBL_SC_SURBL 4.26) X-MailScanner-From: doran@didamail.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rakesh at NETCORE.CO.IN Fri Mar 18 13:40:42 2005 From: rakesh at NETCORE.CO.IN (Rakesh) Date: Thu Jan 12 21:29:07 2006 Subject: 4.40.5: IPBlock 451 versus 550 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jeff A. Earickson wrote: > Julian, > > Just curious as to why you changed IPBlock from fatal rejections > to tmpfail. I've had a couple of spammers pounding on my system > with crap that would have ordinarily been booted by IPBlock for > good. Now they just keep trying. I've modified my copy of > CustomConfig.pm in 4.40.5 to do the 550 rejections again. sorry posting late on this thread, my idea of suggesting Jules for 451 error instead of 550 error code was that, unknowingly we do not bounce back some geniune mails just because the sending server is sending too many mails to us. For e.g. a yahoo's outgoing server might be sending quite a good amount of mails to an MX server hosting many domains. So if we just temporarily deny from accepting the mail then however i am quaranteed that a good outgoing server would definitely try again for delivery which won't be applicable incase of a 550 rejection and probably some sending out an important mail would finally get a bounce back for no good reason. This totally different from the greylisting concept in which any server initiating a first time connections will have to compulsarily try again later. However majority spammers use hijacked machines or poor SMTP engines to send out spams and asking them to try again later with 451 error code wouldnt be of any harm as they don't bother to try again later so the spams doesn't come at all. However if they are using someone else's server which actually does retry sending the spam, then we can probably notify the administrator to checkout his system or atleast have 1 hour to block the IP on the firewall. -- Regards, Rakesh B. Pal Emergic CleanMail Team. Netcore Solutions Pvt. Ltd. ======================================================================== "First they ignore you. Then they laugh at you. Then they fight you. Then you win." - M. Gandhi ======================================================================== ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Fri Mar 18 13:50:10 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:29:07 2006 Subject: Has the list died? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rabie van der Merwe said: > The list mailservers was dening all messages with a: > Deferred: 451 4.3.0 Problem running virus-scanner > > Regards > Rabie Nice. I am not able to log in to the server so have no access to the logs. Sounds like it *is* time to drop MIMEDefang and move to MailScanner! :-) Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Fri Mar 18 11:24:57 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:29:07 2006 Subject: Bayes Poisoning - How to combat ? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Kai Schaetzl wrote: > Dhawal Doshy wrote on Thu, 17 Mar 2005 09:58:58 +0530: > > >>since bayes >>is no more as effective as it used to be. >> > > > Oh, it is. Nearly all of our spam gets "bayes_99ed". It's the single most > effective rule. It depends on your bayes db. F.i. ours has tokens back > more than 12 months. If you follow the sa-talk list you will also see that > there are high doubts that "bayes poison" actually works. If your bayes db > fails on many spams than this can have many causes f.i. you didn't learn > enough to it recently, or the wrong stuff or you are losing tokens too > quickly by expiry or your customers do get a lot of mail which contains > tokens which are also in spam or ... "bayes poison" is just the least > worse explanation. > > Kai > No doubt bayes still works effectively (comes 2nd after SURBLs for me).. just that SURBL is the *current killer tool* for fighting spam with very (very) low FPs. And bayes can still be fooled once in a while OR needs to learn sometimes. As for 'bayes poison' i have never seen it happen but I rather use the sare poison ruleset than take a chance. btw no mails on the list for more than 24 hours.. is the SPAM PROBLEM finally over? - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Mar 18 13:58:32 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:07 2006 Subject: Has the list died? Message-ID: Or drop Windows/listserv in favour of *nix/mailman -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Drew Marshall wrote: > Rabie van der Merwe said: > >>The list mailservers was dening all messages with a: >>Deferred: 451 4.3.0 Problem running virus-scanner >> >>Regards >>Rabie > > > Nice. I am not able to log in to the server so have no access to the logs. > Sounds like it *is* time to drop MIMEDefang and move to MailScanner! :-) > > Drew > > -- > In line with our policy, this message has > been scanned for viruses and dangerous > content by MailScanner, and is believed to be clean. > www.themarshalls.co.uk/policy > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rabie at CT.DDSECURITY.CO.ZA Fri Mar 18 14:05:50 2005 From: rabie at CT.DDSECURITY.CO.ZA (Rabie van der Merwe) Date: Thu Jan 12 21:29:07 2006 Subject: Has the list died? Message-ID: We'll that was just my mailserver (sendmail) telling me that my mail is delayed, but it will keep trying. :) R -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Drew Marshall Sent: 18 March 2005 15:50 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Has the list died? Rabie van der Merwe said: > The list mailservers was dening all messages with a: > Deferred: 451 4.3.0 Problem running virus-scanner > > Regards > Rabie Nice. I am not able to log in to the server so have no access to the logs. Sounds like it *is* time to drop MIMEDefang and move to MailScanner! :-) Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From derek at CSOLVE.NET Fri Mar 18 14:07:55 2005 From: derek at CSOLVE.NET (Derek Buttineau | Compu-SOLVE) Date: Thu Jan 12 21:29:07 2006 Subject: Whitelist > Blacklist Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hey, just thought I'd mention there seems to be a small bug with the whitelist vs the blacklist in MailScanner 4.39.6. The blacklist is being checked even if the sender is whitelisted (ie if a user is set to have one specific address whitelisted and the remainder of the domain blacklisted, both checks are being hit). I've found that I can correct this, simply by wrapping the blacklist check in a (!$iswhitelisted) in Message.pm. -- Regards, Derek Buttineau Internet Systems Developer Compu-SOLVE Internet Services Compu-SOLVE Technologies Inc. 705.725.1212 x255 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rakesh at NETCORE.CO.IN Thu Mar 17 13:00:35 2005 From: rakesh at NETCORE.CO.IN (Rakesh) Date: Thu Jan 12 21:29:07 2006 Subject: 4.40.5: IPBlock 451 versus 550 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jeff A. Earickson wrote: > Julian, > > Just curious as to why you changed IPBlock from fatal rejections > to tmpfail. I've had a couple of spammers pounding on my system > with crap that would have ordinarily been booted by IPBlock for > good. Now they just keep trying. I've modified my copy of > CustomConfig.pm in 4.40.5 to do the 550 rejections again. my idea of suggesting Jules for 451 error instead of 550 error code was that, unknowingly we do not bounce back some geniune mails just because the sending server is sending too many mails to us. For e.g. a yahoo's outgoing server might be sending quite a good amount of mails to an MX server hosting many domains. So if we just temporarily deny from accepting the mail then however i am quaranteed that a good outgoing server would definitely try again for delivery which won't be applicable incase of a 550 rejection and probably some sending out an important mail would finally get a bounce back for no good reason. This totally different from the greylisting concept in which any server initiating a first time connections will have to compulsarily try again later. However majority spammers use hijacked machines or poor SMTP engines to send out spams and asking them to try again later with 451 error code wouldnt be of any harm as they don't bother to try again later so the spams doesn't come at all. However if they are using someone else's server which actually does retry sending the spam, then we can probably notify the administrator to checkout his system or atleast have 1 hour to block the IP on the firewall. -- Regards, Rakesh B. Pal Emergic CleanMail Team. Netcore Solutions Pvt. Ltd. ======================================================================== "First they ignore you. Then they laugh at you. Then they fight you. Then you win." - M. Gandhi ======================================================================== ---------------------------------------------------------- Netcore Solutions Pvt. Ltd. Website: http://www.netcore.co.in Spamtraps: http://cleanmail.netcore.co.in/directory.html ---------------------------------------------------------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Fri Mar 18 14:12:40 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:07 2006 Subject: Has the list died? Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth > Sent: den 18 mars 2005 14:59 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Has the list died? > > > Or drop Windows/listserv in favour of *nix/mailman Why not all just mail helpline@jiscmail.ac.uk with these excellent suggestions.... I'm sure they'll be overjoyed:-):-) -- Glenn > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Drew Marshall wrote: > > Rabie van der Merwe said: > > > >>The list mailservers was dening all messages with a: > >>Deferred: 451 4.3.0 Problem running virus-scanner > >> > >>Regards > >>Rabie > > > > > > Nice. I am not able to log in to the server so have no > access to the logs. > > Sounds like it *is* time to drop MIMEDefang and move to > MailScanner! :-) > > > > Drew > > > > -- > > In line with our policy, this message has > > been scanned for viruses and dangerous > > content by MailScanner, and is believed to be clean. > > www.themarshalls.co.uk/policy > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From erik.myllymaki at aviawest.com Thu Mar 17 13:26:02 2005 From: erik.myllymaki at aviawest.com (Erik Myllymaki) Date: Thu Jan 12 21:29:07 2006 Subject: question about archive format Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] yes, they are raw EXIM queue files. As per the Mailscanner Faq-o-matic, I tried to create a "Non Spam Action" rulset to forward mail: FromOrTo: default deliver forward maildrop@thisdomain.com but nothing goes to this mail account? My mail accounts are all Cyrus IMAP mailboxes on the same machine as this. Thanks. Julian Field wrote: > Depending on your MailScanner configuration, they are either raw queue > files for your MTA, or the standard RFC/822 format messages. Have a look > at one. > > Erik Myllymaki wrote: > >> What file format are emails in archived by Mailscanner stored in? >> >> Basically I want to use Python to Perl to parse through 6 months worth >> and send some to a SQL database. Are they a generic mail file that many >> tools can work with? >> >> Thanks >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From brose at MED.WAYNE.EDU Fri Mar 18 14:39:14 2005 From: brose at MED.WAYNE.EDU (Rose, Bobby) Date: Thu Jan 12 21:29:07 2006 Subject: 4.40.5: IPBlock 451 versus 550 Message-ID: I've been using milter-sender's greylisting which works great. But one of the problem's that I've noticed with milter-sender that is more related to it's use of 451 to reject messages from domains where the MX can't be contacted. This is by design and understandable but leads to a bad side effect. Scenario: blah@foo.com has their email forwarded to blah@foo.org. blah@foo.com gets a message (let's say spammer@junk.com) with a MX that doesn't accept accept connections (most likely a spammer with a bogus DNS setup). The message is forwarded to blah@foo.org which uses milter-sender. Milter-sender runs it's tests and thinks junk.com is down and 451 the connection from foo.com. Foo.com then keeps trying over and over again until it's max delivery attempts are reached. The result of this is a lot unnecessary connections. Since it's in the RFC's that such things should be considered a temp failure, it would be nice if milter-sender kept track of this ip, sender, recipient tuple like it does with greylisting and allow you to 550 it after so many tries. I've made the suggestion to the milter-sender list but it's very moderated and seems that only specific posts are allowed since I've posted this suggestion a couple times and not seen it show up. Has anyone else seen this kind of behavior or know of a milter that might perform such a task as to reduce the impact. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Rakesh Sent: Thursday, March 17, 2005 8:01 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: 4.40.5: IPBlock 451 versus 550 Jeff A. Earickson wrote: > Julian, > > Just curious as to why you changed IPBlock from fatal rejections to > tmpfail. I've had a couple of spammers pounding on my system with > crap that would have ordinarily been booted by IPBlock for good. Now > they just keep trying. I've modified my copy of CustomConfig.pm in > 4.40.5 to do the 550 rejections again. my idea of suggesting Jules for 451 error instead of 550 error code was that, unknowingly we do not bounce back some geniune mails just because the sending server is sending too many mails to us. For e.g. a yahoo's outgoing server might be sending quite a good amount of mails to an MX server hosting many domains. So if we just temporarily deny from accepting the mail then however i am quaranteed that a good outgoing server would definitely try again for delivery which won't be applicable incase of a 550 rejection and probably some sending out an important mail would finally get a bounce back for no good reason. This totally different from the greylisting concept in which any server initiating a first time connections will have to compulsarily try again later. However majority spammers use hijacked machines or poor SMTP engines to send out spams and asking them to try again later with 451 error code wouldnt be of any harm as they don't bother to try again later so the spams doesn't come at all. However if they are using someone else's server which actually does retry sending the spam, then we can probably notify the administrator to checkout his system or atleast have 1 hour to block the IP on the firewall. -- Regards, Rakesh B. Pal Emergic CleanMail Team. Netcore Solutions Pvt. Ltd. ======================================================================== "First they ignore you. Then they laugh at you. Then they fight you. Then you win." - M. Gandhi ======================================================================== ---------------------------------------------------------- Netcore Solutions Pvt. Ltd. Website: http://www.netcore.co.in Spamtraps: http://cleanmail.netcore.co.in/directory.html ---------------------------------------------------------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Fri Mar 18 14:41:32 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:29:07 2006 Subject: 4.40.5: IPBlock 451 versus 550 Message-ID: Rakesh, Point taken. I have changed my CustomConfig.pm back to using 451 instead of 550. I'll see if the problem returns. Hey, this is a beta version of MailScanner and those of us who run it should be willing to test the new features. Jeff Earickson Colby College On Thu, 17 Mar 2005, Rakesh wrote: > Date: Thu, 17 Mar 2005 18:30:35 +0530 > From: Rakesh > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: 4.40.5: IPBlock 451 versus 550 > > Jeff A. Earickson wrote: > >> Julian, >> >> Just curious as to why you changed IPBlock from fatal rejections >> to tmpfail. I've had a couple of spammers pounding on my system >> with crap that would have ordinarily been booted by IPBlock for >> good. Now they just keep trying. I've modified my copy of >> CustomConfig.pm in 4.40.5 to do the 550 rejections again. > > > my idea of suggesting Jules for 451 error instead of 550 error code was > that, unknowingly we do not bounce back some geniune mails just because > the sending server is sending too many mails to us. For e.g. a yahoo's > outgoing server might be sending quite a good amount of mails to an MX > server hosting many domains. So if we just temporarily deny from > accepting the mail then however i am quaranteed that a good outgoing > server would definitely try again for delivery which won't be applicable > incase of a 550 rejection and probably some sending out an important > mail would finally get a bounce back for no good reason. This totally > different from the greylisting concept in which any server initiating a > first time connections will have to compulsarily try again later. > > However majority spammers use hijacked machines or poor SMTP engines to > send out spams and asking them to try again later with 451 error code > wouldnt be of any harm as they don't bother to try again later so the > spams doesn't come at all. However if they are using someone else's > server which actually does retry sending the spam, then we can probably > notify the administrator to checkout his system or atleast have 1 hour > to block the IP on the firewall. > > -- > Regards, > Rakesh B. Pal > Emergic CleanMail Team. > Netcore Solutions Pvt. Ltd. > > ======================================================================== > "First they ignore you. Then they laugh at you. > Then they fight you. Then you win." > - M. Gandhi > ======================================================================== > > > > ---------------------------------------------------------- > Netcore Solutions Pvt. Ltd. > Website: http://www.netcore.co.in > Spamtraps: http://cleanmail.netcore.co.in/directory.html > ---------------------------------------------------------- > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Mar 18 14:47:12 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:07 2006 Subject: Has the list died? Message-ID: Jiscmail contract is up for renewal soon anyway.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Steen, Glenn wrote: >>-----Original Message----- >>From: MailScanner mailing list >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth >>Sent: den 18 mars 2005 14:59 >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: Has the list died? >> >> >>Or drop Windows/listserv in favour of *nix/mailman > > > Why not all just mail helpline@jiscmail.ac.uk with these excellent > suggestions.... I'm sure they'll be overjoyed:-):-) > > -- Glenn > > >> >>-- >>Martin Hepworth >>Snr Systems Administrator >>Solid State Logic >>Tel: +44 (0)1865 842300 >> >> >>Drew Marshall wrote: >> >>>Rabie van der Merwe said: >>> >>> >>>>The list mailservers was dening all messages with a: >>>>Deferred: 451 4.3.0 Problem running virus-scanner >>>> >>>>Regards >>>>Rabie >>> >>> >>>Nice. I am not able to log in to the server so have no >> >>access to the logs. >> >>>Sounds like it *is* time to drop MIMEDefang and move to >> >>MailScanner! :-) >> >>>Drew >>> >>>-- >>>In line with our policy, this message has >>>been scanned for viruses and dangerous >>>content by MailScanner, and is believed to be clean. >>>www.themarshalls.co.uk/policy >>> >>>------------------------ MailScanner list ------------------------ >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>'leave mailscanner' in the body of the email. >>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>Support MailScanner development - buy the book off the website! >> >>********************************************************************** >> >>This email and any files transmitted with it are confidential and >>intended solely for the use of the individual or entity to whom they >>are addressed. If you have received this email in error please notify >>the system manager. >> >>This footnote confirms that this email message has been swept >>for the presence of computer viruses and is believed to be clean. >> >>********************************************************************** >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Fri Mar 18 14:54:26 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:29:07 2006 Subject: Has the list died? Message-ID: The list does have a nice Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Martin Hepworth > Sent: Friday, March 18, 2005 9:47 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Has the list died? > > Jiscmail contract is up for renewal soon anyway.. > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 Definitely off topic but since someone else started it :) The listserver does have a nice searchable archive feature. I believe you can add searchable archives to mailman but has anyone tried implementing this feature? Any comments on how well the mailman searchable archives work? Thanks, Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Fri Mar 18 15:04:15 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:29:07 2006 Subject: Has the list died? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Stephen Swaney said: > The list does have a nice Go on then, don't leave me in suspense ;-) or indeed is ...does have a nice the sum of it's positives :-) Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dh at UPTIME.AT Fri Mar 18 15:01:55 2005 From: dh at UPTIME.AT ([ISO-8859-1] David Höhn) Date: Thu Jan 12 21:29:07 2006 Subject: Has the list died? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Stephen Swaney wrote: | The list does have a nice | | Steve Swaney | President | Fortress Systems Ltd. | Phone: 202 338-1670 | Cell: 202 352-3262 | www.fsl.com | steve.swaney@fsl.com | | |>-----Original Message----- |>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On |>Behalf Of Martin Hepworth |>Sent: Friday, March 18, 2005 9:47 AM |>To: MAILSCANNER@JISCMAIL.AC.UK |>Subject: Re: Has the list died? |> |>Jiscmail contract is up for renewal soon anyway.. |> |> |>-- |>Martin Hepworth |>Snr Systems Administrator |>Solid State Logic |>Tel: +44 (0)1865 842300 | | | Definitely off topic but since someone else started it :) | | The listserver does have a nice searchable archive feature. I believe you | can add searchable archives to mailman but has anyone tried implementing | this feature? Any comments on how well the mailman searchable archives | work? | Sorry to say, bit since we are off topic. Whenever I hear mailman I get the shivers. sympa.org or escartis for a real mailing list manager *ducks* :=) - -d - -- nee anata wo mitsukete soshite nidoto wasurezu ~ donna ni munega itakutemo soba ni iru no ~ zutto...zutto...zutto Key fingerprint = FD77 F0B7 5C65 F546 EB08 A4EC 3CCA 1A32 7E24 291E -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (Darwin) iD8DBQFCOu1jPMoaMn4kKR4RA0IfAJ42Z7yqxKC1yWYw2q9m73kiT6fJcACeLS2p 3W3a1aTPphUR5LAqsWL8938= =YZmB -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dwinkler at ALGORITHMICS.COM Fri Mar 18 15:03:59 2005 From: dwinkler at ALGORITHMICS.COM (Derek Winkler) Date: Thu Jan 12 21:29:07 2006 Subject: Has the list died? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] ability to cut off posts in the -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Stephen Swaney Sent: Friday, March 18, 2005 9:54 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Has the list died? The list does have a nice Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Martin Hepworth > Sent: Friday, March 18, 2005 9:47 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Has the list died? > > Jiscmail contract is up for renewal soon anyway.. > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 Definitely off topic but since someone else started it :) The listserver does have a nice searchable archive feature. I believe you can add searchable archives to mailman but has anyone tried implementing this feature? Any comments on how well the mailman searchable archives work? Thanks, Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com This email and any files transmitted with it are confidential and proprietary to Algorithmics Incorporated and its affiliates ("Algorithmics"). If received in error, use is prohibited. Please destroy, and notify sender. Sender does not waive confidentiality or privilege. Internet communications cannot be guaranteed to be timely, secure, error or virus-free. Algorithmics does not accept liability for any errors or omissions. Any commitment intended to bind Algorithmics must be reduced to writing and signed by an authorized signatory. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ebruce at HPMICH.COM Fri Mar 18 15:09:29 2005 From: ebruce at HPMICH.COM (Ed Bruce) Date: Thu Jan 12 21:29:07 2006 Subject: Has the list died? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Drew Marshall wrote: > Stephen Swaney said: > >>The list does have a nice > > > Go on then, don't leave me in suspense ;-) or indeed is ...does have a > nice the sum of it's positives :-) > > Drew > Go back and re-read. It looks like he started to top-post and then decided to bottom-post :) -- This message has been scanned for viruses and dangerous content by Secure Resource, and is believed to be clean. MailScanner thanks transtec Computers for their support. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Text/X-VCARD (charset: UTF-8 "Internet-standard Unicode") ] [ (Name: "ebruce.vcf") 15 lines. ] [ Unable to print this part. ] From drew at THEMARSHALLS.CO.UK Fri Mar 18 15:13:43 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:29:07 2006 Subject: Has the list died? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ed Bruce said: > Drew Marshall wrote: >> Stephen Swaney said: >> >>>The list does have a nice >> >> >> Go on then, don't leave me in suspense ;-) or indeed is ...does have a >> nice the sum of it's positives :-) >> >> Drew >> > > Go back and re-read. It looks like he started to top-post and then > decided to bottom-post :) Oops, I noticed after I sent my reply. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From james at GRAYONLINE.ID.AU Thu Mar 17 20:28:19 2005 From: james at GRAYONLINE.ID.AU (James Gray) Date: Thu Jan 12 21:29:07 2006 Subject: Message strangeness from ZDnet Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Thu, 17 Mar 2005 09:31 pm, Kai Schaetzl wrote: > James Gray wrote on Thu, 17 Mar 2005 20:17:21 +1100: > > Agreed - I normally disarm forms, iframes, and block scripts. I've made > > all of these into rule files, and allowed stuff from ZDnet. I'll see > > what happens tomorrow. Thanks for the suggestions (I've increased the > > logging options too). > > Some companies provide non-HTML newsletters, you could check if zdnet does > as well ... > > Kai Good point - I'm not a big fan of HTML email. The reason I subscribed in the first place was that users were having problems with the HTML formatting and I needed to see it for myself. Turned out the news letters were great slashdot fodder :P Once I have this problem licked, I think I'll investigate you suggestion further :) Thanks, James ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Fri Mar 18 15:40:45 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:29:07 2006 Subject: Has the list died? Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Derek Winkler > Sent: Friday, March 18, 2005 10:04 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Has the list died? > > ability to cut off posts in the > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Stephen Swaney > Sent: Friday, March 18, 2005 9:54 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Has the list died? > > > The list does have a nice > No the cut'n'paste errors are entirely my own :( Steve Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Fri Mar 18 16:31:25 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:29:07 2006 Subject: How did this spam make it through? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jeff Falgout wrote on Thu, 17 Mar 2005 09:00:15 -0700: > Did this spam get whitelisted because it saw it's ip address somewhere in > the first Recieved line and thought it came from itself? > Hm, looks like it did, but shouldn't have happened. Would just be to easy to get in the whitelist. We block this type of message right at MTA level with a small sendmail recipe, google for "sendmail faked helo" or so. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From chuck.foster at STREAMSHIELD.COM Fri Mar 18 17:27:13 2005 From: chuck.foster at STREAMSHIELD.COM (Chuck Foster) Date: Thu Jan 12 21:29:07 2006 Subject: TodayDir() function Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, Sorry if this is a general discussion point, I hadn't spotted it in the archives as yet. There's a few places where TodayDir() gets called (and a couple where the date is still calculated manually); the function uses the current time on the server to generate the date string used, but this would mean that there's going to be the odd time (sorry!) when it will flick from 23:59:59 to 00:00:00 whilst a message is being processed, so yielding two potential dates for where a file might be quarantined/archived. I think. Would it be more beneficial to record a message's "date" within the object itself, so that the same one could be used anywhere in the code relating to that message without having to re-calculate it and potentially get a different result? The reason this came up for me in the first place is that I do some housekeeping in a custom function, one of which was to work out where a quarantined message would be ... if the function is called on a different day then ... oops! Having a $m->{date} type variable would be quite invaluable! C:> This message should be regarded as confidential. If you have received this email in error please notify the sender and destroy it immediately. Statements of intent shall only become binding when confirmed in hard copy by an authorized signatory. -- This message has been scanned for all known viruses and dangerous content by StreamShield Protector, and has been found to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dot at DOTAT.AT Fri Mar 18 17:21:16 2005 From: dot at DOTAT.AT (Tony Finch) Date: Thu Jan 12 21:29:07 2006 Subject: McAfee users... update now... Message-ID: "Steen, Glenn" wrote: > >What it boils down to is that you need update to 4400 ASAP if you >haven't already done so (if you have a "grant number" you can easily >do this with a "product upgrade"). Or you can just download the trial version and use the license.dat from a paid-for version :-) Tony. -- f.a.n.finch http://dotat.at/ DOGGER: SOUTHWEST 5 OR 6, OCCASIONALLY 7 LATER. RAIN AT TIMES. MODERATE OR GOOD. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Mar 18 17:29:32 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:07 2006 Subject: TodayDir() function Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Very good idea. I might do this over the weekend, but it certainly should be in the next release. Chuck Foster wrote: >Hi, > >Sorry if this is a general discussion point, I hadn't spotted it in the >archives as yet. > >There's a few places where TodayDir() gets called (and a couple where the >date is still calculated manually); the function uses the current time on >the server to generate the date string used, but this would mean that >there's going to be the odd time (sorry!) when it will flick from 23:59:59 >to 00:00:00 whilst a message is being processed, so yielding two potential >dates for where a file might be quarantined/archived. > >I think. > >Would it be more beneficial to record a message's "date" within the object >itself, so that the same one could be used anywhere in the code relating to >that message without having to re-calculate it and potentially get a >different result? The reason this came up for me in the first place is that >I do some housekeeping in a custom function, one of which was to work out >where a quarantined message would be ... if the function is called on a >different day then ... oops! Having a $m->{date} type variable would be >quite invaluable! > >C:> > > >This message should be regarded as confidential. If you have received this >email in error please notify the sender and destroy it immediately. >Statements of intent shall only become binding when confirmed in hard copy >by an authorized signatory. > > >-- >This message has been scanned for all known viruses >and dangerous content by StreamShield Protector, >and has been found to be clean. > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From itdept at REDRED.COM Fri Mar 18 19:36:33 2005 From: itdept at REDRED.COM (RedRed!com IT Department) Date: Thu Jan 12 21:29:07 2006 Subject: How do I set Mailscanner to not use MSP? Message-ID: Maybe I'm thinking too hard on this but, I can't seem to figure this out. The problem is that when people are using webmail they cannot send to any of our virtual host email domains. It is stating that the user is unknown in the logs. I read that MSP does not work with virtusertable and I need to be able to use virtusertable. It looks like MailScanner is starting MSP in the /etc/init.d script. Can I just change the call to sendmail in their to mimic the first call? Any help would be appreciated. RedHat 7.3 Sendmail 8.13.3 MailScanner 4.38.7 Thank you. Sean ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Fri Mar 18 20:05:43 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:29:07 2006 Subject: How do I set Mailscanner to not use MSP? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] RedRed!com IT Department wrote: > Maybe I'm thinking too hard on this but, I can't seem to figure this > out. The problem is that when people are using webmail they cannot send > to any of our virtual host email domains. It is stating that the user is > unknown in the logs. I would suggest this is not connected with MSP but Sendmail not finding the virtual user list to verify against. > I read that MSP does not work with virtusertable > and I need to be able to use virtusertable. It looks like MailScanner is > starting MSP in the /etc/init.d script. Can I just change the call to > sendmail in their to mimic the first call? Any help would be appreciated. > > RedHat 7.3 > Sendmail 8.13.3 > MailScanner 4.38.7 Can you show us some logs? Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From itdept at REDRED.COM Fri Mar 18 21:05:25 2005 From: itdept at REDRED.COM (RedRed!com IT Department) Date: Thu Jan 12 21:29:07 2006 Subject: How do I set Mailscanner to not use MSP? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have the virtusertable option in submit.cf exactly like it is in sendmail.cf. Is that not enough? Here is one of the log records pertaining to this issue: Mar 17 11:27:41 email2 sendmail[25274]: j2HHRfel025274: to=info@marguthauction.com, ctladdr=sarahv@email2.redred.com (3268/100), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30425, relay=[216.16.73.5] [216.16.73.5], dsn=5.1.1, stat=User unknown In webmail the user Sarah is specifying the from and reply to address as sarah@rvtechsolutions.com, which is a domain that we host. She is sending to info@marguthauction.com, which is also a domain that we host. What Sarah receives in her webmail window is an error stating that the email was saved in dead.letter. I went in to look at that and it is nothing more than the headers and body of the email. Then in the maillog is the error above. I'm not sure if any of this helps or not, if there is anything else you may need to look at, please let me know. I've run into a wall on this one. Thanks. Drew Marshall wrote: > RedRed!com IT Department wrote: > >> Maybe I'm thinking too hard on this but, I can't seem to figure this >> out. The problem is that when people are using webmail they cannot send >> to any of our virtual host email domains. It is stating that the user is >> unknown in the logs. > > > I would suggest this is not connected with MSP but Sendmail not finding > the virtual user list to verify against. > >> I read that MSP does not work with virtusertable >> and I need to be able to use virtusertable. It looks like MailScanner is >> starting MSP in the /etc/init.d script. Can I just change the call to >> sendmail in their to mimic the first call? Any help would be >> appreciated. >> >> RedHat 7.3 >> Sendmail 8.13.3 >> MailScanner 4.38.7 > > > Can you show us some logs? > > Drew > > -- > In line with our policy, this message has > been scanned for viruses and dangerous > content by MailScanner, and is believed to be clean. > www.themarshalls.co.uk/policy > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From spamtrap71892316634 at ANIME.NET Fri Mar 18 21:06:08 2005 From: spamtrap71892316634 at ANIME.NET (Dan Hollis) Date: Thu Jan 12 21:29:07 2006 Subject: x86_64 revisited Message-ID: It appears fedora has a perl-Archive-Zip rpm which builds properly on x86_64, perhaps the mailscanner packager can look at the fedora rpm and see how they fix the perl-Archive-Zip x86_64 build problem? http://download.fedora.redhat.com/pub/fedora/linux/extras/development/SRPMS/perl-Archive-Zip-1.12-1.src.rpm -Dan ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From sconway at WLNET.COM Fri Mar 18 21:07:09 2005 From: sconway at WLNET.COM (Stephen Conway) Date: Thu Jan 12 21:29:07 2006 Subject: Multiple Patterns In Rules Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello: We are trying to set up a rule, that will archive mail from a certain email address, to another email address, but we don't want to send the archived message if the message arrived from the 'Archive' address. Ex: FromOrTo: user@domain.com and not FromOrTo archive@domain.com archive@domain.com Please just confirm the proper syntax for 'Not' or the proper method to do what we are trying. We have look through the archives, but so far have not found the right rule. Any assistance is appreciated. Thanks, Steve Conway -- Visit us at CMA Shipping 2005 Booth # 72 Stamford, Connecticut March 21st thru March 23rd ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Fri Mar 18 21:12:50 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:29:07 2006 Subject: How do I set Mailscanner to not use MSP? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] RedRed!com IT Department wrote: > I have the virtusertable option in submit.cf exactly like it is in > sendmail.cf. Is that not enough? > > Here is one of the log records pertaining to this issue: > > Mar 17 11:27:41 email2 sendmail[25274]: j2HHRfel025274: > to=info@marguthauction.com, ctladdr=sarahv@email2.redred.com (3268/100), > delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30425, > relay=[216.16.73.5] [216.16.73.5], dsn=5.1.1, stat=User unknown > > In webmail the user Sarah is specifying the from and reply to address as > sarah@rvtechsolutions.com, which is a domain that we host. She is > sending to info@marguthauction.com, which is also a domain that we host. > What Sarah receives in her webmail window is an error stating that the > email was saved in dead.letter. I went in to look at that and it is > nothing more than the headers and body of the email. Then in the maillog > is the error above. I'm not sure if any of this helps or not, if there > is anything else you may need to look at, please let me know. I've run > into a wall on this one. Thanks. This is definitely not a MailScanner issue but a Sendmail one and I am not your man for Sendmail I'm afraid :-( . I will have to bow out gracefully but I am sure some one with some Sendmail experience can help. Sorry Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From itdept at REDRED.COM Fri Mar 18 21:47:54 2005 From: itdept at REDRED.COM (RedRed!com IT Department) Date: Thu Jan 12 21:29:07 2006 Subject: How do I set Mailscanner to not use MSP? Message-ID: Ok, Well thank you for looking. I wasn't sure what program this issue was with. But since it isn't a MailScanner issue then I will look elsewhere. Thank you again. Sean Drew Marshall wrote: > This is definitely not a MailScanner issue but a Sendmail one and I am > not your man for Sendmail I'm afraid :-( . I will have to bow out > gracefully but I am sure some one with some Sendmail experience can help. > > Sorry > > Drew > > -- > In line with our policy, this message has > been scanned for viruses and dangerous > content by MailScanner, and is believed to be clean. > www.themarshalls.co.uk/policy > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From james at grayonline.id.au Fri Mar 18 22:49:59 2005 From: james at grayonline.id.au (James Gray) Date: Thu Jan 12 21:29:07 2006 Subject: Message strangeness from ZDnet Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Fri, 18 Mar 2005 05:17 pm, Rakesh wrote: > Well just an alert, whitelisting chkpt.zdnet.com in your > phishing.safe.sites.conf might be a bit risky. I just came across this > link which serves as Open redirector for chkpt.zdnet.com. Just click on > the link below to get redirection to the MailScanner site from Zdnet. > You can also replace www.mailscanner.info with your favourite site to > get the redirection. MailScanner phishing fraud is probably doing the > right thing on trapping down this kind of redirector. > > http://chkpt.zdnet.com/chkpt/wenot/www.mailscanner.info/ > > > Till this redirector is fixed, whitelisting it may be a bit risky. Thanks for the heads-up. I've removed that redirector from the whitelist and sent a friendly mail to the fine folks at ZDnet :) We'll see if they do anything...I'm not holding my breath. James -- It was a book to kill time for those who liked it better dead. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/PGP-SIGNATURE 196bytes. ] [ Unable to print this part. ] From G.Pentland at SOTON.AC.UK Fri Mar 18 22:49:14 2005 From: G.Pentland at SOTON.AC.UK (Pentland G.) Date: Thu Jan 12 21:29:07 2006 Subject: Debugging Sendmail, WAS: How do I set Mailscanner to not use MSP? Message-ID: Off topic but probably a useful link for you all, the basics of sendmail debugging... http://www.uwsg.iu.edu/usail/mail/debugging/ Hope it is of use, Gary -----Original Message----- From: RedRed!com IT Department [mailto:itdept@REDRED.COM] Sent: 18 March 2005 21:48 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: How do I set Mailscanner to not use MSP? Ok, Well thank you for looking. I wasn't sure what program this issue was with. But since it isn't a MailScanner issue then I will look elsewhere. Thank you again. Sean Drew Marshall wrote: > This is definitely not a MailScanner issue but a Sendmail one and I am > not your man for Sendmail I'm afraid :-( . I will have to bow out > gracefully but I am sure some one with some Sendmail experience can > help. > > Sorry > > Drew > > -- > In line with our policy, this message has > been scanned for viruses and dangerous > content by MailScanner, and is believed to be clean. > www.themarshalls.co.uk/policy > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > mailscanner' in the body of the email. Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From erik.myllymaki at aviawest.com Fri Mar 18 23:39:55 2005 From: erik.myllymaki at aviawest.com (Erik Myllymaki) Date: Thu Jan 12 21:29:07 2006 Subject: message bodies deleted? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] The last few days, I have had a few random emails have their HTML content *mangled* and the prime suspect is Mailscanner. I archive all mail so I checked with the archived copy - it is fine. But the copy that eventually got delivered via Exim to Cyrus IMAP isn't. Most of the HTML is stripped entirely, and it won't render in the email client (Outlook express or Thunderbird). These are very simple emails, with nothing but text (no links, images, etc.). Getting the message resent usually is all that's needed. For now I just instruct those seeing this to "View Message body as Plain Text" instead of "View as HTML" in Thunderbird. I saw an unresolved thread back in February about virtually the same thing. I have made no significant changes on this machine since this started. Thanks for any and all advice. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Fri Mar 18 23:55:28 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:29:07 2006 Subject: message bodies deleted? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Erik Myllymaki wrote: > The last few days, I have had a few random emails have their > HTML content *mangled* and the prime suspect is Mailscanner. Check your MailScanner.conf file and make sure you have this option set to "no" Convert HTML To Text = no You might wish to check on this setting, although that has some dangers. Convert Dangerous HTML To Text = no Also check that your "Spam Actions" is not set to "striphtml". Another group of options to check is to see if any of the following are set to "disarm". Be aware that disabling these may not be the most secure thing to do. Consider each based on what you expect to receive. Allow IFrame Tags Allow Form Tags Allow Script Tags Allow WebBugs Allow Object Codebase Tags ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rakesh at NETCORE.CO.IN Sat Mar 19 04:45:48 2005 From: rakesh at NETCORE.CO.IN (Rakesh) Date: Thu Jan 12 21:29:07 2006 Subject: 4.40.5: IPBlock 451 versus 550 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] thanks Jeff, test it on real time scenarios and suggest what would help to make things better and easier. Even I have implemented it on my live servers. Probably one thing down the line we have to do is by default maintain a list of some well known outgoing servers of yahoo or other heavy traffic outgoing servers and set them to have a greater connection limit (specify greater limits for them in IPBlock.conf). That we have to see if it would really help others. What do you think on this ? Julian please let us know your views as well. Rakesh Jeff A. Earickson wrote: > Rakesh, > Point taken. I have changed my CustomConfig.pm back to using 451 > instead of 550. I'll see if the problem returns. Hey, this is > a beta version of MailScanner and those of us who run it should > be willing to test the new features. > > Jeff Earickson > Colby College > > On Thu, 17 Mar 2005, Rakesh wrote: > >> Date: Thu, 17 Mar 2005 18:30:35 +0530 >> From: Rakesh >> Reply-To: MailScanner mailing list >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: 4.40.5: IPBlock 451 versus 550 >> >> Jeff A. Earickson wrote: >> >>> Julian, >>> >>> Just curious as to why you changed IPBlock from fatal rejections >>> to tmpfail. I've had a couple of spammers pounding on my system >>> with crap that would have ordinarily been booted by IPBlock for >>> good. Now they just keep trying. I've modified my copy of >>> CustomConfig.pm in 4.40.5 to do the 550 rejections again. >> >> >> >> my idea of suggesting Jules for 451 error instead of 550 error code was >> that, unknowingly we do not bounce back some geniune mails just because >> the sending server is sending too many mails to us. For e.g. a yahoo's >> outgoing server might be sending quite a good amount of mails to an MX >> server hosting many domains. So if we just temporarily deny from >> accepting the mail then however i am quaranteed that a good outgoing >> server would definitely try again for delivery which won't be applicable >> incase of a 550 rejection and probably some sending out an important >> mail would finally get a bounce back for no good reason. This totally >> different from the greylisting concept in which any server initiating a >> first time connections will have to compulsarily try again later. >> >> However majority spammers use hijacked machines or poor SMTP engines to >> send out spams and asking them to try again later with 451 error code >> wouldnt be of any harm as they don't bother to try again later so the >> spams doesn't come at all. However if they are using someone else's >> server which actually does retry sending the spam, then we can probably >> notify the administrator to checkout his system or atleast have 1 hour >> to block the IP on the firewall. >> >> -- >> Regards, >> Rakesh B. Pal >> Emergic CleanMail Team. >> Netcore Solutions Pvt. Ltd. >> >> ======================================================================== >> "First they ignore you. Then they laugh at you. >> Then they fight you. Then you win." >> - M. Gandhi >> ======================================================================== >> >> >> >> ---------------------------------------------------------- >> Netcore Solutions Pvt. Ltd. >> Website: http://www.netcore.co.in >> Spamtraps: http://cleanmail.netcore.co.in/directory.html >> ---------------------------------------------------------- >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- Regards, Rakesh B. Pal Emergic CleanMail Team. Netcore Solutions Pvt. Ltd. ======================================================================== "First they ignore you. Then they laugh at you. Then they fight you. Then you win." - M. Gandhi ======================================================================== ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Sat Mar 19 06:55:37 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:07 2006 Subject: SV: McAfee users... update now... Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ok, never tried that... food for the wiki. Thanks. -- Glenn -----Ursprungligt meddelande----- FrÃ¥n: MailScanner mailing list genom Tony Finch Skickat: fr 2005-03-18 18:21 Till: MAILSCANNER@JISCMAIL.AC.UK Kopia: Ã^Ämne: Re: McAfee users... update now... "Steen, Glenn" wrote: > >What it boils down to is that you need update to 4400 ASAP if you >haven't already done so (if you have a "grant number" you can easily >do this with a "product upgrade"). Or you can just download the trial version and use the license.dat from a paid-for version :-) Tony. -- f.a.n.finch http://dotat.at/ DOGGER: SOUTHWEST 5 OR 6, OCCASIONALLY 7 LATER. RAIN AT TIMES. MODERATE OR GOOD. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rakesh at NETCORE.CO.IN Sat Mar 19 08:52:28 2005 From: rakesh at NETCORE.CO.IN (Rakesh) Date: Thu Jan 12 21:29:07 2006 Subject: Spam that puts extra Subject lines in to avoid being quarantined/caught. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Duncan, Brian M. wrote: >Trying another time to mail the list about this type of Spamming. We >are starting to get allot more of these and I could not find anything in >the archives dealing with this. (I looked again) > >Far down below is the original message I sent the list. > >Basically what I am seeing is Spammers that put two subject lines into >the message. Mailscanner only tags one of them. (99% of these have been >ones that fail RBL check) We have rules setup in exchange that, then >say if message subject has xxx in it, stick it in their Suspect folder. >(Exchange is only paying attention to the LAST subject line in the >headers) > >Anyway to get sendmail/Mailscanner to either cut out multiple subject >lines, or to mark ALL of the subject lines in the headers? > >This is with mailscanner-4.35.11-1 > > I think Julian has already taken care of this issue in his latest Beta release 4.40.5 . From his change log : Multiple "Subject:" lines are removed. The 1st one is kept. Try it out. -- Regards, Rakesh B. Pal Emergic CleanMail Team. Netcore Solutions Pvt. Ltd. ======================================================================== "First they ignore you. Then they laugh at you. Then they fight you. Then you win." - M. Gandhi ======================================================================== ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jovi_2 at YAHOO.COM Sat Mar 19 09:40:27 2005 From: jovi_2 at YAHOO.COM (Sathes Nair) Date: Thu Jan 12 21:29:07 2006 Subject: Spam tag Message-ID: Hello there, I recently upgraded my clamav 8.03. After doing this I noticed that all the mails that I sent out from my server is been taged as {SPAM}. Can you please help me on this. Im running:- sendmail 8.12.10 perl 5.8.3 Mailscanner 4.29.7 OS = Solaris 8 Many thanks in advance, regards sathes __________________________________ Do you Yahoo!? Yahoo! Small Business - Try our new resources site! http://smallbusiness.yahoo.com/resources/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Sat Mar 19 10:16:02 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:29:07 2006 Subject: Spam tag Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Sathes Nair wrote: > Hello there, > > I recently upgraded my clamav 8.03. After doing this I > noticed that all the mails that I sent out from my > server is been taged as {SPAM}. Can you please help me > on this. Im running:- > > sendmail 8.12.10 > perl 5.8.3 > Mailscanner 4.29.7 > OS = Solaris 8 I can't see why Clam, 0.83 by the way, should make any difference but your MS version is pretty old by now. It may use an RBL that has gone dead. Can you post some headers from a mail please? -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From tonioli at gmail.com Sat Mar 19 10:20:07 2005 From: tonioli at gmail.com (Felipe Tonioli) Date: Thu Jan 12 21:29:07 2006 Subject: Blocking Unknow Users Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi All, Is there anyway to block unknow users ? I mean. i will build a list of all my users that i will accep mail and check for spam virus .... all other mails out of this list will be ignored, will not be received, like u can do in access for sendmail ... I want to block this mail before reach my mailserver ... like access in sendmail ... my mailscanner box makes only a gateway i dont have any local users anyway to do that ? tks in advance -- Felipe Tonioli ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Mar 19 11:44:06 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:07 2006 Subject: Multiple Patterns In Rules Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Try this, as a slightly different view of the problem: FromOrTo: user@domain.com and FromOrTo: archive@domain.com /dev/null FromOrTo: user@domain.com archive@domain.com will nearly work, but unfortunately I have set the "Archive Mail" setting to store to all matching rules, and not just the first one. Which breaks this. And yes, I know that the configuration compiler could be better, I'm just not an expert at that kind of thing. You only solution would be to edit ConfigDefs.pl and move "archivemail" from its current "All" section to the corresponding bit of "First". Sorry about that. Stephen Conway wrote: >Hello: > >We are trying to set up a rule, that will archive mail from a certain email >address, to another email address, but we don't want to send the archived >message if the message arrived from the 'Archive' address. Ex: > >FromOrTo: user@domain.com and not FromOrTo archive@domain.com >archive@domain.com > >Please just confirm the proper syntax for 'Not' or the proper method to do >what we are trying. We have look through the archives, but so far have not >found the right rule. > >Any assistance is appreciated. > >Thanks, > >Steve Conway > > >-- >Visit us at CMA Shipping 2005 >Booth # 72 >Stamford, Connecticut >March 21st thru March 23rd > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Mar 19 11:47:28 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:07 2006 Subject: 4.40.5: IPBlock 451 versus 550 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I think you've got it exactly right. I primarily intended it to throttle flooding from your own users/customers' boxes. So I would specify a low limit for your customers IP netblocks, and have a fairly high default for the rest of the world. Rakesh wrote: > thanks Jeff, > > test it on real time scenarios and suggest what would help to make > things better and easier. Even I have implemented it on my live servers. > Probably one thing down the line we have to do is by default maintain a > list of some well known outgoing servers of yahoo or other heavy traffic > outgoing servers and set them to have a greater connection limit > (specify greater limits for them in IPBlock.conf). That we have to see > if it would really help others. What do you think on this ? Julian > please let us know your views as well. > > Rakesh > > Jeff A. Earickson wrote: > >> Rakesh, >> Point taken. I have changed my CustomConfig.pm back to using 451 >> instead of 550. I'll see if the problem returns. Hey, this is >> a beta version of MailScanner and those of us who run it should >> be willing to test the new features. >> >> Jeff Earickson >> Colby College >> >> On Thu, 17 Mar 2005, Rakesh wrote: >> >>> Date: Thu, 17 Mar 2005 18:30:35 +0530 >>> From: Rakesh >>> Reply-To: MailScanner mailing list >>> To: MAILSCANNER@JISCMAIL.AC.UK >>> Subject: Re: 4.40.5: IPBlock 451 versus 550 >>> >>> Jeff A. Earickson wrote: >>> >>>> Julian, >>>> >>>> Just curious as to why you changed IPBlock from fatal rejections >>>> to tmpfail. I've had a couple of spammers pounding on my system >>>> with crap that would have ordinarily been booted by IPBlock for >>>> good. Now they just keep trying. I've modified my copy of >>>> CustomConfig.pm in 4.40.5 to do the 550 rejections again. >>> >>> >>> >>> >>> my idea of suggesting Jules for 451 error instead of 550 error code was >>> that, unknowingly we do not bounce back some geniune mails just because >>> the sending server is sending too many mails to us. For e.g. a yahoo's >>> outgoing server might be sending quite a good amount of mails to an MX >>> server hosting many domains. So if we just temporarily deny from >>> accepting the mail then however i am quaranteed that a good outgoing >>> server would definitely try again for delivery which won't be >>> applicable >>> incase of a 550 rejection and probably some sending out an important >>> mail would finally get a bounce back for no good reason. This totally >>> different from the greylisting concept in which any server initiating a >>> first time connections will have to compulsarily try again later. >>> >>> However majority spammers use hijacked machines or poor SMTP engines to >>> send out spams and asking them to try again later with 451 error code >>> wouldnt be of any harm as they don't bother to try again later so the >>> spams doesn't come at all. However if they are using someone else's >>> server which actually does retry sending the spam, then we can probably >>> notify the administrator to checkout his system or atleast have 1 hour >>> to block the IP on the firewall. >>> >>> -- >>> Regards, >>> Rakesh B. Pal >>> Emergic CleanMail Team. >>> Netcore Solutions Pvt. Ltd. >>> >>> ======================================================================== >>> >>> "First they ignore you. Then they laugh at you. >>> Then they fight you. Then you win." >>> - M. Gandhi >>> ======================================================================== >>> >>> >>> >>> >>> ---------------------------------------------------------- >>> Netcore Solutions Pvt. Ltd. >>> Website: http://www.netcore.co.in >>> Spamtraps: http://cleanmail.netcore.co.in/directory.html >>> ---------------------------------------------------------- >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > > > -- > Regards, > Rakesh B. Pal > Emergic CleanMail Team. > Netcore Solutions Pvt. Ltd. > > ======================================================================== > "First they ignore you. Then they laugh at you. > Then they fight you. Then you win." > - M. Gandhi > ======================================================================== > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rakesh at NETCORE.CO.IN Sat Mar 19 11:52:34 2005 From: rakesh at NETCORE.CO.IN (Rakesh) Date: Thu Jan 12 21:29:07 2006 Subject: Blocking Unknow Users Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Felipe Tonioli wrote: >Hi All, > >Is there anyway to block unknow users ? I mean. i will build a list of >all my users that i will accep mail and check for spam virus .... all >other mails out of this list will be ignored, will not be received, >like u can do in access for sendmail ... > >I want to block this mail before reach my mailserver ... like access >in sendmail ... > >my mailscanner box makes only a gateway i dont have any local users > >anyway to do that ? > >tks in advance > > > I have done this at the MTA level itself for a virtual domain setup service hosting multiple domains and no local accounts. I explicitly list the users for whom i want to accept the mails for rest I reject blah@foo.com OK foo.com REJECT that accepts mails only for foo.com and rejects others. Then the MTA queues the mails. MailScanner processes it and requeues, MTA then relays it to other Mailserver where the actual mailbox is located. -- Regards, Rakesh B. Pal Emergic CleanMail Team. Netcore Solutions Pvt. Ltd. ======================================================================== "First they ignore you. Then they laugh at you. Then they fight you. Then you win." - M. Gandhi ======================================================================== ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at mckerrs.net Sat Mar 19 11:44:21 2005 From: mailscanner at mckerrs.net (Brian) Date: Thu Jan 12 21:29:07 2006 Subject: Blocking Unknow Users Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Felipe Tonioli wrote: >Hi All, > >Is there anyway to block unknow users ? I mean. i will build a list of >all my users that i will accep mail and check for spam virus .... all >other mails out of this list will be ignored, will not be received, >like u can do in access for sendmail ... > >I want to block this mail before reach my mailserver ... like access >in sendmail ... > >my mailscanner box makes only a gateway i dont have any local users > >anyway to do that ? > >tks in advance > >-- >Felipe Tonioli > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > This is normally done at the MTA level. Which MTA are you using ? It can be done easily on sendmail and postfix (the limits of my knowledge) and can probably be done on other MTAs too. Brian. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Sat Mar 19 12:55:46 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:29:07 2006 Subject: 4.40.5: IPBlock 451 versus 550 Message-ID: Y'all, My IPBlock ruleset for the outside world is almost identical to what is posted on the FAQ: http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/239.html The numbers there are tuned to my site, YMMV. My internal rules vary from subnet to subnet (dorms vs offices). IPBlock has always been more useful for blocking foreign spam sites, eg Asia/Pacific spammers, than it has been in throttling runaway machines on-campus. I get a daily report (small) of numbers that got IPBlocked. I investigate. Nearly always spammers. Yesterday I implemented the conncontrol and ratecontrol FEATURES of sendmail, so this issue should be more handled upstream by the MTA. Jeff Earickson Colby College On Sat, 19 Mar 2005, Julian Field wrote: > Date: Sat, 19 Mar 2005 11:47:28 +0000 > From: Julian Field > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: 4.40.5: IPBlock 451 versus 550 > > I think you've got it exactly right. I primarily intended it to throttle > flooding from your own users/customers' boxes. So I would specify a low > limit for your customers IP netblocks, and have a fairly high default > for the rest of the world. > > Rakesh wrote: > >> thanks Jeff, >> >> test it on real time scenarios and suggest what would help to make >> things better and easier. Even I have implemented it on my live servers. >> Probably one thing down the line we have to do is by default maintain a >> list of some well known outgoing servers of yahoo or other heavy traffic >> outgoing servers and set them to have a greater connection limit >> (specify greater limits for them in IPBlock.conf). That we have to see >> if it would really help others. What do you think on this ? Julian >> please let us know your views as well. >> >> Rakesh >> >> Jeff A. Earickson wrote: >> >>> Rakesh, >>> Point taken. I have changed my CustomConfig.pm back to using 451 >>> instead of 550. I'll see if the problem returns. Hey, this is >>> a beta version of MailScanner and those of us who run it should >>> be willing to test the new features. >>> >>> Jeff Earickson >>> Colby College >>> >>> On Thu, 17 Mar 2005, Rakesh wrote: >>> >>>> Date: Thu, 17 Mar 2005 18:30:35 +0530 >>>> From: Rakesh >>>> Reply-To: MailScanner mailing list >>>> To: MAILSCANNER@JISCMAIL.AC.UK >>>> Subject: Re: 4.40.5: IPBlock 451 versus 550 >>>> >>>> Jeff A. Earickson wrote: >>>> >>>>> Julian, >>>>> >>>>> Just curious as to why you changed IPBlock from fatal rejections >>>>> to tmpfail. I've had a couple of spammers pounding on my system >>>>> with crap that would have ordinarily been booted by IPBlock for >>>>> good. Now they just keep trying. I've modified my copy of >>>>> CustomConfig.pm in 4.40.5 to do the 550 rejections again. >>>> >>>> >>>> >>>> >>>> my idea of suggesting Jules for 451 error instead of 550 error code was >>>> that, unknowingly we do not bounce back some geniune mails just because >>>> the sending server is sending too many mails to us. For e.g. a yahoo's >>>> outgoing server might be sending quite a good amount of mails to an MX >>>> server hosting many domains. So if we just temporarily deny from >>>> accepting the mail then however i am quaranteed that a good outgoing >>>> server would definitely try again for delivery which won't be >>>> applicable >>>> incase of a 550 rejection and probably some sending out an important >>>> mail would finally get a bounce back for no good reason. This totally >>>> different from the greylisting concept in which any server initiating a >>>> first time connections will have to compulsarily try again later. >>>> >>>> However majority spammers use hijacked machines or poor SMTP engines to >>>> send out spams and asking them to try again later with 451 error code >>>> wouldnt be of any harm as they don't bother to try again later so the >>>> spams doesn't come at all. However if they are using someone else's >>>> server which actually does retry sending the spam, then we can probably >>>> notify the administrator to checkout his system or atleast have 1 hour >>>> to block the IP on the firewall. >>>> >>>> -- >>>> Regards, >>>> Rakesh B. Pal >>>> Emergic CleanMail Team. >>>> Netcore Solutions Pvt. Ltd. >>>> >>>> ======================================================================== >>>> >>>> "First they ignore you. Then they laugh at you. >>>> Then they fight you. Then you win." >>>> - M. Gandhi >>>> ======================================================================== >>>> >>>> >>>> >>>> >>>> ---------------------------------------------------------- >>>> Netcore Solutions Pvt. Ltd. >>>> Website: http://www.netcore.co.in >>>> Spamtraps: http://cleanmail.netcore.co.in/directory.html >>>> ---------------------------------------------------------- >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >> >> >> >> >> -- >> Regards, >> Rakesh B. Pal >> Emergic CleanMail Team. >> Netcore Solutions Pvt. Ltd. >> >> ======================================================================== >> "First they ignore you. Then they laugh at you. >> Then they fight you. Then you win." >> - M. Gandhi >> ======================================================================== >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Sat Mar 19 13:48:46 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:29:07 2006 Subject: 4.40.5: IPBlock 451 versus 550 Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Jeff A. Earickson > Sent: Saturday, March 19, 2005 7:56 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: 4.40.5: IPBlock 451 versus 550 > > Y'all, > > My IPBlock ruleset for the outside world is almost identical to what is > posted on the FAQ: > http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/239.html > > The numbers there are tuned to my site, YMMV. My internal rules vary > from subnet to subnet (dorms vs offices). IPBlock has always been more > useful for blocking foreign spam sites, eg Asia/Pacific spammers, than > it has been in throttling runaway machines on-campus. > > I get a daily report (small) of numbers that got IPBlocked. I > investigate. > Nearly always spammers. > > Yesterday I implemented the conncontrol and ratecontrol FEATURES of > sendmail, so this issue should be more handled upstream by the MTA. > > Jeff Earickson > Colby College > Jeff makes a very interesting point. A nice explanation of how sendmail 8.13 can be configured to help stop attacks on e-mail servers, including (but not limited to) denial-of-service (DoS) attacks, distributed denial-of-service (DDoS) attacks, Joe Jobs, dictionary attacks, slamming, and other assorted nuisances can be found at: http://www.technoids.org/dossed.html It would be interesting to hear what settings people are using in these new connection control and rate control features of sendmail 8.13 of sendmail. Steve Steve Swaney President Fortress Systems Ltd. www.fsl.com steve.swaney@fsl.com > On Sat, 19 Mar 2005, Julian Field wrote: > > > Date: Sat, 19 Mar 2005 11:47:28 +0000 > > From: Julian Field > > Reply-To: MailScanner mailing list > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: 4.40.5: IPBlock 451 versus 550 > > > > I think you've got it exactly right. I primarily intended it to throttle > > flooding from your own users/customers' boxes. So I would specify a low > > limit for your customers IP netblocks, and have a fairly high default > > for the rest of the world. > > > > Rakesh wrote: > > > >> thanks Jeff, > >> > >> test it on real time scenarios and suggest what would help to make > >> things better and easier. Even I have implemented it on my live > servers. > >> Probably one thing down the line we have to do is by default maintain a > >> list of some well known outgoing servers of yahoo or other heavy > traffic > >> outgoing servers and set them to have a greater connection limit > >> (specify greater limits for them in IPBlock.conf). That we have to see > >> if it would really help others. What do you think on this ? Julian > >> please let us know your views as well. > >> > >> Rakesh > >> > >> Jeff A. Earickson wrote: > >> > >>> Rakesh, > >>> Point taken. I have changed my CustomConfig.pm back to using 451 > >>> instead of 550. I'll see if the problem returns. Hey, this is > >>> a beta version of MailScanner and those of us who run it should > >>> be willing to test the new features. > >>> > >>> Jeff Earickson > >>> Colby College > >>> > >>> On Thu, 17 Mar 2005, Rakesh wrote: > >>> > >>>> Date: Thu, 17 Mar 2005 18:30:35 +0530 > >>>> From: Rakesh > >>>> Reply-To: MailScanner mailing list > >>>> To: MAILSCANNER@JISCMAIL.AC.UK > >>>> Subject: Re: 4.40.5: IPBlock 451 versus 550 > >>>> > >>>> Jeff A. Earickson wrote: > >>>> > >>>>> Julian, > >>>>> > >>>>> Just curious as to why you changed IPBlock from fatal rejections > >>>>> to tmpfail. I've had a couple of spammers pounding on my system > >>>>> with crap that would have ordinarily been booted by IPBlock for > >>>>> good. Now they just keep trying. I've modified my copy of > >>>>> CustomConfig.pm in 4.40.5 to do the 550 rejections again. > >>>> > >>>> > >>>> > >>>> > >>>> my idea of suggesting Jules for 451 error instead of 550 error code > was > >>>> that, unknowingly we do not bounce back some geniune mails just > because > >>>> the sending server is sending too many mails to us. For e.g. a > yahoo's > >>>> outgoing server might be sending quite a good amount of mails to an > MX > >>>> server hosting many domains. So if we just temporarily deny from > >>>> accepting the mail then however i am quaranteed that a good outgoing > >>>> server would definitely try again for delivery which won't be > >>>> applicable > >>>> incase of a 550 rejection and probably some sending out an important > >>>> mail would finally get a bounce back for no good reason. This totally > >>>> different from the greylisting concept in which any server initiating > a > >>>> first time connections will have to compulsarily try again later. > >>>> > >>>> However majority spammers use hijacked machines or poor SMTP engines > to > >>>> send out spams and asking them to try again later with 451 error code > >>>> wouldnt be of any harm as they don't bother to try again later so the > >>>> spams doesn't come at all. However if they are using someone else's > >>>> server which actually does retry sending the spam, then we can > probably > >>>> notify the administrator to checkout his system or atleast have 1 > hour > >>>> to block the IP on the firewall. > >>>> > >>>> -- > >>>> Regards, > >>>> Rakesh B. Pal > >>>> Emergic CleanMail Team. > >>>> Netcore Solutions Pvt. Ltd. > >>>> > >>>> > ======================================================================== > >>>> > >>>> "First they ignore you. Then they laugh at you. > >>>> Then they fight you. Then you win." > >>>> - M. Gandhi > >>>> > ======================================================================== > >>>> > >>>> > >>>> > >>>> > >>>> ---------------------------------------------------------- > >>>> Netcore Solutions Pvt. Ltd. > >>>> Website: http://www.netcore.co.in > >>>> Spamtraps: http://cleanmail.netcore.co.in/directory.html > >>>> ---------------------------------------------------------- > >>>> > >>>> ------------------------ MailScanner list ------------------------ > >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>>> 'leave mailscanner' in the body of the email. > >>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >>>> > >>>> Support MailScanner development - buy the book off the website! > >>>> > >>> > >>> ------------------------ MailScanner list ------------------------ > >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>> 'leave mailscanner' in the body of the email. > >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >>> > >>> Support MailScanner development - buy the book off the website! > >> > >> > >> > >> > >> -- > >> Regards, > >> Rakesh B. Pal > >> Emergic CleanMail Team. > >> Netcore Solutions Pvt. Ltd. > >> > >> > ======================================================================== > >> "First they ignore you. Then they laugh at you. > >> Then they fight you. Then you win." > >> - M. Gandhi > >> > ======================================================================== > >> > >> ------------------------ MailScanner list ------------------------ > >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >> 'leave mailscanner' in the body of the email. > >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> > >> Support MailScanner development - buy the book off the website! > >> > > > > -- > > Julian Field > > www.MailScanner.info > > Buy the MailScanner book at www.MailScanner.info/store > > Professional Support Services at www.MailScanner.biz > > MailScanner thanks transtec Computers for their support > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From danielk at AVALONPUB.COM Sun Mar 20 09:16:39 2005 From: danielk at AVALONPUB.COM (Daniel Kleinsinger) Date: Thu Jan 12 21:29:07 2006 Subject: message bodies deleted? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Erik Myllymaki wrote: > The last few days, I have had a few random emails have their > HTML content *mangled* and the prime suspect is Mailscanner. Do you have the phishing detection enabled? Daniel ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Sun Mar 20 13:40:16 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:29:07 2006 Subject: 4.40.5: IPBlock 451 versus 550 Message-ID: That's the google article that I stumbled across, which got me to add conncontrol and ratecontrol to my setup. A good read. Jeff On Sat, 19 Mar 2005, Stephen Swaney wrote: > Date: Sat, 19 Mar 2005 08:48:46 -0500 > From: Stephen Swaney > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: 4.40.5: IPBlock 451 versus 550 > >> -----Original Message----- >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >> Behalf Of Jeff A. Earickson >> Sent: Saturday, March 19, 2005 7:56 AM >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: 4.40.5: IPBlock 451 versus 550 >> >> Y'all, >> >> My IPBlock ruleset for the outside world is almost identical to what is >> posted on the FAQ: >> http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/239.html >> >> The numbers there are tuned to my site, YMMV. My internal rules vary >> from subnet to subnet (dorms vs offices). IPBlock has always been more >> useful for blocking foreign spam sites, eg Asia/Pacific spammers, than >> it has been in throttling runaway machines on-campus. >> >> I get a daily report (small) of numbers that got IPBlocked. I >> investigate. >> Nearly always spammers. >> >> Yesterday I implemented the conncontrol and ratecontrol FEATURES of >> sendmail, so this issue should be more handled upstream by the MTA. >> >> Jeff Earickson >> Colby College >> > > Jeff makes a very interesting point. A nice explanation of how sendmail 8.13 > can be configured to help stop attacks on e-mail servers, including (but not > limited to) denial-of-service (DoS) attacks, distributed denial-of-service > (DDoS) attacks, Joe Jobs, dictionary attacks, slamming, and other assorted > nuisances can be found at: > > http://www.technoids.org/dossed.html > > It would be interesting to hear what settings people are using in these new > connection control and rate control features of sendmail 8.13 of sendmail. > > Steve > > Steve Swaney > President > Fortress Systems Ltd. > www.fsl.com > steve.swaney@fsl.com > >> On Sat, 19 Mar 2005, Julian Field wrote: >> >>> Date: Sat, 19 Mar 2005 11:47:28 +0000 >>> From: Julian Field >>> Reply-To: MailScanner mailing list >>> To: MAILSCANNER@JISCMAIL.AC.UK >>> Subject: Re: 4.40.5: IPBlock 451 versus 550 >>> >>> I think you've got it exactly right. I primarily intended it to throttle >>> flooding from your own users/customers' boxes. So I would specify a low >>> limit for your customers IP netblocks, and have a fairly high default >>> for the rest of the world. >>> >>> Rakesh wrote: >>> >>>> thanks Jeff, >>>> >>>> test it on real time scenarios and suggest what would help to make >>>> things better and easier. Even I have implemented it on my live >> servers. >>>> Probably one thing down the line we have to do is by default maintain a >>>> list of some well known outgoing servers of yahoo or other heavy >> traffic >>>> outgoing servers and set them to have a greater connection limit >>>> (specify greater limits for them in IPBlock.conf). That we have to see >>>> if it would really help others. What do you think on this ? Julian >>>> please let us know your views as well. >>>> >>>> Rakesh >>>> >>>> Jeff A. Earickson wrote: >>>> >>>>> Rakesh, >>>>> Point taken. I have changed my CustomConfig.pm back to using 451 >>>>> instead of 550. I'll see if the problem returns. Hey, this is >>>>> a beta version of MailScanner and those of us who run it should >>>>> be willing to test the new features. >>>>> >>>>> Jeff Earickson >>>>> Colby College >>>>> >>>>> On Thu, 17 Mar 2005, Rakesh wrote: >>>>> >>>>>> Date: Thu, 17 Mar 2005 18:30:35 +0530 >>>>>> From: Rakesh >>>>>> Reply-To: MailScanner mailing list >>>>>> To: MAILSCANNER@JISCMAIL.AC.UK >>>>>> Subject: Re: 4.40.5: IPBlock 451 versus 550 >>>>>> >>>>>> Jeff A. Earickson wrote: >>>>>> >>>>>>> Julian, >>>>>>> >>>>>>> Just curious as to why you changed IPBlock from fatal rejections >>>>>>> to tmpfail. I've had a couple of spammers pounding on my system >>>>>>> with crap that would have ordinarily been booted by IPBlock for >>>>>>> good. Now they just keep trying. I've modified my copy of >>>>>>> CustomConfig.pm in 4.40.5 to do the 550 rejections again. >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> my idea of suggesting Jules for 451 error instead of 550 error code >> was >>>>>> that, unknowingly we do not bounce back some geniune mails just >> because >>>>>> the sending server is sending too many mails to us. For e.g. a >> yahoo's >>>>>> outgoing server might be sending quite a good amount of mails to an >> MX >>>>>> server hosting many domains. So if we just temporarily deny from >>>>>> accepting the mail then however i am quaranteed that a good outgoing >>>>>> server would definitely try again for delivery which won't be >>>>>> applicable >>>>>> incase of a 550 rejection and probably some sending out an important >>>>>> mail would finally get a bounce back for no good reason. This totally >>>>>> different from the greylisting concept in which any server initiating >> a >>>>>> first time connections will have to compulsarily try again later. >>>>>> >>>>>> However majority spammers use hijacked machines or poor SMTP engines >> to >>>>>> send out spams and asking them to try again later with 451 error code >>>>>> wouldnt be of any harm as they don't bother to try again later so the >>>>>> spams doesn't come at all. However if they are using someone else's >>>>>> server which actually does retry sending the spam, then we can >> probably >>>>>> notify the administrator to checkout his system or atleast have 1 >> hour >>>>>> to block the IP on the firewall. >>>>>> >>>>>> -- >>>>>> Regards, >>>>>> Rakesh B. Pal >>>>>> Emergic CleanMail Team. >>>>>> Netcore Solutions Pvt. Ltd. >>>>>> >>>>>> >> ======================================================================== >>>>>> >>>>>> "First they ignore you. Then they laugh at you. >>>>>> Then they fight you. Then you win." >>>>>> - M. Gandhi >>>>>> >> ======================================================================== >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> ---------------------------------------------------------- >>>>>> Netcore Solutions Pvt. Ltd. >>>>>> Website: http://www.netcore.co.in >>>>>> Spamtraps: http://cleanmail.netcore.co.in/directory.html >>>>>> ---------------------------------------------------------- >>>>>> >>>>>> ------------------------ MailScanner list ------------------------ >>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>> 'leave mailscanner' in the body of the email. >>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>> >>>>>> Support MailScanner development - buy the book off the website! >>>>>> >>>>> >>>>> ------------------------ MailScanner list ------------------------ >>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>> 'leave mailscanner' in the body of the email. >>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>>> >>>> >>>> -- >>>> Regards, >>>> Rakesh B. Pal >>>> Emergic CleanMail Team. >>>> Netcore Solutions Pvt. Ltd. >>>> >>>> >> ======================================================================== >>>> "First they ignore you. Then they laugh at you. >>>> Then they fight you. Then you win." >>>> - M. Gandhi >>>> >> ======================================================================== >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>> >>> -- >>> Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> Professional Support Services at www.MailScanner.biz >>> MailScanner thanks transtec Computers for their support >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun Mar 20 13:48:03 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:07 2006 Subject: Beta release 4.40.6 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have just released 4.40.6 to clear up most of the remaining issues from last weekend. It has been quite a busy month this time. I am away most of the time till the start of April, so not much more development work will happen between now and then. Download as usual from www.mailscanner.info. Here is the full Change Log for this release: * New Features and Improvements * - The "clamavmodule" scanner cannot unpack archives of RAR version 3. 2 new configuration settings allow you to unpack the latest RAR archives for testing by the "clamavmodule" scanner. It also enables the contents of the RAR archive to be checked for illegal filenames and filetypes, and also to see if they are password-protected. Unrar Command = /usr/bin/unrar Unrar Timeout = 50 - "Allow Password-protected Archives" can now be a ruleset when using the clamavmodule virus scanner. - Multiple "Subject:" lines are removed. The 1st one is kept. - If the "Unrar Command" is defined and points to an executable program, it will automatically be used by the "clamav" scanner. No -wrapper tweaking is needed to do this any more. - You can now use shell environment variables such as $HOSTNAME or ${HOSTNAME} in MailScanner.conf and its relatives. - More improvements to the phishing net. - More additions to the starter phishing.safe.sites.conf file. - Removed my spam.assassin.prefs.conf file in favour of the one from www.fsl.com, with just enough changes to produce an identical file layout to my previous versions. - Re-enabled ALL_TRUSTED rule after comments from Matt Kettler. Thanks! - Added long comment about ALL_TRUSTED rule, many thanks to Matt Kettler. - Improved screen behaviour of RPM-based init.d script. - Greatly improved RAR archive handler, thanks to Rick Cooper. - Changed IPBlock DSN to 550 and made it easily configurable. Look for "$FailCode" in the CustomConfig.pm code and the IPBlock cron job. - Changed the "Envelope-From" and "Envelope-To" headers to include your organisation's name. - Made date and time stamps consistent across whole system. * Fixes * - Fixed problem with missing Attachment-Warning when encountering a virus that is both silent and non-forging. - Improved output format of Sender warning, and removed duplicate lines. - In IPBlock facility, changed MTA dsn to 451 to temporarily refuse the connections, rather than the total block it used to do. - Removed erroneous log output from SpamAssassin bayes-rebuilder. - Postfix problem fixes. - Fixed SpamAssassin Bayes database rebuild timeout problem. - Fixed Exim problem with removing multiple "Subject:" headers. - Fixed Postfix problem with removing multiple "Subject:" headers. - Fixed problems in new Unrar code when renaming files in archives. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Sun Mar 20 15:14:38 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:29:07 2006 Subject: 4.40.5: IPBlock 451 versus 550 Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Jeff A. Earickson > Sent: Sunday, March 20, 2005 8:40 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: 4.40.5: IPBlock 451 versus 550 > > That's the google article that I stumbled across, which got me to > add conncontrol and ratecontrol to my setup. A good read. Jeff > Thanks Jeff. I'm running all of the configurations suggested in the article on a test server that gets little real mail. Almost 3,000 rejections in less than 24 hours with what I believe are fairly conservative values. The typical rejection: Mar 20 10:00:56 mta70 sendmail[778]: j2KF0ZYL000778: rejecting commands from ALille-201-1-1-174.w193-251.abo.wanadoo.fr [193.251.0.174] due to pre-greeting traffic I've pretty carefully screened all of these notices and nothing looks like real email. They appear to be mostly foreign, zombies, dial-ups or systems with bad or missing DNS records. Steve Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com > On Sat, 19 Mar 2005, Stephen Swaney wrote: > > > Date: Sat, 19 Mar 2005 08:48:46 -0500 > > From: Stephen Swaney > > Reply-To: MailScanner mailing list > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: 4.40.5: IPBlock 451 versus 550 > > > >> -----Original Message----- > >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > >> Behalf Of Jeff A. Earickson > >> Sent: Saturday, March 19, 2005 7:56 AM > >> To: MAILSCANNER@JISCMAIL.AC.UK > >> Subject: Re: 4.40.5: IPBlock 451 versus 550 > >> > >> Y'all, > >> > >> My IPBlock ruleset for the outside world is almost identical to what is > >> posted on the FAQ: > >> http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/239.html > >> > >> The numbers there are tuned to my site, YMMV. My internal rules vary > >> from subnet to subnet (dorms vs offices). IPBlock has always been more > >> useful for blocking foreign spam sites, eg Asia/Pacific spammers, than > >> it has been in throttling runaway machines on-campus. > >> > >> I get a daily report (small) of numbers that got IPBlocked. I > >> investigate. > >> Nearly always spammers. > >> > >> Yesterday I implemented the conncontrol and ratecontrol FEATURES of > >> sendmail, so this issue should be more handled upstream by the MTA. > >> > >> Jeff Earickson > >> Colby College > >> > > > > Jeff makes a very interesting point. A nice explanation of how sendmail > 8.13 > > can be configured to help stop attacks on e-mail servers, including (but > not > > limited to) denial-of-service (DoS) attacks, distributed denial-of- > service > > (DDoS) attacks, Joe Jobs, dictionary attacks, slamming, and other > assorted > > nuisances can be found at: > > > > http://www.technoids.org/dossed.html > > > > It would be interesting to hear what settings people are using in these > new > > connection control and rate control features of sendmail 8.13 of > sendmail. > > > > Steve > > > > Steve Swaney > > President > > Fortress Systems Ltd. > > www.fsl.com > > steve.swaney@fsl.com > > > >> On Sat, 19 Mar 2005, Julian Field wrote: > >> > >>> Date: Sat, 19 Mar 2005 11:47:28 +0000 > >>> From: Julian Field > >>> Reply-To: MailScanner mailing list > >>> To: MAILSCANNER@JISCMAIL.AC.UK > >>> Subject: Re: 4.40.5: IPBlock 451 versus 550 > >>> > >>> I think you've got it exactly right. I primarily intended it to > throttle > >>> flooding from your own users/customers' boxes. So I would specify a > low > >>> limit for your customers IP netblocks, and have a fairly high default > >>> for the rest of the world. > >>> > >>> Rakesh wrote: > >>> > >>>> thanks Jeff, > >>>> > >>>> test it on real time scenarios and suggest what would help to make > >>>> things better and easier. Even I have implemented it on my live > >> servers. > >>>> Probably one thing down the line we have to do is by default maintain > a > >>>> list of some well known outgoing servers of yahoo or other heavy > >> traffic > >>>> outgoing servers and set them to have a greater connection limit > >>>> (specify greater limits for them in IPBlock.conf). That we have to > see > >>>> if it would really help others. What do you think on this ? Julian > >>>> please let us know your views as well. > >>>> > >>>> Rakesh > >>>> > >>>> Jeff A. Earickson wrote: > >>>> > >>>>> Rakesh, > >>>>> Point taken. I have changed my CustomConfig.pm back to using 451 > >>>>> instead of 550. I'll see if the problem returns. Hey, this is > >>>>> a beta version of MailScanner and those of us who run it should > >>>>> be willing to test the new features. > >>>>> > >>>>> Jeff Earickson > >>>>> Colby College > >>>>> > >>>>> On Thu, 17 Mar 2005, Rakesh wrote: > >>>>> > >>>>>> Date: Thu, 17 Mar 2005 18:30:35 +0530 > >>>>>> From: Rakesh > >>>>>> Reply-To: MailScanner mailing list > >>>>>> To: MAILSCANNER@JISCMAIL.AC.UK > >>>>>> Subject: Re: 4.40.5: IPBlock 451 versus 550 > >>>>>> > >>>>>> Jeff A. Earickson wrote: > >>>>>> > >>>>>>> Julian, > >>>>>>> > >>>>>>> Just curious as to why you changed IPBlock from fatal rejections > >>>>>>> to tmpfail. I've had a couple of spammers pounding on my system > >>>>>>> with crap that would have ordinarily been booted by IPBlock for > >>>>>>> good. Now they just keep trying. I've modified my copy of > >>>>>>> CustomConfig.pm in 4.40.5 to do the 550 rejections again. > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> my idea of suggesting Jules for 451 error instead of 550 error code > >> was > >>>>>> that, unknowingly we do not bounce back some geniune mails just > >> because > >>>>>> the sending server is sending too many mails to us. For e.g. a > >> yahoo's > >>>>>> outgoing server might be sending quite a good amount of mails to an > >> MX > >>>>>> server hosting many domains. So if we just temporarily deny from > >>>>>> accepting the mail then however i am quaranteed that a good > outgoing > >>>>>> server would definitely try again for delivery which won't be > >>>>>> applicable > >>>>>> incase of a 550 rejection and probably some sending out an > important > >>>>>> mail would finally get a bounce back for no good reason. This > totally > >>>>>> different from the greylisting concept in which any server > initiating > >> a > >>>>>> first time connections will have to compulsarily try again later. > >>>>>> > >>>>>> However majority spammers use hijacked machines or poor SMTP > engines > >> to > >>>>>> send out spams and asking them to try again later with 451 error > code > >>>>>> wouldnt be of any harm as they don't bother to try again later so > the > >>>>>> spams doesn't come at all. However if they are using someone else's > >>>>>> server which actually does retry sending the spam, then we can > >> probably > >>>>>> notify the administrator to checkout his system or atleast have 1 > >> hour > >>>>>> to block the IP on the firewall. > >>>>>> > >>>>>> -- > >>>>>> Regards, > >>>>>> Rakesh B. Pal > >>>>>> Emergic CleanMail Team. > >>>>>> Netcore Solutions Pvt. Ltd. > >>>>>> > >>>>>> > >> > ======================================================================== > >>>>>> > >>>>>> "First they ignore you. Then they laugh at you. > >>>>>> Then they fight you. Then you win." > >>>>>> - M. Gandhi > >>>>>> > >> > ======================================================================== > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> ---------------------------------------------------------- > >>>>>> Netcore Solutions Pvt. Ltd. > >>>>>> Website: http://www.netcore.co.in > >>>>>> Spamtraps: http://cleanmail.netcore.co.in/directory.html > >>>>>> ---------------------------------------------------------- > >>>>>> > >>>>>> ------------------------ MailScanner list ------------------------ > >>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>>>>> 'leave mailscanner' in the body of the email. > >>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >>>>>> > >>>>>> Support MailScanner development - buy the book off the website! > >>>>>> > >>>>> > >>>>> ------------------------ MailScanner list ------------------------ > >>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>>>> 'leave mailscanner' in the body of the email. > >>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >>>>> > >>>>> Support MailScanner development - buy the book off the website! > >>>> > >>>> > >>>> > >>>> > >>>> -- > >>>> Regards, > >>>> Rakesh B. Pal > >>>> Emergic CleanMail Team. > >>>> Netcore Solutions Pvt. Ltd. > >>>> > >>>> > >> > ======================================================================== > >>>> "First they ignore you. Then they laugh at you. > >>>> Then they fight you. Then you win." > >>>> - M. Gandhi > >>>> > >> > ======================================================================== > >>>> > >>>> ------------------------ MailScanner list ------------------------ > >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>>> 'leave mailscanner' in the body of the email. > >>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >>>> > >>>> Support MailScanner development - buy the book off the website! > >>>> > >>> > >>> -- > >>> Julian Field > >>> www.MailScanner.info > >>> Buy the MailScanner book at www.MailScanner.info/store > >>> Professional Support Services at www.MailScanner.biz > >>> MailScanner thanks transtec Computers for their support > >>> > >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >>> > >>> ------------------------ MailScanner list ------------------------ > >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>> 'leave mailscanner' in the body of the email. > >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >>> > >>> Support MailScanner development - buy the book off the website! > >>> > >> > >> ------------------------ MailScanner list ------------------------ > >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >> 'leave mailscanner' in the body of the email. > >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> > >> Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Mon Mar 21 02:03:08 2005 From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:29:07 2006 Subject: Phishing net FP Message-ID: Using MailScanner latest unstable http://www.informit.com/guides/guide.asp?g=dotnet ".NET Reference Guide" Was picked up as being a phishing attack. Modified source code of HTML email is below:

MailScanner has detected a possible fraud attempt from "www.informit.com" claiming to be .NET Reference Guide
Finishing up last week's comparison of Java and .NET, Jim Mischel tackles MailScanner has detected a possible fraud attempt from "www.informit.com" claiming to be JavaBeans, J2EE, and their .NET counterparts.

More Articles in Programming

The only explanation I can think of is that the phishing code cannot recognise a reference to .NET as being to the software as opposed to a TLD Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location & domains http://www.blacknight.ie/ Tel. +353 59 9137101 Fax. +353 59 9146970 http://www.blacknight.ie/specialoffers.html ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Mon Mar 21 02:10:46 2005 From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:29:07 2006 Subject: Phishing net FP Message-ID: > The only explanation I can think of is that the phishing code > cannot recognise a reference to .NET as being to the software > as opposed to a TLD Replying to myself :) I just sent a myself a HTML email with a link to an article on ASP.net and it was triggered Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location & domains http://www.blacknight.ie/ Tel. +353 59 9137101 Fax. +353 59 9146970 http://www.blacknight.ie/specialoffers.html ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Mar 21 08:19:11 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:07 2006 Subject: Phishing net FP Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Unfortunately there is no way to distinguish ".net" from ".net" :-) I suggest you add www.informit.com to your phishing.safe.sites.conf file. Michele Neylon :: Blacknight Solutions wrote: >>The only explanation I can think of is that the phishing code >>cannot recognise a reference to .NET as being to the software >>as opposed to a TLD >> >> > >Replying to myself :) > >I just sent a myself a HTML email with a link to an article on ASP.net and >it was triggered > > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at AP1.SE Mon Mar 21 13:44:32 2005 From: glenn.steen at AP1.SE (Glenn Steen) Date: Thu Jan 12 21:29:07 2006 Subject: No subject Message-ID: ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Mon Mar 21 13:48:38 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:07 2006 Subject: No subject Message-ID: Ooops, sorry for this one... It was so quiet I thought there might be some problems with the list again. Aparantly not:-). -- Glenn > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Steen, Glenn > Sent: den 21 mars 2005 14:45 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From brian.duncan at KMZR.COM Mon Mar 21 13:58:28 2005 From: brian.duncan at KMZR.COM (Duncan, Brian M.) Date: Thu Jan 12 21:29:07 2006 Subject: Spam that puts extra Subject lines in to avoid being quarantined/caught. Message-ID: Thanks much! I will wait till the next stable release then. Glad to know it's been addressed. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Stef Morrell Sent: Friday, March 18, 2005 7:21 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Spam that puts extra Subject lines in to avoid being quarantined/caught. This is taken care of in the new beta, 4.40.5 From Danny_Beland at PCH.GC.CA Mon Mar 21 16:08:57 2005 From: Danny_Beland at PCH.GC.CA (Danny Beland) Date: Thu Jan 12 21:29:08 2006 Subject: Emails get stuck in the incoming queue (mqueue.in) Message-ID: We are running MailScanner 4.38.10 with spamassassin 3.0.2, clamav and mcafee. Our problem is that emails get stuck in the incoming queue causing MailScanner to get those files over and over again. We closed the incoming queue and MailScanner loops. Maybe I forgot a setting somewhere. We installed MS, SA and ClamAV from the RPMs provided by the MailScanner website. I stopped the incoming queue so that no new emails are coming in. This is the content of the mqueue.in and mqueue folders: hound2:/var/log/loop # ls -la mqueue total 85 drwx------ 3 root root 528 Mar 11 09:20 . drwx------ 4 root root 128 Mar 11 09:20 .. drwx------ 11 root root 264 Feb 28 04:54 .hoststat -rw------- 1 root root 11535 Mar 9 13:56 dfj29GuSOn015376 -rw------- 1 root mail 5277 Mar 10 08:21 dfj2ADLKAi001665 -rw------- 1 root mail 1566 Mar 10 20:04 dfj2AN4nlH012744 -rw------- 1 root mail 1419 Mar 10 21:07 dfj2B06tlH020255 -rw------- 1 root root 16958 Mar 11 01:31 dfj2B4VnlH013823 -rw------- 1 root mail 1894 Mar 11 03:50 dfj2B6nulH028200 -rw------- 1 root mail 1719 Mar 11 04:28 dfj2B7RulH017216 -rw------- 1 root mail 1397 Mar 11 09:09 qfj29GuSOn015376 -rw------- 1 root mail 1003 Mar 11 09:07 qfj2ADLKAi001665 -rw------- 1 root mail 1269 Mar 11 09:07 qfj2AN4nlH012744 -rw------- 1 root mail 1255 Mar 11 09:05 qfj2B06tlH020255 -rw------- 1 root mail 1506 Mar 11 09:05 qfj2B4VnlH013823 -rw------- 1 root mail 1257 Mar 11 09:05 qfj2B6nulH028200 -rw------- 1 root mail 1237 Mar 11 09:05 qfj2B7RulH017216 hound2:/var/log/loop # ls -la mqueue.in/ total 1709 drwx------ 3 root root 624 Mar 11 09:21 . drwx------ 4 root root 128 Mar 11 09:20 .. drwx------ 2 root root 48 Feb 2 16:03 .hoststat -rw------- 1 root mail 57213 Mar 10 13:17 dfj2AIHnlG010716 -rw------- 1 root mail 126976 Mar 11 06:47 dfj2BBc2lG006009 -rw------- 1 root mail 110592 Mar 11 07:34 dfj2BCUelG009716 -rw------- 1 root mail 8192 Mar 11 07:33 dfj2BCUplG009819 -rw------- 1 root mail 3407 Mar 11 08:01 dfj2BD1WlG032202 -rw------- 1 root mail 3407 Mar 11 08:07 dfj2BD70lG003667 -rw------- 1 root mail 192512 Mar 11 08:35 dfj2BDL1lG014130 -rw------- 1 root mail 937984 Mar 11 08:35 dfj2BDUwlG021826 -rw------- 1 root mail 3343 Mar 11 08:32 dfj2BDWFlG022760 -rw------- 1 root mail 294912 Mar 11 08:35 dfj2BDY2lG024043 -rw------- 1 root mail 910 Mar 10 14:59 qfj2AHvElH029023 -rw------- 1 root mail 5445 Mar 10 13:17 qfj2AIHnlG010716 -rw------- 1 root mail 944 Mar 10 20:06 qfj2AN4nlH012744 -rw------- 1 root mail 1006 Mar 10 20:18 qfj2ANIBlH021980 -rw------- 1 root mail 1077 Mar 11 08:01 qfj2BD1WlG032202 -rw------- 1 root mail 1068 Mar 11 08:07 qfj2BD70lG003667 -rw------- 1 root mail 1493 Mar 11 08:32 qfj2BDWFlG022760 And this is the MailScanner log. As you can see it scans the same messages over and over again. Mar 11 09:11:35 hound2 MailScanner[32246]: Virus and Content Scanning: Starting Mar 11 09:11:36 hound2 MailScanner[32246]: Filename Checks: Allowing j2AIHnlG010716 msg-32246-6.html (no rule matched) Mar 11 09:11:36 hound2 MailScanner[32246]: Filename Checks: Allowing j2AIHnlG010716 msg-32246-5.txt Mar 11 09:11:36 hound2 MailScanner[32246]: Filename Checks: Allowing j2BD70lG003667 msg-32246-4.txt Mar 11 09:11:36 hound2 MailScanner[32246]: Filename Checks: Allowing j2BD1WlG032202 msg-32246-3.txt Mar 11 09:11:36 hound2 MailScanner[32246]: Filename Checks: Allowing j2BDWFlG022760 msg-32246-2.txt Mar 11 09:11:36 hound2 MailScanner[32246]: Filename Checks: Allowing j2BDWFlG022760 msg-32246-1.txt Mar 11 09:11:36 hound2 MailScanner[32246]: tag found in message j2AIHnlG010716 from croutliffe@managers-gestionnaires.gc.ca Mar 11 09:11:36 hound2 MailScanner[32246]: Looked up unknown string possiblefraudstart in language translation file /etc/MailScanner/reports/en/languages.conf Mar 11 09:11:36 hound2 MailScanner[32246]: Looked up unknown string possiblefraudend in language translation file /etc/MailScanner/reports/en/languages.conf Mar 11 09:11:41 hound2 MailScanner[32270]: MailScanner E-Mail Virus Scanner version 4.38.10 starting... Mar 11 09:11:41 hound2 MailScanner[32270]: Read 0 hostnames from the phishing whitelist Mar 11 09:11:42 hound2 MailScanner[32270]: Using locktype = flock Mar 11 09:11:42 hound2 MailScanner[32270]: New Batch: Found 7 messages waiting Mar 11 09:11:42 hound2 MailScanner[32270]: New Batch: Scanning 4 messages, 76453 bytes Mar 11 09:11:42 hound2 MailScanner[32270]: Spam Checks: Starting Mar 11 09:11:47 hound2 MailScanner[32270]: Message j2BDWFlG022760 from 198.103.53.11 (desrochers.francine@tbs-sct.gc.ca) to pch.gc.ca is not spam, SpamAssassin (score=-5.884, required 3.8, ALL_TRUSTED -3.30, AWL 0.01, BAYES_00 -2.60, NO_REAL_NAME 0.01) Mar 11 09:11:47 hound2 MailScanner[32270]: Message j2BD1WlG032202 from 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) Mar 11 09:11:48 hound2 MailScanner[32270]: Message j2BD70lG003667 from 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) Mar 11 09:11:49 hound2 MailScanner[32270]: Message j2AIHnlG010716 from 206.191.0.217 (croutliffe@managers-gestionnaires.gc.ca) to pch.gc.ca is not spam, SpamAssassin (score=-1.942, required 3.8, BAYES_00 -2.60, HTML_FONT_BIG 0.14, HTML_FONT_FACE_BAD 0.04, HTML_MESSAGE 0.00, HTTP_ESCAPED_HOST 0.48) Mar 11 09:11:49 hound2 MailScanner[32270]: Virus and Content Scanning: Starting Mar 11 09:11:50 hound2 MailScanner[32270]: Filename Checks: Allowing j2AIHnlG010716 msg-32270-6.html (no rule matched) Mar 11 09:11:50 hound2 MailScanner[32270]: Filename Checks: Allowing j2AIHnlG010716 msg-32270-5.txt Mar 11 09:11:50 hound2 MailScanner[32270]: Filename Checks: Allowing j2BD70lG003667 msg-32270-4.txt Mar 11 09:11:50 hound2 MailScanner[32270]: Filename Checks: Allowing j2BD1WlG032202 msg-32270-3.txt Mar 11 09:11:50 hound2 MailScanner[32270]: Filename Checks: Allowing j2BDWFlG022760 msg-32270-2.txt Mar 11 09:11:50 hound2 MailScanner[32270]: Filename Checks: Allowing j2BDWFlG022760 msg-32270-1.txt Mar 11 09:11:50 hound2 MailScanner[32270]: tag found in message j2AIHnlG010716 from croutliffe@managers-gestionnaires.gc.ca Mar 11 09:11:50 hound2 MailScanner[32270]: Looked up unknown string possiblefraudstart in language translation file /etc/MailScanner/reports/en/languages.conf Mar 11 09:11:50 hound2 MailScanner[32270]: Looked up unknown string possiblefraudend in language translation file /etc/MailScanner/reports/en/languages.conf Mar 11 09:11:51 hound2 MailScanner[32293]: MailScanner E-Mail Virus Scanner version 4.38.10 starting... Mar 11 09:11:51 hound2 MailScanner[32293]: Read 0 hostnames from the phishing whitelist Mar 11 09:11:52 hound2 MailScanner[32293]: Using locktype = flock Mar 11 09:11:52 hound2 MailScanner[32293]: New Batch: Found 7 messages waiting Mar 11 09:11:52 hound2 MailScanner[32293]: New Batch: Scanning 4 messages, 76453 bytes Mar 11 09:11:52 hound2 MailScanner[32293]: Spam Checks: Starting Mar 11 09:11:53 hound2 MailScanner[32293]: Message j2BDWFlG022760 from 198.103.53.11 (desrochers.francine@tbs-sct.gc.ca) to pch.gc.ca is not spam, SpamAssassin (score=-5.884, required 3.8, ALL_TRUSTED -3.30, AWL 0.01, BAYES_00 -2.60, NO_REAL_NAME 0.01) Mar 11 09:11:53 hound2 MailScanner[32293]: Message j2BD1WlG032202 from 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) Mar 11 09:11:54 hound2 MailScanner[32293]: Message j2BD70lG003667 from 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) Mar 11 09:11:55 hound2 MailScanner[32293]: Message j2AIHnlG010716 from 206.191.0.217 (croutliffe@managers-gestionnaires.gc.ca) to pch.gc.ca is not spam, SpamAssassin (score=-1.942, required 3.8, BAYES_00 -2.60, HTML_FONT_BIG 0.14, HTML_FONT_FACE_BAD 0.04, HTML_MESSAGE 0.00, HTTP_ESCAPED_HOST 0.48) Mar 11 09:11:55 hound2 MailScanner[32293]: Virus and Content Scanning: Starting Mar 11 09:11:56 hound2 MailScanner[32293]: Filename Checks: Allowing j2AIHnlG010716 msg-32293-6.html (no rule matched) Mar 11 09:11:56 hound2 MailScanner[32293]: Filename Checks: Allowing j2AIHnlG010716 msg-32293-5.txt Mar 11 09:11:56 hound2 MailScanner[32293]: Filename Checks: Allowing j2BD70lG003667 msg-32293-4.txt Mar 11 09:11:56 hound2 MailScanner[32293]: Filename Checks: Allowing j2BD1WlG032202 msg-32293-3.txt Mar 11 09:11:56 hound2 MailScanner[32293]: Filename Checks: Allowing j2BDWFlG022760 msg-32293-2.txt Mar 11 09:11:56 hound2 MailScanner[32293]: Filename Checks: Allowing j2BDWFlG022760 msg-32293-1.txt Mar 11 09:11:56 hound2 MailScanner[32293]: tag found in message j2AIHnlG010716 from croutliffe@managers-gestionnaires.gc.ca Mar 11 09:11:56 hound2 MailScanner[32293]: Looked up unknown string possiblefraudstart in language translation file /etc/MailScanner/reports/en/languages.conf Mar 11 09:11:56 hound2 MailScanner[32293]: Looked up unknown string possiblefraudend in language translation file /etc/MailScanner/reports/en/languages.conf Mar 11 09:12:01 hound2 MailScanner[32316]: MailScanner E-Mail Virus Scanner version 4.38.10 starting... Mar 11 09:12:01 hound2 MailScanner[32316]: Read 0 hostnames from the phishing whitelist Mar 11 09:12:02 hound2 MailScanner[32316]: Using locktype = flock Mar 11 09:12:02 hound2 MailScanner[32316]: New Batch: Found 7 messages waiting Mar 11 09:12:02 hound2 MailScanner[32316]: New Batch: Scanning 4 messages, 76453 bytes Mar 11 09:12:02 hound2 MailScanner[32316]: Spam Checks: Starting Mar 11 09:12:03 hound2 MailScanner[32316]: Message j2BDWFlG022760 from 198.103.53.11 (desrochers.francine@tbs-sct.gc.ca) to pch.gc.ca is not spam, SpamAssassin (score=-5.884, required 3.8, ALL_TRUSTED -3.30, AWL 0.01, BAYES_00 -2.60, NO_REAL_NAME 0.01) Mar 11 09:12:03 hound2 MailScanner[32316]: Message j2BD1WlG032202 from 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) Mar 11 09:12:04 hound2 MailScanner[32316]: Message j2BD70lG003667 from 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) Mar 11 09:12:05 hound2 MailScanner[32316]: Message j2AIHnlG010716 from 206.191.0.217 (croutliffe@managers-gestionnaires.gc.ca) to pch.gc.ca is not spam, SpamAssassin (score=-1.942, required 3.8, BAYES_00 -2.60, HTML_FONT_BIG 0.14, HTML_FONT_FACE_BAD 0.04, HTML_MESSAGE 0.00, HTTP_ESCAPED_HOST 0.48) Mar 11 09:12:05 hound2 MailScanner[32316]: Virus and Content Scanning: Starting Mar 11 09:12:06 hound2 MailScanner[32316]: Filename Checks: Allowing j2AIHnlG010716 msg-32316-6.html (no rule matched) Mar 11 09:12:06 hound2 MailScanner[32316]: Filename Checks: Allowing j2AIHnlG010716 msg-32316-5.txt Mar 11 09:12:06 hound2 MailScanner[32316]: Filename Checks: Allowing j2BD70lG003667 msg-32316-4.txt Mar 11 09:12:06 hound2 MailScanner[32316]: Filename Checks: Allowing j2BD1WlG032202 msg-32316-3.txt Mar 11 09:12:06 hound2 MailScanner[32316]: Filename Checks: Allowing j2BDWFlG022760 msg-32316-2.txt Mar 11 09:12:06 hound2 MailScanner[32316]: Filename Checks: Allowing j2BDWFlG022760 msg-32316-1.txt Mar 11 09:12:06 hound2 MailScanner[32316]: tag found in message j2AIHnlG010716 from croutliffe@managers-gestionnaires.gc.ca Mar 11 09:12:06 hound2 MailScanner[32316]: Looked up unknown string possiblefraudstart in language translation file /etc/MailScanner/reports/en/languages.conf Mar 11 09:12:06 hound2 MailScanner[32316]: Looked up unknown string possiblefraudend in language translation file /etc/MailScanner/reports/en/languages.conf Mar 11 09:12:11 hound2 MailScanner[32339]: MailScanner E-Mail Virus Scanner version 4.38.10 starting... Mar 11 09:12:11 hound2 MailScanner[32339]: Read 0 hostnames from the phishing whitelist Mar 11 09:12:12 hound2 MailScanner[32339]: Using locktype = flock Mar 11 09:12:12 hound2 MailScanner[32339]: New Batch: Found 7 messages waiting Mar 11 09:12:12 hound2 MailScanner[32339]: New Batch: Scanning 4 messages, 76453 bytes Mar 11 09:12:12 hound2 MailScanner[32339]: Spam Checks: Starting Mar 11 09:12:13 hound2 MailScanner[32339]: Message j2BDWFlG022760 from 198.103.53.11 (desrochers.francine@tbs-sct.gc.ca) to pch.gc.ca is not spam, SpamAssassin (score=-5.884, required 3.8, ALL_TRUSTED -3.30, AWL 0.01, BAYES_00 -2.60, NO_REAL_NAME 0.01) Mar 11 09:12:13 hound2 MailScanner[32339]: Message j2BD1WlG032202 from 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) Mar 11 09:12:14 hound2 MailScanner[32339]: Message j2BD70lG003667 from 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) Mar 11 09:12:15 hound2 MailScanner[32339]: Message j2AIHnlG010716 from 206.191.0.217 (croutliffe@managers-gestionnaires.gc.ca) to pch.gc.ca is not spam, SpamAssassin (score=-1.942, required 3.8, BAYES_00 -2.60, HTML_FONT_BIG 0.14, HTML_FONT_FACE_BAD 0.04, HTML_MESSAGE 0.00, HTTP_ESCAPED_HOST 0.48) Mar 11 09:12:15 hound2 MailScanner[32339]: Virus and Content Scanning: Starting Mar 11 09:12:16 hound2 MailScanner[32339]: Filename Checks: Allowing j2AIHnlG010716 msg-32339-6.html (no rule matched) Mar 11 09:12:16 hound2 MailScanner[32339]: Filename Checks: Allowing j2AIHnlG010716 msg-32339-5.txt Mar 11 09:12:16 hound2 MailScanner[32339]: Filename Checks: Allowing j2BD70lG003667 msg-32339-4.txt Mar 11 09:12:16 hound2 MailScanner[32339]: Filename Checks: Allowing j2BD1WlG032202 msg-32339-3.txt Mar 11 09:12:16 hound2 MailScanner[32339]: Filename Checks: Allowing j2BDWFlG022760 msg-32339-2.txt Mar 11 09:12:16 hound2 MailScanner[32339]: Filename Checks: Allowing j2BDWFlG022760 msg-32339-1.txt Mar 11 09:12:16 hound2 MailScanner[32339]: tag found in message j2AIHnlG010716 from croutliffe@managers-gestionnaires.gc.ca Mar 11 09:12:16 hound2 MailScanner[32339]: Looked up unknown string possiblefraudstart in language translation file /etc/MailScanner/reports/en/languages.conf Mar 11 09:12:16 hound2 MailScanner[32339]: Looked up unknown string possiblefraudend in language translation file /etc/MailScanner/reports/en/languages.conf Mar 11 09:12:21 hound2 MailScanner[32362]: MailScanner E-Mail Virus Scanner version 4.38.10 starting... Mar 11 09:12:21 hound2 MailScanner[32362]: Read 0 hostnames from the phishing whitelist Mar 11 09:12:22 hound2 MailScanner[32362]: Using locktype = flock Mar 11 09:12:22 hound2 MailScanner[32362]: New Batch: Found 7 messages waiting Mar 11 09:12:22 hound2 MailScanner[32362]: New Batch: Scanning 4 messages, 76453 bytes Mar 11 09:12:22 hound2 MailScanner[32362]: Spam Checks: Starting Mar 11 09:12:23 hound2 MailScanner[32362]: Message j2BDWFlG022760 from 198.103.53.11 (desrochers.francine@tbs-sct.gc.ca) to pch.gc.ca is not spam, SpamAssassin (score=-5.884, required 3.8, ALL_TRUSTED -3.30, AWL 0.01, BAYES_00 -2.60, NO_REAL_NAME 0.01) Mar 11 09:12:23 hound2 MailScanner[32362]: Message j2BD1WlG032202 from 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) Mar 11 09:12:24 hound2 MailScanner[32362]: Message j2BD70lG003667 from 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) Mar 11 09:12:25 hound2 MailScanner[32362]: Message j2AIHnlG010716 from 206.191.0.217 (croutliffe@managers-gestionnaires.gc.ca) to pch.gc.ca is not spam, SpamAssassin (score=-1.942, required 3.8, BAYES_00 -2.60, HTML_FONT_BIG 0.14, HTML_FONT_FACE_BAD 0.04, HTML_MESSAGE 0.00, HTTP_ESCAPED_HOST 0.48) Mar 11 09:12:25 hound2 MailScanner[32362]: Virus and Content Scanning: Starting Mar 11 09:12:26 hound2 MailScanner[32362]: Filename Checks: Allowing j2AIHnlG010716 msg-32362-6.html (no rule matched) Mar 11 09:12:26 hound2 MailScanner[32362]: Filename Checks: Allowing j2AIHnlG010716 msg-32362-5.txt Mar 11 09:12:26 hound2 MailScanner[32362]: Filename Checks: Allowing j2BD70lG003667 msg-32362-4.txt Mar 11 09:12:26 hound2 MailScanner[32362]: Filename Checks: Allowing j2BD1WlG032202 msg-32362-3.txt Mar 11 09:12:26 hound2 MailScanner[32362]: Filename Checks: Allowing j2BDWFlG022760 msg-32362-2.txt Mar 11 09:12:26 hound2 MailScanner[32362]: Filename Checks: Allowing j2BDWFlG022760 msg-32362-1.txt Mar 11 09:12:26 hound2 MailScanner[32362]: tag found in message j2AIHnlG010716 from croutliffe@managers-gestionnaires.gc.ca Mar 11 09:12:26 hound2 MailScanner[32362]: Looked up unknown string possiblefraudstart in language translation file /etc/MailScanner/reports/en/languages.conf Mar 11 09:12:26 hound2 MailScanner[32362]: Looked up unknown string possiblefraudend in language translation file /etc/MailScanner/reports/en/languages.conf Mar 11 09:12:31 hound2 MailScanner[32385]: MailScanner E-Mail Virus Scanner version 4.38.10 starting... Mar 11 09:12:31 hound2 MailScanner[32385]: Read 0 hostnames from the phishing whitelist Mar 11 09:12:32 hound2 MailScanner[32385]: Using locktype = flock Mar 11 09:12:32 hound2 MailScanner[32385]: New Batch: Found 7 messages waiting Mar 11 09:12:32 hound2 MailScanner[32385]: New Batch: Scanning 4 messages, 76453 bytes Mar 11 09:12:32 hound2 MailScanner[32385]: Spam Checks: Starting Mar 11 09:12:34 hound2 MailScanner[32385]: Message j2BDWFlG022760 from 198.103.53.11 (desrochers.francine@tbs-sct.gc.ca) to pch.gc.ca is not spam, SpamAssassin (score=-5.884, required 3.8, ALL_TRUSTED -3.30, AWL 0.01, BAYES_00 -2.60, NO_REAL_NAME 0.01) Mar 11 09:12:34 hound2 MailScanner[32385]: Message j2BD1WlG032202 from 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) Mar 11 09:12:35 hound2 MailScanner[32385]: Message j2BD70lG003667 from 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) Mar 11 09:12:36 hound2 MailScanner[32385]: Message j2AIHnlG010716 from 206.191.0.217 (croutliffe@managers-gestionnaires.gc.ca) to pch.gc.ca is not spam, SpamAssassin (score=-1.942, required 3.8, BAYES_00 -2.60, HTML_FONT_BIG 0.14, HTML_FONT_FACE_BAD 0.04, HTML_MESSAGE 0.00, HTTP_ESCAPED_HOST 0.48) Mar 11 09:12:36 hound2 MailScanner[32385]: Virus and Content Scanning: Starting Mar 11 09:12:37 hound2 MailScanner[32385]: Filename Checks: Allowing j2AIHnlG010716 msg-32385-6.html (no rule matched) Mar 11 09:12:37 hound2 MailScanner[32385]: Filename Checks: Allowing j2AIHnlG010716 msg-32385-5.txt Mar 11 09:12:37 hound2 MailScanner[32385]: Filename Checks: Allowing j2BD70lG003667 msg-32385-4.txt Mar 11 09:12:37 hound2 MailScanner[32385]: Filename Checks: Allowing j2BD1WlG032202 msg-32385-3.txt Mar 11 09:12:37 hound2 MailScanner[32385]: Filename Checks: Allowing j2BDWFlG022760 msg-32385-2.txt Mar 11 09:12:37 hound2 MailScanner[32385]: Filename Checks: Allowing j2BDWFlG022760 msg-32385-1.txt Mar 11 09:12:37 hound2 MailScanner[32385]: tag found in message j2AIHnlG010716 from croutliffe@managers-gestionnaires.gc.ca Mar 11 09:12:37 hound2 MailScanner[32385]: Looked up unknown string possiblefraudstart in language translation file /etc/MailScanner/reports/en/languages.conf Mar 11 09:12:37 hound2 MailScanner[32385]: Looked up unknown string possiblefraudend in language translation file /etc/MailScanner/reports/en/languages.conf Mar 11 09:12:41 hound2 MailScanner[32408]: MailScanner E-Mail Virus Scanner version 4.38.10 starting... Mar 11 09:12:41 hound2 MailScanner[32408]: Read 0 hostnames from the phishing whitelist Mar 11 09:12:42 hound2 MailScanner[32408]: Using locktype = flock Mar 11 09:12:42 hound2 MailScanner[32408]: New Batch: Found 7 messages waiting Mar 11 09:12:42 hound2 MailScanner[32408]: New Batch: Scanning 4 messages, 76453 bytes Mar 11 09:12:42 hound2 MailScanner[32408]: Spam Checks: Starting Mar 11 09:12:43 hound2 MailScanner[32408]: Message j2BDWFlG022760 from 198.103.53.11 (desrochers.francine@tbs-sct.gc.ca) to pch.gc.ca is not spam, SpamAssassin (score=-5.884, required 3.8, ALL_TRUSTED -3.30, AWL 0.01, BAYES_00 -2.60, NO_REAL_NAME 0.01) Mar 11 09:12:43 hound2 MailScanner[32408]: Message j2BD1WlG032202 from 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) Mar 11 09:12:44 hound2 MailScanner[32408]: Message j2BD70lG003667 from 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) Mar 11 09:12:45 hound2 MailScanner[32408]: Message j2AIHnlG010716 from 206.191.0.217 (croutliffe@managers-gestionnaires.gc.ca) to pch.gc.ca is not spam, SpamAssassin (score=-1.942, required 3.8, BAYES_00 -2.60, HTML_FONT_BIG 0.14, HTML_FONT_FACE_BAD 0.04, HTML_MESSAGE 0.00, HTTP_ESCAPED_HOST 0.48) Mar 11 09:12:45 hound2 MailScanner[32408]: Virus and Content Scanning: Starting Mar 11 09:12:46 hound2 MailScanner[32408]: Filename Checks: Allowing j2AIHnlG010716 msg-32408-6.html (no rule matched) Mar 11 09:12:46 hound2 MailScanner[32408]: Filename Checks: Allowing j2AIHnlG010716 msg-32408-5.txt Mar 11 09:12:46 hound2 MailScanner[32408]: Filename Checks: Allowing j2BD70lG003667 msg-32408-4.txt Mar 11 09:12:46 hound2 MailScanner[32408]: Filename Checks: Allowing j2BD1WlG032202 msg-32408-3.txt Mar 11 09:12:46 hound2 MailScanner[32408]: Filename Checks: Allowing j2BDWFlG022760 msg-32408-2.txt Mar 11 09:12:46 hound2 MailScanner[32408]: Filename Checks: Allowing j2BDWFlG022760 msg-32408-1.txt Mar 11 09:12:46 hound2 MailScanner[32408]: tag found in message j2AIHnlG010716 from croutliffe@managers-gestionnaires.gc.ca Mar 11 09:12:46 hound2 MailScanner[32408]: Looked up unknown string possiblefraudstart in language translation file /etc/MailScanner/reports/en/languages.conf Mar 11 09:12:46 hound2 MailScanner[32408]: Looked up unknown string possiblefraudend in language translation file /etc/MailScanner/reports/en/languages.conf Mar 11 09:12:51 hound2 MailScanner[32431]: MailScanner E-Mail Virus Scanner version 4.38.10 starting... Mar 11 09:12:51 hound2 MailScanner[32431]: Read 0 hostnames from the phishing whitelist Mar 11 09:12:52 hound2 MailScanner[32431]: Using locktype = flock Mar 11 09:12:52 hound2 MailScanner[32431]: New Batch: Found 7 messages waiting Mar 11 09:12:52 hound2 MailScanner[32431]: New Batch: Scanning 4 messages, 76453 bytes Mar 11 09:12:52 hound2 MailScanner[32431]: Spam Checks: Starting Mar 11 09:12:53 hound2 MailScanner[32431]: Message j2BDWFlG022760 from 198.103.53.11 (desrochers.francine@tbs-sct.gc.ca) to pch.gc.ca is not spam, SpamAssassin (score=-5.884, required 3.8, ALL_TRUSTED -3.30, AWL 0.01, BAYES_00 -2.60, NO_REAL_NAME 0.01) Mar 11 09:12:53 hound2 MailScanner[32431]: Message j2BD1WlG032202 from 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) Mar 11 09:12:54 hound2 MailScanner[32431]: Message j2BD70lG003667 from 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) Mar 11 09:12:55 hound2 MailScanner[32431]: Message j2AIHnlG010716 from 206.191.0.217 (croutliffe@managers-gestionnaires.gc.ca) to pch.gc.ca is not spam, SpamAssassin (score=-1.942, required 3.8, BAYES_00 -2.60, HTML_FONT_BIG 0.14, HTML_FONT_FACE_BAD 0.04, HTML_MESSAGE 0.00, HTTP_ESCAPED_HOST 0.48) Mar 11 09:12:55 hound2 MailScanner[32431]: Virus and Content Scanning: Starting Mar 11 09:12:56 hound2 MailScanner[32431]: Filename Checks: Allowing j2AIHnlG010716 msg-32431-6.html (no rule matched) Mar 11 09:12:56 hound2 MailScanner[32431]: Filename Checks: Allowing j2AIHnlG010716 msg-32431-5.txt Mar 11 09:12:56 hound2 MailScanner[32431]: Filename Checks: Allowing j2BD70lG003667 msg-32431-4.txt Mar 11 09:12:56 hound2 MailScanner[32431]: Filename Checks: Allowing j2BD1WlG032202 msg-32431-3.txt Mar 11 09:12:56 hound2 MailScanner[32431]: Filename Checks: Allowing j2BDWFlG022760 msg-32431-2.txt Mar 11 09:12:56 hound2 MailScanner[32431]: Filename Checks: Allowing j2BDWFlG022760 msg-32431-1.txt Mar 11 09:12:56 hound2 MailScanner[32431]: tag found in message j2AIHnlG010716 from croutliffe@managers-gestionnaires.gc.ca Mar 11 09:12:56 hound2 MailScanner[32431]: Looked up unknown string possiblefraudstart in language translation file /etc/MailScanner/reports/en/languages.conf Mar 11 09:12:56 hound2 MailScanner[32431]: Looked up unknown string possiblefraudend in language translation file /etc/MailScanner/reports/en/languages.conf Mar 11 09:13:01 hound2 MailScanner[32454]: MailScanner E-Mail Virus Scanner version 4.38.10 starting... Mar 11 09:13:01 hound2 MailScanner[32454]: Read 0 hostnames from the phishing whitelist Mar 11 09:13:02 hound2 MailScanner[32454]: Using locktype = flock Mar 11 09:13:02 hound2 MailScanner[32454]: New Batch: Found 7 messages waiting Mar 11 09:13:02 hound2 MailScanner[32454]: New Batch: Scanning 4 messages, 76453 bytes Mar 11 09:13:02 hound2 MailScanner[32454]: Spam Checks: Starting Mar 11 09:13:03 hound2 MailScanner[32454]: Message j2BDWFlG022760 from 198.103.53.11 (desrochers.francine@tbs-sct.gc.ca) to pch.gc.ca is not spam, SpamAssassin (score=-5.884, required 3.8, ALL_TRUSTED -3.30, AWL 0.01, BAYES_00 -2.60, NO_REAL_NAME 0.01) Mar 11 09:13:03 hound2 MailScanner[32454]: Message j2BD1WlG032202 from 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) Mar 11 09:13:04 hound2 MailScanner[32454]: Message j2BD70lG003667 from 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) Mar 11 09:13:05 hound2 MailScanner[32454]: Message j2AIHnlG010716 from 206.191.0.217 (croutliffe@managers-gestionnaires.gc.ca) to pch.gc.ca is not spam, SpamAssassin (score=-1.942, required 3.8, BAYES_00 -2.60, HTML_FONT_BIG 0.14, HTML_FONT_FACE_BAD 0.04, HTML_MESSAGE 0.00, HTTP_ESCAPED_HOST 0.48) Mar 11 09:13:05 hound2 MailScanner[32454]: Virus and Content Scanning: Starting Mar 11 09:13:06 hound2 MailScanner[32454]: Filename Checks: Allowing j2AIHnlG010716 msg-32454-6.html (no rule matched) Mar 11 09:13:06 hound2 MailScanner[32454]: Filename Checks: Allowing j2AIHnlG010716 msg-32454-5.txt Mar 11 09:13:06 hound2 MailScanner[32454]: Filename Checks: Allowing j2BD70lG003667 msg-32454-4.txt Mar 11 09:13:06 hound2 MailScanner[32454]: Filename Checks: Allowing j2BD1WlG032202 msg-32454-3.txt Mar 11 09:13:06 hound2 MailScanner[32454]: Filename Checks: Allowing j2BDWFlG022760 msg-32454-2.txt Mar 11 09:13:06 hound2 MailScanner[32454]: Filename Checks: Allowing j2BDWFlG022760 msg-32454-1.txt Mar 11 09:13:06 hound2 MailScanner[32454]: tag found in message j2AIHnlG010716 from croutliffe@managers-gestionnaires.gc.ca Mar 11 09:13:06 hound2 MailScanner[32454]: Looked up unknown string possiblefraudstart in language translation file /etc/MailScanner/reports/en/languages.conf Mar 11 09:13:06 hound2 MailScanner[32454]: Looked up unknown string possiblefraudend in language translation file /etc/MailScanner/reports/en/languages.conf Mar 11 09:13:11 hound2 MailScanner[32477]: MailScanner E-Mail Virus Scanner version 4.38.10 starting... Mar 11 09:13:11 hound2 MailScanner[32477]: Read 0 hostnames from the phishing whitelist Mar 11 09:13:12 hound2 MailScanner[32477]: Using locktype = flock Mar 11 09:13:12 hound2 MailScanner[32477]: New Batch: Found 7 messages waiting Mar 11 09:13:12 hound2 MailScanner[32477]: New Batch: Scanning 4 messages, 76453 bytes Mar 11 09:13:12 hound2 MailScanner[32477]: Spam Checks: Starting Mar 11 09:13:13 hound2 MailScanner[32477]: Message j2BDWFlG022760 from 198.103.53.11 (desrochers.francine@tbs-sct.gc.ca) to pch.gc.ca is not spam, SpamAssassin (score=-5.884, required 3.8, ALL_TRUSTED -3.30, AWL 0.01, BAYES_00 -2.60, NO_REAL_NAME 0.01) Mar 11 09:13:13 hound2 MailScanner[32477]: Message j2BD1WlG032202 from 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) Mar 11 09:13:14 hound2 MailScanner[32477]: Message j2BD70lG003667 from 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) Mar 11 09:13:15 hound2 MailScanner[32477]: Message j2AIHnlG010716 from 206.191.0.217 (croutliffe@managers-gestionnaires.gc.ca) to pch.gc.ca is not spam, SpamAssassin (score=-1.942, required 3.8, BAYES_00 -2.60, HTML_FONT_BIG 0.14, HTML_FONT_FACE_BAD 0.04, HTML_MESSAGE 0.00, HTTP_ESCAPED_HOST 0.48) Mar 11 09:13:15 hound2 MailScanner[32477]: Virus and Content Scanning: Starting Mar 11 09:13:16 hound2 MailScanner[32477]: Filename Checks: Allowing j2AIHnlG010716 msg-32477-6.html (no rule matched) Mar 11 09:13:16 hound2 MailScanner[32477]: Filename Checks: Allowing j2AIHnlG010716 msg-32477-5.txt Mar 11 09:13:16 hound2 MailScanner[32477]: Filename Checks: Allowing j2BD70lG003667 msg-32477-4.txt Mar 11 09:13:16 hound2 MailScanner[32477]: Filename Checks: Allowing j2BD1WlG032202 msg-32477-3.txt Mar 11 09:13:16 hound2 MailScanner[32477]: Filename Checks: Allowing j2BDWFlG022760 msg-32477-2.txt Mar 11 09:13:16 hound2 MailScanner[32477]: Filename Checks: Allowing j2BDWFlG022760 msg-32477-1.txt Mar 11 09:13:16 hound2 MailScanner[32477]: tag found in message j2AIHnlG010716 from croutliffe@managers-gestionnaires.gc.ca Mar 11 09:13:16 hound2 MailScanner[32477]: Looked up unknown string possiblefraudstart in language translation file /etc/MailScanner/reports/en/languages.conf Mar 11 09:13:16 hound2 MailScanner[32477]: Looked up unknown string possiblefraudend in language translation file /etc/MailScanner/reports/en/languages.conf Mar 11 09:13:21 hound2 MailScanner[32500]: MailScanner E-Mail Virus Scanner version 4.38.10 starting... Mar 11 09:13:21 hound2 MailScanner[32500]: Read 0 hostnames from the phishing whitelist Mar 11 09:13:22 hound2 MailScanner[32500]: Using locktype = flock Mar 11 09:13:22 hound2 MailScanner[32500]: New Batch: Found 7 messages waiting Mar 11 09:13:22 hound2 MailScanner[32500]: New Batch: Scanning 4 messages, 76453 bytes Mar 11 09:13:22 hound2 MailScanner[32500]: Spam Checks: Starting Mar 11 09:13:23 hound2 MailScanner[32500]: Message j2BDWFlG022760 from 198.103.53.11 (desrochers.francine@tbs-sct.gc.ca) to pch.gc.ca is not spam, SpamAssassin (score=-5.884, required 3.8, ALL_TRUSTED -3.30, AWL 0.01, BAYES_00 -2.60, NO_REAL_NAME 0.01) Mar 11 09:13:23 hound2 MailScanner[32500]: Message j2BD1WlG032202 from 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) Mar 11 09:13:24 hound2 MailScanner[32500]: Message j2BD70lG003667 from 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) Mar 11 09:13:25 hound2 MailScanner[32500]: Message j2AIHnlG010716 from 206.191.0.217 (croutliffe@managers-gestionnaires.gc.ca) to pch.gc.ca is not spam, SpamAssassin (score=-1.942, required 3.8, BAYES_00 -2.60, HTML_FONT_BIG 0.14, HTML_FONT_FACE_BAD 0.04, HTML_MESSAGE 0.00, HTTP_ESCAPED_HOST 0.48) Mar 11 09:13:25 hound2 MailScanner[32500]: Virus and Content Scanning: Starting Mar 11 09:13:26 hound2 MailScanner[32500]: Filename Checks: Allowing j2AIHnlG010716 msg-32500-6.html (no rule matched) Mar 11 09:13:26 hound2 MailScanner[32500]: Filename Checks: Allowing j2AIHnlG010716 msg-32500-5.txt Mar 11 09:13:26 hound2 MailScanner[32500]: Filename Checks: Allowing j2BD70lG003667 msg-32500-4.txt Mar 11 09:13:26 hound2 MailScanner[32500]: Filename Checks: Allowing j2BD1WlG032202 msg-32500-3.txt Mar 11 09:13:26 hound2 MailScanner[32500]: Filename Checks: Allowing j2BDWFlG022760 msg-32500-2.txt Mar 11 09:13:26 hound2 MailScanner[32500]: Filename Checks: Allowing j2BDWFlG022760 msg-32500-1.txt Mar 11 09:13:26 hound2 MailScanner[32500]: tag found in message j2AIHnlG010716 from croutliffe@managers-gestionnaires.gc.ca Mar 11 09:13:26 hound2 MailScanner[32500]: Looked up unknown string possiblefraudstart in language translation file /etc/MailScanner/reports/en/languages.conf Mar 11 09:13:26 hound2 MailScanner[32500]: Looked up unknown string possiblefraudend in language translation file /etc/MailScanner/reports/en/languages.conf Mar 11 09:13:31 hound2 MailScanner[32523]: MailScanner E-Mail Virus Scanner version 4.38.10 starting... Mar 11 09:13:31 hound2 MailScanner[32523]: Read 0 hostnames from the phishing whitelist Mar 11 09:13:32 hound2 MailScanner[32523]: Using locktype = flock Mar 11 09:13:32 hound2 MailScanner[32523]: New Batch: Found 7 messages waiting Mar 11 09:13:32 hound2 MailScanner[32523]: New Batch: Scanning 4 messages, 76453 bytes Mar 11 09:13:32 hound2 MailScanner[32523]: Spam Checks: Starting Mar 11 09:13:33 hound2 MailScanner[32523]: Message j2BDWFlG022760 from 198.103.53.11 (desrochers.francine@tbs-sct.gc.ca) to pch.gc.ca is not spam, SpamAssassin (score=-5.884, required 3.8, ALL_TRUSTED -3.30, AWL 0.01, BAYES_00 -2.60, NO_REAL_NAME 0.01) Mar 11 09:13:33 hound2 MailScanner[32523]: Message j2BD1WlG032202 from 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) Mar 11 09:13:34 hound2 MailScanner[32523]: Message j2BD70lG003667 from 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) Mar 11 09:13:35 hound2 MailScanner[32523]: Message j2AIHnlG010716 from 206.191.0.217 (croutliffe@managers-gestionnaires.gc.ca) to pch.gc.ca is not spam, SpamAssassin (score=-1.942, required 3.8, BAYES_00 -2.60, HTML_FONT_BIG 0.14, HTML_FONT_FACE_BAD 0.04, HTML_MESSAGE 0.00, HTTP_ESCAPED_HOST 0.48) Mar 11 09:13:35 hound2 MailScanner[32523]: Virus and Content Scanning: Starting Mar 11 09:13:36 hound2 MailScanner[32523]: Filename Checks: Allowing j2AIHnlG010716 msg-32523-6.html (no rule matched) Mar 11 09:13:36 hound2 MailScanner[32523]: Filename Checks: Allowing j2AIHnlG010716 msg-32523-5.txt Mar 11 09:13:36 hound2 MailScanner[32523]: Filename Checks: Allowing j2BD70lG003667 msg-32523-4.txt Mar 11 09:13:36 hound2 MailScanner[32523]: Filename Checks: Allowing j2BD1WlG032202 msg-32523-3.txt Mar 11 09:13:36 hound2 MailScanner[32523]: Filename Checks: Allowing j2BDWFlG022760 msg-32523-2.txt Mar 11 09:13:36 hound2 MailScanner[32523]: Filename Checks: Allowing j2BDWFlG022760 msg-32523-1.txt Mar 11 09:13:36 hound2 MailScanner[32523]: tag found in message j2AIHnlG010716 from croutliffe@managers-gestionnaires.gc.ca Mar 11 09:13:36 hound2 MailScanner[32523]: Looked up unknown string possiblefraudstart in language translation file /etc/MailScanner/reports/en/languages.conf Mar 11 09:13:36 hound2 MailScanner[32523]: Looked up unknown string possiblefraudend in language translation file /etc/MailScanner/reports/en/languages.conf Mar 11 09:13:41 hound2 MailScanner[32546]: MailScanner E-Mail Virus Scanner version 4.38.10 starting... Mar 11 09:13:41 hound2 MailScanner[32546]: Read 0 hostnames from the phishing whitelist Mar 11 09:13:42 hound2 MailScanner[32546]: Using locktype = flock Mar 11 09:13:42 hound2 MailScanner[32546]: New Batch: Found 7 messages waiting Mar 11 09:13:42 hound2 MailScanner[32546]: New Batch: Scanning 4 messages, 76453 bytes Mar 11 09:13:42 hound2 MailScanner[32546]: Spam Checks: Starting Mar 11 09:13:43 hound2 MailScanner[32546]: Message j2BDWFlG022760 from 198.103.53.11 (desrochers.francine@tbs-sct.gc.ca) to pch.gc.ca is not spam, SpamAssassin (score=-5.884, required 3.8, ALL_TRUSTED -3.30, AWL 0.01, BAYES_00 -2.60, NO_REAL_NAME 0.01) Mar 11 09:13:43 hound2 MailScanner[32546]: Message j2BD1WlG032202 from 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) Mar 11 09:13:44 hound2 MailScanner[32546]: Message j2BD70lG003667 from 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) Mar 11 09:13:45 hound2 MailScanner[32546]: Message j2AIHnlG010716 from 206.191.0.217 (croutliffe@managers-gestionnaires.gc.ca) to pch.gc.ca is not spam, SpamAssassin (score=-1.942, required 3.8, BAYES_00 -2.60, HTML_FONT_BIG 0.14, HTML_FONT_FACE_BAD 0.04, HTML_MESSAGE 0.00, HTTP_ESCAPED_HOST 0.48) Mar 11 09:13:45 hound2 MailScanner[32546]: Virus and Content Scanning: Starting Mar 11 09:13:46 hound2 MailScanner[32546]: Filename Checks: Allowing j2AIHnlG010716 msg-32546-6.html (no rule matched) Mar 11 09:13:46 hound2 MailScanner[32546]: Filename Checks: Allowing j2AIHnlG010716 msg-32546-5.txt Mar 11 09:13:46 hound2 MailScanner[32546]: Filename Checks: Allowing j2BD70lG003667 msg-32546-4.txt Mar 11 09:13:46 hound2 MailScanner[32546]: Filename Checks: Allowing j2BD1WlG032202 msg-32546-3.txt Mar 11 09:13:46 hound2 MailScanner[32546]: Filename Checks: Allowing j2BDWFlG022760 msg-32546-2.txt Mar 11 09:13:46 hound2 MailScanner[32546]: Filename Checks: Allowing j2BDWFlG022760 msg-32546-1.txt Mar 11 09:13:46 hound2 MailScanner[32546]: tag found in message j2AIHnlG010716 from croutliffe@managers-gestionnaires.gc.ca Mar 11 09:13:46 hound2 MailScanner[32546]: Looked up unknown string possiblefraudstart in language translation file /etc/MailScanner/reports/en/languages.conf Mar 11 09:13:46 hound2 MailScanner[32546]: Looked up unknown string possiblefraudend in language translation file /etc/MailScanner/reports/en/languages.conf Mar 11 09:13:51 hound2 MailScanner[32569]: MailScanner E-Mail Virus Scanner version 4.38.10 starting... Mar 11 09:13:51 hound2 MailScanner[32569]: Read 0 hostnames from the phishing whitelist Mar 11 09:13:52 hound2 MailScanner[32569]: Using locktype = flock Mar 11 09:13:52 hound2 MailScanner[32569]: New Batch: Found 7 messages waiting Mar 11 09:13:52 hound2 MailScanner[32569]: New Batch: Scanning 4 messages, 76453 bytes Mar 11 09:13:52 hound2 MailScanner[32569]: Spam Checks: Starting Mar 11 09:13:53 hound2 MailScanner[32569]: Message j2BDWFlG022760 from 198.103.53.11 (desrochers.francine@tbs-sct.gc.ca) to pch.gc.ca is not spam, SpamAssassin (score=-5.885, required 3.8, ALL_TRUSTED -3.30, AWL 0.01, BAYES_00 -2.60, NO_REAL_NAME 0.01) Mar 11 09:13:53 hound2 MailScanner[32569]: Message j2BD1WlG032202 from 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) Mar 11 09:13:54 hound2 MailScanner[32569]: Message j2BD70lG003667 from 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) Mar 11 09:13:55 hound2 MailScanner[32569]: Message j2AIHnlG010716 from 206.191.0.217 (croutliffe@managers-gestionnaires.gc.ca) to pch.gc.ca is not spam, SpamAssassin (score=-1.942, required 3.8, BAYES_00 -2.60, HTML_FONT_BIG 0.14, HTML_FONT_FACE_BAD 0.04, HTML_MESSAGE 0.00, HTTP_ESCAPED_HOST 0.48) Mar 11 09:13:55 hound2 MailScanner[32569]: Virus and Content Scanning: Starting Mar 11 09:13:56 hound2 MailScanner[32569]: Filename Checks: Allowing j2AIHnlG010716 msg-32569-6.html (no rule matched) Mar 11 09:13:56 hound2 MailScanner[32569]: Filename Checks: Allowing j2AIHnlG010716 msg-32569-5.txt Mar 11 09:13:56 hound2 MailScanner[32569]: Filename Checks: Allowing j2BD70lG003667 msg-32569-4.txt Mar 11 09:13:56 hound2 MailScanner[32569]: Filename Checks: Allowing j2BD1WlG032202 msg-32569-3.txt Mar 11 09:13:56 hound2 MailScanner[32569]: Filename Checks: Allowing j2BDWFlG022760 msg-32569-2.txt Mar 11 09:13:56 hound2 MailScanner[32569]: Filename Checks: Allowing j2BDWFlG022760 msg-32569-1.txt Mar 11 09:13:56 hound2 MailScanner[32569]: tag found in message j2AIHnlG010716 from croutliffe@managers-gestionnaires.gc.ca Mar 11 09:13:56 hound2 MailScanner[32569]: Looked up unknown string possiblefraudstart in language translation file /etc/MailScanner/reports/en/languages.conf Mar 11 09:13:56 hound2 MailScanner[32569]: Looked up unknown string possiblefraudend in language translation file /etc/MailScanner/reports/en/languages.conf Mar 11 09:14:01 hound2 MailScanner[32592]: MailScanner E-Mail Virus Scanner version 4.38.10 starting... Mar 11 09:14:01 hound2 MailScanner[32592]: Read 0 hostnames from the phishing whitelist Mar 11 09:14:02 hound2 MailScanner[32592]: Using locktype = flock Mar 11 09:14:02 hound2 MailScanner[32592]: New Batch: Found 7 messages waiting Mar 11 09:14:02 hound2 MailScanner[32592]: New Batch: Scanning 4 messages, 76453 bytes Mar 11 09:14:02 hound2 MailScanner[32592]: Spam Checks: Starting Mar 11 09:14:03 hound2 MailScanner[32592]: Message j2BDWFlG022760 from 198.103.53.11 (desrochers.francine@tbs-sct.gc.ca) to pch.gc.ca is not spam, SpamAssassin (score=-5.885, required 3.8, ALL_TRUSTED -3.30, AWL 0.01, BAYES_00 -2.60, NO_REAL_NAME 0.01) Mar 11 09:14:03 hound2 MailScanner[32592]: Message j2BD1WlG032202 from 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) Mar 11 09:14:04 hound2 MailScanner[32592]: Message j2BD70lG003667 from 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) Mar 11 09:14:05 hound2 MailScanner[32592]: Message j2AIHnlG010716 from 206.191.0.217 (croutliffe@managers-gestionnaires.gc.ca) to pch.gc.ca is not spam, SpamAssassin (score=-1.942, required 3.8, BAYES_00 -2.60, HTML_FONT_BIG 0.14, HTML_FONT_FACE_BAD 0.04, HTML_MESSAGE 0.00, HTTP_ESCAPED_HOST 0.48) Mar 11 09:14:05 hound2 MailScanner[32592]: Virus and Content Scanning: Starting Mar 11 09:14:06 hound2 MailScanner[32592]: Filename Checks: Allowing j2AIHnlG010716 msg-32592-6.html (no rule matched) Mar 11 09:14:06 hound2 MailScanner[32592]: Filename Checks: Allowing j2AIHnlG010716 msg-32592-5.txt Mar 11 09:14:06 hound2 MailScanner[32592]: Filename Checks: Allowing j2BD70lG003667 msg-32592-4.txt Mar 11 09:14:06 hound2 MailScanner[32592]: Filename Checks: Allowing j2BD1WlG032202 msg-32592-3.txt Mar 11 09:14:06 hound2 MailScanner[32592]: Filename Checks: Allowing j2BDWFlG022760 msg-32592-2.txt Mar 11 09:14:06 hound2 MailScanner[32592]: Filename Checks: Allowing j2BDWFlG022760 msg-32592-1.txt Mar 11 09:14:06 hound2 MailScanner[32592]: tag found in message j2AIHnlG010716 from croutliffe@managers-gestionnaires.gc.ca Mar 11 09:14:06 hound2 MailScanner[32592]: Looked up unknown string possiblefraudstart in language translation file /etc/MailScanner/reports/en/languages.conf Mar 11 09:14:06 hound2 MailScanner[32592]: Looked up unknown string possiblefraudend in language translation file /etc/MailScanner/reports/en/languages.conf Mar 11 09:14:11 hound2 MailScanner[32615]: MailScanner E-Mail Virus Scanner version 4.38.10 starting... Mar 11 09:14:11 hound2 MailScanner[32615]: Read 0 hostnames from the phishing whitelist Mar 11 09:14:12 hound2 MailScanner[32615]: Using locktype = flock Mar 11 09:14:12 hound2 MailScanner[32615]: New Batch: Found 7 messages waiting Mar 11 09:14:12 hound2 MailScanner[32615]: New Batch: Scanning 4 messages, 76453 bytes Mar 11 09:14:12 hound2 MailScanner[32615]: Spam Checks: Starting Mar 11 09:14:13 hound2 MailScanner[32615]: Message j2BDWFlG022760 from 198.103.53.11 (desrochers.francine@tbs-sct.gc.ca) to pch.gc.ca is not spam, SpamAssassin (score=-5.885, required 3.8, ALL_TRUSTED -3.30, AWL 0.01, BAYES_00 -2.60, NO_REAL_NAME 0.01) Mar 11 09:14:13 hound2 MailScanner[32615]: Message j2BD1WlG032202 from 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) Mar 11 09:14:14 hound2 MailScanner[32615]: Message j2BD70lG003667 from 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) Mar 11 09:14:15 hound2 MailScanner[32615]: Message j2AIHnlG010716 from 206.191.0.217 (croutliffe@managers-gestionnaires.gc.ca) to pch.gc.ca is not spam, SpamAssassin (score=-1.942, required 3.8, BAYES_00 -2.60, HTML_FONT_BIG 0.14, HTML_FONT_FACE_BAD 0.04, HTML_MESSAGE 0.00, HTTP_ESCAPED_HOST 0.48) Mar 11 09:14:15 hound2 MailScanner[32615]: Virus and Content Scanning: Starting Mar 11 09:14:16 hound2 MailScanner[32615]: Filename Checks: Allowing j2AIHnlG010716 msg-32615-6.html (no rule matched) Mar 11 09:14:16 hound2 MailScanner[32615]: Filename Checks: Allowing j2AIHnlG010716 msg-32615-5.txt Mar 11 09:14:16 hound2 MailScanner[32615]: Filename Checks: Allowing j2BD70lG003667 msg-32615-4.txt Mar 11 09:14:16 hound2 MailScanner[32615]: Filename Checks: Allowing j2BD1WlG032202 msg-32615-3.txt Mar 11 09:14:16 hound2 MailScanner[32615]: Filename Checks: Allowing j2BDWFlG022760 msg-32615-2.txt Mar 11 09:14:16 hound2 MailScanner[32615]: Filename Checks: Allowing j2BDWFlG022760 msg-32615-1.txt Mar 11 09:14:16 hound2 MailScanner[32615]: tag found in message j2AIHnlG010716 from croutliffe@managers-gestionnaires.gc.ca Mar 11 09:14:16 hound2 MailScanner[32615]: Looked up unknown string possiblefraudstart in language translation file /etc/MailScanner/reports/en/languages.conf Mar 11 09:14:16 hound2 MailScanner[32615]: Looked up unknown string possiblefraudend in language translation file /etc/MailScanner/reports/en/languages.conf Mar 11 09:14:21 hound2 MailScanner[32638]: MailScanner E-Mail Virus Scanner version 4.38.10 starting... Mar 11 09:14:21 hound2 MailScanner[32638]: Read 0 hostnames from the phishing whitelist Mar 11 09:14:22 hound2 MailScanner[32638]: Using locktype = flock Mar 11 09:14:22 hound2 MailScanner[32638]: New Batch: Found 7 messages waiting Mar 11 09:14:22 hound2 MailScanner[32638]: New Batch: Scanning 4 messages, 76453 bytes Mar 11 09:14:22 hound2 MailScanner[32638]: Spam Checks: Starting Mar 11 09:14:23 hound2 MailScanner[32638]: Message j2BDWFlG022760 from 198.103.53.11 (desrochers.francine@tbs-sct.gc.ca) to pch.gc.ca is not spam, SpamAssassin (score=-5.885, required 3.8, ALL_TRUSTED -3.30, AWL 0.01, BAYES_00 -2.60, NO_REAL_NAME 0.01) Mar 11 09:14:23 hound2 MailScanner[32638]: Message j2BD1WlG032202 from 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) Mar 11 09:14:24 hound2 MailScanner[32638]: Message j2BD70lG003667 from 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) Mar 11 09:14:25 hound2 MailScanner[32638]: Message j2AIHnlG010716 from 206.191.0.217 (croutliffe@managers-gestionnaires.gc.ca) to pch.gc.ca is not spam, SpamAssassin (score=-1.942, required 3.8, BAYES_00 -2.60, HTML_FONT_BIG 0.14, HTML_FONT_FACE_BAD 0.04, HTML_MESSAGE 0.00, HTTP_ESCAPED_HOST 0.48) Mar 11 09:14:25 hound2 MailScanner[32638]: Virus and Content Scanning: Starting Mar 11 09:14:26 hound2 MailScanner[32638]: Filename Checks: Allowing j2AIHnlG010716 msg-32638-6.html (no rule matched) Mar 11 09:14:26 hound2 MailScanner[32638]: Filename Checks: Allowing j2AIHnlG010716 msg-32638-5.txt Mar 11 09:14:26 hound2 MailScanner[32638]: Filename Checks: Allowing j2BD70lG003667 msg-32638-4.txt Mar 11 09:14:26 hound2 MailScanner[32638]: Filename Checks: Allowing j2BD1WlG032202 msg-32638-3.txt Mar 11 09:14:26 hound2 MailScanner[32638]: Filename Checks: Allowing j2BDWFlG022760 msg-32638-2.txt Mar 11 09:14:26 hound2 MailScanner[32638]: Filename Checks: Allowing j2BDWFlG022760 msg-32638-1.txt Mar 11 09:14:26 hound2 MailScanner[32638]: tag found in message j2AIHnlG010716 from croutliffe@managers-gestionnaires.gc.ca Mar 11 09:14:26 hound2 MailScanner[32638]: Looked up unknown string possiblefraudstart in language translation file /etc/MailScanner/reports/en/languages.conf Mar 11 09:14:26 hound2 MailScanner[32638]: Looked up unknown string possiblefraudend in language translation file /etc/MailScanner/reports/en/languages.conf Mar 11 09:14:31 hound2 MailScanner[32661]: MailScanner E-Mail Virus Scanner version 4.38.10 starting... Mar 11 09:14:31 hound2 MailScanner[32661]: Read 0 hostnames from the phishing whitelist Mar 11 09:14:32 hound2 MailScanner[32661]: Using locktype = flock Mar 11 09:14:32 hound2 MailScanner[32661]: New Batch: Found 7 messages waiting Mar 11 09:14:32 hound2 MailScanner[32661]: New Batch: Scanning 4 messages, 76453 bytes Mar 11 09:14:32 hound2 MailScanner[32661]: Spam Checks: Starting I hope someone has an idea, because I don't. Thanks in advance.... Danny ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Mar 21 16:22:05 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:08 2006 Subject: Emails get stuck in the incoming queue (mqueue.in) Message-ID: Danny try changing the lock type to posix in /etc/MailScanner/MailScanner.conf and restart MailScanner. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Danny Beland wrote: > We are running MailScanner 4.38.10 with spamassassin 3.0.2, clamav and > mcafee. Our problem is that emails get stuck in the incoming queue causing > MailScanner to get those files over and over again. We closed the incoming > queue and MailScanner loops. Maybe I forgot a setting somewhere. We > installed MS, SA and ClamAV from the RPMs provided by the MailScanner > website. > I stopped the incoming queue so that no new emails are coming in. > This is the content of the mqueue.in and mqueue folders: > > hound2:/var/log/loop # ls -la mqueue > total 85 > drwx------ 3 root root 528 Mar 11 09:20 . > drwx------ 4 root root 128 Mar 11 09:20 .. > drwx------ 11 root root 264 Feb 28 04:54 .hoststat > -rw------- 1 root root 11535 Mar 9 13:56 dfj29GuSOn015376 > -rw------- 1 root mail 5277 Mar 10 08:21 dfj2ADLKAi001665 > -rw------- 1 root mail 1566 Mar 10 20:04 dfj2AN4nlH012744 > -rw------- 1 root mail 1419 Mar 10 21:07 dfj2B06tlH020255 > -rw------- 1 root root 16958 Mar 11 01:31 dfj2B4VnlH013823 > -rw------- 1 root mail 1894 Mar 11 03:50 dfj2B6nulH028200 > -rw------- 1 root mail 1719 Mar 11 04:28 dfj2B7RulH017216 > -rw------- 1 root mail 1397 Mar 11 09:09 qfj29GuSOn015376 > -rw------- 1 root mail 1003 Mar 11 09:07 qfj2ADLKAi001665 > -rw------- 1 root mail 1269 Mar 11 09:07 qfj2AN4nlH012744 > -rw------- 1 root mail 1255 Mar 11 09:05 qfj2B06tlH020255 > -rw------- 1 root mail 1506 Mar 11 09:05 qfj2B4VnlH013823 > -rw------- 1 root mail 1257 Mar 11 09:05 qfj2B6nulH028200 > -rw------- 1 root mail 1237 Mar 11 09:05 qfj2B7RulH017216 > hound2:/var/log/loop # ls -la mqueue.in/ > total 1709 > drwx------ 3 root root 624 Mar 11 09:21 . > drwx------ 4 root root 128 Mar 11 09:20 .. > drwx------ 2 root root 48 Feb 2 16:03 .hoststat > -rw------- 1 root mail 57213 Mar 10 13:17 dfj2AIHnlG010716 > -rw------- 1 root mail 126976 Mar 11 06:47 dfj2BBc2lG006009 > -rw------- 1 root mail 110592 Mar 11 07:34 dfj2BCUelG009716 > -rw------- 1 root mail 8192 Mar 11 07:33 dfj2BCUplG009819 > -rw------- 1 root mail 3407 Mar 11 08:01 dfj2BD1WlG032202 > -rw------- 1 root mail 3407 Mar 11 08:07 dfj2BD70lG003667 > -rw------- 1 root mail 192512 Mar 11 08:35 dfj2BDL1lG014130 > -rw------- 1 root mail 937984 Mar 11 08:35 dfj2BDUwlG021826 > -rw------- 1 root mail 3343 Mar 11 08:32 dfj2BDWFlG022760 > -rw------- 1 root mail 294912 Mar 11 08:35 dfj2BDY2lG024043 > -rw------- 1 root mail 910 Mar 10 14:59 qfj2AHvElH029023 > -rw------- 1 root mail 5445 Mar 10 13:17 qfj2AIHnlG010716 > -rw------- 1 root mail 944 Mar 10 20:06 qfj2AN4nlH012744 > -rw------- 1 root mail 1006 Mar 10 20:18 qfj2ANIBlH021980 > -rw------- 1 root mail 1077 Mar 11 08:01 qfj2BD1WlG032202 > -rw------- 1 root mail 1068 Mar 11 08:07 qfj2BD70lG003667 > -rw------- 1 root mail 1493 Mar 11 08:32 qfj2BDWFlG022760 > > And this is the MailScanner log. As you can see it scans the same messages > over and over again. > > Mar 11 09:11:35 hound2 MailScanner[32246]: Virus and Content Scanning: > Starting > Mar 11 09:11:36 hound2 MailScanner[32246]: Filename Checks: Allowing > j2AIHnlG010716 msg-32246-6.html (no rule matched) > Mar 11 09:11:36 hound2 MailScanner[32246]: Filename Checks: Allowing > j2AIHnlG010716 msg-32246-5.txt > Mar 11 09:11:36 hound2 MailScanner[32246]: Filename Checks: Allowing > j2BD70lG003667 msg-32246-4.txt > Mar 11 09:11:36 hound2 MailScanner[32246]: Filename Checks: Allowing > j2BD1WlG032202 msg-32246-3.txt > Mar 11 09:11:36 hound2 MailScanner[32246]: Filename Checks: Allowing > j2BDWFlG022760 msg-32246-2.txt > Mar 11 09:11:36 hound2 MailScanner[32246]: Filename Checks: Allowing > j2BDWFlG022760 msg-32246-1.txt > Mar 11 09:11:36 hound2 MailScanner[32246]: tag found in message > j2AIHnlG010716 from croutliffe@managers-gestionnaires.gc.ca > Mar 11 09:11:36 hound2 MailScanner[32246]: Looked up unknown string > possiblefraudstart in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:11:36 hound2 MailScanner[32246]: Looked up unknown string > possiblefraudend in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:11:41 hound2 MailScanner[32270]: MailScanner E-Mail Virus > Scanner version 4.38.10 starting... > Mar 11 09:11:41 hound2 MailScanner[32270]: Read 0 hostnames from the > phishing whitelist > Mar 11 09:11:42 hound2 MailScanner[32270]: Using locktype = flock > Mar 11 09:11:42 hound2 MailScanner[32270]: New Batch: Found 7 messages > waiting > Mar 11 09:11:42 hound2 MailScanner[32270]: New Batch: Scanning 4 > messages, 76453 bytes > Mar 11 09:11:42 hound2 MailScanner[32270]: Spam Checks: Starting > Mar 11 09:11:47 hound2 MailScanner[32270]: Message j2BDWFlG022760 from > 198.103.53.11 (desrochers.francine@tbs-sct.gc.ca) to pch.gc.ca is not > spam, SpamAssassin (score=-5.884, required 3.8, ALL_TRUSTED -3.30, AWL > 0.01, BAYES_00 -2.60, NO_REAL_NAME 0.01) > Mar 11 09:11:47 hound2 MailScanner[32270]: Message j2BD1WlG032202 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:11:48 hound2 MailScanner[32270]: Message j2BD70lG003667 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:11:49 hound2 MailScanner[32270]: Message j2AIHnlG010716 from > 206.191.0.217 (croutliffe@managers-gestionnaires.gc.ca) to pch.gc.ca is > not spam, SpamAssassin (score=-1.942, required 3.8, BAYES_00 -2.60, > HTML_FONT_BIG 0.14, HTML_FONT_FACE_BAD 0.04, HTML_MESSAGE 0.00, > HTTP_ESCAPED_HOST 0.48) > Mar 11 09:11:49 hound2 MailScanner[32270]: Virus and Content Scanning: > Starting > Mar 11 09:11:50 hound2 MailScanner[32270]: Filename Checks: Allowing > j2AIHnlG010716 msg-32270-6.html (no rule matched) > Mar 11 09:11:50 hound2 MailScanner[32270]: Filename Checks: Allowing > j2AIHnlG010716 msg-32270-5.txt > Mar 11 09:11:50 hound2 MailScanner[32270]: Filename Checks: Allowing > j2BD70lG003667 msg-32270-4.txt > Mar 11 09:11:50 hound2 MailScanner[32270]: Filename Checks: Allowing > j2BD1WlG032202 msg-32270-3.txt > Mar 11 09:11:50 hound2 MailScanner[32270]: Filename Checks: Allowing > j2BDWFlG022760 msg-32270-2.txt > Mar 11 09:11:50 hound2 MailScanner[32270]: Filename Checks: Allowing > j2BDWFlG022760 msg-32270-1.txt > Mar 11 09:11:50 hound2 MailScanner[32270]: tag found in message > j2AIHnlG010716 from croutliffe@managers-gestionnaires.gc.ca > Mar 11 09:11:50 hound2 MailScanner[32270]: Looked up unknown string > possiblefraudstart in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:11:50 hound2 MailScanner[32270]: Looked up unknown string > possiblefraudend in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:11:51 hound2 MailScanner[32293]: MailScanner E-Mail Virus > Scanner version 4.38.10 starting... > Mar 11 09:11:51 hound2 MailScanner[32293]: Read 0 hostnames from the > phishing whitelist > Mar 11 09:11:52 hound2 MailScanner[32293]: Using locktype = flock > Mar 11 09:11:52 hound2 MailScanner[32293]: New Batch: Found 7 messages > waiting > Mar 11 09:11:52 hound2 MailScanner[32293]: New Batch: Scanning 4 > messages, 76453 bytes > Mar 11 09:11:52 hound2 MailScanner[32293]: Spam Checks: Starting > Mar 11 09:11:53 hound2 MailScanner[32293]: Message j2BDWFlG022760 from > 198.103.53.11 (desrochers.francine@tbs-sct.gc.ca) to pch.gc.ca is not > spam, SpamAssassin (score=-5.884, required 3.8, ALL_TRUSTED -3.30, AWL > 0.01, BAYES_00 -2.60, NO_REAL_NAME 0.01) > Mar 11 09:11:53 hound2 MailScanner[32293]: Message j2BD1WlG032202 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:11:54 hound2 MailScanner[32293]: Message j2BD70lG003667 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:11:55 hound2 MailScanner[32293]: Message j2AIHnlG010716 from > 206.191.0.217 (croutliffe@managers-gestionnaires.gc.ca) to pch.gc.ca is > not spam, SpamAssassin (score=-1.942, required 3.8, BAYES_00 -2.60, > HTML_FONT_BIG 0.14, HTML_FONT_FACE_BAD 0.04, HTML_MESSAGE 0.00, > HTTP_ESCAPED_HOST 0.48) > Mar 11 09:11:55 hound2 MailScanner[32293]: Virus and Content Scanning: > Starting > Mar 11 09:11:56 hound2 MailScanner[32293]: Filename Checks: Allowing > j2AIHnlG010716 msg-32293-6.html (no rule matched) > Mar 11 09:11:56 hound2 MailScanner[32293]: Filename Checks: Allowing > j2AIHnlG010716 msg-32293-5.txt > Mar 11 09:11:56 hound2 MailScanner[32293]: Filename Checks: Allowing > j2BD70lG003667 msg-32293-4.txt > Mar 11 09:11:56 hound2 MailScanner[32293]: Filename Checks: Allowing > j2BD1WlG032202 msg-32293-3.txt > Mar 11 09:11:56 hound2 MailScanner[32293]: Filename Checks: Allowing > j2BDWFlG022760 msg-32293-2.txt > Mar 11 09:11:56 hound2 MailScanner[32293]: Filename Checks: Allowing > j2BDWFlG022760 msg-32293-1.txt > Mar 11 09:11:56 hound2 MailScanner[32293]: tag found in message > j2AIHnlG010716 from croutliffe@managers-gestionnaires.gc.ca > Mar 11 09:11:56 hound2 MailScanner[32293]: Looked up unknown string > possiblefraudstart in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:11:56 hound2 MailScanner[32293]: Looked up unknown string > possiblefraudend in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:12:01 hound2 MailScanner[32316]: MailScanner E-Mail Virus > Scanner version 4.38.10 starting... > Mar 11 09:12:01 hound2 MailScanner[32316]: Read 0 hostnames from the > phishing whitelist > Mar 11 09:12:02 hound2 MailScanner[32316]: Using locktype = flock > Mar 11 09:12:02 hound2 MailScanner[32316]: New Batch: Found 7 messages > waiting > Mar 11 09:12:02 hound2 MailScanner[32316]: New Batch: Scanning 4 > messages, 76453 bytes > Mar 11 09:12:02 hound2 MailScanner[32316]: Spam Checks: Starting > Mar 11 09:12:03 hound2 MailScanner[32316]: Message j2BDWFlG022760 from > 198.103.53.11 (desrochers.francine@tbs-sct.gc.ca) to pch.gc.ca is not > spam, SpamAssassin (score=-5.884, required 3.8, ALL_TRUSTED -3.30, AWL > 0.01, BAYES_00 -2.60, NO_REAL_NAME 0.01) > Mar 11 09:12:03 hound2 MailScanner[32316]: Message j2BD1WlG032202 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:12:04 hound2 MailScanner[32316]: Message j2BD70lG003667 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:12:05 hound2 MailScanner[32316]: Message j2AIHnlG010716 from > 206.191.0.217 (croutliffe@managers-gestionnaires.gc.ca) to pch.gc.ca is > not spam, SpamAssassin (score=-1.942, required 3.8, BAYES_00 -2.60, > HTML_FONT_BIG 0.14, HTML_FONT_FACE_BAD 0.04, HTML_MESSAGE 0.00, > HTTP_ESCAPED_HOST 0.48) > Mar 11 09:12:05 hound2 MailScanner[32316]: Virus and Content Scanning: > Starting > Mar 11 09:12:06 hound2 MailScanner[32316]: Filename Checks: Allowing > j2AIHnlG010716 msg-32316-6.html (no rule matched) > Mar 11 09:12:06 hound2 MailScanner[32316]: Filename Checks: Allowing > j2AIHnlG010716 msg-32316-5.txt > Mar 11 09:12:06 hound2 MailScanner[32316]: Filename Checks: Allowing > j2BD70lG003667 msg-32316-4.txt > Mar 11 09:12:06 hound2 MailScanner[32316]: Filename Checks: Allowing > j2BD1WlG032202 msg-32316-3.txt > Mar 11 09:12:06 hound2 MailScanner[32316]: Filename Checks: Allowing > j2BDWFlG022760 msg-32316-2.txt > Mar 11 09:12:06 hound2 MailScanner[32316]: Filename Checks: Allowing > j2BDWFlG022760 msg-32316-1.txt > Mar 11 09:12:06 hound2 MailScanner[32316]: tag found in message > j2AIHnlG010716 from croutliffe@managers-gestionnaires.gc.ca > Mar 11 09:12:06 hound2 MailScanner[32316]: Looked up unknown string > possiblefraudstart in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:12:06 hound2 MailScanner[32316]: Looked up unknown string > possiblefraudend in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:12:11 hound2 MailScanner[32339]: MailScanner E-Mail Virus > Scanner version 4.38.10 starting... > Mar 11 09:12:11 hound2 MailScanner[32339]: Read 0 hostnames from the > phishing whitelist > Mar 11 09:12:12 hound2 MailScanner[32339]: Using locktype = flock > Mar 11 09:12:12 hound2 MailScanner[32339]: New Batch: Found 7 messages > waiting > Mar 11 09:12:12 hound2 MailScanner[32339]: New Batch: Scanning 4 > messages, 76453 bytes > Mar 11 09:12:12 hound2 MailScanner[32339]: Spam Checks: Starting > Mar 11 09:12:13 hound2 MailScanner[32339]: Message j2BDWFlG022760 from > 198.103.53.11 (desrochers.francine@tbs-sct.gc.ca) to pch.gc.ca is not > spam, SpamAssassin (score=-5.884, required 3.8, ALL_TRUSTED -3.30, AWL > 0.01, BAYES_00 -2.60, NO_REAL_NAME 0.01) > Mar 11 09:12:13 hound2 MailScanner[32339]: Message j2BD1WlG032202 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:12:14 hound2 MailScanner[32339]: Message j2BD70lG003667 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:12:15 hound2 MailScanner[32339]: Message j2AIHnlG010716 from > 206.191.0.217 (croutliffe@managers-gestionnaires.gc.ca) to pch.gc.ca is > not spam, SpamAssassin (score=-1.942, required 3.8, BAYES_00 -2.60, > HTML_FONT_BIG 0.14, HTML_FONT_FACE_BAD 0.04, HTML_MESSAGE 0.00, > HTTP_ESCAPED_HOST 0.48) > Mar 11 09:12:15 hound2 MailScanner[32339]: Virus and Content Scanning: > Starting > Mar 11 09:12:16 hound2 MailScanner[32339]: Filename Checks: Allowing > j2AIHnlG010716 msg-32339-6.html (no rule matched) > Mar 11 09:12:16 hound2 MailScanner[32339]: Filename Checks: Allowing > j2AIHnlG010716 msg-32339-5.txt > Mar 11 09:12:16 hound2 MailScanner[32339]: Filename Checks: Allowing > j2BD70lG003667 msg-32339-4.txt > Mar 11 09:12:16 hound2 MailScanner[32339]: Filename Checks: Allowing > j2BD1WlG032202 msg-32339-3.txt > Mar 11 09:12:16 hound2 MailScanner[32339]: Filename Checks: Allowing > j2BDWFlG022760 msg-32339-2.txt > Mar 11 09:12:16 hound2 MailScanner[32339]: Filename Checks: Allowing > j2BDWFlG022760 msg-32339-1.txt > Mar 11 09:12:16 hound2 MailScanner[32339]: tag found in message > j2AIHnlG010716 from croutliffe@managers-gestionnaires.gc.ca > Mar 11 09:12:16 hound2 MailScanner[32339]: Looked up unknown string > possiblefraudstart in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:12:16 hound2 MailScanner[32339]: Looked up unknown string > possiblefraudend in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:12:21 hound2 MailScanner[32362]: MailScanner E-Mail Virus > Scanner version 4.38.10 starting... > Mar 11 09:12:21 hound2 MailScanner[32362]: Read 0 hostnames from the > phishing whitelist > Mar 11 09:12:22 hound2 MailScanner[32362]: Using locktype = flock > Mar 11 09:12:22 hound2 MailScanner[32362]: New Batch: Found 7 messages > waiting > Mar 11 09:12:22 hound2 MailScanner[32362]: New Batch: Scanning 4 > messages, 76453 bytes > Mar 11 09:12:22 hound2 MailScanner[32362]: Spam Checks: Starting > Mar 11 09:12:23 hound2 MailScanner[32362]: Message j2BDWFlG022760 from > 198.103.53.11 (desrochers.francine@tbs-sct.gc.ca) to pch.gc.ca is not > spam, SpamAssassin (score=-5.884, required 3.8, ALL_TRUSTED -3.30, AWL > 0.01, BAYES_00 -2.60, NO_REAL_NAME 0.01) > Mar 11 09:12:23 hound2 MailScanner[32362]: Message j2BD1WlG032202 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:12:24 hound2 MailScanner[32362]: Message j2BD70lG003667 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:12:25 hound2 MailScanner[32362]: Message j2AIHnlG010716 from > 206.191.0.217 (croutliffe@managers-gestionnaires.gc.ca) to pch.gc.ca is > not spam, SpamAssassin (score=-1.942, required 3.8, BAYES_00 -2.60, > HTML_FONT_BIG 0.14, HTML_FONT_FACE_BAD 0.04, HTML_MESSAGE 0.00, > HTTP_ESCAPED_HOST 0.48) > Mar 11 09:12:25 hound2 MailScanner[32362]: Virus and Content Scanning: > Starting > Mar 11 09:12:26 hound2 MailScanner[32362]: Filename Checks: Allowing > j2AIHnlG010716 msg-32362-6.html (no rule matched) > Mar 11 09:12:26 hound2 MailScanner[32362]: Filename Checks: Allowing > j2AIHnlG010716 msg-32362-5.txt > Mar 11 09:12:26 hound2 MailScanner[32362]: Filename Checks: Allowing > j2BD70lG003667 msg-32362-4.txt > Mar 11 09:12:26 hound2 MailScanner[32362]: Filename Checks: Allowing > j2BD1WlG032202 msg-32362-3.txt > Mar 11 09:12:26 hound2 MailScanner[32362]: Filename Checks: Allowing > j2BDWFlG022760 msg-32362-2.txt > Mar 11 09:12:26 hound2 MailScanner[32362]: Filename Checks: Allowing > j2BDWFlG022760 msg-32362-1.txt > Mar 11 09:12:26 hound2 MailScanner[32362]: tag found in message > j2AIHnlG010716 from croutliffe@managers-gestionnaires.gc.ca > Mar 11 09:12:26 hound2 MailScanner[32362]: Looked up unknown string > possiblefraudstart in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:12:26 hound2 MailScanner[32362]: Looked up unknown string > possiblefraudend in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:12:31 hound2 MailScanner[32385]: MailScanner E-Mail Virus > Scanner version 4.38.10 starting... > Mar 11 09:12:31 hound2 MailScanner[32385]: Read 0 hostnames from the > phishing whitelist > Mar 11 09:12:32 hound2 MailScanner[32385]: Using locktype = flock > Mar 11 09:12:32 hound2 MailScanner[32385]: New Batch: Found 7 messages > waiting > Mar 11 09:12:32 hound2 MailScanner[32385]: New Batch: Scanning 4 > messages, 76453 bytes > Mar 11 09:12:32 hound2 MailScanner[32385]: Spam Checks: Starting > Mar 11 09:12:34 hound2 MailScanner[32385]: Message j2BDWFlG022760 from > 198.103.53.11 (desrochers.francine@tbs-sct.gc.ca) to pch.gc.ca is not > spam, SpamAssassin (score=-5.884, required 3.8, ALL_TRUSTED -3.30, AWL > 0.01, BAYES_00 -2.60, NO_REAL_NAME 0.01) > Mar 11 09:12:34 hound2 MailScanner[32385]: Message j2BD1WlG032202 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:12:35 hound2 MailScanner[32385]: Message j2BD70lG003667 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:12:36 hound2 MailScanner[32385]: Message j2AIHnlG010716 from > 206.191.0.217 (croutliffe@managers-gestionnaires.gc.ca) to pch.gc.ca is > not spam, SpamAssassin (score=-1.942, required 3.8, BAYES_00 -2.60, > HTML_FONT_BIG 0.14, HTML_FONT_FACE_BAD 0.04, HTML_MESSAGE 0.00, > HTTP_ESCAPED_HOST 0.48) > Mar 11 09:12:36 hound2 MailScanner[32385]: Virus and Content Scanning: > Starting > Mar 11 09:12:37 hound2 MailScanner[32385]: Filename Checks: Allowing > j2AIHnlG010716 msg-32385-6.html (no rule matched) > Mar 11 09:12:37 hound2 MailScanner[32385]: Filename Checks: Allowing > j2AIHnlG010716 msg-32385-5.txt > Mar 11 09:12:37 hound2 MailScanner[32385]: Filename Checks: Allowing > j2BD70lG003667 msg-32385-4.txt > Mar 11 09:12:37 hound2 MailScanner[32385]: Filename Checks: Allowing > j2BD1WlG032202 msg-32385-3.txt > Mar 11 09:12:37 hound2 MailScanner[32385]: Filename Checks: Allowing > j2BDWFlG022760 msg-32385-2.txt > Mar 11 09:12:37 hound2 MailScanner[32385]: Filename Checks: Allowing > j2BDWFlG022760 msg-32385-1.txt > Mar 11 09:12:37 hound2 MailScanner[32385]: tag found in message > j2AIHnlG010716 from croutliffe@managers-gestionnaires.gc.ca > Mar 11 09:12:37 hound2 MailScanner[32385]: Looked up unknown string > possiblefraudstart in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:12:37 hound2 MailScanner[32385]: Looked up unknown string > possiblefraudend in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:12:41 hound2 MailScanner[32408]: MailScanner E-Mail Virus > Scanner version 4.38.10 starting... > Mar 11 09:12:41 hound2 MailScanner[32408]: Read 0 hostnames from the > phishing whitelist > Mar 11 09:12:42 hound2 MailScanner[32408]: Using locktype = flock > Mar 11 09:12:42 hound2 MailScanner[32408]: New Batch: Found 7 messages > waiting > Mar 11 09:12:42 hound2 MailScanner[32408]: New Batch: Scanning 4 > messages, 76453 bytes > Mar 11 09:12:42 hound2 MailScanner[32408]: Spam Checks: Starting > Mar 11 09:12:43 hound2 MailScanner[32408]: Message j2BDWFlG022760 from > 198.103.53.11 (desrochers.francine@tbs-sct.gc.ca) to pch.gc.ca is not > spam, SpamAssassin (score=-5.884, required 3.8, ALL_TRUSTED -3.30, AWL > 0.01, BAYES_00 -2.60, NO_REAL_NAME 0.01) > Mar 11 09:12:43 hound2 MailScanner[32408]: Message j2BD1WlG032202 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:12:44 hound2 MailScanner[32408]: Message j2BD70lG003667 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:12:45 hound2 MailScanner[32408]: Message j2AIHnlG010716 from > 206.191.0.217 (croutliffe@managers-gestionnaires.gc.ca) to pch.gc.ca is > not spam, SpamAssassin (score=-1.942, required 3.8, BAYES_00 -2.60, > HTML_FONT_BIG 0.14, HTML_FONT_FACE_BAD 0.04, HTML_MESSAGE 0.00, > HTTP_ESCAPED_HOST 0.48) > Mar 11 09:12:45 hound2 MailScanner[32408]: Virus and Content Scanning: > Starting > Mar 11 09:12:46 hound2 MailScanner[32408]: Filename Checks: Allowing > j2AIHnlG010716 msg-32408-6.html (no rule matched) > Mar 11 09:12:46 hound2 MailScanner[32408]: Filename Checks: Allowing > j2AIHnlG010716 msg-32408-5.txt > Mar 11 09:12:46 hound2 MailScanner[32408]: Filename Checks: Allowing > j2BD70lG003667 msg-32408-4.txt > Mar 11 09:12:46 hound2 MailScanner[32408]: Filename Checks: Allowing > j2BD1WlG032202 msg-32408-3.txt > Mar 11 09:12:46 hound2 MailScanner[32408]: Filename Checks: Allowing > j2BDWFlG022760 msg-32408-2.txt > Mar 11 09:12:46 hound2 MailScanner[32408]: Filename Checks: Allowing > j2BDWFlG022760 msg-32408-1.txt > Mar 11 09:12:46 hound2 MailScanner[32408]: tag found in message > j2AIHnlG010716 from croutliffe@managers-gestionnaires.gc.ca > Mar 11 09:12:46 hound2 MailScanner[32408]: Looked up unknown string > possiblefraudstart in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:12:46 hound2 MailScanner[32408]: Looked up unknown string > possiblefraudend in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:12:51 hound2 MailScanner[32431]: MailScanner E-Mail Virus > Scanner version 4.38.10 starting... > Mar 11 09:12:51 hound2 MailScanner[32431]: Read 0 hostnames from the > phishing whitelist > Mar 11 09:12:52 hound2 MailScanner[32431]: Using locktype = flock > Mar 11 09:12:52 hound2 MailScanner[32431]: New Batch: Found 7 messages > waiting > Mar 11 09:12:52 hound2 MailScanner[32431]: New Batch: Scanning 4 > messages, 76453 bytes > Mar 11 09:12:52 hound2 MailScanner[32431]: Spam Checks: Starting > Mar 11 09:12:53 hound2 MailScanner[32431]: Message j2BDWFlG022760 from > 198.103.53.11 (desrochers.francine@tbs-sct.gc.ca) to pch.gc.ca is not > spam, SpamAssassin (score=-5.884, required 3.8, ALL_TRUSTED -3.30, AWL > 0.01, BAYES_00 -2.60, NO_REAL_NAME 0.01) > Mar 11 09:12:53 hound2 MailScanner[32431]: Message j2BD1WlG032202 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:12:54 hound2 MailScanner[32431]: Message j2BD70lG003667 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:12:55 hound2 MailScanner[32431]: Message j2AIHnlG010716 from > 206.191.0.217 (croutliffe@managers-gestionnaires.gc.ca) to pch.gc.ca is > not spam, SpamAssassin (score=-1.942, required 3.8, BAYES_00 -2.60, > HTML_FONT_BIG 0.14, HTML_FONT_FACE_BAD 0.04, HTML_MESSAGE 0.00, > HTTP_ESCAPED_HOST 0.48) > Mar 11 09:12:55 hound2 MailScanner[32431]: Virus and Content Scanning: > Starting > Mar 11 09:12:56 hound2 MailScanner[32431]: Filename Checks: Allowing > j2AIHnlG010716 msg-32431-6.html (no rule matched) > Mar 11 09:12:56 hound2 MailScanner[32431]: Filename Checks: Allowing > j2AIHnlG010716 msg-32431-5.txt > Mar 11 09:12:56 hound2 MailScanner[32431]: Filename Checks: Allowing > j2BD70lG003667 msg-32431-4.txt > Mar 11 09:12:56 hound2 MailScanner[32431]: Filename Checks: Allowing > j2BD1WlG032202 msg-32431-3.txt > Mar 11 09:12:56 hound2 MailScanner[32431]: Filename Checks: Allowing > j2BDWFlG022760 msg-32431-2.txt > Mar 11 09:12:56 hound2 MailScanner[32431]: Filename Checks: Allowing > j2BDWFlG022760 msg-32431-1.txt > Mar 11 09:12:56 hound2 MailScanner[32431]: tag found in message > j2AIHnlG010716 from croutliffe@managers-gestionnaires.gc.ca > Mar 11 09:12:56 hound2 MailScanner[32431]: Looked up unknown string > possiblefraudstart in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:12:56 hound2 MailScanner[32431]: Looked up unknown string > possiblefraudend in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:13:01 hound2 MailScanner[32454]: MailScanner E-Mail Virus > Scanner version 4.38.10 starting... > Mar 11 09:13:01 hound2 MailScanner[32454]: Read 0 hostnames from the > phishing whitelist > Mar 11 09:13:02 hound2 MailScanner[32454]: Using locktype = flock > Mar 11 09:13:02 hound2 MailScanner[32454]: New Batch: Found 7 messages > waiting > Mar 11 09:13:02 hound2 MailScanner[32454]: New Batch: Scanning 4 > messages, 76453 bytes > Mar 11 09:13:02 hound2 MailScanner[32454]: Spam Checks: Starting > Mar 11 09:13:03 hound2 MailScanner[32454]: Message j2BDWFlG022760 from > 198.103.53.11 (desrochers.francine@tbs-sct.gc.ca) to pch.gc.ca is not > spam, SpamAssassin (score=-5.884, required 3.8, ALL_TRUSTED -3.30, AWL > 0.01, BAYES_00 -2.60, NO_REAL_NAME 0.01) > Mar 11 09:13:03 hound2 MailScanner[32454]: Message j2BD1WlG032202 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:13:04 hound2 MailScanner[32454]: Message j2BD70lG003667 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:13:05 hound2 MailScanner[32454]: Message j2AIHnlG010716 from > 206.191.0.217 (croutliffe@managers-gestionnaires.gc.ca) to pch.gc.ca is > not spam, SpamAssassin (score=-1.942, required 3.8, BAYES_00 -2.60, > HTML_FONT_BIG 0.14, HTML_FONT_FACE_BAD 0.04, HTML_MESSAGE 0.00, > HTTP_ESCAPED_HOST 0.48) > Mar 11 09:13:05 hound2 MailScanner[32454]: Virus and Content Scanning: > Starting > Mar 11 09:13:06 hound2 MailScanner[32454]: Filename Checks: Allowing > j2AIHnlG010716 msg-32454-6.html (no rule matched) > Mar 11 09:13:06 hound2 MailScanner[32454]: Filename Checks: Allowing > j2AIHnlG010716 msg-32454-5.txt > Mar 11 09:13:06 hound2 MailScanner[32454]: Filename Checks: Allowing > j2BD70lG003667 msg-32454-4.txt > Mar 11 09:13:06 hound2 MailScanner[32454]: Filename Checks: Allowing > j2BD1WlG032202 msg-32454-3.txt > Mar 11 09:13:06 hound2 MailScanner[32454]: Filename Checks: Allowing > j2BDWFlG022760 msg-32454-2.txt > Mar 11 09:13:06 hound2 MailScanner[32454]: Filename Checks: Allowing > j2BDWFlG022760 msg-32454-1.txt > Mar 11 09:13:06 hound2 MailScanner[32454]: tag found in message > j2AIHnlG010716 from croutliffe@managers-gestionnaires.gc.ca > Mar 11 09:13:06 hound2 MailScanner[32454]: Looked up unknown string > possiblefraudstart in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:13:06 hound2 MailScanner[32454]: Looked up unknown string > possiblefraudend in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:13:11 hound2 MailScanner[32477]: MailScanner E-Mail Virus > Scanner version 4.38.10 starting... > Mar 11 09:13:11 hound2 MailScanner[32477]: Read 0 hostnames from the > phishing whitelist > Mar 11 09:13:12 hound2 MailScanner[32477]: Using locktype = flock > Mar 11 09:13:12 hound2 MailScanner[32477]: New Batch: Found 7 messages > waiting > Mar 11 09:13:12 hound2 MailScanner[32477]: New Batch: Scanning 4 > messages, 76453 bytes > Mar 11 09:13:12 hound2 MailScanner[32477]: Spam Checks: Starting > Mar 11 09:13:13 hound2 MailScanner[32477]: Message j2BDWFlG022760 from > 198.103.53.11 (desrochers.francine@tbs-sct.gc.ca) to pch.gc.ca is not > spam, SpamAssassin (score=-5.884, required 3.8, ALL_TRUSTED -3.30, AWL > 0.01, BAYES_00 -2.60, NO_REAL_NAME 0.01) > Mar 11 09:13:13 hound2 MailScanner[32477]: Message j2BD1WlG032202 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:13:14 hound2 MailScanner[32477]: Message j2BD70lG003667 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:13:15 hound2 MailScanner[32477]: Message j2AIHnlG010716 from > 206.191.0.217 (croutliffe@managers-gestionnaires.gc.ca) to pch.gc.ca is > not spam, SpamAssassin (score=-1.942, required 3.8, BAYES_00 -2.60, > HTML_FONT_BIG 0.14, HTML_FONT_FACE_BAD 0.04, HTML_MESSAGE 0.00, > HTTP_ESCAPED_HOST 0.48) > Mar 11 09:13:15 hound2 MailScanner[32477]: Virus and Content Scanning: > Starting > Mar 11 09:13:16 hound2 MailScanner[32477]: Filename Checks: Allowing > j2AIHnlG010716 msg-32477-6.html (no rule matched) > Mar 11 09:13:16 hound2 MailScanner[32477]: Filename Checks: Allowing > j2AIHnlG010716 msg-32477-5.txt > Mar 11 09:13:16 hound2 MailScanner[32477]: Filename Checks: Allowing > j2BD70lG003667 msg-32477-4.txt > Mar 11 09:13:16 hound2 MailScanner[32477]: Filename Checks: Allowing > j2BD1WlG032202 msg-32477-3.txt > Mar 11 09:13:16 hound2 MailScanner[32477]: Filename Checks: Allowing > j2BDWFlG022760 msg-32477-2.txt > Mar 11 09:13:16 hound2 MailScanner[32477]: Filename Checks: Allowing > j2BDWFlG022760 msg-32477-1.txt > Mar 11 09:13:16 hound2 MailScanner[32477]: tag found in message > j2AIHnlG010716 from croutliffe@managers-gestionnaires.gc.ca > Mar 11 09:13:16 hound2 MailScanner[32477]: Looked up unknown string > possiblefraudstart in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:13:16 hound2 MailScanner[32477]: Looked up unknown string > possiblefraudend in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:13:21 hound2 MailScanner[32500]: MailScanner E-Mail Virus > Scanner version 4.38.10 starting... > Mar 11 09:13:21 hound2 MailScanner[32500]: Read 0 hostnames from the > phishing whitelist > Mar 11 09:13:22 hound2 MailScanner[32500]: Using locktype = flock > Mar 11 09:13:22 hound2 MailScanner[32500]: New Batch: Found 7 messages > waiting > Mar 11 09:13:22 hound2 MailScanner[32500]: New Batch: Scanning 4 > messages, 76453 bytes > Mar 11 09:13:22 hound2 MailScanner[32500]: Spam Checks: Starting > Mar 11 09:13:23 hound2 MailScanner[32500]: Message j2BDWFlG022760 from > 198.103.53.11 (desrochers.francine@tbs-sct.gc.ca) to pch.gc.ca is not > spam, SpamAssassin (score=-5.884, required 3.8, ALL_TRUSTED -3.30, AWL > 0.01, BAYES_00 -2.60, NO_REAL_NAME 0.01) > Mar 11 09:13:23 hound2 MailScanner[32500]: Message j2BD1WlG032202 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:13:24 hound2 MailScanner[32500]: Message j2BD70lG003667 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:13:25 hound2 MailScanner[32500]: Message j2AIHnlG010716 from > 206.191.0.217 (croutliffe@managers-gestionnaires.gc.ca) to pch.gc.ca is > not spam, SpamAssassin (score=-1.942, required 3.8, BAYES_00 -2.60, > HTML_FONT_BIG 0.14, HTML_FONT_FACE_BAD 0.04, HTML_MESSAGE 0.00, > HTTP_ESCAPED_HOST 0.48) > Mar 11 09:13:25 hound2 MailScanner[32500]: Virus and Content Scanning: > Starting > Mar 11 09:13:26 hound2 MailScanner[32500]: Filename Checks: Allowing > j2AIHnlG010716 msg-32500-6.html (no rule matched) > Mar 11 09:13:26 hound2 MailScanner[32500]: Filename Checks: Allowing > j2AIHnlG010716 msg-32500-5.txt > Mar 11 09:13:26 hound2 MailScanner[32500]: Filename Checks: Allowing > j2BD70lG003667 msg-32500-4.txt > Mar 11 09:13:26 hound2 MailScanner[32500]: Filename Checks: Allowing > j2BD1WlG032202 msg-32500-3.txt > Mar 11 09:13:26 hound2 MailScanner[32500]: Filename Checks: Allowing > j2BDWFlG022760 msg-32500-2.txt > Mar 11 09:13:26 hound2 MailScanner[32500]: Filename Checks: Allowing > j2BDWFlG022760 msg-32500-1.txt > Mar 11 09:13:26 hound2 MailScanner[32500]: tag found in message > j2AIHnlG010716 from croutliffe@managers-gestionnaires.gc.ca > Mar 11 09:13:26 hound2 MailScanner[32500]: Looked up unknown string > possiblefraudstart in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:13:26 hound2 MailScanner[32500]: Looked up unknown string > possiblefraudend in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:13:31 hound2 MailScanner[32523]: MailScanner E-Mail Virus > Scanner version 4.38.10 starting... > Mar 11 09:13:31 hound2 MailScanner[32523]: Read 0 hostnames from the > phishing whitelist > Mar 11 09:13:32 hound2 MailScanner[32523]: Using locktype = flock > Mar 11 09:13:32 hound2 MailScanner[32523]: New Batch: Found 7 messages > waiting > Mar 11 09:13:32 hound2 MailScanner[32523]: New Batch: Scanning 4 > messages, 76453 bytes > Mar 11 09:13:32 hound2 MailScanner[32523]: Spam Checks: Starting > Mar 11 09:13:33 hound2 MailScanner[32523]: Message j2BDWFlG022760 from > 198.103.53.11 (desrochers.francine@tbs-sct.gc.ca) to pch.gc.ca is not > spam, SpamAssassin (score=-5.884, required 3.8, ALL_TRUSTED -3.30, AWL > 0.01, BAYES_00 -2.60, NO_REAL_NAME 0.01) > Mar 11 09:13:33 hound2 MailScanner[32523]: Message j2BD1WlG032202 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:13:34 hound2 MailScanner[32523]: Message j2BD70lG003667 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:13:35 hound2 MailScanner[32523]: Message j2AIHnlG010716 from > 206.191.0.217 (croutliffe@managers-gestionnaires.gc.ca) to pch.gc.ca is > not spam, SpamAssassin (score=-1.942, required 3.8, BAYES_00 -2.60, > HTML_FONT_BIG 0.14, HTML_FONT_FACE_BAD 0.04, HTML_MESSAGE 0.00, > HTTP_ESCAPED_HOST 0.48) > Mar 11 09:13:35 hound2 MailScanner[32523]: Virus and Content Scanning: > Starting > Mar 11 09:13:36 hound2 MailScanner[32523]: Filename Checks: Allowing > j2AIHnlG010716 msg-32523-6.html (no rule matched) > Mar 11 09:13:36 hound2 MailScanner[32523]: Filename Checks: Allowing > j2AIHnlG010716 msg-32523-5.txt > Mar 11 09:13:36 hound2 MailScanner[32523]: Filename Checks: Allowing > j2BD70lG003667 msg-32523-4.txt > Mar 11 09:13:36 hound2 MailScanner[32523]: Filename Checks: Allowing > j2BD1WlG032202 msg-32523-3.txt > Mar 11 09:13:36 hound2 MailScanner[32523]: Filename Checks: Allowing > j2BDWFlG022760 msg-32523-2.txt > Mar 11 09:13:36 hound2 MailScanner[32523]: Filename Checks: Allowing > j2BDWFlG022760 msg-32523-1.txt > Mar 11 09:13:36 hound2 MailScanner[32523]: tag found in message > j2AIHnlG010716 from croutliffe@managers-gestionnaires.gc.ca > Mar 11 09:13:36 hound2 MailScanner[32523]: Looked up unknown string > possiblefraudstart in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:13:36 hound2 MailScanner[32523]: Looked up unknown string > possiblefraudend in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:13:41 hound2 MailScanner[32546]: MailScanner E-Mail Virus > Scanner version 4.38.10 starting... > Mar 11 09:13:41 hound2 MailScanner[32546]: Read 0 hostnames from the > phishing whitelist > Mar 11 09:13:42 hound2 MailScanner[32546]: Using locktype = flock > Mar 11 09:13:42 hound2 MailScanner[32546]: New Batch: Found 7 messages > waiting > Mar 11 09:13:42 hound2 MailScanner[32546]: New Batch: Scanning 4 > messages, 76453 bytes > Mar 11 09:13:42 hound2 MailScanner[32546]: Spam Checks: Starting > Mar 11 09:13:43 hound2 MailScanner[32546]: Message j2BDWFlG022760 from > 198.103.53.11 (desrochers.francine@tbs-sct.gc.ca) to pch.gc.ca is not > spam, SpamAssassin (score=-5.884, required 3.8, ALL_TRUSTED -3.30, AWL > 0.01, BAYES_00 -2.60, NO_REAL_NAME 0.01) > Mar 11 09:13:43 hound2 MailScanner[32546]: Message j2BD1WlG032202 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:13:44 hound2 MailScanner[32546]: Message j2BD70lG003667 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:13:45 hound2 MailScanner[32546]: Message j2AIHnlG010716 from > 206.191.0.217 (croutliffe@managers-gestionnaires.gc.ca) to pch.gc.ca is > not spam, SpamAssassin (score=-1.942, required 3.8, BAYES_00 -2.60, > HTML_FONT_BIG 0.14, HTML_FONT_FACE_BAD 0.04, HTML_MESSAGE 0.00, > HTTP_ESCAPED_HOST 0.48) > Mar 11 09:13:45 hound2 MailScanner[32546]: Virus and Content Scanning: > Starting > Mar 11 09:13:46 hound2 MailScanner[32546]: Filename Checks: Allowing > j2AIHnlG010716 msg-32546-6.html (no rule matched) > Mar 11 09:13:46 hound2 MailScanner[32546]: Filename Checks: Allowing > j2AIHnlG010716 msg-32546-5.txt > Mar 11 09:13:46 hound2 MailScanner[32546]: Filename Checks: Allowing > j2BD70lG003667 msg-32546-4.txt > Mar 11 09:13:46 hound2 MailScanner[32546]: Filename Checks: Allowing > j2BD1WlG032202 msg-32546-3.txt > Mar 11 09:13:46 hound2 MailScanner[32546]: Filename Checks: Allowing > j2BDWFlG022760 msg-32546-2.txt > Mar 11 09:13:46 hound2 MailScanner[32546]: Filename Checks: Allowing > j2BDWFlG022760 msg-32546-1.txt > Mar 11 09:13:46 hound2 MailScanner[32546]: tag found in message > j2AIHnlG010716 from croutliffe@managers-gestionnaires.gc.ca > Mar 11 09:13:46 hound2 MailScanner[32546]: Looked up unknown string > possiblefraudstart in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:13:46 hound2 MailScanner[32546]: Looked up unknown string > possiblefraudend in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:13:51 hound2 MailScanner[32569]: MailScanner E-Mail Virus > Scanner version 4.38.10 starting... > Mar 11 09:13:51 hound2 MailScanner[32569]: Read 0 hostnames from the > phishing whitelist > Mar 11 09:13:52 hound2 MailScanner[32569]: Using locktype = flock > Mar 11 09:13:52 hound2 MailScanner[32569]: New Batch: Found 7 messages > waiting > Mar 11 09:13:52 hound2 MailScanner[32569]: New Batch: Scanning 4 > messages, 76453 bytes > Mar 11 09:13:52 hound2 MailScanner[32569]: Spam Checks: Starting > Mar 11 09:13:53 hound2 MailScanner[32569]: Message j2BDWFlG022760 from > 198.103.53.11 (desrochers.francine@tbs-sct.gc.ca) to pch.gc.ca is not > spam, SpamAssassin (score=-5.885, required 3.8, ALL_TRUSTED -3.30, AWL > 0.01, BAYES_00 -2.60, NO_REAL_NAME 0.01) > Mar 11 09:13:53 hound2 MailScanner[32569]: Message j2BD1WlG032202 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:13:54 hound2 MailScanner[32569]: Message j2BD70lG003667 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:13:55 hound2 MailScanner[32569]: Message j2AIHnlG010716 from > 206.191.0.217 (croutliffe@managers-gestionnaires.gc.ca) to pch.gc.ca is > not spam, SpamAssassin (score=-1.942, required 3.8, BAYES_00 -2.60, > HTML_FONT_BIG 0.14, HTML_FONT_FACE_BAD 0.04, HTML_MESSAGE 0.00, > HTTP_ESCAPED_HOST 0.48) > Mar 11 09:13:55 hound2 MailScanner[32569]: Virus and Content Scanning: > Starting > Mar 11 09:13:56 hound2 MailScanner[32569]: Filename Checks: Allowing > j2AIHnlG010716 msg-32569-6.html (no rule matched) > Mar 11 09:13:56 hound2 MailScanner[32569]: Filename Checks: Allowing > j2AIHnlG010716 msg-32569-5.txt > Mar 11 09:13:56 hound2 MailScanner[32569]: Filename Checks: Allowing > j2BD70lG003667 msg-32569-4.txt > Mar 11 09:13:56 hound2 MailScanner[32569]: Filename Checks: Allowing > j2BD1WlG032202 msg-32569-3.txt > Mar 11 09:13:56 hound2 MailScanner[32569]: Filename Checks: Allowing > j2BDWFlG022760 msg-32569-2.txt > Mar 11 09:13:56 hound2 MailScanner[32569]: Filename Checks: Allowing > j2BDWFlG022760 msg-32569-1.txt > Mar 11 09:13:56 hound2 MailScanner[32569]: tag found in message > j2AIHnlG010716 from croutliffe@managers-gestionnaires.gc.ca > Mar 11 09:13:56 hound2 MailScanner[32569]: Looked up unknown string > possiblefraudstart in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:13:56 hound2 MailScanner[32569]: Looked up unknown string > possiblefraudend in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:14:01 hound2 MailScanner[32592]: MailScanner E-Mail Virus > Scanner version 4.38.10 starting... > Mar 11 09:14:01 hound2 MailScanner[32592]: Read 0 hostnames from the > phishing whitelist > Mar 11 09:14:02 hound2 MailScanner[32592]: Using locktype = flock > Mar 11 09:14:02 hound2 MailScanner[32592]: New Batch: Found 7 messages > waiting > Mar 11 09:14:02 hound2 MailScanner[32592]: New Batch: Scanning 4 > messages, 76453 bytes > Mar 11 09:14:02 hound2 MailScanner[32592]: Spam Checks: Starting > Mar 11 09:14:03 hound2 MailScanner[32592]: Message j2BDWFlG022760 from > 198.103.53.11 (desrochers.francine@tbs-sct.gc.ca) to pch.gc.ca is not > spam, SpamAssassin (score=-5.885, required 3.8, ALL_TRUSTED -3.30, AWL > 0.01, BAYES_00 -2.60, NO_REAL_NAME 0.01) > Mar 11 09:14:03 hound2 MailScanner[32592]: Message j2BD1WlG032202 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:14:04 hound2 MailScanner[32592]: Message j2BD70lG003667 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:14:05 hound2 MailScanner[32592]: Message j2AIHnlG010716 from > 206.191.0.217 (croutliffe@managers-gestionnaires.gc.ca) to pch.gc.ca is > not spam, SpamAssassin (score=-1.942, required 3.8, BAYES_00 -2.60, > HTML_FONT_BIG 0.14, HTML_FONT_FACE_BAD 0.04, HTML_MESSAGE 0.00, > HTTP_ESCAPED_HOST 0.48) > Mar 11 09:14:05 hound2 MailScanner[32592]: Virus and Content Scanning: > Starting > Mar 11 09:14:06 hound2 MailScanner[32592]: Filename Checks: Allowing > j2AIHnlG010716 msg-32592-6.html (no rule matched) > Mar 11 09:14:06 hound2 MailScanner[32592]: Filename Checks: Allowing > j2AIHnlG010716 msg-32592-5.txt > Mar 11 09:14:06 hound2 MailScanner[32592]: Filename Checks: Allowing > j2BD70lG003667 msg-32592-4.txt > Mar 11 09:14:06 hound2 MailScanner[32592]: Filename Checks: Allowing > j2BD1WlG032202 msg-32592-3.txt > Mar 11 09:14:06 hound2 MailScanner[32592]: Filename Checks: Allowing > j2BDWFlG022760 msg-32592-2.txt > Mar 11 09:14:06 hound2 MailScanner[32592]: Filename Checks: Allowing > j2BDWFlG022760 msg-32592-1.txt > Mar 11 09:14:06 hound2 MailScanner[32592]: tag found in message > j2AIHnlG010716 from croutliffe@managers-gestionnaires.gc.ca > Mar 11 09:14:06 hound2 MailScanner[32592]: Looked up unknown string > possiblefraudstart in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:14:06 hound2 MailScanner[32592]: Looked up unknown string > possiblefraudend in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:14:11 hound2 MailScanner[32615]: MailScanner E-Mail Virus > Scanner version 4.38.10 starting... > Mar 11 09:14:11 hound2 MailScanner[32615]: Read 0 hostnames from the > phishing whitelist > Mar 11 09:14:12 hound2 MailScanner[32615]: Using locktype = flock > Mar 11 09:14:12 hound2 MailScanner[32615]: New Batch: Found 7 messages > waiting > Mar 11 09:14:12 hound2 MailScanner[32615]: New Batch: Scanning 4 > messages, 76453 bytes > Mar 11 09:14:12 hound2 MailScanner[32615]: Spam Checks: Starting > Mar 11 09:14:13 hound2 MailScanner[32615]: Message j2BDWFlG022760 from > 198.103.53.11 (desrochers.francine@tbs-sct.gc.ca) to pch.gc.ca is not > spam, SpamAssassin (score=-5.885, required 3.8, ALL_TRUSTED -3.30, AWL > 0.01, BAYES_00 -2.60, NO_REAL_NAME 0.01) > Mar 11 09:14:13 hound2 MailScanner[32615]: Message j2BD1WlG032202 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:14:14 hound2 MailScanner[32615]: Message j2BD70lG003667 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:14:15 hound2 MailScanner[32615]: Message j2AIHnlG010716 from > 206.191.0.217 (croutliffe@managers-gestionnaires.gc.ca) to pch.gc.ca is > not spam, SpamAssassin (score=-1.942, required 3.8, BAYES_00 -2.60, > HTML_FONT_BIG 0.14, HTML_FONT_FACE_BAD 0.04, HTML_MESSAGE 0.00, > HTTP_ESCAPED_HOST 0.48) > Mar 11 09:14:15 hound2 MailScanner[32615]: Virus and Content Scanning: > Starting > Mar 11 09:14:16 hound2 MailScanner[32615]: Filename Checks: Allowing > j2AIHnlG010716 msg-32615-6.html (no rule matched) > Mar 11 09:14:16 hound2 MailScanner[32615]: Filename Checks: Allowing > j2AIHnlG010716 msg-32615-5.txt > Mar 11 09:14:16 hound2 MailScanner[32615]: Filename Checks: Allowing > j2BD70lG003667 msg-32615-4.txt > Mar 11 09:14:16 hound2 MailScanner[32615]: Filename Checks: Allowing > j2BD1WlG032202 msg-32615-3.txt > Mar 11 09:14:16 hound2 MailScanner[32615]: Filename Checks: Allowing > j2BDWFlG022760 msg-32615-2.txt > Mar 11 09:14:16 hound2 MailScanner[32615]: Filename Checks: Allowing > j2BDWFlG022760 msg-32615-1.txt > Mar 11 09:14:16 hound2 MailScanner[32615]: tag found in message > j2AIHnlG010716 from croutliffe@managers-gestionnaires.gc.ca > Mar 11 09:14:16 hound2 MailScanner[32615]: Looked up unknown string > possiblefraudstart in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:14:16 hound2 MailScanner[32615]: Looked up unknown string > possiblefraudend in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:14:21 hound2 MailScanner[32638]: MailScanner E-Mail Virus > Scanner version 4.38.10 starting... > Mar 11 09:14:21 hound2 MailScanner[32638]: Read 0 hostnames from the > phishing whitelist > Mar 11 09:14:22 hound2 MailScanner[32638]: Using locktype = flock > Mar 11 09:14:22 hound2 MailScanner[32638]: New Batch: Found 7 messages > waiting > Mar 11 09:14:22 hound2 MailScanner[32638]: New Batch: Scanning 4 > messages, 76453 bytes > Mar 11 09:14:22 hound2 MailScanner[32638]: Spam Checks: Starting > Mar 11 09:14:23 hound2 MailScanner[32638]: Message j2BDWFlG022760 from > 198.103.53.11 (desrochers.francine@tbs-sct.gc.ca) to pch.gc.ca is not > spam, SpamAssassin (score=-5.885, required 3.8, ALL_TRUSTED -3.30, AWL > 0.01, BAYES_00 -2.60, NO_REAL_NAME 0.01) > Mar 11 09:14:23 hound2 MailScanner[32638]: Message j2BD1WlG032202 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:14:24 hound2 MailScanner[32638]: Message j2BD70lG003667 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:14:25 hound2 MailScanner[32638]: Message j2AIHnlG010716 from > 206.191.0.217 (croutliffe@managers-gestionnaires.gc.ca) to pch.gc.ca is > not spam, SpamAssassin (score=-1.942, required 3.8, BAYES_00 -2.60, > HTML_FONT_BIG 0.14, HTML_FONT_FACE_BAD 0.04, HTML_MESSAGE 0.00, > HTTP_ESCAPED_HOST 0.48) > Mar 11 09:14:25 hound2 MailScanner[32638]: Virus and Content Scanning: > Starting > Mar 11 09:14:26 hound2 MailScanner[32638]: Filename Checks: Allowing > j2AIHnlG010716 msg-32638-6.html (no rule matched) > Mar 11 09:14:26 hound2 MailScanner[32638]: Filename Checks: Allowing > j2AIHnlG010716 msg-32638-5.txt > Mar 11 09:14:26 hound2 MailScanner[32638]: Filename Checks: Allowing > j2BD70lG003667 msg-32638-4.txt > Mar 11 09:14:26 hound2 MailScanner[32638]: Filename Checks: Allowing > j2BD1WlG032202 msg-32638-3.txt > Mar 11 09:14:26 hound2 MailScanner[32638]: Filename Checks: Allowing > j2BDWFlG022760 msg-32638-2.txt > Mar 11 09:14:26 hound2 MailScanner[32638]: Filename Checks: Allowing > j2BDWFlG022760 msg-32638-1.txt > Mar 11 09:14:26 hound2 MailScanner[32638]: tag found in message > j2AIHnlG010716 from croutliffe@managers-gestionnaires.gc.ca > Mar 11 09:14:26 hound2 MailScanner[32638]: Looked up unknown string > possiblefraudstart in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:14:26 hound2 MailScanner[32638]: Looked up unknown string > possiblefraudend in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:14:31 hound2 MailScanner[32661]: MailScanner E-Mail Virus > Scanner version 4.38.10 starting... > Mar 11 09:14:31 hound2 MailScanner[32661]: Read 0 hostnames from the > phishing whitelist > Mar 11 09:14:32 hound2 MailScanner[32661]: Using locktype = flock > Mar 11 09:14:32 hound2 MailScanner[32661]: New Batch: Found 7 messages > waiting > Mar 11 09:14:32 hound2 MailScanner[32661]: New Batch: Scanning 4 > messages, 76453 bytes > Mar 11 09:14:32 hound2 MailScanner[32661]: Spam Checks: Starting > > I hope someone has an idea, because I don't. > > Thanks in advance.... > > > Danny > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Mar 21 16:18:48 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:08 2006 Subject: Emails get stuck in the incoming queue (mqueue.in) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Are your mqueue and mqueue.in on a hardware partition (I'm a bit worried by /var/log/"loop") and they are on the same partition? What version of sendmail are you using? What is your "Lock Type" set to in MailScanner.conf? Danny Beland wrote: >We are running MailScanner 4.38.10 with spamassassin 3.0.2, clamav and >mcafee. Our problem is that emails get stuck in the incoming queue causing >MailScanner to get those files over and over again. We closed the incoming >queue and MailScanner loops. Maybe I forgot a setting somewhere. We >installed MS, SA and ClamAV from the RPMs provided by the MailScanner >website. >I stopped the incoming queue so that no new emails are coming in. >This is the content of the mqueue.in and mqueue folders: > >hound2:/var/log/loop # ls -la mqueue >total 85 >drwx------ 3 root root 528 Mar 11 09:20 . >drwx------ 4 root root 128 Mar 11 09:20 .. >drwx------ 11 root root 264 Feb 28 04:54 .hoststat >-rw------- 1 root root 11535 Mar 9 13:56 dfj29GuSOn015376 >-rw------- 1 root mail 5277 Mar 10 08:21 dfj2ADLKAi001665 >-rw------- 1 root mail 1566 Mar 10 20:04 dfj2AN4nlH012744 >-rw------- 1 root mail 1419 Mar 10 21:07 dfj2B06tlH020255 >-rw------- 1 root root 16958 Mar 11 01:31 dfj2B4VnlH013823 >-rw------- 1 root mail 1894 Mar 11 03:50 dfj2B6nulH028200 >-rw------- 1 root mail 1719 Mar 11 04:28 dfj2B7RulH017216 >-rw------- 1 root mail 1397 Mar 11 09:09 qfj29GuSOn015376 >-rw------- 1 root mail 1003 Mar 11 09:07 qfj2ADLKAi001665 >-rw------- 1 root mail 1269 Mar 11 09:07 qfj2AN4nlH012744 >-rw------- 1 root mail 1255 Mar 11 09:05 qfj2B06tlH020255 >-rw------- 1 root mail 1506 Mar 11 09:05 qfj2B4VnlH013823 >-rw------- 1 root mail 1257 Mar 11 09:05 qfj2B6nulH028200 >-rw------- 1 root mail 1237 Mar 11 09:05 qfj2B7RulH017216 >hound2:/var/log/loop # ls -la mqueue.in/ >total 1709 >drwx------ 3 root root 624 Mar 11 09:21 . >drwx------ 4 root root 128 Mar 11 09:20 .. >drwx------ 2 root root 48 Feb 2 16:03 .hoststat >-rw------- 1 root mail 57213 Mar 10 13:17 dfj2AIHnlG010716 >-rw------- 1 root mail 126976 Mar 11 06:47 dfj2BBc2lG006009 >-rw------- 1 root mail 110592 Mar 11 07:34 dfj2BCUelG009716 >-rw------- 1 root mail 8192 Mar 11 07:33 dfj2BCUplG009819 >-rw------- 1 root mail 3407 Mar 11 08:01 dfj2BD1WlG032202 >-rw------- 1 root mail 3407 Mar 11 08:07 dfj2BD70lG003667 >-rw------- 1 root mail 192512 Mar 11 08:35 dfj2BDL1lG014130 >-rw------- 1 root mail 937984 Mar 11 08:35 dfj2BDUwlG021826 >-rw------- 1 root mail 3343 Mar 11 08:32 dfj2BDWFlG022760 >-rw------- 1 root mail 294912 Mar 11 08:35 dfj2BDY2lG024043 >-rw------- 1 root mail 910 Mar 10 14:59 qfj2AHvElH029023 >-rw------- 1 root mail 5445 Mar 10 13:17 qfj2AIHnlG010716 >-rw------- 1 root mail 944 Mar 10 20:06 qfj2AN4nlH012744 >-rw------- 1 root mail 1006 Mar 10 20:18 qfj2ANIBlH021980 >-rw------- 1 root mail 1077 Mar 11 08:01 qfj2BD1WlG032202 >-rw------- 1 root mail 1068 Mar 11 08:07 qfj2BD70lG003667 >-rw------- 1 root mail 1493 Mar 11 08:32 qfj2BDWFlG022760 > >And this is the MailScanner log. As you can see it scans the same messages >over and over again. > > Mar 11 09:11:35 hound2 MailScanner[32246]: Virus and Content Scanning: > Starting > Mar 11 09:11:36 hound2 MailScanner[32246]: Filename Checks: Allowing > j2AIHnlG010716 msg-32246-6.html (no rule matched) > Mar 11 09:11:36 hound2 MailScanner[32246]: Filename Checks: Allowing > j2AIHnlG010716 msg-32246-5.txt > Mar 11 09:11:36 hound2 MailScanner[32246]: Filename Checks: Allowing > j2BD70lG003667 msg-32246-4.txt > Mar 11 09:11:36 hound2 MailScanner[32246]: Filename Checks: Allowing > j2BD1WlG032202 msg-32246-3.txt > Mar 11 09:11:36 hound2 MailScanner[32246]: Filename Checks: Allowing > j2BDWFlG022760 msg-32246-2.txt > Mar 11 09:11:36 hound2 MailScanner[32246]: Filename Checks: Allowing > j2BDWFlG022760 msg-32246-1.txt > Mar 11 09:11:36 hound2 MailScanner[32246]: tag found in message > j2AIHnlG010716 from croutliffe@managers-gestionnaires.gc.ca > Mar 11 09:11:36 hound2 MailScanner[32246]: Looked up unknown string > possiblefraudstart in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:11:36 hound2 MailScanner[32246]: Looked up unknown string > possiblefraudend in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:11:41 hound2 MailScanner[32270]: MailScanner E-Mail Virus > Scanner version 4.38.10 starting... > Mar 11 09:11:41 hound2 MailScanner[32270]: Read 0 hostnames from the > phishing whitelist > Mar 11 09:11:42 hound2 MailScanner[32270]: Using locktype = flock > Mar 11 09:11:42 hound2 MailScanner[32270]: New Batch: Found 7 messages > waiting > Mar 11 09:11:42 hound2 MailScanner[32270]: New Batch: Scanning 4 > messages, 76453 bytes > Mar 11 09:11:42 hound2 MailScanner[32270]: Spam Checks: Starting > Mar 11 09:11:47 hound2 MailScanner[32270]: Message j2BDWFlG022760 from > 198.103.53.11 (desrochers.francine@tbs-sct.gc.ca) to pch.gc.ca is not > spam, SpamAssassin (score=-5.884, required 3.8, ALL_TRUSTED -3.30, AWL > 0.01, BAYES_00 -2.60, NO_REAL_NAME 0.01) > Mar 11 09:11:47 hound2 MailScanner[32270]: Message j2BD1WlG032202 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:11:48 hound2 MailScanner[32270]: Message j2BD70lG003667 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:11:49 hound2 MailScanner[32270]: Message j2AIHnlG010716 from > 206.191.0.217 (croutliffe@managers-gestionnaires.gc.ca) to pch.gc.ca is > not spam, SpamAssassin (score=-1.942, required 3.8, BAYES_00 -2.60, > HTML_FONT_BIG 0.14, HTML_FONT_FACE_BAD 0.04, HTML_MESSAGE 0.00, > HTTP_ESCAPED_HOST 0.48) > Mar 11 09:11:49 hound2 MailScanner[32270]: Virus and Content Scanning: > Starting > Mar 11 09:11:50 hound2 MailScanner[32270]: Filename Checks: Allowing > j2AIHnlG010716 msg-32270-6.html (no rule matched) > Mar 11 09:11:50 hound2 MailScanner[32270]: Filename Checks: Allowing > j2AIHnlG010716 msg-32270-5.txt > Mar 11 09:11:50 hound2 MailScanner[32270]: Filename Checks: Allowing > j2BD70lG003667 msg-32270-4.txt > Mar 11 09:11:50 hound2 MailScanner[32270]: Filename Checks: Allowing > j2BD1WlG032202 msg-32270-3.txt > Mar 11 09:11:50 hound2 MailScanner[32270]: Filename Checks: Allowing > j2BDWFlG022760 msg-32270-2.txt > Mar 11 09:11:50 hound2 MailScanner[32270]: Filename Checks: Allowing > j2BDWFlG022760 msg-32270-1.txt > Mar 11 09:11:50 hound2 MailScanner[32270]: tag found in message > j2AIHnlG010716 from croutliffe@managers-gestionnaires.gc.ca > Mar 11 09:11:50 hound2 MailScanner[32270]: Looked up unknown string > possiblefraudstart in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:11:50 hound2 MailScanner[32270]: Looked up unknown string > possiblefraudend in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:11:51 hound2 MailScanner[32293]: MailScanner E-Mail Virus > Scanner version 4.38.10 starting... > Mar 11 09:11:51 hound2 MailScanner[32293]: Read 0 hostnames from the > phishing whitelist > Mar 11 09:11:52 hound2 MailScanner[32293]: Using locktype = flock > Mar 11 09:11:52 hound2 MailScanner[32293]: New Batch: Found 7 messages > waiting > Mar 11 09:11:52 hound2 MailScanner[32293]: New Batch: Scanning 4 > messages, 76453 bytes > Mar 11 09:11:52 hound2 MailScanner[32293]: Spam Checks: Starting > Mar 11 09:11:53 hound2 MailScanner[32293]: Message j2BDWFlG022760 from > 198.103.53.11 (desrochers.francine@tbs-sct.gc.ca) to pch.gc.ca is not > spam, SpamAssassin (score=-5.884, required 3.8, ALL_TRUSTED -3.30, AWL > 0.01, BAYES_00 -2.60, NO_REAL_NAME 0.01) > Mar 11 09:11:53 hound2 MailScanner[32293]: Message j2BD1WlG032202 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:11:54 hound2 MailScanner[32293]: Message j2BD70lG003667 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:11:55 hound2 MailScanner[32293]: Message j2AIHnlG010716 from > 206.191.0.217 (croutliffe@managers-gestionnaires.gc.ca) to pch.gc.ca is > not spam, SpamAssassin (score=-1.942, required 3.8, BAYES_00 -2.60, > HTML_FONT_BIG 0.14, HTML_FONT_FACE_BAD 0.04, HTML_MESSAGE 0.00, > HTTP_ESCAPED_HOST 0.48) > Mar 11 09:11:55 hound2 MailScanner[32293]: Virus and Content Scanning: > Starting > Mar 11 09:11:56 hound2 MailScanner[32293]: Filename Checks: Allowing > j2AIHnlG010716 msg-32293-6.html (no rule matched) > Mar 11 09:11:56 hound2 MailScanner[32293]: Filename Checks: Allowing > j2AIHnlG010716 msg-32293-5.txt > Mar 11 09:11:56 hound2 MailScanner[32293]: Filename Checks: Allowing > j2BD70lG003667 msg-32293-4.txt > Mar 11 09:11:56 hound2 MailScanner[32293]: Filename Checks: Allowing > j2BD1WlG032202 msg-32293-3.txt > Mar 11 09:11:56 hound2 MailScanner[32293]: Filename Checks: Allowing > j2BDWFlG022760 msg-32293-2.txt > Mar 11 09:11:56 hound2 MailScanner[32293]: Filename Checks: Allowing > j2BDWFlG022760 msg-32293-1.txt > Mar 11 09:11:56 hound2 MailScanner[32293]: tag found in message > j2AIHnlG010716 from croutliffe@managers-gestionnaires.gc.ca > Mar 11 09:11:56 hound2 MailScanner[32293]: Looked up unknown string > possiblefraudstart in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:11:56 hound2 MailScanner[32293]: Looked up unknown string > possiblefraudend in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:12:01 hound2 MailScanner[32316]: MailScanner E-Mail Virus > Scanner version 4.38.10 starting... > Mar 11 09:12:01 hound2 MailScanner[32316]: Read 0 hostnames from the > phishing whitelist > Mar 11 09:12:02 hound2 MailScanner[32316]: Using locktype = flock > Mar 11 09:12:02 hound2 MailScanner[32316]: New Batch: Found 7 messages > waiting > Mar 11 09:12:02 hound2 MailScanner[32316]: New Batch: Scanning 4 > messages, 76453 bytes > Mar 11 09:12:02 hound2 MailScanner[32316]: Spam Checks: Starting > Mar 11 09:12:03 hound2 MailScanner[32316]: Message j2BDWFlG022760 from > 198.103.53.11 (desrochers.francine@tbs-sct.gc.ca) to pch.gc.ca is not > spam, SpamAssassin (score=-5.884, required 3.8, ALL_TRUSTED -3.30, AWL > 0.01, BAYES_00 -2.60, NO_REAL_NAME 0.01) > Mar 11 09:12:03 hound2 MailScanner[32316]: Message j2BD1WlG032202 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:12:04 hound2 MailScanner[32316]: Message j2BD70lG003667 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:12:05 hound2 MailScanner[32316]: Message j2AIHnlG010716 from > 206.191.0.217 (croutliffe@managers-gestionnaires.gc.ca) to pch.gc.ca is > not spam, SpamAssassin (score=-1.942, required 3.8, BAYES_00 -2.60, > HTML_FONT_BIG 0.14, HTML_FONT_FACE_BAD 0.04, HTML_MESSAGE 0.00, > HTTP_ESCAPED_HOST 0.48) > Mar 11 09:12:05 hound2 MailScanner[32316]: Virus and Content Scanning: > Starting > Mar 11 09:12:06 hound2 MailScanner[32316]: Filename Checks: Allowing > j2AIHnlG010716 msg-32316-6.html (no rule matched) > Mar 11 09:12:06 hound2 MailScanner[32316]: Filename Checks: Allowing > j2AIHnlG010716 msg-32316-5.txt > Mar 11 09:12:06 hound2 MailScanner[32316]: Filename Checks: Allowing > j2BD70lG003667 msg-32316-4.txt > Mar 11 09:12:06 hound2 MailScanner[32316]: Filename Checks: Allowing > j2BD1WlG032202 msg-32316-3.txt > Mar 11 09:12:06 hound2 MailScanner[32316]: Filename Checks: Allowing > j2BDWFlG022760 msg-32316-2.txt > Mar 11 09:12:06 hound2 MailScanner[32316]: Filename Checks: Allowing > j2BDWFlG022760 msg-32316-1.txt > Mar 11 09:12:06 hound2 MailScanner[32316]: tag found in message > j2AIHnlG010716 from croutliffe@managers-gestionnaires.gc.ca > Mar 11 09:12:06 hound2 MailScanner[32316]: Looked up unknown string > possiblefraudstart in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:12:06 hound2 MailScanner[32316]: Looked up unknown string > possiblefraudend in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:12:11 hound2 MailScanner[32339]: MailScanner E-Mail Virus > Scanner version 4.38.10 starting... > Mar 11 09:12:11 hound2 MailScanner[32339]: Read 0 hostnames from the > phishing whitelist > Mar 11 09:12:12 hound2 MailScanner[32339]: Using locktype = flock > Mar 11 09:12:12 hound2 MailScanner[32339]: New Batch: Found 7 messages > waiting > Mar 11 09:12:12 hound2 MailScanner[32339]: New Batch: Scanning 4 > messages, 76453 bytes > Mar 11 09:12:12 hound2 MailScanner[32339]: Spam Checks: Starting > Mar 11 09:12:13 hound2 MailScanner[32339]: Message j2BDWFlG022760 from > 198.103.53.11 (desrochers.francine@tbs-sct.gc.ca) to pch.gc.ca is not > spam, SpamAssassin (score=-5.884, required 3.8, ALL_TRUSTED -3.30, AWL > 0.01, BAYES_00 -2.60, NO_REAL_NAME 0.01) > Mar 11 09:12:13 hound2 MailScanner[32339]: Message j2BD1WlG032202 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:12:14 hound2 MailScanner[32339]: Message j2BD70lG003667 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:12:15 hound2 MailScanner[32339]: Message j2AIHnlG010716 from > 206.191.0.217 (croutliffe@managers-gestionnaires.gc.ca) to pch.gc.ca is > not spam, SpamAssassin (score=-1.942, required 3.8, BAYES_00 -2.60, > HTML_FONT_BIG 0.14, HTML_FONT_FACE_BAD 0.04, HTML_MESSAGE 0.00, > HTTP_ESCAPED_HOST 0.48) > Mar 11 09:12:15 hound2 MailScanner[32339]: Virus and Content Scanning: > Starting > Mar 11 09:12:16 hound2 MailScanner[32339]: Filename Checks: Allowing > j2AIHnlG010716 msg-32339-6.html (no rule matched) > Mar 11 09:12:16 hound2 MailScanner[32339]: Filename Checks: Allowing > j2AIHnlG010716 msg-32339-5.txt > Mar 11 09:12:16 hound2 MailScanner[32339]: Filename Checks: Allowing > j2BD70lG003667 msg-32339-4.txt > Mar 11 09:12:16 hound2 MailScanner[32339]: Filename Checks: Allowing > j2BD1WlG032202 msg-32339-3.txt > Mar 11 09:12:16 hound2 MailScanner[32339]: Filename Checks: Allowing > j2BDWFlG022760 msg-32339-2.txt > Mar 11 09:12:16 hound2 MailScanner[32339]: Filename Checks: Allowing > j2BDWFlG022760 msg-32339-1.txt > Mar 11 09:12:16 hound2 MailScanner[32339]: tag found in message > j2AIHnlG010716 from croutliffe@managers-gestionnaires.gc.ca > Mar 11 09:12:16 hound2 MailScanner[32339]: Looked up unknown string > possiblefraudstart in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:12:16 hound2 MailScanner[32339]: Looked up unknown string > possiblefraudend in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:12:21 hound2 MailScanner[32362]: MailScanner E-Mail Virus > Scanner version 4.38.10 starting... > Mar 11 09:12:21 hound2 MailScanner[32362]: Read 0 hostnames from the > phishing whitelist > Mar 11 09:12:22 hound2 MailScanner[32362]: Using locktype = flock > Mar 11 09:12:22 hound2 MailScanner[32362]: New Batch: Found 7 messages > waiting > Mar 11 09:12:22 hound2 MailScanner[32362]: New Batch: Scanning 4 > messages, 76453 bytes > Mar 11 09:12:22 hound2 MailScanner[32362]: Spam Checks: Starting > Mar 11 09:12:23 hound2 MailScanner[32362]: Message j2BDWFlG022760 from > 198.103.53.11 (desrochers.francine@tbs-sct.gc.ca) to pch.gc.ca is not > spam, SpamAssassin (score=-5.884, required 3.8, ALL_TRUSTED -3.30, AWL > 0.01, BAYES_00 -2.60, NO_REAL_NAME 0.01) > Mar 11 09:12:23 hound2 MailScanner[32362]: Message j2BD1WlG032202 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:12:24 hound2 MailScanner[32362]: Message j2BD70lG003667 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:12:25 hound2 MailScanner[32362]: Message j2AIHnlG010716 from > 206.191.0.217 (croutliffe@managers-gestionnaires.gc.ca) to pch.gc.ca is > not spam, SpamAssassin (score=-1.942, required 3.8, BAYES_00 -2.60, > HTML_FONT_BIG 0.14, HTML_FONT_FACE_BAD 0.04, HTML_MESSAGE 0.00, > HTTP_ESCAPED_HOST 0.48) > Mar 11 09:12:25 hound2 MailScanner[32362]: Virus and Content Scanning: > Starting > Mar 11 09:12:26 hound2 MailScanner[32362]: Filename Checks: Allowing > j2AIHnlG010716 msg-32362-6.html (no rule matched) > Mar 11 09:12:26 hound2 MailScanner[32362]: Filename Checks: Allowing > j2AIHnlG010716 msg-32362-5.txt > Mar 11 09:12:26 hound2 MailScanner[32362]: Filename Checks: Allowing > j2BD70lG003667 msg-32362-4.txt > Mar 11 09:12:26 hound2 MailScanner[32362]: Filename Checks: Allowing > j2BD1WlG032202 msg-32362-3.txt > Mar 11 09:12:26 hound2 MailScanner[32362]: Filename Checks: Allowing > j2BDWFlG022760 msg-32362-2.txt > Mar 11 09:12:26 hound2 MailScanner[32362]: Filename Checks: Allowing > j2BDWFlG022760 msg-32362-1.txt > Mar 11 09:12:26 hound2 MailScanner[32362]: tag found in message > j2AIHnlG010716 from croutliffe@managers-gestionnaires.gc.ca > Mar 11 09:12:26 hound2 MailScanner[32362]: Looked up unknown string > possiblefraudstart in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:12:26 hound2 MailScanner[32362]: Looked up unknown string > possiblefraudend in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:12:31 hound2 MailScanner[32385]: MailScanner E-Mail Virus > Scanner version 4.38.10 starting... > Mar 11 09:12:31 hound2 MailScanner[32385]: Read 0 hostnames from the > phishing whitelist > Mar 11 09:12:32 hound2 MailScanner[32385]: Using locktype = flock > Mar 11 09:12:32 hound2 MailScanner[32385]: New Batch: Found 7 messages > waiting > Mar 11 09:12:32 hound2 MailScanner[32385]: New Batch: Scanning 4 > messages, 76453 bytes > Mar 11 09:12:32 hound2 MailScanner[32385]: Spam Checks: Starting > Mar 11 09:12:34 hound2 MailScanner[32385]: Message j2BDWFlG022760 from > 198.103.53.11 (desrochers.francine@tbs-sct.gc.ca) to pch.gc.ca is not > spam, SpamAssassin (score=-5.884, required 3.8, ALL_TRUSTED -3.30, AWL > 0.01, BAYES_00 -2.60, NO_REAL_NAME 0.01) > Mar 11 09:12:34 hound2 MailScanner[32385]: Message j2BD1WlG032202 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:12:35 hound2 MailScanner[32385]: Message j2BD70lG003667 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:12:36 hound2 MailScanner[32385]: Message j2AIHnlG010716 from > 206.191.0.217 (croutliffe@managers-gestionnaires.gc.ca) to pch.gc.ca is > not spam, SpamAssassin (score=-1.942, required 3.8, BAYES_00 -2.60, > HTML_FONT_BIG 0.14, HTML_FONT_FACE_BAD 0.04, HTML_MESSAGE 0.00, > HTTP_ESCAPED_HOST 0.48) > Mar 11 09:12:36 hound2 MailScanner[32385]: Virus and Content Scanning: > Starting > Mar 11 09:12:37 hound2 MailScanner[32385]: Filename Checks: Allowing > j2AIHnlG010716 msg-32385-6.html (no rule matched) > Mar 11 09:12:37 hound2 MailScanner[32385]: Filename Checks: Allowing > j2AIHnlG010716 msg-32385-5.txt > Mar 11 09:12:37 hound2 MailScanner[32385]: Filename Checks: Allowing > j2BD70lG003667 msg-32385-4.txt > Mar 11 09:12:37 hound2 MailScanner[32385]: Filename Checks: Allowing > j2BD1WlG032202 msg-32385-3.txt > Mar 11 09:12:37 hound2 MailScanner[32385]: Filename Checks: Allowing > j2BDWFlG022760 msg-32385-2.txt > Mar 11 09:12:37 hound2 MailScanner[32385]: Filename Checks: Allowing > j2BDWFlG022760 msg-32385-1.txt > Mar 11 09:12:37 hound2 MailScanner[32385]: tag found in message > j2AIHnlG010716 from croutliffe@managers-gestionnaires.gc.ca > Mar 11 09:12:37 hound2 MailScanner[32385]: Looked up unknown string > possiblefraudstart in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:12:37 hound2 MailScanner[32385]: Looked up unknown string > possiblefraudend in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:12:41 hound2 MailScanner[32408]: MailScanner E-Mail Virus > Scanner version 4.38.10 starting... > Mar 11 09:12:41 hound2 MailScanner[32408]: Read 0 hostnames from the > phishing whitelist > Mar 11 09:12:42 hound2 MailScanner[32408]: Using locktype = flock > Mar 11 09:12:42 hound2 MailScanner[32408]: New Batch: Found 7 messages > waiting > Mar 11 09:12:42 hound2 MailScanner[32408]: New Batch: Scanning 4 > messages, 76453 bytes > Mar 11 09:12:42 hound2 MailScanner[32408]: Spam Checks: Starting > Mar 11 09:12:43 hound2 MailScanner[32408]: Message j2BDWFlG022760 from > 198.103.53.11 (desrochers.francine@tbs-sct.gc.ca) to pch.gc.ca is not > spam, SpamAssassin (score=-5.884, required 3.8, ALL_TRUSTED -3.30, AWL > 0.01, BAYES_00 -2.60, NO_REAL_NAME 0.01) > Mar 11 09:12:43 hound2 MailScanner[32408]: Message j2BD1WlG032202 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:12:44 hound2 MailScanner[32408]: Message j2BD70lG003667 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:12:45 hound2 MailScanner[32408]: Message j2AIHnlG010716 from > 206.191.0.217 (croutliffe@managers-gestionnaires.gc.ca) to pch.gc.ca is > not spam, SpamAssassin (score=-1.942, required 3.8, BAYES_00 -2.60, > HTML_FONT_BIG 0.14, HTML_FONT_FACE_BAD 0.04, HTML_MESSAGE 0.00, > HTTP_ESCAPED_HOST 0.48) > Mar 11 09:12:45 hound2 MailScanner[32408]: Virus and Content Scanning: > Starting > Mar 11 09:12:46 hound2 MailScanner[32408]: Filename Checks: Allowing > j2AIHnlG010716 msg-32408-6.html (no rule matched) > Mar 11 09:12:46 hound2 MailScanner[32408]: Filename Checks: Allowing > j2AIHnlG010716 msg-32408-5.txt > Mar 11 09:12:46 hound2 MailScanner[32408]: Filename Checks: Allowing > j2BD70lG003667 msg-32408-4.txt > Mar 11 09:12:46 hound2 MailScanner[32408]: Filename Checks: Allowing > j2BD1WlG032202 msg-32408-3.txt > Mar 11 09:12:46 hound2 MailScanner[32408]: Filename Checks: Allowing > j2BDWFlG022760 msg-32408-2.txt > Mar 11 09:12:46 hound2 MailScanner[32408]: Filename Checks: Allowing > j2BDWFlG022760 msg-32408-1.txt > Mar 11 09:12:46 hound2 MailScanner[32408]: tag found in message > j2AIHnlG010716 from croutliffe@managers-gestionnaires.gc.ca > Mar 11 09:12:46 hound2 MailScanner[32408]: Looked up unknown string > possiblefraudstart in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:12:46 hound2 MailScanner[32408]: Looked up unknown string > possiblefraudend in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:12:51 hound2 MailScanner[32431]: MailScanner E-Mail Virus > Scanner version 4.38.10 starting... > Mar 11 09:12:51 hound2 MailScanner[32431]: Read 0 hostnames from the > phishing whitelist > Mar 11 09:12:52 hound2 MailScanner[32431]: Using locktype = flock > Mar 11 09:12:52 hound2 MailScanner[32431]: New Batch: Found 7 messages > waiting > Mar 11 09:12:52 hound2 MailScanner[32431]: New Batch: Scanning 4 > messages, 76453 bytes > Mar 11 09:12:52 hound2 MailScanner[32431]: Spam Checks: Starting > Mar 11 09:12:53 hound2 MailScanner[32431]: Message j2BDWFlG022760 from > 198.103.53.11 (desrochers.francine@tbs-sct.gc.ca) to pch.gc.ca is not > spam, SpamAssassin (score=-5.884, required 3.8, ALL_TRUSTED -3.30, AWL > 0.01, BAYES_00 -2.60, NO_REAL_NAME 0.01) > Mar 11 09:12:53 hound2 MailScanner[32431]: Message j2BD1WlG032202 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:12:54 hound2 MailScanner[32431]: Message j2BD70lG003667 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:12:55 hound2 MailScanner[32431]: Message j2AIHnlG010716 from > 206.191.0.217 (croutliffe@managers-gestionnaires.gc.ca) to pch.gc.ca is > not spam, SpamAssassin (score=-1.942, required 3.8, BAYES_00 -2.60, > HTML_FONT_BIG 0.14, HTML_FONT_FACE_BAD 0.04, HTML_MESSAGE 0.00, > HTTP_ESCAPED_HOST 0.48) > Mar 11 09:12:55 hound2 MailScanner[32431]: Virus and Content Scanning: > Starting > Mar 11 09:12:56 hound2 MailScanner[32431]: Filename Checks: Allowing > j2AIHnlG010716 msg-32431-6.html (no rule matched) > Mar 11 09:12:56 hound2 MailScanner[32431]: Filename Checks: Allowing > j2AIHnlG010716 msg-32431-5.txt > Mar 11 09:12:56 hound2 MailScanner[32431]: Filename Checks: Allowing > j2BD70lG003667 msg-32431-4.txt > Mar 11 09:12:56 hound2 MailScanner[32431]: Filename Checks: Allowing > j2BD1WlG032202 msg-32431-3.txt > Mar 11 09:12:56 hound2 MailScanner[32431]: Filename Checks: Allowing > j2BDWFlG022760 msg-32431-2.txt > Mar 11 09:12:56 hound2 MailScanner[32431]: Filename Checks: Allowing > j2BDWFlG022760 msg-32431-1.txt > Mar 11 09:12:56 hound2 MailScanner[32431]: tag found in message > j2AIHnlG010716 from croutliffe@managers-gestionnaires.gc.ca > Mar 11 09:12:56 hound2 MailScanner[32431]: Looked up unknown string > possiblefraudstart in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:12:56 hound2 MailScanner[32431]: Looked up unknown string > possiblefraudend in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:13:01 hound2 MailScanner[32454]: MailScanner E-Mail Virus > Scanner version 4.38.10 starting... > Mar 11 09:13:01 hound2 MailScanner[32454]: Read 0 hostnames from the > phishing whitelist > Mar 11 09:13:02 hound2 MailScanner[32454]: Using locktype = flock > Mar 11 09:13:02 hound2 MailScanner[32454]: New Batch: Found 7 messages > waiting > Mar 11 09:13:02 hound2 MailScanner[32454]: New Batch: Scanning 4 > messages, 76453 bytes > Mar 11 09:13:02 hound2 MailScanner[32454]: Spam Checks: Starting > Mar 11 09:13:03 hound2 MailScanner[32454]: Message j2BDWFlG022760 from > 198.103.53.11 (desrochers.francine@tbs-sct.gc.ca) to pch.gc.ca is not > spam, SpamAssassin (score=-5.884, required 3.8, ALL_TRUSTED -3.30, AWL > 0.01, BAYES_00 -2.60, NO_REAL_NAME 0.01) > Mar 11 09:13:03 hound2 MailScanner[32454]: Message j2BD1WlG032202 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:13:04 hound2 MailScanner[32454]: Message j2BD70lG003667 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:13:05 hound2 MailScanner[32454]: Message j2AIHnlG010716 from > 206.191.0.217 (croutliffe@managers-gestionnaires.gc.ca) to pch.gc.ca is > not spam, SpamAssassin (score=-1.942, required 3.8, BAYES_00 -2.60, > HTML_FONT_BIG 0.14, HTML_FONT_FACE_BAD 0.04, HTML_MESSAGE 0.00, > HTTP_ESCAPED_HOST 0.48) > Mar 11 09:13:05 hound2 MailScanner[32454]: Virus and Content Scanning: > Starting > Mar 11 09:13:06 hound2 MailScanner[32454]: Filename Checks: Allowing > j2AIHnlG010716 msg-32454-6.html (no rule matched) > Mar 11 09:13:06 hound2 MailScanner[32454]: Filename Checks: Allowing > j2AIHnlG010716 msg-32454-5.txt > Mar 11 09:13:06 hound2 MailScanner[32454]: Filename Checks: Allowing > j2BD70lG003667 msg-32454-4.txt > Mar 11 09:13:06 hound2 MailScanner[32454]: Filename Checks: Allowing > j2BD1WlG032202 msg-32454-3.txt > Mar 11 09:13:06 hound2 MailScanner[32454]: Filename Checks: Allowing > j2BDWFlG022760 msg-32454-2.txt > Mar 11 09:13:06 hound2 MailScanner[32454]: Filename Checks: Allowing > j2BDWFlG022760 msg-32454-1.txt > Mar 11 09:13:06 hound2 MailScanner[32454]: tag found in message > j2AIHnlG010716 from croutliffe@managers-gestionnaires.gc.ca > Mar 11 09:13:06 hound2 MailScanner[32454]: Looked up unknown string > possiblefraudstart in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:13:06 hound2 MailScanner[32454]: Looked up unknown string > possiblefraudend in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:13:11 hound2 MailScanner[32477]: MailScanner E-Mail Virus > Scanner version 4.38.10 starting... > Mar 11 09:13:11 hound2 MailScanner[32477]: Read 0 hostnames from the > phishing whitelist > Mar 11 09:13:12 hound2 MailScanner[32477]: Using locktype = flock > Mar 11 09:13:12 hound2 MailScanner[32477]: New Batch: Found 7 messages > waiting > Mar 11 09:13:12 hound2 MailScanner[32477]: New Batch: Scanning 4 > messages, 76453 bytes > Mar 11 09:13:12 hound2 MailScanner[32477]: Spam Checks: Starting > Mar 11 09:13:13 hound2 MailScanner[32477]: Message j2BDWFlG022760 from > 198.103.53.11 (desrochers.francine@tbs-sct.gc.ca) to pch.gc.ca is not > spam, SpamAssassin (score=-5.884, required 3.8, ALL_TRUSTED -3.30, AWL > 0.01, BAYES_00 -2.60, NO_REAL_NAME 0.01) > Mar 11 09:13:13 hound2 MailScanner[32477]: Message j2BD1WlG032202 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:13:14 hound2 MailScanner[32477]: Message j2BD70lG003667 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:13:15 hound2 MailScanner[32477]: Message j2AIHnlG010716 from > 206.191.0.217 (croutliffe@managers-gestionnaires.gc.ca) to pch.gc.ca is > not spam, SpamAssassin (score=-1.942, required 3.8, BAYES_00 -2.60, > HTML_FONT_BIG 0.14, HTML_FONT_FACE_BAD 0.04, HTML_MESSAGE 0.00, > HTTP_ESCAPED_HOST 0.48) > Mar 11 09:13:15 hound2 MailScanner[32477]: Virus and Content Scanning: > Starting > Mar 11 09:13:16 hound2 MailScanner[32477]: Filename Checks: Allowing > j2AIHnlG010716 msg-32477-6.html (no rule matched) > Mar 11 09:13:16 hound2 MailScanner[32477]: Filename Checks: Allowing > j2AIHnlG010716 msg-32477-5.txt > Mar 11 09:13:16 hound2 MailScanner[32477]: Filename Checks: Allowing > j2BD70lG003667 msg-32477-4.txt > Mar 11 09:13:16 hound2 MailScanner[32477]: Filename Checks: Allowing > j2BD1WlG032202 msg-32477-3.txt > Mar 11 09:13:16 hound2 MailScanner[32477]: Filename Checks: Allowing > j2BDWFlG022760 msg-32477-2.txt > Mar 11 09:13:16 hound2 MailScanner[32477]: Filename Checks: Allowing > j2BDWFlG022760 msg-32477-1.txt > Mar 11 09:13:16 hound2 MailScanner[32477]: tag found in message > j2AIHnlG010716 from croutliffe@managers-gestionnaires.gc.ca > Mar 11 09:13:16 hound2 MailScanner[32477]: Looked up unknown string > possiblefraudstart in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:13:16 hound2 MailScanner[32477]: Looked up unknown string > possiblefraudend in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:13:21 hound2 MailScanner[32500]: MailScanner E-Mail Virus > Scanner version 4.38.10 starting... > Mar 11 09:13:21 hound2 MailScanner[32500]: Read 0 hostnames from the > phishing whitelist > Mar 11 09:13:22 hound2 MailScanner[32500]: Using locktype = flock > Mar 11 09:13:22 hound2 MailScanner[32500]: New Batch: Found 7 messages > waiting > Mar 11 09:13:22 hound2 MailScanner[32500]: New Batch: Scanning 4 > messages, 76453 bytes > Mar 11 09:13:22 hound2 MailScanner[32500]: Spam Checks: Starting > Mar 11 09:13:23 hound2 MailScanner[32500]: Message j2BDWFlG022760 from > 198.103.53.11 (desrochers.francine@tbs-sct.gc.ca) to pch.gc.ca is not > spam, SpamAssassin (score=-5.884, required 3.8, ALL_TRUSTED -3.30, AWL > 0.01, BAYES_00 -2.60, NO_REAL_NAME 0.01) > Mar 11 09:13:23 hound2 MailScanner[32500]: Message j2BD1WlG032202 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:13:24 hound2 MailScanner[32500]: Message j2BD70lG003667 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:13:25 hound2 MailScanner[32500]: Message j2AIHnlG010716 from > 206.191.0.217 (croutliffe@managers-gestionnaires.gc.ca) to pch.gc.ca is > not spam, SpamAssassin (score=-1.942, required 3.8, BAYES_00 -2.60, > HTML_FONT_BIG 0.14, HTML_FONT_FACE_BAD 0.04, HTML_MESSAGE 0.00, > HTTP_ESCAPED_HOST 0.48) > Mar 11 09:13:25 hound2 MailScanner[32500]: Virus and Content Scanning: > Starting > Mar 11 09:13:26 hound2 MailScanner[32500]: Filename Checks: Allowing > j2AIHnlG010716 msg-32500-6.html (no rule matched) > Mar 11 09:13:26 hound2 MailScanner[32500]: Filename Checks: Allowing > j2AIHnlG010716 msg-32500-5.txt > Mar 11 09:13:26 hound2 MailScanner[32500]: Filename Checks: Allowing > j2BD70lG003667 msg-32500-4.txt > Mar 11 09:13:26 hound2 MailScanner[32500]: Filename Checks: Allowing > j2BD1WlG032202 msg-32500-3.txt > Mar 11 09:13:26 hound2 MailScanner[32500]: Filename Checks: Allowing > j2BDWFlG022760 msg-32500-2.txt > Mar 11 09:13:26 hound2 MailScanner[32500]: Filename Checks: Allowing > j2BDWFlG022760 msg-32500-1.txt > Mar 11 09:13:26 hound2 MailScanner[32500]: tag found in message > j2AIHnlG010716 from croutliffe@managers-gestionnaires.gc.ca > Mar 11 09:13:26 hound2 MailScanner[32500]: Looked up unknown string > possiblefraudstart in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:13:26 hound2 MailScanner[32500]: Looked up unknown string > possiblefraudend in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:13:31 hound2 MailScanner[32523]: MailScanner E-Mail Virus > Scanner version 4.38.10 starting... > Mar 11 09:13:31 hound2 MailScanner[32523]: Read 0 hostnames from the > phishing whitelist > Mar 11 09:13:32 hound2 MailScanner[32523]: Using locktype = flock > Mar 11 09:13:32 hound2 MailScanner[32523]: New Batch: Found 7 messages > waiting > Mar 11 09:13:32 hound2 MailScanner[32523]: New Batch: Scanning 4 > messages, 76453 bytes > Mar 11 09:13:32 hound2 MailScanner[32523]: Spam Checks: Starting > Mar 11 09:13:33 hound2 MailScanner[32523]: Message j2BDWFlG022760 from > 198.103.53.11 (desrochers.francine@tbs-sct.gc.ca) to pch.gc.ca is not > spam, SpamAssassin (score=-5.884, required 3.8, ALL_TRUSTED -3.30, AWL > 0.01, BAYES_00 -2.60, NO_REAL_NAME 0.01) > Mar 11 09:13:33 hound2 MailScanner[32523]: Message j2BD1WlG032202 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:13:34 hound2 MailScanner[32523]: Message j2BD70lG003667 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:13:35 hound2 MailScanner[32523]: Message j2AIHnlG010716 from > 206.191.0.217 (croutliffe@managers-gestionnaires.gc.ca) to pch.gc.ca is > not spam, SpamAssassin (score=-1.942, required 3.8, BAYES_00 -2.60, > HTML_FONT_BIG 0.14, HTML_FONT_FACE_BAD 0.04, HTML_MESSAGE 0.00, > HTTP_ESCAPED_HOST 0.48) > Mar 11 09:13:35 hound2 MailScanner[32523]: Virus and Content Scanning: > Starting > Mar 11 09:13:36 hound2 MailScanner[32523]: Filename Checks: Allowing > j2AIHnlG010716 msg-32523-6.html (no rule matched) > Mar 11 09:13:36 hound2 MailScanner[32523]: Filename Checks: Allowing > j2AIHnlG010716 msg-32523-5.txt > Mar 11 09:13:36 hound2 MailScanner[32523]: Filename Checks: Allowing > j2BD70lG003667 msg-32523-4.txt > Mar 11 09:13:36 hound2 MailScanner[32523]: Filename Checks: Allowing > j2BD1WlG032202 msg-32523-3.txt > Mar 11 09:13:36 hound2 MailScanner[32523]: Filename Checks: Allowing > j2BDWFlG022760 msg-32523-2.txt > Mar 11 09:13:36 hound2 MailScanner[32523]: Filename Checks: Allowing > j2BDWFlG022760 msg-32523-1.txt > Mar 11 09:13:36 hound2 MailScanner[32523]: tag found in message > j2AIHnlG010716 from croutliffe@managers-gestionnaires.gc.ca > Mar 11 09:13:36 hound2 MailScanner[32523]: Looked up unknown string > possiblefraudstart in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:13:36 hound2 MailScanner[32523]: Looked up unknown string > possiblefraudend in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:13:41 hound2 MailScanner[32546]: MailScanner E-Mail Virus > Scanner version 4.38.10 starting... > Mar 11 09:13:41 hound2 MailScanner[32546]: Read 0 hostnames from the > phishing whitelist > Mar 11 09:13:42 hound2 MailScanner[32546]: Using locktype = flock > Mar 11 09:13:42 hound2 MailScanner[32546]: New Batch: Found 7 messages > waiting > Mar 11 09:13:42 hound2 MailScanner[32546]: New Batch: Scanning 4 > messages, 76453 bytes > Mar 11 09:13:42 hound2 MailScanner[32546]: Spam Checks: Starting > Mar 11 09:13:43 hound2 MailScanner[32546]: Message j2BDWFlG022760 from > 198.103.53.11 (desrochers.francine@tbs-sct.gc.ca) to pch.gc.ca is not > spam, SpamAssassin (score=-5.884, required 3.8, ALL_TRUSTED -3.30, AWL > 0.01, BAYES_00 -2.60, NO_REAL_NAME 0.01) > Mar 11 09:13:43 hound2 MailScanner[32546]: Message j2BD1WlG032202 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:13:44 hound2 MailScanner[32546]: Message j2BD70lG003667 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:13:45 hound2 MailScanner[32546]: Message j2AIHnlG010716 from > 206.191.0.217 (croutliffe@managers-gestionnaires.gc.ca) to pch.gc.ca is > not spam, SpamAssassin (score=-1.942, required 3.8, BAYES_00 -2.60, > HTML_FONT_BIG 0.14, HTML_FONT_FACE_BAD 0.04, HTML_MESSAGE 0.00, > HTTP_ESCAPED_HOST 0.48) > Mar 11 09:13:45 hound2 MailScanner[32546]: Virus and Content Scanning: > Starting > Mar 11 09:13:46 hound2 MailScanner[32546]: Filename Checks: Allowing > j2AIHnlG010716 msg-32546-6.html (no rule matched) > Mar 11 09:13:46 hound2 MailScanner[32546]: Filename Checks: Allowing > j2AIHnlG010716 msg-32546-5.txt > Mar 11 09:13:46 hound2 MailScanner[32546]: Filename Checks: Allowing > j2BD70lG003667 msg-32546-4.txt > Mar 11 09:13:46 hound2 MailScanner[32546]: Filename Checks: Allowing > j2BD1WlG032202 msg-32546-3.txt > Mar 11 09:13:46 hound2 MailScanner[32546]: Filename Checks: Allowing > j2BDWFlG022760 msg-32546-2.txt > Mar 11 09:13:46 hound2 MailScanner[32546]: Filename Checks: Allowing > j2BDWFlG022760 msg-32546-1.txt > Mar 11 09:13:46 hound2 MailScanner[32546]: tag found in message > j2AIHnlG010716 from croutliffe@managers-gestionnaires.gc.ca > Mar 11 09:13:46 hound2 MailScanner[32546]: Looked up unknown string > possiblefraudstart in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:13:46 hound2 MailScanner[32546]: Looked up unknown string > possiblefraudend in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:13:51 hound2 MailScanner[32569]: MailScanner E-Mail Virus > Scanner version 4.38.10 starting... > Mar 11 09:13:51 hound2 MailScanner[32569]: Read 0 hostnames from the > phishing whitelist > Mar 11 09:13:52 hound2 MailScanner[32569]: Using locktype = flock > Mar 11 09:13:52 hound2 MailScanner[32569]: New Batch: Found 7 messages > waiting > Mar 11 09:13:52 hound2 MailScanner[32569]: New Batch: Scanning 4 > messages, 76453 bytes > Mar 11 09:13:52 hound2 MailScanner[32569]: Spam Checks: Starting > Mar 11 09:13:53 hound2 MailScanner[32569]: Message j2BDWFlG022760 from > 198.103.53.11 (desrochers.francine@tbs-sct.gc.ca) to pch.gc.ca is not > spam, SpamAssassin (score=-5.885, required 3.8, ALL_TRUSTED -3.30, AWL > 0.01, BAYES_00 -2.60, NO_REAL_NAME 0.01) > Mar 11 09:13:53 hound2 MailScanner[32569]: Message j2BD1WlG032202 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:13:54 hound2 MailScanner[32569]: Message j2BD70lG003667 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:13:55 hound2 MailScanner[32569]: Message j2AIHnlG010716 from > 206.191.0.217 (croutliffe@managers-gestionnaires.gc.ca) to pch.gc.ca is > not spam, SpamAssassin (score=-1.942, required 3.8, BAYES_00 -2.60, > HTML_FONT_BIG 0.14, HTML_FONT_FACE_BAD 0.04, HTML_MESSAGE 0.00, > HTTP_ESCAPED_HOST 0.48) > Mar 11 09:13:55 hound2 MailScanner[32569]: Virus and Content Scanning: > Starting > Mar 11 09:13:56 hound2 MailScanner[32569]: Filename Checks: Allowing > j2AIHnlG010716 msg-32569-6.html (no rule matched) > Mar 11 09:13:56 hound2 MailScanner[32569]: Filename Checks: Allowing > j2AIHnlG010716 msg-32569-5.txt > Mar 11 09:13:56 hound2 MailScanner[32569]: Filename Checks: Allowing > j2BD70lG003667 msg-32569-4.txt > Mar 11 09:13:56 hound2 MailScanner[32569]: Filename Checks: Allowing > j2BD1WlG032202 msg-32569-3.txt > Mar 11 09:13:56 hound2 MailScanner[32569]: Filename Checks: Allowing > j2BDWFlG022760 msg-32569-2.txt > Mar 11 09:13:56 hound2 MailScanner[32569]: Filename Checks: Allowing > j2BDWFlG022760 msg-32569-1.txt > Mar 11 09:13:56 hound2 MailScanner[32569]: tag found in message > j2AIHnlG010716 from croutliffe@managers-gestionnaires.gc.ca > Mar 11 09:13:56 hound2 MailScanner[32569]: Looked up unknown string > possiblefraudstart in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:13:56 hound2 MailScanner[32569]: Looked up unknown string > possiblefraudend in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:14:01 hound2 MailScanner[32592]: MailScanner E-Mail Virus > Scanner version 4.38.10 starting... > Mar 11 09:14:01 hound2 MailScanner[32592]: Read 0 hostnames from the > phishing whitelist > Mar 11 09:14:02 hound2 MailScanner[32592]: Using locktype = flock > Mar 11 09:14:02 hound2 MailScanner[32592]: New Batch: Found 7 messages > waiting > Mar 11 09:14:02 hound2 MailScanner[32592]: New Batch: Scanning 4 > messages, 76453 bytes > Mar 11 09:14:02 hound2 MailScanner[32592]: Spam Checks: Starting > Mar 11 09:14:03 hound2 MailScanner[32592]: Message j2BDWFlG022760 from > 198.103.53.11 (desrochers.francine@tbs-sct.gc.ca) to pch.gc.ca is not > spam, SpamAssassin (score=-5.885, required 3.8, ALL_TRUSTED -3.30, AWL > 0.01, BAYES_00 -2.60, NO_REAL_NAME 0.01) > Mar 11 09:14:03 hound2 MailScanner[32592]: Message j2BD1WlG032202 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:14:04 hound2 MailScanner[32592]: Message j2BD70lG003667 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:14:05 hound2 MailScanner[32592]: Message j2AIHnlG010716 from > 206.191.0.217 (croutliffe@managers-gestionnaires.gc.ca) to pch.gc.ca is > not spam, SpamAssassin (score=-1.942, required 3.8, BAYES_00 -2.60, > HTML_FONT_BIG 0.14, HTML_FONT_FACE_BAD 0.04, HTML_MESSAGE 0.00, > HTTP_ESCAPED_HOST 0.48) > Mar 11 09:14:05 hound2 MailScanner[32592]: Virus and Content Scanning: > Starting > Mar 11 09:14:06 hound2 MailScanner[32592]: Filename Checks: Allowing > j2AIHnlG010716 msg-32592-6.html (no rule matched) > Mar 11 09:14:06 hound2 MailScanner[32592]: Filename Checks: Allowing > j2AIHnlG010716 msg-32592-5.txt > Mar 11 09:14:06 hound2 MailScanner[32592]: Filename Checks: Allowing > j2BD70lG003667 msg-32592-4.txt > Mar 11 09:14:06 hound2 MailScanner[32592]: Filename Checks: Allowing > j2BD1WlG032202 msg-32592-3.txt > Mar 11 09:14:06 hound2 MailScanner[32592]: Filename Checks: Allowing > j2BDWFlG022760 msg-32592-2.txt > Mar 11 09:14:06 hound2 MailScanner[32592]: Filename Checks: Allowing > j2BDWFlG022760 msg-32592-1.txt > Mar 11 09:14:06 hound2 MailScanner[32592]: tag found in message > j2AIHnlG010716 from croutliffe@managers-gestionnaires.gc.ca > Mar 11 09:14:06 hound2 MailScanner[32592]: Looked up unknown string > possiblefraudstart in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:14:06 hound2 MailScanner[32592]: Looked up unknown string > possiblefraudend in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:14:11 hound2 MailScanner[32615]: MailScanner E-Mail Virus > Scanner version 4.38.10 starting... > Mar 11 09:14:11 hound2 MailScanner[32615]: Read 0 hostnames from the > phishing whitelist > Mar 11 09:14:12 hound2 MailScanner[32615]: Using locktype = flock > Mar 11 09:14:12 hound2 MailScanner[32615]: New Batch: Found 7 messages > waiting > Mar 11 09:14:12 hound2 MailScanner[32615]: New Batch: Scanning 4 > messages, 76453 bytes > Mar 11 09:14:12 hound2 MailScanner[32615]: Spam Checks: Starting > Mar 11 09:14:13 hound2 MailScanner[32615]: Message j2BDWFlG022760 from > 198.103.53.11 (desrochers.francine@tbs-sct.gc.ca) to pch.gc.ca is not > spam, SpamAssassin (score=-5.885, required 3.8, ALL_TRUSTED -3.30, AWL > 0.01, BAYES_00 -2.60, NO_REAL_NAME 0.01) > Mar 11 09:14:13 hound2 MailScanner[32615]: Message j2BD1WlG032202 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:14:14 hound2 MailScanner[32615]: Message j2BD70lG003667 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:14:15 hound2 MailScanner[32615]: Message j2AIHnlG010716 from > 206.191.0.217 (croutliffe@managers-gestionnaires.gc.ca) to pch.gc.ca is > not spam, SpamAssassin (score=-1.942, required 3.8, BAYES_00 -2.60, > HTML_FONT_BIG 0.14, HTML_FONT_FACE_BAD 0.04, HTML_MESSAGE 0.00, > HTTP_ESCAPED_HOST 0.48) > Mar 11 09:14:15 hound2 MailScanner[32615]: Virus and Content Scanning: > Starting > Mar 11 09:14:16 hound2 MailScanner[32615]: Filename Checks: Allowing > j2AIHnlG010716 msg-32615-6.html (no rule matched) > Mar 11 09:14:16 hound2 MailScanner[32615]: Filename Checks: Allowing > j2AIHnlG010716 msg-32615-5.txt > Mar 11 09:14:16 hound2 MailScanner[32615]: Filename Checks: Allowing > j2BD70lG003667 msg-32615-4.txt > Mar 11 09:14:16 hound2 MailScanner[32615]: Filename Checks: Allowing > j2BD1WlG032202 msg-32615-3.txt > Mar 11 09:14:16 hound2 MailScanner[32615]: Filename Checks: Allowing > j2BDWFlG022760 msg-32615-2.txt > Mar 11 09:14:16 hound2 MailScanner[32615]: Filename Checks: Allowing > j2BDWFlG022760 msg-32615-1.txt > Mar 11 09:14:16 hound2 MailScanner[32615]: tag found in message > j2AIHnlG010716 from croutliffe@managers-gestionnaires.gc.ca > Mar 11 09:14:16 hound2 MailScanner[32615]: Looked up unknown string > possiblefraudstart in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:14:16 hound2 MailScanner[32615]: Looked up unknown string > possiblefraudend in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:14:21 hound2 MailScanner[32638]: MailScanner E-Mail Virus > Scanner version 4.38.10 starting... > Mar 11 09:14:21 hound2 MailScanner[32638]: Read 0 hostnames from the > phishing whitelist > Mar 11 09:14:22 hound2 MailScanner[32638]: Using locktype = flock > Mar 11 09:14:22 hound2 MailScanner[32638]: New Batch: Found 7 messages > waiting > Mar 11 09:14:22 hound2 MailScanner[32638]: New Batch: Scanning 4 > messages, 76453 bytes > Mar 11 09:14:22 hound2 MailScanner[32638]: Spam Checks: Starting > Mar 11 09:14:23 hound2 MailScanner[32638]: Message j2BDWFlG022760 from > 198.103.53.11 (desrochers.francine@tbs-sct.gc.ca) to pch.gc.ca is not > spam, SpamAssassin (score=-5.885, required 3.8, ALL_TRUSTED -3.30, AWL > 0.01, BAYES_00 -2.60, NO_REAL_NAME 0.01) > Mar 11 09:14:23 hound2 MailScanner[32638]: Message j2BD1WlG032202 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:14:24 hound2 MailScanner[32638]: Message j2BD70lG003667 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:14:25 hound2 MailScanner[32638]: Message j2AIHnlG010716 from > 206.191.0.217 (croutliffe@managers-gestionnaires.gc.ca) to pch.gc.ca is > not spam, SpamAssassin (score=-1.942, required 3.8, BAYES_00 -2.60, > HTML_FONT_BIG 0.14, HTML_FONT_FACE_BAD 0.04, HTML_MESSAGE 0.00, > HTTP_ESCAPED_HOST 0.48) > Mar 11 09:14:25 hound2 MailScanner[32638]: Virus and Content Scanning: > Starting > Mar 11 09:14:26 hound2 MailScanner[32638]: Filename Checks: Allowing > j2AIHnlG010716 msg-32638-6.html (no rule matched) > Mar 11 09:14:26 hound2 MailScanner[32638]: Filename Checks: Allowing > j2AIHnlG010716 msg-32638-5.txt > Mar 11 09:14:26 hound2 MailScanner[32638]: Filename Checks: Allowing > j2BD70lG003667 msg-32638-4.txt > Mar 11 09:14:26 hound2 MailScanner[32638]: Filename Checks: Allowing > j2BD1WlG032202 msg-32638-3.txt > Mar 11 09:14:26 hound2 MailScanner[32638]: Filename Checks: Allowing > j2BDWFlG022760 msg-32638-2.txt > Mar 11 09:14:26 hound2 MailScanner[32638]: Filename Checks: Allowing > j2BDWFlG022760 msg-32638-1.txt > Mar 11 09:14:26 hound2 MailScanner[32638]: tag found in message > j2AIHnlG010716 from croutliffe@managers-gestionnaires.gc.ca > Mar 11 09:14:26 hound2 MailScanner[32638]: Looked up unknown string > possiblefraudstart in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:14:26 hound2 MailScanner[32638]: Looked up unknown string > possiblefraudend in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:14:31 hound2 MailScanner[32661]: MailScanner E-Mail Virus > Scanner version 4.38.10 starting... > Mar 11 09:14:31 hound2 MailScanner[32661]: Read 0 hostnames from the > phishing whitelist > Mar 11 09:14:32 hound2 MailScanner[32661]: Using locktype = flock > Mar 11 09:14:32 hound2 MailScanner[32661]: New Batch: Found 7 messages > waiting > Mar 11 09:14:32 hound2 MailScanner[32661]: New Batch: Scanning 4 > messages, 76453 bytes > Mar 11 09:14:32 hound2 MailScanner[32661]: Spam Checks: Starting > >I hope someone has an idea, because I don't. > >Thanks in advance.... > > >Danny > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Mar 21 16:52:57 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:08 2006 Subject: 4.40.6, exim losing messages Message-ID: Jules upgraded to latest beta this morning and noticed if I have an email to a fair number of recipients MS seems to drop it. I noticed this whilst testing a new MailMan setup. If the distibution is a few users its OK, but once it gets around 30 it just disapears. things missing from the logs like the child's died, but it archives the message, then SQL logs it to MailWatch, then nothing until the MS child gets another go at the inbound queue. I get it logged to MailWatch, but there's no sign of it in the archive/nonspam and it doesn't get passed to the outgoing exim queue. This is exim 4.43 and FreeBSD 4.10. Any ideas? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Mar 21 17:06:53 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:08 2006 Subject: 4.40.6, exim losing messages Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Can you put it in Debug = yes mode and try to catch any error messages that appear please. Hopefully you can re-create the problem! The MailWatch logging is done right at the very end of the processing, so everything should already have been done by then. Martin Hepworth wrote: > Jules > > upgraded to latest beta this morning and noticed if I have an email to a > fair number of recipients MS seems to drop it. I noticed this whilst > testing a new MailMan setup. If the distibution is a few users its OK, > but once it gets around 30 it just disapears. > > things missing from the logs like the child's died, but it archives the > message, then SQL logs it to MailWatch, then nothing until the MS child > gets another go at the inbound queue. > > I get it logged to MailWatch, but there's no sign of it in the > archive/nonspam and it doesn't get passed to the outgoing exim queue. > > This is exim 4.43 and FreeBSD 4.10. > > Any ideas? > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From test at NEXTMILL.NET Mon Mar 21 17:10:36 2005 From: test at NEXTMILL.NET (Brian Lewis) Date: Thu Jan 12 21:29:08 2006 Subject: Mailscanner blocking legit .zip files Message-ID: Mailscanner is blocking .ZIP files that have a .exe in them! Well almost every zip file has a .exe, thus the problem! What could be configured wrong that would cause a .zip with .exe's inside it to be blocked? This is a message from the MailScanner E-Mail Virus Protection Service ---------------------------------------------------------------------- The original e-mail attachment "eNewsletterProEnterprise3Updates.zip" is on the list of unacceptable attachments for this site and has been replaced by this warning message. Due to limitations placed on us by the Regulation of Investigatory Powers Act 2000, we were unable to keep a copy of the original attachment. At Mon Mar 21 08:44:43 2005 the virus scanner said: MailScanner: Executable DOS/Windows programs are dangerous in email (eNewsletterProEngineBounces.exe) MailScanner: Executable DOS/Windows programs are dangerous in email (eNewsletterProEngine.exe) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From stefan.rapp at HRZ.UNI-DORTMUND.DE Mon Mar 21 17:00:16 2005 From: stefan.rapp at HRZ.UNI-DORTMUND.DE (Stefan Rapp) Date: Thu Jan 12 21:29:08 2006 Subject: Emails get stuck in the incoming queue (mqueue.in) Message-ID: We have also a problem with our installation over here. We see stuck mails in mqueue.in that are processed over and over again. The only solution is to move them away by hand. I tried to get some debug output from mailscanner using some of the offending mails (all of them are marked by our virus scanners). The last lines are: format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 568 format error: can't find EOCD signature at /opt/MailScanner/bin/MailScanner line 568 Can't call method "print" on an undefined value at /sw/sun4_59/cyrus-2.2.10/lib/ perl5/site_perl/5.8.6/MIME/Entity.pm line 1824. The corresponding lines from Entity.pm are: ### Singlepart type with parts... ### This makes $ent->print handle message/rfc822 bodies ### when parse_nested_messages('NEST') is on [idea by Marc Rouleau]. elsif ($self->parts) { my $need_sep = 0; my $part; foreach $part ($self->parts) { $out->print("\n\n") if $need_sep++; $part->print($out); } } I think the Mailscanner process gets aborted and the same mail are processed again from another process. Until now i didn't find a single message to reproduce the problem, perhaps tomorrow ... Stefan PS: Here is the version output: Running on SunOS mx2 5.9 Generic_118558-04 sun4u sparc SUNW,Sun-Fire-280R This is Perl version 5.008006 (5.8.6) This is MailScanner version 4.40.6 Module versions are: 1.00 AnyDBM_File 1.14 Archive::Zip 1.03 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.16 File::Temp 1.29 HTML::Entities 3.45 HTML::Parser 2.30 HTML::TokeParser 1.21 IO 1.10 IO::File 1.123 IO::Pipe 1.66 Mail::Header 3.05 MIME::Base64 5.417 MIME::Decoder 5.417 MIME::Decoder::UU 5.417 MIME::Head 5.417 MIME::Parser 3.03 MIME::QuotedPrint 5.417 MIME::Tools 0.10 Net::CIDR 1.08 POSIX 1.77 Socket 0.05 Sys::Syslog 1.02 Time::localtime Optional module versions are: 1.811 DB_File 1.10 Digest 1.01 Digest::HMAC 2.33 Digest::MD5 2.10 Digest::SHA1 0.44 Inline 0.17 Mail::ClamAV 3.000002 Mail::SpamAssassin 0.05 Sys::Syslog 1.02 Time::localtime Optional module versions are: 1.811 DB_File 1.10 Digest 1.01 Digest::HMAC 2.33 Digest::MD5 2.10 Digest::SHA1 0.44 Inline 0.17 Mail::ClamAV 3.000002 Mail::SpamAssassin 1.997 Mail::SPF::Query 0.15 Net::CIDR::Lite 0.48 Net::DNS 0.32 Net::LDAP 1.94 Parse::RecDescent 0.30 SAVI 1.2 Sys::Hostname::Long 2.46 Test::Harness 0.54 Test::Simple 1.95 Text::Balanced 1.35 URI +------------------------+--------------------------------------+ | Stefan Rapp | E-Mail: stefan.rapp@uni-dortmund.de | | Universitaet Dortmund | Phone: +49 231 755 4668 | | Hochschulrechenzentrum | Fax: +49 231 755 2731 | | D-44221 Dortmund | PGP-Key: 0xE01B0621 | +------------------------+--------------------------------------+ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From sconway at WLNET.COM Mon Mar 21 17:16:19 2005 From: sconway at WLNET.COM (Stephen Conway) Date: Thu Jan 12 21:29:08 2006 Subject: Multiple Patterns In Rules Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, thanks for the reply: So there is no functionality for 'not...' in the current rule set? Thanks, Steve -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Stephen Conway Sent: Friday, March 18, 2005 4:07 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Multiple Patterns In Rules Hello: We are trying to set up a rule, that will archive mail from a certain email address, to another email address, but we don't want to send the archived message if the message arrived from the 'Archive' address. Ex: FromOrTo: user@domain.com and not FromOrTo archive@domain.com archive@domain.com Please just confirm the proper syntax for 'Not' or the proper method to do what we are trying. We have look through the archives, but so far have not found the right rule. Any assistance is appreciated. Thanks, Steve Conway -- Visit us at CMA Shipping 2005 Booth # 72 Stamford, Connecticut March 21st thru March 23rd ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- Visit us at CMA Shipping 2005 Booth # 72 Stamford, Connecticut March 21st thru March 23rd ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Mar 21 17:15:08 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:08 2006 Subject: 4.40.6, exim losing messages Message-ID: Julian I was hoping you wouldn't say that, but hey here goes.. /opt/MailScanner/bin/check_mailscanner Starting MailScanner... In Debugging mode, not forking... SA bayes lock is /var/spool/spamassassin/bayes.lock Bayes lock is at /var/spool/spamassassin/bayes.lock INFO:: Meaningless output that goes nowhere, to keep SAVI happy commit ineffective with AutoCommit enabled at /opt/MailScanner/lib/MailScanner/CustomFunctions/MailWatch.pm line 89, line 85. Commmit ineffective while AutoCommit is on at /opt/MailScanner/lib/MailScanner/CustomFunctions/MailWatch.pm line 89, line 85. Stopping now as you are debugging me. hmm barf from the MW code...odd -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Julian Field wrote: > Can you put it in Debug = yes mode and try to catch any error messages > that appear please. Hopefully you can re-create the problem! > > The MailWatch logging is done right at the very end of the processing, > so everything should already have been done by then. > > Martin Hepworth wrote: > >> Jules >> >> upgraded to latest beta this morning and noticed if I have an email to a >> fair number of recipients MS seems to drop it. I noticed this whilst >> testing a new MailMan setup. If the distibution is a few users its OK, >> but once it gets around 30 it just disapears. >> >> things missing from the logs like the child's died, but it archives the >> message, then SQL logs it to MailWatch, then nothing until the MS child >> gets another go at the inbound queue. >> >> I get it logged to MailWatch, but there's no sign of it in the >> archive/nonspam and it doesn't get passed to the outgoing exim queue. >> >> This is exim 4.43 and FreeBSD 4.10. >> >> Any ideas? >> >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >> ********************************************************************** >> >> This email and any files transmitted with it are confidential and >> intended solely for the use of the individual or entity to whom they >> are addressed. If you have received this email in error please notify >> the system manager. >> >> This footnote confirms that this email message has been swept >> for the presence of computer viruses and is believed to be clean. >> >> ********************************************************************** >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Mar 21 17:23:39 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:09 2006 Subject: 4.40.6, exim losing messages Message-ID: (must stop using list as irc channel). still no joy with 4.40.5 , most odd as other large emails have ben goinf out this morning.....hmmm will investigate more.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Martin Hepworth wrote: > Julian > > what's odd it seemed to work fine with 4.40.5...... > > I'll backout and see what gives.. > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Martin Hepworth wrote: > >> Julian >> >> I was hoping you wouldn't say that, but hey here goes.. >> >> /opt/MailScanner/bin/check_mailscanner >> Starting MailScanner... >> In Debugging mode, not forking... >> SA bayes lock is /var/spool/spamassassin/bayes.lock >> Bayes lock is at /var/spool/spamassassin/bayes.lock >> INFO:: Meaningless output that goes nowhere, to keep SAVI happy >> commit ineffective with AutoCommit enabled at >> /opt/MailScanner/lib/MailScanner/CustomFunctions/MailWatch.pm line 89, >> line 85. >> Commmit ineffective while AutoCommit is on at >> /opt/MailScanner/lib/MailScanner/CustomFunctions/MailWatch.pm line 89, >> line 85. >> Stopping now as you are debugging me. >> >> hmm barf from the MW code...odd >> >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >> >> Julian Field wrote: >> >>> Can you put it in Debug = yes mode and try to catch any error messages >>> that appear please. Hopefully you can re-create the problem! >>> >>> The MailWatch logging is done right at the very end of the processing, >>> so everything should already have been done by then. >>> >>> Martin Hepworth wrote: >>> >>>> Jules >>>> >>>> upgraded to latest beta this morning and noticed if I have an email >>>> to a >>>> fair number of recipients MS seems to drop it. I noticed this whilst >>>> testing a new MailMan setup. If the distibution is a few users its OK, >>>> but once it gets around 30 it just disapears. >>>> >>>> things missing from the logs like the child's died, but it archives the >>>> message, then SQL logs it to MailWatch, then nothing until the MS child >>>> gets another go at the inbound queue. >>>> >>>> I get it logged to MailWatch, but there's no sign of it in the >>>> archive/nonspam and it doesn't get passed to the outgoing exim queue. >>>> >>>> This is exim 4.43 and FreeBSD 4.10. >>>> >>>> Any ideas? >>>> >>>> -- >>>> Martin Hepworth >>>> Snr Systems Administrator >>>> Solid State Logic >>>> Tel: +44 (0)1865 842300 >>>> >>>> ********************************************************************** >>>> >>>> This email and any files transmitted with it are confidential and >>>> intended solely for the use of the individual or entity to whom they >>>> are addressed. If you have received this email in error please notify >>>> the system manager. >>>> >>>> This footnote confirms that this email message has been swept >>>> for the presence of computer viruses and is believed to be clean. >>>> >>>> ********************************************************************** >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>> >>> -- >>> Julian Field >>> www.MailScanner.info >>> MailScanner thanks transtec Computers for their support >>> Buy the MailScanner book at www.MailScanner.info/store >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >> >> >> >> ********************************************************************** >> >> This email and any files transmitted with it are confidential and >> intended solely for the use of the individual or entity to whom they >> are addressed. If you have received this email in error please notify >> the system manager. >> >> This footnote confirms that this email message has been swept >> for the presence of computer viruses and is believed to be clean. >> >> ********************************************************************** >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Mar 21 17:20:07 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:09 2006 Subject: 4.40.6, exim losing messages Message-ID: Julian what's odd it seemed to work fine with 4.40.5...... I'll backout and see what gives.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Martin Hepworth wrote: > Julian > > I was hoping you wouldn't say that, but hey here goes.. > > /opt/MailScanner/bin/check_mailscanner > Starting MailScanner... > In Debugging mode, not forking... > SA bayes lock is /var/spool/spamassassin/bayes.lock > Bayes lock is at /var/spool/spamassassin/bayes.lock > INFO:: Meaningless output that goes nowhere, to keep SAVI happy > commit ineffective with AutoCommit enabled at > /opt/MailScanner/lib/MailScanner/CustomFunctions/MailWatch.pm line 89, > line 85. > Commmit ineffective while AutoCommit is on at > /opt/MailScanner/lib/MailScanner/CustomFunctions/MailWatch.pm line 89, > line 85. > Stopping now as you are debugging me. > > hmm barf from the MW code...odd > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Julian Field wrote: > >> Can you put it in Debug = yes mode and try to catch any error messages >> that appear please. Hopefully you can re-create the problem! >> >> The MailWatch logging is done right at the very end of the processing, >> so everything should already have been done by then. >> >> Martin Hepworth wrote: >> >>> Jules >>> >>> upgraded to latest beta this morning and noticed if I have an email to a >>> fair number of recipients MS seems to drop it. I noticed this whilst >>> testing a new MailMan setup. If the distibution is a few users its OK, >>> but once it gets around 30 it just disapears. >>> >>> things missing from the logs like the child's died, but it archives the >>> message, then SQL logs it to MailWatch, then nothing until the MS child >>> gets another go at the inbound queue. >>> >>> I get it logged to MailWatch, but there's no sign of it in the >>> archive/nonspam and it doesn't get passed to the outgoing exim queue. >>> >>> This is exim 4.43 and FreeBSD 4.10. >>> >>> Any ideas? >>> >>> -- >>> Martin Hepworth >>> Snr Systems Administrator >>> Solid State Logic >>> Tel: +44 (0)1865 842300 >>> >>> ********************************************************************** >>> >>> This email and any files transmitted with it are confidential and >>> intended solely for the use of the individual or entity to whom they >>> are addressed. If you have received this email in error please notify >>> the system manager. >>> >>> This footnote confirms that this email message has been swept >>> for the presence of computer viruses and is believed to be clean. >>> >>> ********************************************************************** >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> -- >> Julian Field >> www.MailScanner.info >> MailScanner thanks transtec Computers for their support >> Buy the MailScanner book at www.MailScanner.info/store >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Mar 21 17:27:25 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:09 2006 Subject: 4.40.6, exim losing messages Message-ID: Julian must be something odd with the headers as I've got someone sending out emails with 40+ recipients from Mozilla and it works fine.. I'll do some digging later and see if I can spot anything odd in the headers (apart from all the mailman stuff :-) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Martin Hepworth wrote: > (must stop using list as irc channel). > > still no joy with 4.40.5 , most odd as other large emails have ben goinf > out this morning.....hmmm will investigate more.. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Martin Hepworth wrote: > >> Julian >> >> what's odd it seemed to work fine with 4.40.5...... >> >> I'll backout and see what gives.. >> >> >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >> >> Martin Hepworth wrote: >> >>> Julian >>> >>> I was hoping you wouldn't say that, but hey here goes.. >>> >>> /opt/MailScanner/bin/check_mailscanner >>> Starting MailScanner... >>> In Debugging mode, not forking... >>> SA bayes lock is /var/spool/spamassassin/bayes.lock >>> Bayes lock is at /var/spool/spamassassin/bayes.lock >>> INFO:: Meaningless output that goes nowhere, to keep SAVI happy >>> commit ineffective with AutoCommit enabled at >>> /opt/MailScanner/lib/MailScanner/CustomFunctions/MailWatch.pm line 89, >>> line 85. >>> Commmit ineffective while AutoCommit is on at >>> /opt/MailScanner/lib/MailScanner/CustomFunctions/MailWatch.pm line 89, >>> line 85. >>> Stopping now as you are debugging me. >>> >>> hmm barf from the MW code...odd >>> >>> -- >>> Martin Hepworth >>> Snr Systems Administrator >>> Solid State Logic >>> Tel: +44 (0)1865 842300 >>> >>> >>> Julian Field wrote: >>> >>>> Can you put it in Debug = yes mode and try to catch any error messages >>>> that appear please. Hopefully you can re-create the problem! >>>> >>>> The MailWatch logging is done right at the very end of the processing, >>>> so everything should already have been done by then. >>>> >>>> Martin Hepworth wrote: >>>> >>>>> Jules >>>>> >>>>> upgraded to latest beta this morning and noticed if I have an email >>>>> to a >>>>> fair number of recipients MS seems to drop it. I noticed this whilst >>>>> testing a new MailMan setup. If the distibution is a few users its OK, >>>>> but once it gets around 30 it just disapears. >>>>> >>>>> things missing from the logs like the child's died, but it archives >>>>> the >>>>> message, then SQL logs it to MailWatch, then nothing until the MS >>>>> child >>>>> gets another go at the inbound queue. >>>>> >>>>> I get it logged to MailWatch, but there's no sign of it in the >>>>> archive/nonspam and it doesn't get passed to the outgoing exim queue. >>>>> >>>>> This is exim 4.43 and FreeBSD 4.10. >>>>> >>>>> Any ideas? >>>>> >>>>> -- >>>>> Martin Hepworth >>>>> Snr Systems Administrator >>>>> Solid State Logic >>>>> Tel: +44 (0)1865 842300 >>>>> >>>>> ********************************************************************** >>>>> >>>>> This email and any files transmitted with it are confidential and >>>>> intended solely for the use of the individual or entity to whom they >>>>> are addressed. If you have received this email in error please notify >>>>> the system manager. >>>>> >>>>> This footnote confirms that this email message has been swept >>>>> for the presence of computer viruses and is believed to be clean. >>>>> >>>>> ********************************************************************** >>>>> >>>>> ------------------------ MailScanner list ------------------------ >>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>> 'leave mailscanner' in the body of the email. >>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>>> >>>> >>>> -- >>>> Julian Field >>>> www.MailScanner.info >>>> MailScanner thanks transtec Computers for their support >>>> Buy the MailScanner book at www.MailScanner.info/store >>>> >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>> >>> >>> >>> >>> ********************************************************************** >>> >>> This email and any files transmitted with it are confidential and >>> intended solely for the use of the individual or entity to whom they >>> are addressed. If you have received this email in error please notify >>> the system manager. >>> >>> This footnote confirms that this email message has been swept >>> for the presence of computer viruses and is believed to be clean. >>> >>> ********************************************************************** >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >> >> >> >> ********************************************************************** >> >> This email and any files transmitted with it are confidential and >> intended solely for the use of the individual or entity to whom they >> are addressed. If you have received this email in error please notify >> the system manager. >> >> This footnote confirms that this email message has been swept >> for the presence of computer viruses and is believed to be clean. >> >> ********************************************************************** >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Mon Mar 21 17:28:36 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:09 2006 Subject: Mailscanner blocking legit .zip files Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Brian Lewis wrote: > Mailscanner is blocking .ZIP files that have a .exe in them! Well almost > every zip file has a .exe, thus the problem! What could be configured > wrong that would cause a .zip with .exe's inside it to be blocked? > If you read MailScanner.conf you will find the following; # The maximum depth to which zip archives will be unpacked, to allow for # checking filenames and filetypes within zip archives. # # Note: This setting does *not* affect virus scanning in archives at all. # # To disable this feature set this to 0. # A common useful setting is this option = 0, and Allow Password-Protected # Archives = no. That block password-protected archives but does not do # any filename/filetype checks on the files within the archive. Maximum Archive Depth = 0 -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Mar 21 18:02:02 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:09 2006 Subject: Emails get stuck in the incoming queue (mqueue.in) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] What are your "Spam Actions" and "High Scoring Spam Actions" set to? What MTA are you using? Stefan Rapp wrote: >We have also a problem with our installation over here. We see stuck >mails in mqueue.in that are processed over and over again. The only >solution is to move them away by hand. > >I tried to get some debug output from mailscanner using some of the >offending mails (all of them are marked by our virus scanners). The >last lines are: > >format error: can't find EOCD signature > at /opt/MailScanner/bin/MailScanner line 568 >format error: can't find EOCD signature > at /opt/MailScanner/bin/MailScanner line 568 >Can't call method "print" on an undefined value at /sw/sun4_59/cyrus-2.2.10/lib/ >perl5/site_perl/5.8.6/MIME/Entity.pm line 1824. > >The corresponding lines from Entity.pm are: > > ### Singlepart type with parts... > ### This makes $ent->print handle message/rfc822 bodies > ### when parse_nested_messages('NEST') is on [idea by Marc Rouleau]. > elsif ($self->parts) { > my $need_sep = 0; > my $part; > foreach $part ($self->parts) { > $out->print("\n\n") if $need_sep++; > $part->print($out); > } > } > >I think the Mailscanner process gets aborted and the same mail are >processed again from another process. Until now i didn't find a >single message to reproduce the problem, perhaps tomorrow ... > > Stefan > > >PS: Here is the version output: > >Running on >SunOS mx2 5.9 Generic_118558-04 sun4u sparc SUNW,Sun-Fire-280R >This is Perl version 5.008006 (5.8.6) > >This is MailScanner version 4.40.6 >Module versions are: >1.00 AnyDBM_File >1.14 Archive::Zip >1.03 Carp >1.119 Convert::BinHex >1.00 DirHandle >1.05 Fcntl >2.73 File::Basename >2.08 File::Copy >2.01 FileHandle >1.06 File::Path >0.16 File::Temp >1.29 HTML::Entities >3.45 HTML::Parser >2.30 HTML::TokeParser >1.21 IO >1.10 IO::File >1.123 IO::Pipe >1.66 Mail::Header >3.05 MIME::Base64 >5.417 MIME::Decoder >5.417 MIME::Decoder::UU >5.417 MIME::Head >5.417 MIME::Parser >3.03 MIME::QuotedPrint >5.417 MIME::Tools >0.10 Net::CIDR >1.08 POSIX >1.77 Socket >0.05 Sys::Syslog >1.02 Time::localtime > >Optional module versions are: >1.811 DB_File >1.10 Digest >1.01 Digest::HMAC >2.33 Digest::MD5 >2.10 Digest::SHA1 >0.44 Inline >0.17 Mail::ClamAV >3.000002 Mail::SpamAssassin >0.05 Sys::Syslog >1.02 Time::localtime > >Optional module versions are: >1.811 DB_File >1.10 Digest >1.01 Digest::HMAC >2.33 Digest::MD5 >2.10 Digest::SHA1 >0.44 Inline >0.17 Mail::ClamAV >3.000002 Mail::SpamAssassin >1.997 Mail::SPF::Query >0.15 Net::CIDR::Lite >0.48 Net::DNS >0.32 Net::LDAP >1.94 Parse::RecDescent >0.30 SAVI >1.2 Sys::Hostname::Long >2.46 Test::Harness >0.54 Test::Simple >1.95 Text::Balanced >1.35 URI > > >+------------------------+--------------------------------------+ >| Stefan Rapp | E-Mail: stefan.rapp@uni-dortmund.de | >| Universitaet Dortmund | Phone: +49 231 755 4668 | >| Hochschulrechenzentrum | Fax: +49 231 755 2731 | >| D-44221 Dortmund | PGP-Key: 0xE01B0621 | >+------------------------+--------------------------------------+ > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Mar 21 18:06:05 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:09 2006 Subject: Multiple Patterns In Rules Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Correct. Stephen Conway wrote: >Hello, thanks for the reply: > >So there is no functionality for 'not...' in the current rule set? > >Thanks, > >Steve > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf >Of Stephen Conway >Sent: Friday, March 18, 2005 4:07 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Multiple Patterns In Rules > >Hello: > >We are trying to set up a rule, that will archive mail from a certain email >address, to another email address, but we don't want to send the archived >message if the message arrived from the 'Archive' address. Ex: > >FromOrTo: user@domain.com and not FromOrTo archive@domain.com >archive@domain.com > >Please just confirm the proper syntax for 'Not' or the proper method to do >what we are trying. We have look through the archives, but so far have not >found the right rule. > >Any assistance is appreciated. > >Thanks, > >Steve Conway > > >-- >Visit us at CMA Shipping 2005 >Booth # 72 >Stamford, Connecticut >March 21st thru March 23rd > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > >-- >Visit us at CMA Shipping 2005 >Booth # 72 >Stamford, Connecticut >March 21st thru March 23rd > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Danny_Beland at PCH.GC.CA Mon Mar 21 18:33:08 2005 From: Danny_Beland at PCH.GC.CA (Danny Beland) Date: Thu Jan 12 21:29:09 2006 Subject: Emails get stuck in the incoming queue (mqueue.in) Message-ID: Both mqueue.in and mqueue are in /var/spool and are on the same partition (sorry /var/log/loop was only a folder where we put the output to research the problem). We are using sendmail 8.12.10 and the Lock Type is set to blank. Lock Type = Danny Julian Field To Sent by: MAILSCANNER@JISCMAIL.AC.UK MailScanner cc mailing list Re: Emails get stuck in the incoming queue (mqueue.in) 03/21/2005 11:18 AM Please respond to MailScanner mailing list > Mar 11 09:13:25 hound2 MailScanner[32500]: Virus and Content Scanning: > Starting > Mar 11 09:13:26 hound2 MailScanner[32500]: Filename Checks: Allowing > j2AIHnlG010716 msg-32500-6.html (no rule matched) > Mar 11 09:13:26 hound2 MailScanner[32500]: Filename Checks: Allowing > j2AIHnlG010716 msg-32500-5.txt > Mar 11 09:13:26 hound2 MailScanner[32500]: Filename Checks: Allowing > j2BD70lG003667 msg-32500-4.txt > Mar 11 09:13:26 hound2 MailScanner[32500]: Filename Checks: Allowing > j2BD1WlG032202 msg-32500-3.txt > Mar 11 09:13:26 hound2 MailScanner[32500]: Filename Checks: Allowing > j2BDWFlG022760 msg-32500-2.txt > Mar 11 09:13:26 hound2 MailScanner[32500]: Filename Checks: Allowing > j2BDWFlG022760 msg-32500-1.txt > Mar 11 09:13:26 hound2 MailScanner[32500]: tag found in message > j2AIHnlG010716 from croutliffe@managers-gestionnaires.gc.ca > Mar 11 09:13:26 hound2 MailScanner[32500]: Looked up unknown string > possiblefraudstart in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:13:26 hound2 MailScanner[32500]: Looked up unknown string > possiblefraudend in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:13:31 hound2 MailScanner[32523]: MailScanner E-Mail Virus > Scanner version 4.38.10 starting... > Mar 11 09:13:31 hound2 MailScanner[32523]: Read 0 hostnames from the > phishing whitelist > Mar 11 09:13:32 hound2 MailScanner[32523]: Using locktype = flock > Mar 11 09:13:32 hound2 MailScanner[32523]: New Batch: Found 7 messages > waiting > Mar 11 09:13:32 hound2 MailScanner[32523]: New Batch: Scanning 4 > messages, 76453 bytes > Mar 11 09:13:32 hound2 MailScanner[32523]: Spam Checks: Starting > Mar 11 09:13:33 hound2 MailScanner[32523]: Message j2BDWFlG022760 from > 198.103.53.11 (desrochers.francine@tbs-sct.gc.ca) to pch.gc.ca is not > spam, SpamAssassin (score=-5.884, required 3.8, ALL_TRUSTED -3.30, AWL > 0.01, BAYES_00 -2.60, NO_REAL_NAME 0.01) > Mar 11 09:13:33 hound2 MailScanner[32523]: Message j2BD1WlG032202 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:13:34 hound2 MailScanner[32523]: Message j2BD70lG003667 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:13:35 hound2 MailScanner[32523]: Message j2AIHnlG010716 from > 206.191.0.217 (croutliffe@managers-gestionnaires.gc.ca) to pch.gc.ca is > not spam, SpamAssassin (score=-1.942, required 3.8, BAYES_00 -2.60, > HTML_FONT_BIG 0.14, HTML_FONT_FACE_BAD 0.04, HTML_MESSAGE 0.00, > HTTP_ESCAPED_HOST 0.48) > Mar 11 09:13:35 hound2 MailScanner[32523]: Virus and Content Scanning: > Starting > Mar 11 09:13:36 hound2 MailScanner[32523]: Filename Checks: Allowing > j2AIHnlG010716 msg-32523-6.html (no rule matched) > Mar 11 09:13:36 hound2 MailScanner[32523]: Filename Checks: Allowing > j2AIHnlG010716 msg-32523-5.txt > Mar 11 09:13:36 hound2 MailScanner[32523]: Filename Checks: Allowing > j2BD70lG003667 msg-32523-4.txt > Mar 11 09:13:36 hound2 MailScanner[32523]: Filename Checks: Allowing > j2BD1WlG032202 msg-32523-3.txt > Mar 11 09:13:36 hound2 MailScanner[32523]: Filename Checks: Allowing > j2BDWFlG022760 msg-32523-2.txt > Mar 11 09:13:36 hound2 MailScanner[32523]: Filename Checks: Allowing > j2BDWFlG022760 msg-32523-1.txt > Mar 11 09:13:36 hound2 MailScanner[32523]: tag found in message > j2AIHnlG010716 from croutliffe@managers-gestionnaires.gc.ca > Mar 11 09:13:36 hound2 MailScanner[32523]: Looked up unknown string > possiblefraudstart in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:13:36 hound2 MailScanner[32523]: Looked up unknown string > possiblefraudend in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:13:41 hound2 MailScanner[32546]: MailScanner E-Mail Virus > Scanner version 4.38.10 starting... > Mar 11 09:13:41 hound2 MailScanner[32546]: Read 0 hostnames from the > phishing whitelist > Mar 11 09:13:42 hound2 MailScanner[32546]: Using locktype = flock > Mar 11 09:13:42 hound2 MailScanner[32546]: New Batch: Found 7 messages > waiting > Mar 11 09:13:42 hound2 MailScanner[32546]: New Batch: Scanning 4 > messages, 76453 bytes > Mar 11 09:13:42 hound2 MailScanner[32546]: Spam Checks: Starting > Mar 11 09:13:43 hound2 MailScanner[32546]: Message j2BDWFlG022760 from > 198.103.53.11 (desrochers.francine@tbs-sct.gc.ca) to pch.gc.ca is not > spam, SpamAssassin (score=-5.884, required 3.8, ALL_TRUSTED -3.30, AWL > 0.01, BAYES_00 -2.60, NO_REAL_NAME 0.01) > Mar 11 09:13:43 hound2 MailScanner[32546]: Message j2BD1WlG032202 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:13:44 hound2 MailScanner[32546]: Message j2BD70lG003667 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:13:45 hound2 MailScanner[32546]: Message j2AIHnlG010716 from > 206.191.0.217 (croutliffe@managers-gestionnaires.gc.ca) to pch.gc.ca is > not spam, SpamAssassin (score=-1.942, required 3.8, BAYES_00 -2.60, > HTML_FONT_BIG 0.14, HTML_FONT_FACE_BAD 0.04, HTML_MESSAGE 0.00, > HTTP_ESCAPED_HOST 0.48) > Mar 11 09:13:45 hound2 MailScanner[32546]: Virus and Content Scanning: > Starting > Mar 11 09:13:46 hound2 MailScanner[32546]: Filename Checks: Allowing > j2AIHnlG010716 msg-32546-6.html (no rule matched) > Mar 11 09:13:46 hound2 MailScanner[32546]: Filename Checks: Allowing > j2AIHnlG010716 msg-32546-5.txt > Mar 11 09:13:46 hound2 MailScanner[32546]: Filename Checks: Allowing > j2BD70lG003667 msg-32546-4.txt > Mar 11 09:13:46 hound2 MailScanner[32546]: Filename Checks: Allowing > j2BD1WlG032202 msg-32546-3.txt > Mar 11 09:13:46 hound2 MailScanner[32546]: Filename Checks: Allowing > j2BDWFlG022760 msg-32546-2.txt > Mar 11 09:13:46 hound2 MailScanner[32546]: Filename Checks: Allowing > j2BDWFlG022760 msg-32546-1.txt > Mar 11 09:13:46 hound2 MailScanner[32546]: tag found in message > j2AIHnlG010716 from croutliffe@managers-gestionnaires.gc.ca > Mar 11 09:13:46 hound2 MailScanner[32546]: Looked up unknown string > possiblefraudstart in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:13:46 hound2 MailScanner[32546]: Looked up unknown string > possiblefraudend in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:13:51 hound2 MailScanner[32569]: MailScanner E-Mail Virus > Scanner version 4.38.10 starting... > Mar 11 09:13:51 hound2 MailScanner[32569]: Read 0 hostnames from the > phishing whitelist > Mar 11 09:13:52 hound2 MailScanner[32569]: Using locktype = flock > Mar 11 09:13:52 hound2 MailScanner[32569]: New Batch: Found 7 messages > waiting > Mar 11 09:13:52 hound2 MailScanner[32569]: New Batch: Scanning 4 > messages, 76453 bytes > Mar 11 09:13:52 hound2 MailScanner[32569]: Spam Checks: Starting > Mar 11 09:13:53 hound2 MailScanner[32569]: Message j2BDWFlG022760 from > 198.103.53.11 (desrochers.francine@tbs-sct.gc.ca) to pch.gc.ca is not > spam, SpamAssassin (score=-5.885, required 3.8, ALL_TRUSTED -3.30, AWL > 0.01, BAYES_00 -2.60, NO_REAL_NAME 0.01) > Mar 11 09:13:53 hound2 MailScanner[32569]: Message j2BD1WlG032202 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:13:54 hound2 MailScanner[32569]: Message j2BD70lG003667 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:13:55 hound2 MailScanner[32569]: Message j2AIHnlG010716 from > 206.191.0.217 (croutliffe@managers-gestionnaires.gc.ca) to pch.gc.ca is > not spam, SpamAssassin (score=-1.942, required 3.8, BAYES_00 -2.60, > HTML_FONT_BIG 0.14, HTML_FONT_FACE_BAD 0.04, HTML_MESSAGE 0.00, > HTTP_ESCAPED_HOST 0.48) > Mar 11 09:13:55 hound2 MailScanner[32569]: Virus and Content Scanning: > Starting > Mar 11 09:13:56 hound2 MailScanner[32569]: Filename Checks: Allowing > j2AIHnlG010716 msg-32569-6.html (no rule matched) > Mar 11 09:13:56 hound2 MailScanner[32569]: Filename Checks: Allowing > j2AIHnlG010716 msg-32569-5.txt > Mar 11 09:13:56 hound2 MailScanner[32569]: Filename Checks: Allowing > j2BD70lG003667 msg-32569-4.txt > Mar 11 09:13:56 hound2 MailScanner[32569]: Filename Checks: Allowing > j2BD1WlG032202 msg-32569-3.txt > Mar 11 09:13:56 hound2 MailScanner[32569]: Filename Checks: Allowing > j2BDWFlG022760 msg-32569-2.txt > Mar 11 09:13:56 hound2 MailScanner[32569]: Filename Checks: Allowing > j2BDWFlG022760 msg-32569-1.txt > Mar 11 09:13:56 hound2 MailScanner[32569]: tag found in message > j2AIHnlG010716 from croutliffe@managers-gestionnaires.gc.ca > Mar 11 09:13:56 hound2 MailScanner[32569]: Looked up unknown string > possiblefraudstart in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:13:56 hound2 MailScanner[32569]: Looked up unknown string > possiblefraudend in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:14:01 hound2 MailScanner[32592]: MailScanner E-Mail Virus > Scanner version 4.38.10 starting... > Mar 11 09:14:01 hound2 MailScanner[32592]: Read 0 hostnames from the > phishing whitelist > Mar 11 09:14:02 hound2 MailScanner[32592]: Using locktype = flock > Mar 11 09:14:02 hound2 MailScanner[32592]: New Batch: Found 7 messages > waiting > Mar 11 09:14:02 hound2 MailScanner[32592]: New Batch: Scanning 4 > messages, 76453 bytes > Mar 11 09:14:02 hound2 MailScanner[32592]: Spam Checks: Starting > Mar 11 09:14:03 hound2 MailScanner[32592]: Message j2BDWFlG022760 from > 198.103.53.11 (desrochers.francine@tbs-sct.gc.ca) to pch.gc.ca is not > spam, SpamAssassin (score=-5.885, required 3.8, ALL_TRUSTED -3.30, AWL > 0.01, BAYES_00 -2.60, NO_REAL_NAME 0.01) > Mar 11 09:14:03 hound2 MailScanner[32592]: Message j2BD1WlG032202 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:14:04 hound2 MailScanner[32592]: Message j2BD70lG003667 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:14:05 hound2 MailScanner[32592]: Message j2AIHnlG010716 from > 206.191.0.217 (croutliffe@managers-gestionnaires.gc.ca) to pch.gc.ca is > not spam, SpamAssassin (score=-1.942, required 3.8, BAYES_00 -2.60, > HTML_FONT_BIG 0.14, HTML_FONT_FACE_BAD 0.04, HTML_MESSAGE 0.00, > HTTP_ESCAPED_HOST 0.48) > Mar 11 09:14:05 hound2 MailScanner[32592]: Virus and Content Scanning: > Starting > Mar 11 09:14:06 hound2 MailScanner[32592]: Filename Checks: Allowing > j2AIHnlG010716 msg-32592-6.html (no rule matched) > Mar 11 09:14:06 hound2 MailScanner[32592]: Filename Checks: Allowing > j2AIHnlG010716 msg-32592-5.txt > Mar 11 09:14:06 hound2 MailScanner[32592]: Filename Checks: Allowing > j2BD70lG003667 msg-32592-4.txt > Mar 11 09:14:06 hound2 MailScanner[32592]: Filename Checks: Allowing > j2BD1WlG032202 msg-32592-3.txt > Mar 11 09:14:06 hound2 MailScanner[32592]: Filename Checks: Allowing > j2BDWFlG022760 msg-32592-2.txt > Mar 11 09:14:06 hound2 MailScanner[32592]: Filename Checks: Allowing > j2BDWFlG022760 msg-32592-1.txt > Mar 11 09:14:06 hound2 MailScanner[32592]: tag found in message > j2AIHnlG010716 from croutliffe@managers-gestionnaires.gc.ca > Mar 11 09:14:06 hound2 MailScanner[32592]: Looked up unknown string > possiblefraudstart in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:14:06 hound2 MailScanner[32592]: Looked up unknown string > possiblefraudend in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:14:11 hound2 MailScanner[32615]: MailScanner E-Mail Virus > Scanner version 4.38.10 starting... > Mar 11 09:14:11 hound2 MailScanner[32615]: Read 0 hostnames from the > phishing whitelist > Mar 11 09:14:12 hound2 MailScanner[32615]: Using locktype = flock > Mar 11 09:14:12 hound2 MailScanner[32615]: New Batch: Found 7 messages > waiting > Mar 11 09:14:12 hound2 MailScanner[32615]: New Batch: Scanning 4 > messages, 76453 bytes > Mar 11 09:14:12 hound2 MailScanner[32615]: Spam Checks: Starting > Mar 11 09:14:13 hound2 MailScanner[32615]: Message j2BDWFlG022760 from > 198.103.53.11 (desrochers.francine@tbs-sct.gc.ca) to pch.gc.ca is not > spam, SpamAssassin (score=-5.885, required 3.8, ALL_TRUSTED -3.30, AWL > 0.01, BAYES_00 -2.60, NO_REAL_NAME 0.01) > Mar 11 09:14:13 hound2 MailScanner[32615]: Message j2BD1WlG032202 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:14:14 hound2 MailScanner[32615]: Message j2BD70lG003667 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:14:15 hound2 MailScanner[32615]: Message j2AIHnlG010716 from > 206.191.0.217 (croutliffe@managers-gestionnaires.gc.ca) to pch.gc.ca is > not spam, SpamAssassin (score=-1.942, required 3.8, BAYES_00 -2.60, > HTML_FONT_BIG 0.14, HTML_FONT_FACE_BAD 0.04, HTML_MESSAGE 0.00, > HTTP_ESCAPED_HOST 0.48) > Mar 11 09:14:15 hound2 MailScanner[32615]: Virus and Content Scanning: > Starting > Mar 11 09:14:16 hound2 MailScanner[32615]: Filename Checks: Allowing > j2AIHnlG010716 msg-32615-6.html (no rule matched) > Mar 11 09:14:16 hound2 MailScanner[32615]: Filename Checks: Allowing > j2AIHnlG010716 msg-32615-5.txt > Mar 11 09:14:16 hound2 MailScanner[32615]: Filename Checks: Allowing > j2BD70lG003667 msg-32615-4.txt > Mar 11 09:14:16 hound2 MailScanner[32615]: Filename Checks: Allowing > j2BD1WlG032202 msg-32615-3.txt > Mar 11 09:14:16 hound2 MailScanner[32615]: Filename Checks: Allowing > j2BDWFlG022760 msg-32615-2.txt > Mar 11 09:14:16 hound2 MailScanner[32615]: Filename Checks: Allowing > j2BDWFlG022760 msg-32615-1.txt > Mar 11 09:14:16 hound2 MailScanner[32615]: tag found in message > j2AIHnlG010716 from croutliffe@managers-gestionnaires.gc.ca > Mar 11 09:14:16 hound2 MailScanner[32615]: Looked up unknown string > possiblefraudstart in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:14:16 hound2 MailScanner[32615]: Looked up unknown string > possiblefraudend in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:14:21 hound2 MailScanner[32638]: MailScanner E-Mail Virus > Scanner version 4.38.10 starting... > Mar 11 09:14:21 hound2 MailScanner[32638]: Read 0 hostnames from the > phishing whitelist > Mar 11 09:14:22 hound2 MailScanner[32638]: Using locktype = flock > Mar 11 09:14:22 hound2 MailScanner[32638]: New Batch: Found 7 messages > waiting > Mar 11 09:14:22 hound2 MailScanner[32638]: New Batch: Scanning 4 > messages, 76453 bytes > Mar 11 09:14:22 hound2 MailScanner[32638]: Spam Checks: Starting > Mar 11 09:14:23 hound2 MailScanner[32638]: Message j2BDWFlG022760 from > 198.103.53.11 (desrochers.francine@tbs-sct.gc.ca) to pch.gc.ca is not > spam, SpamAssassin (score=-5.885, required 3.8, ALL_TRUSTED -3.30, AWL > 0.01, BAYES_00 -2.60, NO_REAL_NAME 0.01) > Mar 11 09:14:23 hound2 MailScanner[32638]: Message j2BD1WlG032202 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:14:24 hound2 MailScanner[32638]: Message j2BD70lG003667 from > 66.11.173.220 (communications@acfo-acaf.com) to pch.gc.ca is not spam, > SpamAssassin (score=-2.56, required 3.8, AWL 0.00, BAYES_00 -2.60, > MISSING_MIMEOLE 0.01, TO_ADDRESS_EQ_REAL 0.03) > Mar 11 09:14:25 hound2 MailScanner[32638]: Message j2AIHnlG010716 from > 206.191.0.217 (croutliffe@managers-gestionnaires.gc.ca) to pch.gc.ca is > not spam, SpamAssassin (score=-1.942, required 3.8, BAYES_00 -2.60, > HTML_FONT_BIG 0.14, HTML_FONT_FACE_BAD 0.04, HTML_MESSAGE 0.00, > HTTP_ESCAPED_HOST 0.48) > Mar 11 09:14:25 hound2 MailScanner[32638]: Virus and Content Scanning: > Starting > Mar 11 09:14:26 hound2 MailScanner[32638]: Filename Checks: Allowing > j2AIHnlG010716 msg-32638-6.html (no rule matched) > Mar 11 09:14:26 hound2 MailScanner[32638]: Filename Checks: Allowing > j2AIHnlG010716 msg-32638-5.txt > Mar 11 09:14:26 hound2 MailScanner[32638]: Filename Checks: Allowing > j2BD70lG003667 msg-32638-4.txt > Mar 11 09:14:26 hound2 MailScanner[32638]: Filename Checks: Allowing > j2BD1WlG032202 msg-32638-3.txt > Mar 11 09:14:26 hound2 MailScanner[32638]: Filename Checks: Allowing > j2BDWFlG022760 msg-32638-2.txt > Mar 11 09:14:26 hound2 MailScanner[32638]: Filename Checks: Allowing > j2BDWFlG022760 msg-32638-1.txt > Mar 11 09:14:26 hound2 MailScanner[32638]: tag found in message > j2AIHnlG010716 from croutliffe@managers-gestionnaires.gc.ca > Mar 11 09:14:26 hound2 MailScanner[32638]: Looked up unknown string > possiblefraudstart in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:14:26 hound2 MailScanner[32638]: Looked up unknown string > possiblefraudend in language translation file > /etc/MailScanner/reports/en/languages.conf > Mar 11 09:14:31 hound2 MailScanner[32661]: MailScanner E-Mail Virus > Scanner version 4.38.10 starting... > Mar 11 09:14:31 hound2 MailScanner[32661]: Read 0 hostnames from the > phishing whitelist > Mar 11 09:14:32 hound2 MailScanner[32661]: Using locktype = flock > Mar 11 09:14:32 hound2 MailScanner[32661]: New Batch: Found 7 messages > waiting > Mar 11 09:14:32 hound2 MailScanner[32661]: New Batch: Scanning 4 > messages, 76453 bytes > Mar 11 09:14:32 hound2 MailScanner[32661]: Spam Checks: Starting > >I hope someone has an idea, because I don't. > >Thanks in advance.... > > >Danny > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Mar 21 18:42:31 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:09 2006 Subject: feature request Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Craig White wrote: >If there's a way that I'm missing - then please correct me, but >otherwise, please consider this as a feature request... > >- filename.rules.conf > >instead of editing this file directly (and having to move it - make >corrections in new file from updates), having a file like >filename.rules.local.conf that op could put his own rules > >possibly the same thinking for filetype.rules.conf but I haven't edited >that file - maybe others that I haven't considered. > > I don't understand why you can't just edit the sample filename/type files I provide. They are only samples, I (possibly in vain) hope that people will edit these files to suit their local requirements. >- allow multiple header insertions... > >I tend to use X-SPAM-FLAG: = Yes > > See the "header" Spam Action. To quote from MailScanner.conf... # header "name: value" - Add the header # name: value # to the message. name must not contain any spaces. This can of course be used in "Non Spam Actions" too. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From taz at TAZ-MANIA.COM Tue Mar 22 02:07:55 2005 From: taz at TAZ-MANIA.COM (Dennis Willson) Date: Thu Jan 12 21:29:09 2006 Subject: Whitelist working strangely Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I recently downloaded the latest version of MailScanner and built a whole new system to replace my old one. I noticed that the whitelist works differently than it used to. While it doesn't mark anything on the list as spam, it still sends it to SpamAssassin to be scanned. Why do that if the email is whitelisted? The old one didn't This seems like a waste of CPU cycles. I searched the archives and didn't seen anything about this (however I could have missed it). Do I have the new MailScanner configured incorrectly, am I missing something or is this a bug? I would think that if somethings whitelisted, it should only be scanned for Viruses and not for Spam, no blacklist lookup, SpamAssassin or MCP. Use the minimum CPU cycles possible for something that's whitelisted. Thanks for any help -- ________________________________________________________________________________ [IMAGE] Dennis Willson taz@taz-mania.com taz@scubatech.org www.taz-mania.com Ham: KA6LSW GMRS: WPSJ953 SCUBA: Rescue, Wreck, Night, EANx, Nitrox Blender, UW Photographer, Equip, Altitude Life should not be a journey to the grave with the intention of arriving safely in a nice looking and well preserved body, but rather to skid in broadside, thoroughly used up, totally worn out, and loudly proclaiming, "WOW! WHAT A RIDE!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2.2, Image/GIF 866bytes. ] [ Unable to print this part. ] From stefan.rapp at HRZ.UNI-DORTMUND.DE Tue Mar 22 06:34:38 2005 From: stefan.rapp at HRZ.UNI-DORTMUND.DE (Stefan Rapp) Date: Thu Jan 12 21:29:09 2006 Subject: Emails get stuck in the incoming queue (mqueue.in) Message-ID: > What are your "Spam Actions" and "High Scoring Spam Actions" set to? > What MTA are you using? Spam Actions = deliver High Scoring Spam Actions = deliver Non Spam Actions = deliver Deliver Disinfected Files = no Still Deliver Silent Viruses = yes The MTA is sendmail 8.13.3. Stefan +------------------------+--------------------------------------+ | Stefan Rapp | E-Mail: stefan.rapp@uni-dortmund.de | | Universitaet Dortmund | Phone: +49 231 755 4668 | | Hochschulrechenzentrum | Fax: +49 231 755 2731 | | D-44221 Dortmund | PGP-Key: 0xE01B0621 | +------------------------+--------------------------------------+ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From m.sapsed at BANGOR.AC.UK Tue Mar 22 09:00:29 2005 From: m.sapsed at BANGOR.AC.UK (Martin Sapsed) Date: Thu Jan 12 21:29:09 2006 Subject: feature request Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > Craig White wrote: > >> If there's a way that I'm missing - then please correct me, but >> otherwise, please consider this as a feature request... >> >> - filename.rules.conf >> >> instead of editing this file directly (and having to move it - make >> corrections in new file from updates), having a file like >> filename.rules.local.conf that op could put his own rules >> >> possibly the same thinking for filetype.rules.conf but I haven't edited >> that file - maybe others that I haven't considered. >> > I don't understand why you can't just edit the sample filename/type > files I provide. They are only samples, I (possibly in vain) hope that > people will edit these files to suit their local requirements. Surely the other crucial thing about filename.rules is that the order of the rules is important, and some people comment out some of Julian's defaults. Trying to achieve those 2 things with 2 separate files would be well hard methinks? Cheers, Martin -- Martin Sapsed Microcomputer Support Manager Information Services "Who do you say that I am?" University of Wales, Bangor Jesus of Nazareth ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From danielk at AVALONPUB.COM Tue Mar 22 09:33:51 2005 From: danielk at AVALONPUB.COM (Daniel Kleinsinger) Date: Thu Jan 12 21:29:09 2006 Subject: Whitelist working strangely Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dennis Willson wrote: > I would think that if somethings whitelisted, it should only be > scanned for Viruses and not for Spam, no blacklist > lookup, SpamAssassin or MCP. Use the minimum CPU cycles possible for > something that's whitelisted. Check the setting: Always Include SpamAssassin Report = I think if it's set to "no" then it won't run SA on whitelisted messages. Daniel ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From stefan.rapp at HRZ.UNI-DORTMUND.DE Tue Mar 22 10:11:46 2005 From: stefan.rapp at HRZ.UNI-DORTMUND.DE (Stefan Rapp) Date: Thu Jan 12 21:29:09 2006 Subject: Emails get stuck in the incoming queue (mqueue.in) Message-ID: I think i now have a single message reproducing the problem (ClamAV says it is infected by HTML.Phishing.Bank-87). Only this message mqueue.in and Mailscanner in debug mode, the message is scanned and quaratined, but then the process exits with an error message and the queue files remain in mqueue.in. syslog: MailScanner E-Mail Virus Scanner version 4.40.6 starting... Enabling SpamAssassin auto-whitelist functionality... SophosSAVI 3.91 (engine 2.28) recognizing 101594 viruses SophosSAVI using 110 IDE files lock.pl sees Config LockType = flock lock.pl sees have_module = 0 Using locktype = flock New Batch: Scanning 1 messages, 9634 bytes Created attachment dirs for 1 messages Spam Checks: Starting SpamAssassin returned 0 Virus and Content Scanning: Starting Commencing scanning by sophossavi... Completed scanning by sophossavi Commencing scanning by clamavmodule... ClamAVModule::INFECTED:: HTML.Phishing.Bank-87:: ./j2L5c6It018505/msg-6796-2.html Completed scanning by clamavmodule Virus Scanning: ClamAV Module found 1 infections Infected message j2L5c6It018505 came from ... Virus Scanning: Found 1 viruses Saved entire message to /var/spool/MailScanner/quarantine/20050322/j2L5c6It018505 Saved infected "msg-6796-2.html" to /var/spool/MailScanner/quarantine/20050322/j2L5c6It018505 debug log: ... debug: auto-learn: currently using scoreset 3, recomputing score based on scoreset 1. debug: auto-learn: message score: -2.591, computed score for autolearn: 0.179 debug: auto-learn? ham=0.1, spam=12, body-points=0.001, head-points=0.178, learned-points=-2.599 debug: auto-learn? no: inside auto-learn thresholds, not considered ham or spam debug: is spam? score=-2.591 required=5 debug: tests=BAYES_00,HTML_MESSAGE,HTML_NONELEMENT_00_10,NO_REAL_NAME,SPF_HELO_PASS debug: subtests=__COMMENT_EXISTS,__CT,__CTYPE_HAS_BOUNDARY,__HAS_MSGID,__HAS_SUBJECT,__MAILMAN_21,__MIME_HTML,__MIME_VERSION,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__RFC_IGNORANT_ENVFROM,__SANE_MSGID,__TAG_EXISTS_HTML debug: auto-learn: currently using scoreset 3, recomputing score based on scoreset 1. debug: auto-learn: message score: -2.591, computed score for autolearn: 0.179 debug: auto-learn? ham=0.1, spam=12, body-points=0.001, head-points=0.178, learned-points=-2.599 debug: auto-learn? no: inside auto-learn thresholds, not considered ham or spam Can't call method "print" on an undefined value at /sw/sun4_59/cyrus-2.2.10/lib/perl5/site_perl/5.8.6/MIME/Entity.pm line 1824. If you need the message, i could try to send it to you (tarred, zipped, crypted to get through all filters?). Stefan +------------------------+--------------------------------------+ | Stefan Rapp | E-Mail: stefan.rapp@uni-dortmund.de | | Universitaet Dortmund | Phone: +49 231 755 4668 | | Hochschulrechenzentrum | Fax: +49 231 755 2731 | | D-44221 Dortmund | PGP-Key: 0xE01B0621 | +------------------------+--------------------------------------+ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dh at UPTIME.AT Tue Mar 22 10:23:05 2005 From: dh at UPTIME.AT ([ISO-8859-1] David Höhn) Date: Thu Jan 12 21:29:09 2006 Subject: Emails get stuck in the incoming queue (mqueue.in) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Stefan Rapp wrote: | I think i now have a single message reproducing the problem | (ClamAV says it is infected by HTML.Phishing.Bank-87). | Unless your Sendmail is explicitly compiled with -HASFLOCK (or was that - -DUSE_FLOCK) you will need to set: Using locktype = posix. - -d - -- nee anata wo mitsukete soshite nidoto wasurezu ~ donna ni munega itakutemo soba ni iru no ~ zutto...zutto...zutto Key fingerprint = FD77 F0B7 5C65 F546 EB08 A4EC 3CCA 1A32 7E24 291E -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (Darwin) iD8DBQFCP/IJPMoaMn4kKR4RA79dAKCPDyMSzA66MoW30h85cJJ82++4KACfSfDI Vrat49q5pig/EPmMGdy0mxQ= =7+rR -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From stefan.rapp at UNI-DORTMUND.DE Tue Mar 22 10:35:16 2005 From: stefan.rapp at UNI-DORTMUND.DE (stefan.rapp@UNI-DORTMUND.DE) Date: Thu Jan 12 21:29:09 2006 Subject: Emails get stuck in the incoming queue (mqueue.in) Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > Unless your Sendmail is explicitly compiled with -HASFLOCK (or was that > - -DUSE_FLOCK) you will need to set: > > Using locktype = posix. Sendmail wasn't active during the tests. So the problem must be within Mailscanner or the used modules. Stefan +------------------------+--------------------------------------+ | Stefan Rapp | E-Mail: stefan.rapp@uni-dortmund.de | | Universitaet Dortmund | Phone: +49 231 755 4668 | | Hochschulrechenzentrum | Fax: +49 231 755 2731 | | D-44221 Dortmund | PGP-Key: 0xE01B0621 | +------------------------+--------------------------------------+ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (HP-UX) Comment: Exmh version 2.7.2 01/07/2005 iQEVAwUBQj/05IaPZkjgGwYhAQIxJAf/TfoMilMklLxB9TQ3poa9aIjwprIe5+nj XOY448SBWtT+X3Sp0Fgu0ogxrXySjbKlVqeT6ujI0BS6G+AzBq9OgZAi1Ze4EkCE YVC7KeTadtUmB2awU0MW4rT/HVzFI0caJp2MLmDqbmAg/Lv6aXe5LoxuZHO9vM7E IxKtSJ5PYdgXVvu+u99NU27eHiRJ5TUCUAV/N4nLEIazqz3pI92pqMTV0YPXyiDw TBJGs3DzVcltLKDY0hANF2fIGJMAUqYWRRtMYOUnn5z7o5533vVkwB2WVDEppW1h iU8QBtu12qY9Bt7Z2Whz6/bFICNbs5rBAxQT0gTGOARVYmo3xsl8tg== =iN6s -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From stefan.rapp at HRZ.UNI-DORTMUND.DE Tue Mar 22 11:48:43 2005 From: stefan.rapp at HRZ.UNI-DORTMUND.DE (Stefan Rapp) Date: Thu Jan 12 21:29:09 2006 Subject: Emails get stuck in the incoming queue (mqueue.in) Message-ID: I digged a little further and experimented with the latest stable version of Mailscanner. Using Mailscanner 4.39.6 the message gets processed without problems. syslog: MailScanner E-Mail Virus Scanner version 4.39.6 starting... Enabling SpamAssassin auto-whitelist functionality... SophosSAVI 3.91 (engine 2.28) recognizing 101594 viruses SophosSAVI using 110 IDE files lock.pl sees Config LockType = flock lock.pl sees have_module = 0 Using locktype = flock New Batch: Scanning 1 messages, 9634 bytes Created attachment dirs for 1 messages Spam Checks: Starting SpamAssassin returned 0 Virus and Content Scanning: Starting Commencing scanning by sophossavi... Completed scanning by sophossavi Commencing scanning by clamavmodule... ClamAVModule::INFECTED:: HTML.Phishing.Bank-87:: ./j2L5c6It018505/msg-7117-2.html Completed scanning by clamavmodule Virus Scanning: ClamAV Module found 1 infections Infected message j2L5c6It018505 came from ... Virus Scanning: Found 1 viruses Saved entire message to /var/spool/MailScanner/quarantine/20050322/j2L5c6It018505 Saved infected "msg-7117-2.html" to /var/spool/MailScanner/quarantine/20050322/j2L5c6It018505 About to deliver 1 messages Silent: Delivered 1 messages containing silent viruses MailScanner child dying of old age debug log: ... debug: auto-learn: currently using scoreset 3, recomputing score based on scoreset 1. debug: auto-learn: message score: 3.11094736842105, computed score for autolearn: 0.179 debug: auto-learn? ham=0.1, spam=12, body-points=0.001, head-points=0.178, learned-points=-2.599 debug: auto-learn? no: inside auto-learn thresholds, not considered ham or spam debug: is spam? score=3.111 required=5 debug: tests=AWL,BAYES_00,HTML_MESSAGE,HTML_NONELEMENT_00_10,NO_REAL_NAME,SPF_HELO_PASS debug: subtests=__COMMENT_EXISTS,__CT,__CTYPE_HAS_BOUNDARY,__HAS_MSGID,__HAS_SUBJECT,__MAILMAN_21,__MIME_HTML,__MIME_VERSION,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__RFC_IGNORANT_ENVFROM,__SANE_MSGID,__TAG_EXISTS_HTML debug: auto-learn: currently using scoreset 3, recomputing score based on scoreset 1. debug: auto-learn: message score: 3.111, computed score for autolearn: 0.179 debug: auto-learn? ham=0.1, spam=12, body-points=0.001, head-points=0.178, learned-points=-2.599 debug: auto-learn? no: inside auto-learn thresholds, not considered ham or spam Stopping now as you are debugging me. Here Mailscanner delivers the message without error and completes normaly. It is just 4.40 that shows the problem. Stefan +------------------------+--------------------------------------+ | Stefan Rapp | E-Mail: stefan.rapp@uni-dortmund.de | | Universitaet Dortmund | Phone: +49 231 755 4668 | | Hochschulrechenzentrum | Fax: +49 231 755 2731 | | D-44221 Dortmund | PGP-Key: 0xE01B0621 | +------------------------+--------------------------------------+ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcel-ml at IRC-ADDICTS.DE Tue Mar 22 14:04:45 2005 From: marcel-ml at IRC-ADDICTS.DE (Marcel Blenkers) Date: Thu Jan 12 21:29:09 2006 Subject: Outstanding feature/fix requests? Message-ID: Hi there, [...] > Julian Field wrote on 7-3-2005 23:35: > > Do other people need this as well? It will mean yet another 2 > > configuration variables (one for spam, one for mcp) and a change to the > > current option covering this. > > Can't this be done with a ruleset? > > > > # When you quarantine an entire message, do you want to store it as > > > # raw mail queue files (so you can easily send them onto users) or > > > # as human-readable files (header then body in 1 file)? > > > Quarantine Whole Messages As Queue Files = no > > Put in the ruleset: > > virus:* yes > default no > tried that.. and got the following: Mar 22 14:59:51 marcel MailScanner[28861]: Syntax error in line 6 of ruleset file /etc/MailScanner/rules/queue.save.rules Mar 22 14:59:51 marcel MailScanner[28861]: Syntax error in first field in line 7 of ruleset /etc/MailScanner/rules/queue.save.rules These are my entries: MailScanner.conf: Quarantine Whole Messages As Queue Files = %rules-dir%/queue.save.rules and queue.save.rules: virus:* yes default no Guess, i did something wrong here.. MailScanner -v Running on Linux marcel 2.6.5-7.145-default #1 Thu Jan 27 09:19:29 UTC 2005 i686 athlon i386 GNU/Linux This is SuSE Linux 9.1 (i586) This is Perl version 5.008003 (5.8.3) Maybe someone got an idea here? Greetings Marcel ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Mar 22 15:05:18 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:09 2006 Subject: feature request Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Martin Sapsed wrote: > Julian Field wrote: > >> Craig White wrote: >> >>> If there's a way that I'm missing - then please correct me, but >>> otherwise, please consider this as a feature request... >>> >>> - filename.rules.conf >>> >>> instead of editing this file directly (and having to move it - make >>> corrections in new file from updates), having a file like >>> filename.rules.local.conf that op could put his own rules >>> >>> possibly the same thinking for filetype.rules.conf but I haven't edited >>> that file - maybe others that I haven't considered. >>> >> I don't understand why you can't just edit the sample filename/type >> files I provide. They are only samples, I (possibly in vain) hope that >> people will edit these files to suit their local requirements. > > > Surely the other crucial thing about filename.rules is that the order of > the rules is important, and some people comment out some of Julian's > defaults. Trying to achieve those 2 things with 2 separate files would > be well hard methinks? > Precisely. Also, if I choose to change my recommended/sample rules, and these get automatically imported into your setup, you will be changing your usage rules without even knowing it. Sounds very dangerous to me. If I add a load to the file, it will be mentioned in the Change Log for that distribution. I would consult that and compare rules when you see that I have changed it significantly. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From tonioli at gmail.com Tue Mar 22 15:19:28 2005 From: tonioli at gmail.com (Felipe Tonioli) Date: Thu Jan 12 21:29:09 2006 Subject: Blocking Unknow Users Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi All, Tks for the answers. I've tried to install milter but cant understand how he works... I'm using sendmail Brian and Rakesh answer that i can do this using sendmail only. blah@foo.com OK foo.com REJECT with the above example, blash@foo.com will be accepted right ? but what are you rejecting for foo.com ? can you explaim better for me ? this configuration will be addedd to access right ? tks in advance -- Felipe Tonioli ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Mar 22 15:27:04 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:09 2006 Subject: Emails get stuck in the incoming queue (mqueue.in) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have found a possible cause. Interesting that 4.39.6 doesn't suffer the problem. Please can you send me the message files (off-list). Stefan Rapp wrote: >I digged a little further and experimented with the latest >stable version of Mailscanner. Using Mailscanner 4.39.6 the >message gets processed without problems. > >syslog: > >MailScanner E-Mail Virus Scanner version 4.39.6 starting... >Enabling SpamAssassin auto-whitelist functionality... >SophosSAVI 3.91 (engine 2.28) recognizing 101594 viruses >SophosSAVI using 110 IDE files >lock.pl sees Config LockType = flock >lock.pl sees have_module = 0 >Using locktype = flock >New Batch: Scanning 1 messages, 9634 bytes >Created attachment dirs for 1 messages >Spam Checks: Starting >SpamAssassin returned 0 >Virus and Content Scanning: Starting >Commencing scanning by sophossavi... >Completed scanning by sophossavi >Commencing scanning by clamavmodule... >ClamAVModule::INFECTED:: HTML.Phishing.Bank-87:: ./j2L5c6It018505/msg-7117-2.html >Completed scanning by clamavmodule >Virus Scanning: ClamAV Module found 1 infections >Infected message j2L5c6It018505 came from ... >Virus Scanning: Found 1 viruses >Saved entire message to /var/spool/MailScanner/quarantine/20050322/j2L5c6It018505 >Saved infected "msg-7117-2.html" to /var/spool/MailScanner/quarantine/20050322/j2L5c6It018505 >About to deliver 1 messages >Silent: Delivered 1 messages containing silent viruses >MailScanner child dying of old age > > >debug log: > >... >debug: auto-learn: currently using scoreset 3, recomputing score based on scoreset 1. >debug: auto-learn: message score: 3.11094736842105, computed score for autolearn: 0.179 >debug: auto-learn? ham=0.1, spam=12, body-points=0.001, head-points=0.178, learned-points=-2.599 >debug: auto-learn? no: inside auto-learn thresholds, not considered ham or spam >debug: is spam? score=3.111 required=5 >debug: tests=AWL,BAYES_00,HTML_MESSAGE,HTML_NONELEMENT_00_10,NO_REAL_NAME,SPF_HELO_PASS >debug: subtests=__COMMENT_EXISTS,__CT,__CTYPE_HAS_BOUNDARY,__HAS_MSGID,__HAS_SUBJECT,__MAILMAN_21,__MIME_HTML,__MIME_VERSION,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__RFC_IGNORANT_ENVFROM,__SANE_MSGID,__TAG_EXISTS_HTML >debug: auto-learn: currently using scoreset 3, recomputing score based on scoreset 1. >debug: auto-learn: message score: 3.111, computed score for autolearn: 0.179 >debug: auto-learn? ham=0.1, spam=12, body-points=0.001, head-points=0.178, learned-points=-2.599 >debug: auto-learn? no: inside auto-learn thresholds, not considered ham or spam >Stopping now as you are debugging me. > > >Here Mailscanner delivers the message without error and completes >normaly. It is just 4.40 that shows the problem. > > > Stefan > >+------------------------+--------------------------------------+ >| Stefan Rapp | E-Mail: stefan.rapp@uni-dortmund.de | >| Universitaet Dortmund | Phone: +49 231 755 4668 | >| Hochschulrechenzentrum | Fax: +49 231 755 2731 | >| D-44221 Dortmund | PGP-Key: 0xE01B0621 | >+------------------------+--------------------------------------+ > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Mar 22 15:28:12 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:09 2006 Subject: Outstanding feature/fix requests? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Marcel Blenkers wrote: >Hi there, > >[...] > > > >>Julian Field wrote on 7-3-2005 23:35: >> >> >>>Do other people need this as well? It will mean yet another 2 >>>configuration variables (one for spam, one for mcp) and a change to the >>>current option covering this. >>> >>> >>Can't this be done with a ruleset? >> >> >> >>>># When you quarantine an entire message, do you want to store it as >>>># raw mail queue files (so you can easily send them onto users) or >>>># as human-readable files (header then body in 1 file)? >>>>Quarantine Whole Messages As Queue Files = no >>>> >>>> >>Put in the ruleset: >> >>virus:* yes >>default no >> >> Neither of those are valid ruleset entries. Try this instead. virus * yes FromOrTo default no >> >> >tried that.. > >and got the following: > >Mar 22 14:59:51 marcel MailScanner[28861]: Syntax error in line 6 of >ruleset file /etc/MailScanner/rules/queue.save.rules >Mar 22 14:59:51 marcel MailScanner[28861]: Syntax error in first field in >line 7 of ruleset /etc/MailScanner/rules/queue.save.rules > > >These are my entries: > >MailScanner.conf: > >Quarantine Whole Messages As Queue Files = %rules-dir%/queue.save.rules > >and queue.save.rules: > >virus:* yes >default no > > >Guess, i did something wrong here.. > >MailScanner -v > >Running on >Linux marcel 2.6.5-7.145-default #1 Thu Jan 27 09:19:29 UTC 2005 i686 >athlon i386 GNU/Linux >This is SuSE Linux 9.1 (i586) >This is Perl version 5.008003 (5.8.3) > > >Maybe someone got an idea here? > >Greetings > >Marcel > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Tue Mar 22 16:30:11 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:29:09 2006 Subject: feature request Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] >surely the rules that I would create would have 'precedence' meaning if >they were executed first, before 'distribution' rulesets, they would >always be incorporated and used. > >I can see I'm not making any headway here. My issue was the realization >that the 'local' rules that I was adding could not be at the end of the >filename.rules but at the top or middle. Thus, adopting a newly >distributed filename.rules is a very analog process of a cut & paste. I >have seen other programs use this concept of a distributed & local >version of the same type of file to prevent this analog process. I will >let it drop. > Craig, How about: Filename Rules = %etc-dir%/filename.rules And %etc-dir%/filename.rules contains: %etc-dir%/local-filename.rules.conf %etc-dir%/filename.rules.conf That way you can use your own local rules with Julian's without having to modify the default rules file. Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From rcooper at DWFORD.COM Tue Mar 22 17:17:29 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:29:09 2006 Subject: ClamAv and --unrar= Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I was just following a thread on the clamav users list and found something that should be noted by anyone using the command line version of clamav scanner in MailScanner. Someone noted that clamscan does not call the external unrar command, even when defined, when the file extension being scanned is not .rar. I checked the code in manager.c and they specifically do NOT call the external command unless the following conditions are met (in listed order): 1. The internal unrar code fails 2. The file extension is .rar That means the version two code is called first (and that is noted in the docs), but unless the file extension is .rar the external code is never used... that includes self extracting .exe files. I tested this and it is, in fact, how clamscan operates. I can take a .rar file and rename it to .txt and call clamscan directly on file.txt with the --unrar= switch and the internal code fails with the standard RAR MODULE FAILURE and the external is not called unless I rename it back to file.rar. The ClamAVModule code does not suffer from this extremely short sighted code. I thought I would mention this to the list because obviously self extracting rar files are never checked (unless created as a 2.0 version... not likely) and any malicious individual who wanted to get something past the clamav unpacker could simply change the extension or package it as a self extracting archive within another .rar or .zip file. Just a note. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue Mar 22 17:31:33 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:09 2006 Subject: Emails get stuck in the incoming queue (mqueue.in) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Stefan Rapp wrote: > I think i now have a single message reproducing the problem > (ClamAV says it is infected by HTML.Phishing.Bank-87). > > Only this message mqueue.in and Mailscanner in debug mode, > the message is scanned and quaratined, but then the process > exits with an error message and the queue files remain in > mqueue.in. > > syslog: > > MailScanner E-Mail Virus Scanner version 4.40.6 starting... > Enabling SpamAssassin auto-whitelist functionality... > SophosSAVI 3.91 (engine 2.28) recognizing 101594 viruses > SophosSAVI using 110 IDE files > lock.pl sees Config LockType = flock > lock.pl sees have_module = 0 > Using locktype = flock > New Batch: Scanning 1 messages, 9634 bytes > Created attachment dirs for 1 messages > Spam Checks: Starting > SpamAssassin returned 0 > Virus and Content Scanning: Starting > Commencing scanning by sophossavi... > Completed scanning by sophossavi > Commencing scanning by clamavmodule... > ClamAVModule::INFECTED:: HTML.Phishing.Bank-87:: ./j2L5c6It018505/msg-6796-2.html > Completed scanning by clamavmodule > Virus Scanning: ClamAV Module found 1 infections > Infected message j2L5c6It018505 came from ... > Virus Scanning: Found 1 viruses > Saved entire message to /var/spool/MailScanner/quarantine/20050322/j2L5c6It018505 > Saved infected "msg-6796-2.html" to /var/spool/MailScanner/quarantine/20050322/j2L5c6It018505 > > debug log: > > ... > debug: auto-learn: currently using scoreset 3, recomputing score based on scoreset 1. > debug: auto-learn: message score: -2.591, computed score for autolearn: 0.179 > debug: auto-learn? ham=0.1, spam=12, body-points=0.001, head-points=0.178, learned-points=-2.599 > debug: auto-learn? no: inside auto-learn thresholds, not considered ham or spam > debug: is spam? score=-2.591 required=5 > debug: tests=BAYES_00,HTML_MESSAGE,HTML_NONELEMENT_00_10,NO_REAL_NAME,SPF_HELO_PASS > debug: subtests=__COMMENT_EXISTS,__CT,__CTYPE_HAS_BOUNDARY,__HAS_MSGID,__HAS_SUBJECT,__MAILMAN_21,__MIME_HTML,__MIME_VERSION,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__RFC_IGNORANT_ENVFROM,__SANE_MSGID,__TAG_EXISTS_HTML > debug: auto-learn: currently using scoreset 3, recomputing score based on scoreset 1. > debug: auto-learn: message score: -2.591, computed score for autolearn: 0.179 > debug: auto-learn? ham=0.1, spam=12, body-points=0.001, head-points=0.178, learned-points=-2.599 > debug: auto-learn? no: inside auto-learn thresholds, not considered ham or spam > Can't call method "print" on an undefined value at /sw/sun4_59/cyrus-2.2.10/lib/perl5/site_perl/5.8.6/MIME/Entity.pm line 1824. > I wonder where it is getting the path for entity.pm in the debug log above. That is 8 levels deep and seems a strange place to have perl installed. Something is hosed in the perl configuration. -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Mar 22 17:48:14 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:09 2006 Subject: ClamAv and --unrar= Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks for that. There is some good news for MailScanner users, however. Though clamscan will not call the external unrar while scanning for viruses, MailScanner does still call it (for all filenames) if the file looks like either a rar file or a self-extracting one. This enables the filename and filetype content checks to still be done properly, despite the fact that clamscan itself won't tag any viruses in it. Rick Cooper wrote: >I was just following a thread on the clamav users list and found something >that should be noted by anyone using the command line version of clamav >scanner in MailScanner. > >Someone noted that clamscan does not call the external unrar command, even >when defined, when the file extension being scanned is not .rar. I checked >the code in manager.c and they specifically do NOT call the external command >unless the following conditions are met (in listed order): > > 1. The internal unrar code fails > 2. The file extension is .rar > >That means the version two code is called first (and that is noted in the >docs), but unless the file extension is .rar the external code is never >used... that includes self extracting .exe files. I tested this and it is, >in fact, how clamscan operates. I can take a .rar file and rename it to .txt >and call clamscan directly on file.txt with the --unrar= switch and the >internal code fails with the standard RAR MODULE FAILURE and the external is >not called unless I rename it back to file.rar. The ClamAVModule code does >not suffer from this extremely short sighted code. > >I thought I would mention this to the list because obviously self extracting >rar files are never checked (unless created as a 2.0 version... not likely) >and any malicious individual who wanted to get something past the clamav >unpacker could simply change the extension or package it as a self >extracting archive within another .rar or .zip file. > >Just a note. > > Rick > > >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Mar 22 18:36:56 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:09 2006 Subject: Emails get stuck in the incoming queue (mqueue.in) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Found and fixed. New Message.pm attached (gzipped). Scott Silva wrote: >Stefan Rapp wrote: > > >>I think i now have a single message reproducing the problem >>(ClamAV says it is infected by HTML.Phishing.Bank-87). >> >>Only this message mqueue.in and Mailscanner in debug mode, >>the message is scanned and quaratined, but then the process >>exits with an error message and the queue files remain in >>mqueue.in. >> >>syslog: >> >>MailScanner E-Mail Virus Scanner version 4.40.6 starting... >>Enabling SpamAssassin auto-whitelist functionality... >>SophosSAVI 3.91 (engine 2.28) recognizing 101594 viruses >>SophosSAVI using 110 IDE files >>lock.pl sees Config LockType = flock >>lock.pl sees have_module = 0 >>Using locktype = flock >>New Batch: Scanning 1 messages, 9634 bytes >>Created attachment dirs for 1 messages >>Spam Checks: Starting >>SpamAssassin returned 0 >>Virus and Content Scanning: Starting >>Commencing scanning by sophossavi... >>Completed scanning by sophossavi >>Commencing scanning by clamavmodule... >>ClamAVModule::INFECTED:: HTML.Phishing.Bank-87:: ./j2L5c6It018505/msg-6796-2.html >>Completed scanning by clamavmodule >>Virus Scanning: ClamAV Module found 1 infections >>Infected message j2L5c6It018505 came from ... >>Virus Scanning: Found 1 viruses >>Saved entire message to /var/spool/MailScanner/quarantine/20050322/j2L5c6It018505 >>Saved infected "msg-6796-2.html" to /var/spool/MailScanner/quarantine/20050322/j2L5c6It018505 >> >>debug log: >> >>... >>debug: auto-learn: currently using scoreset 3, recomputing score based on scoreset 1. >>debug: auto-learn: message score: -2.591, computed score for autolearn: 0.179 >>debug: auto-learn? ham=0.1, spam=12, body-points=0.001, head-points=0.178, learned-points=-2.599 >>debug: auto-learn? no: inside auto-learn thresholds, not considered ham or spam >>debug: is spam? score=-2.591 required=5 >>debug: tests=BAYES_00,HTML_MESSAGE,HTML_NONELEMENT_00_10,NO_REAL_NAME,SPF_HELO_PASS >>debug: subtests=__COMMENT_EXISTS,__CT,__CTYPE_HAS_BOUNDARY,__HAS_MSGID,__HAS_SUBJECT,__MAILMAN_21,__MIME_HTML,__MIME_VERSION,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__RFC_IGNORANT_ENVFROM,__SANE_MSGID,__TAG_EXISTS_HTML >>debug: auto-learn: currently using scoreset 3, recomputing score based on scoreset 1. >>debug: auto-learn: message score: -2.591, computed score for autolearn: 0.179 >>debug: auto-learn? ham=0.1, spam=12, body-points=0.001, head-points=0.178, learned-points=-2.599 >>debug: auto-learn? no: inside auto-learn thresholds, not considered ham or spam >>Can't call method "print" on an undefined value at /sw/sun4_59/cyrus-2.2.10/lib/perl5/site_perl/5.8.6/MIME/Entity.pm line 1824. >> >> >> >I wonder where it is getting the path for entity.pm in the debug log >above. That is 8 levels deep and seems a strange place to have perl >installed. Something is hosed in the perl configuration. > >-- >"If you have ever eaten crow, >It don't taste like chicken!!" > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/X-GZIP 65KB. ] [ Unable to print this part. ] From james at GRAYONLINE.ID.AU Wed Mar 23 00:39:31 2005 From: james at GRAYONLINE.ID.AU (James Gray) Date: Thu Jan 12 21:29:09 2006 Subject: feature request Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Wed, 23 Mar 2005 02:58 am, Craig White wrote: > On Tue, 2005-03-22 at 15:05 +0000, Julian Field wrote: > > > Surely the other crucial thing about filename.rules is that the order > > > of the rules is important, and some people comment out some of > > > Julian's defaults. Trying to achieve those 2 things with 2 separate > > > files would be well hard methinks? > > > > Precisely. Also, if I choose to change my recommended/sample rules, and > > these get automatically imported into your setup, you will be changing > > your usage rules without even knowing it. Sounds very dangerous to me. > > > > If I add a load to the file, it will be mentioned in the Change Log for > > that distribution. I would consult that and compare rules when you see > > that I have changed it significantly. > > ---- > real world, every admin doesn't examine each and every rule in your > configuration. Correct! Some of us roll our own filename/type rules and a nifty little shell script that uses "diff" and "patch" to do all the modifications automagically whenever we upgrade mailscanner. James -- A man said to the Universe: "Sir, I exist!" "However," replied the Universe, "the fact has not created in me a sense of obligation." -- Stephen Crane ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/PGP-SIGNATURE 196bytes. ] [ Unable to print this part. ] From pete at ENITECH.COM.AU Wed Mar 23 00:54:39 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:29:09 2006 Subject: feature request Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > > Correct! Some of us roll our own filename/type rules and a nifty little > shell script that uses "diff" and "patch" to do all the modifications > automagically whenever we upgrade mailscanner. > > James Which you're going to attach to your next email to list so we can all have a look at it, right? :P Pete ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From housey at SME-ECOM.CO.UK Wed Mar 23 09:37:46 2005 From: housey at SME-ECOM.CO.UK (Paul Houselander) Date: Thu Jan 12 21:29:09 2006 Subject: OT: Converting MBOX back to qf/df files Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Off topic question but hoped someone would advise if it was possible. I had a problem yesterday with my pop server which resulted in me delivering customers email into a catchall account so they could just quickly read there entire domains mail via a webmail application. Ive sorted the pop problem now and wanted to know if its possible to convert the mbox back into queue files for normal delivery. Ive not been able to find any info so was hoping someone here may know if its possible. Thanks Paul Houselander ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rakesh at NETCORE.CO.IN Wed Mar 23 09:36:30 2005 From: rakesh at NETCORE.CO.IN (Rakesh) Date: Thu Jan 12 21:29:09 2006 Subject: Blocking Unknow Users Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Felipe Tonioli wrote: >Hi All, > >Tks for the answers. > >I've tried to install milter but cant understand how he works... > >I'm using sendmail Brian and Rakesh answer that i can do this using >sendmail only. > >blah@foo.com OK >foo.com REJECT > >with the above example, blash@foo.com will be accepted right ? > > Yes >but what are you rejecting for foo.com ? > > We are doing that so that we do not accept any other mail other than one intended for blah@foo.com. For e.g. as per current settings blah@foo.com will be accepted and xyz@foo.com, abc@foo.com and similar others will be rejected. Now since you cannot predict what recipient the spammer might try to forge in its better that you reject the entire domain itself. foo.com REJECT actually means that all the mails for foo.com should be rejected. But the lookup is from top to bottom. So when a mail comes in for blah@foo.com it matches OK and gets accepted, but when the mail comes in for somebody else, the lookup first rights to match with blah@foo.com but fails and so proceeds to the next entry which is the domain name and has REJECT so the mail is finally rejected. If you try to swap the order of entries like foo.com REJECT blah@foo.com OK then you will land up rejecting all the mails for foo.com including the ones intended for blah@foo.com. >can you explaim better for me ? > > > Hope the earlier explanation suits you :) >this configuration will be addedd to access right ? > > > yes, or whatever that checks for the recipient access (in the language of postfix). Ne ways don't confuse with it. >tks in advance > > thanks for the advance :-) -- Regards, Rakesh B. Pal Emergic CleanMail Team. Netcore Solutions Pvt. Ltd. ======================================================================== "First they ignore you. Then they laugh at you. Then they fight you. Then you win." - M. Gandhi ======================================================================== ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Wed Mar 23 10:27:16 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:29:09 2006 Subject: New Spam Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Did you change the score of these rules in spamassassin or this are default scores? ----- Original Message ----- From: "Drew Marshall" To: Sent: Wednesday, March 23, 2005 7:20 AM Subject: Re: New Spam > Roger Jochem said: > > Hello all! > > > > I'm receiving messages like the attached one for a while now. Is there > > some spamassassin rule that can block this kind of spam? Aparently the > > message, lokking the code, is very diferent from what is appearing on > > screen. And the original text (that doesn't appear) is always very > > diferent... > > Worked for me... > > Our MailScanner believes that the attachment to this message sent to you > > From: owner-mailscanner@jiscmail.ac.uk > Subject: [MAILSCANNER] New Spam > > is Unsolicited Commercial Email (spam). Unless you are sure that this message > is incorrectly thought to be spam, please delete this message without opening > it. Opening spam messages might allow the spammer to verify your email > address. > > If you believe that this message has been incorrectly marked as spam, please > forward this email to postmaster. > > pts rule name description > ---- ---------------------- > -------------------------------------------------- > 2.5 SARE_SPOOF_COM2OTH URI: a.com.b.c > 2.5 SARE_SPOOF_OURI URI: URL has items in odd places > 2.3 BIZ_TLD URI: Contains an URL in the BIZ top-level domain > 0.1 HTML_TEXT_AFTER_BODY BODY: HTML contains text after BODY close tag > 0.1 HTML_TAG_EXIST_TBODY BODY: HTML has "tbody" tag > -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1% > [score: 0.0000] > 0.0 HTML_TEXT_AFTER_HTML BODY: HTML contains text after HTML close tag > 0.0 HTML_MESSAGE BODY: HTML included in message > 0.1 HTML_FONT_BIG BODY: HTML tag for a big font size > 0.0 MIME_QP_LONG_LINE RAW: Quoted-printable line longer than 76 chars > 1.0 URIBL_SBL Contains an URL listed in the SBL blocklist > [URIs: spacedrugs.com] > 3.2 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist > [URIs: spacedrugs.com] > > As you can see the URIBLs did their job very well. I would ensure that you > are using the latest SpamAssassin and have URIBL turned on. > > Drew > > -- > In line with our policy, this message has > been scanned for viruses and dangerous > content by MailScanner, and is believed to be clean. > www.themarshalls.co.uk/policy > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Wed Mar 23 10:20:30 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:29:09 2006 Subject: New Spam Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Roger Jochem said: > Hello all! > > I'm receiving messages like the attached one for a while now. Is there > some spamassassin rule that can block this kind of spam? Aparently the > message, lokking the code, is very diferent from what is appearing on > screen. And the original text (that doesn't appear) is always very > diferent... Worked for me... Our MailScanner believes that the attachment to this message sent to you From: owner-mailscanner@jiscmail.ac.uk Subject: [MAILSCANNER] New Spam is Unsolicited Commercial Email (spam). Unless you are sure that this message is incorrectly thought to be spam, please delete this message without opening it. Opening spam messages might allow the spammer to verify your email address. If you believe that this message has been incorrectly marked as spam, please forward this email to postmaster. pts rule name description ---- ---------------------- -------------------------------------------------- 2.5 SARE_SPOOF_COM2OTH URI: a.com.b.c 2.5 SARE_SPOOF_OURI URI: URL has items in odd places 2.3 BIZ_TLD URI: Contains an URL in the BIZ top-level domain 0.1 HTML_TEXT_AFTER_BODY BODY: HTML contains text after BODY close tag 0.1 HTML_TAG_EXIST_TBODY BODY: HTML has "tbody" tag -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1% [score: 0.0000] 0.0 HTML_TEXT_AFTER_HTML BODY: HTML contains text after HTML close tag 0.0 HTML_MESSAGE BODY: HTML included in message 0.1 HTML_FONT_BIG BODY: HTML tag for a big font size 0.0 MIME_QP_LONG_LINE RAW: Quoted-printable line longer than 76 chars 1.0 URIBL_SBL Contains an URL listed in the SBL blocklist [URIs: spacedrugs.com] 3.2 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist [URIs: spacedrugs.com] As you can see the URIBLs did their job very well. I would ensure that you are using the latest SpamAssassin and have URIBL turned on. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Mar 23 10:20:46 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:09 2006 Subject: New Spam Message-ID: Roger scanning it through my system (SA 3.02 with lots of SARE rules, URI-RBL's, coulple of normal RBL's, pyzor, bayes etc etc) I get the following rules triggered.. 1.7 MSGID_FROM_MTA_ID Message-Id for external message added locally 2.3 MANGLED_VISIT BODY: mangled visit 1.4 FU_TLD_BIZ URI: FU_TLD_BIZ 2.5 SARE_SPOOF_OURI URI: URL has items in odd places 2.3 BIZ_TLD URI: Contains an URL in the BIZ top-level domain 2.5 SARE_SPOOF_COM2OTH URI: a.com.b.c 0.1 HTML_TEXT_AFTER_BODY BODY: HTML contains text after BODY close tag 0.1 HTML_TAG_EXIST_TBODY BODY: HTML has "tbody" tag 0.0 HTML_TEXT_AFTER_HTML BODY: HTML contains text after HTML close tag 0.0 HTML_MESSAGE BODY: HTML included in message 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60% [score: 0.4999] 0.1 HTML_FONT_BIG BODY: HTML tag for a big font size 0.0 MIME_QP_LONG_LINE RAW: Quoted-printable line longer than 76 chars 4.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net [Blocked - see ] 3.1 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL [219.250.101.252 listed in sbl-xbl.spamhaus.org] 1.0 URIBL_SBL Contains an URL listed in the SBL blocklist [URIs: spacedrugs.com] 3.2 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist [URIs: spacedrugs.com] 1.1 PRIORITY_NO_NAME Message has priority, but no X-Mailer/User-Agent 0.9 FM_NO_STYLE FM_NO_STYLE -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Roger Jochem wrote: > Hello all! > > I'm receiving messages like the attached one for a while now. Is there > some spamassassin rule that can block this kind of spam? Aparently the > message, lokking the code, is very diferent from what is appearing on > screen. And the original text (that doesn't appear) is always very > diferent... > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* > ------------------------------------------------------------------------ ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Wed Mar 23 10:29:32 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:29:09 2006 Subject: New Spam Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] What do I have to do to enable URIBLs ? I'm not shure I'm using that... I'm using spamassassin 3.0.2 ----- Original Message ----- From: "Drew Marshall" To: Sent: Wednesday, March 23, 2005 7:20 AM Subject: Re: New Spam > Roger Jochem said: > > Hello all! > > > > I'm receiving messages like the attached one for a while now. Is there > > some spamassassin rule that can block this kind of spam? Aparently the > > message, lokking the code, is very diferent from what is appearing on > > screen. And the original text (that doesn't appear) is always very > > diferent... > > Worked for me... > > Our MailScanner believes that the attachment to this message sent to you > > From: owner-mailscanner@jiscmail.ac.uk > Subject: [MAILSCANNER] New Spam > > is Unsolicited Commercial Email (spam). Unless you are sure that this message > is incorrectly thought to be spam, please delete this message without opening > it. Opening spam messages might allow the spammer to verify your email > address. > > If you believe that this message has been incorrectly marked as spam, please > forward this email to postmaster. > > pts rule name description > ---- ---------------------- > -------------------------------------------------- > 2.5 SARE_SPOOF_COM2OTH URI: a.com.b.c > 2.5 SARE_SPOOF_OURI URI: URL has items in odd places > 2.3 BIZ_TLD URI: Contains an URL in the BIZ top-level domain > 0.1 HTML_TEXT_AFTER_BODY BODY: HTML contains text after BODY close tag > 0.1 HTML_TAG_EXIST_TBODY BODY: HTML has "tbody" tag > -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1% > [score: 0.0000] > 0.0 HTML_TEXT_AFTER_HTML BODY: HTML contains text after HTML close tag > 0.0 HTML_MESSAGE BODY: HTML included in message > 0.1 HTML_FONT_BIG BODY: HTML tag for a big font size > 0.0 MIME_QP_LONG_LINE RAW: Quoted-printable line longer than 76 chars > 1.0 URIBL_SBL Contains an URL listed in the SBL blocklist > [URIs: spacedrugs.com] > 3.2 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist > [URIs: spacedrugs.com] > > As you can see the URIBLs did their job very well. I would ensure that you > are using the latest SpamAssassin and have URIBL turned on. > > Drew > > -- > In line with our policy, this message has > been scanned for viruses and dangerous > content by MailScanner, and is believed to be clean. > www.themarshalls.co.uk/policy > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Wed Mar 23 10:32:40 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:29:09 2006 Subject: New Spam Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] do a spamassassin -D --lint and read the output, it will show you want is failing and what isnt. If you can see things like SPF and URI tests failing do a #MailScanner -v and see if you are mising some of the key perl modules, like; NEt::DNS and SPF Good luck Pete Roger Jochem wrote: > What do I have to do to enable URIBLs ? > > I'm not shure I'm using that... I'm using spamassassin 3.0.2 > > ----- Original Message ----- > From: "Drew Marshall" > To: > Sent: Wednesday, March 23, 2005 7:20 AM > Subject: Re: New Spam > > > >>Roger Jochem said: >> >>>Hello all! >>> >>>I'm receiving messages like the attached one for a while now. Is there >>>some spamassassin rule that can block this kind of spam? Aparently the >>>message, lokking the code, is very diferent from what is appearing on >>>screen. And the original text (that doesn't appear) is always very >>>diferent... >> >>Worked for me... >> >>Our MailScanner believes that the attachment to this message sent to you >> >> From: owner-mailscanner@jiscmail.ac.uk >> Subject: [MAILSCANNER] New Spam >> >>is Unsolicited Commercial Email (spam). Unless you are sure that this > > message > >>is incorrectly thought to be spam, please delete this message without > > opening > >>it. Opening spam messages might allow the spammer to verify your email >>address. >> >>If you believe that this message has been incorrectly marked as spam, > > please > >>forward this email to postmaster. >> >> pts rule name description >>---- ---------------------- >>-------------------------------------------------- >> 2.5 SARE_SPOOF_COM2OTH URI: a.com.b.c >> 2.5 SARE_SPOOF_OURI URI: URL has items in odd places >> 2.3 BIZ_TLD URI: Contains an URL in the BIZ top-level > > domain > >> 0.1 HTML_TEXT_AFTER_BODY BODY: HTML contains text after BODY close tag >> 0.1 HTML_TAG_EXIST_TBODY BODY: HTML has "tbody" tag >>-2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1% >> [score: 0.0000] >> 0.0 HTML_TEXT_AFTER_HTML BODY: HTML contains text after HTML close tag >> 0.0 HTML_MESSAGE BODY: HTML included in message >> 0.1 HTML_FONT_BIG BODY: HTML tag for a big font size >> 0.0 MIME_QP_LONG_LINE RAW: Quoted-printable line longer than 76 > > chars > >> 1.0 URIBL_SBL Contains an URL listed in the SBL blocklist >> [URIs: spacedrugs.com] >> 3.2 URIBL_OB_SURBL Contains an URL listed in the OB SURBL > > blocklist > >> [URIs: spacedrugs.com] >> >>As you can see the URIBLs did their job very well. I would ensure that you >>are using the latest SpamAssassin and have URIBL turned on. >> >>Drew >> >>-- >>In line with our policy, this message has >>been scanned for viruses and dangerous >>content by MailScanner, and is believed to be clean. >>www.themarshalls.co.uk/policy >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From chris at scorpion.nl Wed Mar 23 10:34:10 2005 From: chris at scorpion.nl (Christiaan den Besten) Date: Thu Jan 12 21:29:09 2006 Subject: CustomConfig funtions and parameters. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi ! I remember from some month's ago someone proposed to be able to add parameters to a custom function being used as a ruleset. Has this even been build ? I would like to use it ;) e.g. "Use Spamassasin = &Hashtable ("type1","hash-sa-table");" or something like that .... bye, Chris ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Mar 23 10:35:34 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:09 2006 Subject: New Spam Message-ID: Roger make sure the plugin is enabled in /etc/mail/spamassassin/init.pre and as long you have a recent Net::DNS module installed it should work fine - oh and network tests enabled, which seem to be out of the box. test with spamassassin -p /spam.assassin.prefs.conf -D --lint and make sure it's loading the URI-RBL pluging and doesn't complain the NET::DNS perl module is too old. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Roger Jochem wrote: > What do I have to do to enable URIBLs ? > > I'm not shure I'm using that... I'm using spamassassin 3.0.2 > > ----- Original Message ----- > From: "Drew Marshall" > To: > Sent: Wednesday, March 23, 2005 7:20 AM > Subject: Re: New Spam > > > >>Roger Jochem said: >> >>>Hello all! >>> >>>I'm receiving messages like the attached one for a while now. Is there >>>some spamassassin rule that can block this kind of spam? Aparently the >>>message, lokking the code, is very diferent from what is appearing on >>>screen. And the original text (that doesn't appear) is always very >>>diferent... >> >>Worked for me... >> >>Our MailScanner believes that the attachment to this message sent to you >> >> From: owner-mailscanner@jiscmail.ac.uk >> Subject: [MAILSCANNER] New Spam >> >>is Unsolicited Commercial Email (spam). Unless you are sure that this > > message > >>is incorrectly thought to be spam, please delete this message without > > opening > >>it. Opening spam messages might allow the spammer to verify your email >>address. >> >>If you believe that this message has been incorrectly marked as spam, > > please > >>forward this email to postmaster. >> >> pts rule name description >>---- ---------------------- >>-------------------------------------------------- >> 2.5 SARE_SPOOF_COM2OTH URI: a.com.b.c >> 2.5 SARE_SPOOF_OURI URI: URL has items in odd places >> 2.3 BIZ_TLD URI: Contains an URL in the BIZ top-level > > domain > >> 0.1 HTML_TEXT_AFTER_BODY BODY: HTML contains text after BODY close tag >> 0.1 HTML_TAG_EXIST_TBODY BODY: HTML has "tbody" tag >>-2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1% >> [score: 0.0000] >> 0.0 HTML_TEXT_AFTER_HTML BODY: HTML contains text after HTML close tag >> 0.0 HTML_MESSAGE BODY: HTML included in message >> 0.1 HTML_FONT_BIG BODY: HTML tag for a big font size >> 0.0 MIME_QP_LONG_LINE RAW: Quoted-printable line longer than 76 > > chars > >> 1.0 URIBL_SBL Contains an URL listed in the SBL blocklist >> [URIs: spacedrugs.com] >> 3.2 URIBL_OB_SURBL Contains an URL listed in the OB SURBL > > blocklist > >> [URIs: spacedrugs.com] >> >>As you can see the URIBLs did their job very well. I would ensure that you >>are using the latest SpamAssassin and have URIBL turned on. >> >>Drew >> >>-- >>In line with our policy, this message has >>been scanned for viruses and dangerous >>content by MailScanner, and is believed to be clean. >>www.themarshalls.co.uk/policy >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Wed Mar 23 10:38:19 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:29:09 2006 Subject: New Spam Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Roger Jochem said: > Did you change the score of these rules in spamassassin or this are > default scores? No all default. Check you have a pre.init (Or some thing like, sorry not at the server at the moment) in /etc/mail/spamassassin (Or /usr/local/etc/mail/spamassassin if you are running BSD). Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Mar 23 10:39:19 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:09 2006 Subject: OT: Converting MBOX back to qf/df files Message-ID: Paul you'll need to split the mbox into individual emails first with split or cplit... csplit -n 4 $MAIL /^From\ / {9999} or split -p ^From\ $MAIL then feed those emails into sendmail with something a 'sendmail -ti < message' for each of the emails produced from the [c]split. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Paul Houselander wrote: > Hi > > Off topic question but hoped someone would advise if it was possible. > > I had a problem yesterday with my pop server which resulted in me delivering > customers email into a catchall account so they could just quickly read > there entire domains mail via a webmail application. > > Ive sorted the pop problem now and wanted to know if its possible to convert > the mbox back into queue files for normal delivery. > > Ive not been able to find any info so was hoping someone here may know if > its possible. > > Thanks > > Paul Houselander > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Wed Mar 23 10:39:58 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:29:09 2006 Subject: New Spam Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Martin Hepworth said: > Roger > > make sure the plugin is enabled in /etc/mail/spamassassin/init.pre Hmm, close with pre.init. Take Martin's advice, much more accurate :-) -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From waldner at WALDNER.PRIV.AT Wed Mar 23 10:30:10 2005 From: waldner at WALDNER.PRIV.AT (Robert Waldner) Date: Thu Jan 12 21:29:09 2006 Subject: Problem with MailScanner, postfix and corrupt mails Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Wed, 16 Mar 2005 17:46:19 +0100, Robert Waldner writes: >If I don't hear about someone having this problem with 5.6, I'll start > rebuilding a test-box with that tomorrow. I've built a box with perl 5.6 now, and it's delivering mail since yesterday. This is in a pool with 2 other (perl 5.8) machines which do exhibit the problem with corrupt mails. The 5.8 boxen have each had 2 resp. 3 mails "corrupt" in the last 24 hours, the 5.6 one had none. To make matters a bit more interesting, I couldn't get the same MS on the 5.6 as on the 5.8 machines, eg the perl 5.6 machine now runs: ii libcompress-zl 1.16-1 Perl module for creation and manipulation of ii libconvert-tne 0.16-2 Perl module to read TNEF files ii libmailtools-p 1.44-1woody2 Manipulate email in perl programs ii libmime-perl 5.411-3 Perl5 modules for MIME-compliant messages (M ii libnet-perl 1.09.01-1 Implementation of Internet protocols for Per ii libnet-server- 0.87-3 An extensible, general perl server engine ii libtime-hires- 1.20-4 High-resolution time manipulation in perl ii libtimedate-pe 1.11-1 Time and date functions for perl. ii liburi-perl 1.30-1 Manipulates and accesses URI strings ii libwww-perl 5.64-1 WWW client/server library for Perl ii mailscanner 4.30.3-1 An email virus scanner and spam tagger ii perl 5.6.1-8.8 Larry Wall's Practical Extraction and Report ii perl-base 5.6.1-8.8 The Pathologically Eclectic Rubbish Lister. ii perl-modules 5.6.1-8.8 Core Perl modules. (Sorry, "MailScanner -v" doesn't work). I'll leave it running until next week, but this sure looks like a Perl bug to me. cheers, &rw -- -- Funny, I thought countries were formed by the biggest warlords eating -- all the smaller warlords until they ran into a warlord they couldn't -- run over, and called the place they met the natural border, while the -- peasants tried to avoid getting killed in the process. Peter Da Silva ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/PGP-SIGNATURE 196bytes. ] [ Unable to print this part. ] From roger at RUDNICK.COM.BR Wed Mar 23 11:38:01 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:29:09 2006 Subject: New Spam Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] It is active... But running in debug it shows: URIDNSBL: Domains to query: And doesn't show any domain ----- Original Message ----- From: "Drew Marshall" To: Sent: Wednesday, March 23, 2005 7:39 AM Subject: Re: New Spam > Martin Hepworth said: > > Roger > > > > make sure the plugin is enabled in /etc/mail/spamassassin/init.pre > > > Hmm, close with pre.init. Take Martin's advice, much more accurate :-) > > -- > In line with our policy, this message has > been scanned for viruses and dangerous > content by MailScanner, and is believed to be clean. > www.themarshalls.co.uk/policy > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Mar 23 11:44:40 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:09 2006 Subject: New Spam Message-ID: That means there's nothing in the input to query. Try with your email you originally sent to the list and post the full output back here.. spamassassin -p /spam.assassin.prefs.conf -D --lint \ < youremail.eml -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Roger Jochem wrote: > It is active... > > But running in debug it shows: > > URIDNSBL: Domains to query: > > And doesn't show any domain > > ----- Original Message ----- > From: "Drew Marshall" > To: > Sent: Wednesday, March 23, 2005 7:39 AM > Subject: Re: New Spam > > > >>Martin Hepworth said: >> >>>Roger >>> >>>make sure the plugin is enabled in /etc/mail/spamassassin/init.pre >> >> >>Hmm, close with pre.init. Take Martin's advice, much more accurate :-) >> >>-- >>In line with our policy, this message has >>been scanned for viruses and dangerous >>content by MailScanner, and is believed to be clean. >>www.themarshalls.co.uk/policy >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Mar 23 11:50:47 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:09 2006 Subject: CustomConfig funtions and parameters. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Here is a brief example: Outgoing Queue Dir = &ChooseZMOutQueueDir("dir1","dir2") and then in the Custom Function file: my @ZMOutQueueDirs=(); sub InitChooseZMOutQueueDir { @ZMOutQueueDirs=@_; MailScanner::Log::InfoLog("Initializing ChooseZMOutQueueDir Version %s...", $MailScanner::CustomConfig::ZMRouterDirHash::VERSION); ..... So they just get picked up as parameters to the Init.... function. It's that simple. Christiaan den Besten wrote: > Hi ! > > I remember from some month's ago someone proposed to be able to add > parameters to a custom function being used as a ruleset. Has this > even been build ? I would like to use it ;) > > e.g. "Use Spamassasin = &Hashtable ("type1","hash-sa-table");" or > something like that .... > > bye, > Chris > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From chris at scorpion.nl Wed Mar 23 11:59:58 2005 From: chris at scorpion.nl (Christiaan den Besten) Date: Thu Jan 12 21:29:09 2006 Subject: What to Quarantaine ? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] This got some attentions last week anyway ... where can one find "Quarantaine Infection = " ruleset options ? Notify is clear: "Notify Senders of Viruses" "Nofity Senders of Blocked Filenames or Filetypes" "Notify Senders of Other Blocked Contents" (iframe et al). Are the same options available to determine what to place in quarantaine ? e.g. "virus: FromOrTo: @virusdomain.tld yes" "fileblock: FromOrTo: @virusdomain.tld no" "otherblock: FromOrTo: @virusdomain.nl yes" etc etc.... bye, Chris --- >>Can't this be done with a ruleset? >> >> >> >>>># When you quarantine an entire message, do you want to store it >>>>as >>>># raw mail queue files (so you can easily send them onto users) >>>>or >>>># as human-readable files (header then body in 1 file)? >>>>Quarantine Whole Messages As Queue Files = no >>>> >>>> >>Put in the ruleset: >> >>virus:* yes >>default no >> >> Neither of those are valid ruleset entries. Try this instead. virus * yes FromOrTo default no >> >> >tried that.. --- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Wed Mar 23 12:06:07 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:29:09 2006 Subject: New Spam Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > spamassassin -p /etc/MailScanner/spam.assassin.prefs.conf -D --lint < /etc/MailScanner/email.eml debug: SpamAssassin version 3.0.2 debug: Score set 0 chosen. debug: running in taint mode? yes debug: Running in taint mode, removing unsafe env vars, and resetting PATH debug: PATH included '/bin', keeping. debug: PATH included '/usr/bin', keeping. debug: PATH included '/sbin', keeping. debug: PATH included '/usr/sbin', keeping. debug: PATH included '/usr/local/bin', keeping. debug: Final PATH set to: /bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin debug: diag: module installed: DBI, version 1.32 debug: diag: module installed: DB_File, version 1.810 debug: diag: module installed: Digest::SHA1, version 2.10 debug: diag: module installed: IO::Socket::UNIX, version 1.2 debug: diag: module installed: MIME::Base64, version 2.12 debug: diag: module installed: Net::DNS, version 0.48 debug: diag: module installed: Net::LDAP, version 0.32 debug: diag: module installed: Razor2::Client::Agent, version 2.67 debug: diag: module installed: Storable, version 2.06 debug: diag: module installed: URI, version 1.19 debug: ignore: using a test message to lint rules debug: using "/etc/mail/spamassassin/init.pre" for site rules init.pre debug: config: read file /etc/mail/spamassassin/init.pre debug: using "/usr/share/spamassassin" for default rules dir debug: config: read file /usr/share/spamassassin/10_misc.cf debug: config: read file /usr/share/spamassassin/20_anti_ratware.cf debug: config: read file /usr/share/spamassassin/20_body_tests.cf debug: config: read file /usr/share/spamassassin/20_compensate.cf debug: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf debug: config: read file /usr/share/spamassassin/20_drugs.cf debug: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf debug: config: read file /usr/share/spamassassin/20_head_tests.cf debug: config: read file /usr/share/spamassassin/20_html_tests.cf debug: config: read file /usr/share/spamassassin/20_meta_tests.cf debug: config: read file /usr/share/spamassassin/20_phrases.cf debug: config: read file /usr/share/spamassassin/20_porn.cf debug: config: read file /usr/share/spamassassin/20_ratware.cf debug: config: read file /usr/share/spamassassin/20_uri_tests.cf debug: config: read file /usr/share/spamassassin/23_bayes.cf debug: config: read file /usr/share/spamassassin/25_body_tests_es.cf debug: config: read file /usr/share/spamassassin/25_hashcash.cf debug: config: read file /usr/share/spamassassin/25_spf.cf debug: config: read file /usr/share/spamassassin/25_uribl.cf debug: config: read file /usr/share/spamassassin/30_text_de.cf debug: config: read file /usr/share/spamassassin/30_text_fr.cf debug: config: read file /usr/share/spamassassin/30_text_nl.cf debug: config: read file /usr/share/spamassassin/30_text_pl.cf debug: config: read file /usr/share/spamassassin/50_scores.cf debug: config: read file /usr/share/spamassassin/60_whitelist.cf debug: using "/etc/mail/spamassassin" for site rules dir debug: config: read file /etc/mail/spamassassin/bogus-virus-warnings.cf debug: config: read file /etc/mail/spamassassin/regras-rudnick.cf debug: using "/root/.spamassassin" for user state dir debug: using "/etc/MailScanner/spam.assassin.prefs.conf" for user prefs file debug: config: read file /etc/MailScanner/spam.assassin.prefs.conf debug: plugin: loading Mail::SpamAssassin::Plugin::RelayCountry from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x96a3f80) debug: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x96d4be4) debug: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::Hashcash=HASH(0x96ba9cc) debug: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x96d4cf4) debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x96d4be4) implements 'parse_config' debug: plugin: Mail::SpamAssassin::Plugin::Hashcash=HASH(0x96ba9cc) implements 'parse_config' debug: bayes: 22595 tie-ing to DB file R/O /etc/MailScanner/bayes/bayes_toks debug: bayes: 22595 tie-ing to DB file R/O /etc/MailScanner/bayes/bayes_seen debug: bayes: found bayes db version 3 debug: Score set 3 chosen. debug: ---- MIME PARSER START ---- debug: main message type: text/plain debug: parsing normal part debug: added part, type: text/plain debug: ---- MIME PARSER END ---- debug: metadata: X-Spam-Relays-Trusted: debug: metadata: X-Spam-Relays-Untrusted: debug: plugin: Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x96a3f80) implements 'extract_metadata' debug: metadata: X-Relay-Countries: debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x96d4be4) implements 'parsed_metadata' debug: dns_available set to yes in config file, skipping test debug: decoding: no encoding detected debug: URIDNSBL: domains to query: debug: is Net::DNS::Resolver available? yes debug: Net::DNS version: 0.48 debug: all '*From' addrs: ignore@compiling.spamassassin.taint.org debug: Running tests for priority: 0 debug: running header regexp tests; score so far=0 debug: registering glue method for check_hashcash_double_spend (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x96ba9cc)) debug: registering glue method for check_for_spf_helo_pass (Mail::SpamAssassin::Plugin::SPF=HASH(0x96d4cf4)) debug: SPF: message was delivered entirely via trusted relays, not required debug: registering glue method for check_hashcash_value (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x96ba9cc)) debug: all '*To' addrs: debug: registering glue method for check_for_spf_softfail (Mail::SpamAssassin::Plugin::SPF=HASH(0x96d4cf4)) debug: SPF: message was delivered entirely via trusted relays, not required debug: registering glue method for check_for_spf_pass (Mail::SpamAssassin::Plugin::SPF=HASH(0x96d4cf4)) debug: registering glue method for check_for_spf_helo_softfail (Mail::SpamAssassin::Plugin::SPF=HASH(0x96d4cf4)) debug: registering glue method for check_for_spf_fail (Mail::SpamAssassin::Plugin::SPF=HASH(0x96d4cf4)) debug: registering glue method for check_for_spf_helo_fail (Mail::SpamAssassin::Plugin::SPF=HASH(0x96d4cf4)) debug: running body-text per-line regexp tests; score so far=-3.174 debug: running uri tests; score so far=-3.174 debug: registering glue method for check_uridnsbl (Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x96d4be4)) debug: bayes corpus size: nspam = 16915, nham = 42798 debug: tokenize: header tokens for *F = "U*ignore D*compiling.spamassassin.taint.org D*spamassassin.taint.org D*taint.org D*org" debug: tokenize: header tokens for *m = " 1111579447 lint_rules " debug: tokenize: header tokens for X-Relay-Countries = " " debug: tokenize: header tokens for *RT = " " debug: tokenize: header tokens for *RU = " " debug: bayes token 'H*Ad:D*org' => 0.0173548387096774 debug: bayes token 'message' => 0.0636082163551004 debug: bayes token 'H*F:D*org' => 0.902720711501242 debug: bayes: score = 0.367449123126298 debug: bayes: 22595 untie-ing debug: bayes: 22595 untie-ing db_toks debug: bayes: 22595 untie-ing db_seen debug: Razor2 is available debug: entering helper-app run mode Razor-Log: Computed razorhome from env: /root/.razor Razor-Log: Found razorhome: /root/.razor Razor-Log: No /root/.razor/razor-agent.conf found, skipping. Razor-Log: No razor-agent.conf found, using defaults. Mar 23 09:04:08.684766 check[22595]: [ 2] [bootup] Logging initiated LogDebugLevel=9 to stdout Mar 23 09:04:08.685113 check[22595]: [ 5] computed razorhome=/root/.razor, conf=, ident=/root/.razor/identity-ruhf3afFHl Mar 23 09:04:08.685259 check[22595]: [ 8] Client supported_engines: 4 8 Mar 23 09:04:08.685545 check[22595]: [ 8] prep_mail done: mail 1 headers=93, mime0=1376 Mar 23 09:04:08.685799 check[22595]: [ 5] read_file: 1 items read from /root/.razor/servers.discovery.lst Mar 23 09:04:08.685993 check[22595]: [ 5] read_file: 2 items read from /root/.razor/servers.nomination.lst Mar 23 09:04:08.686159 check[22595]: [ 5] read_file: 1 items read from /root/.razor/servers.catalogue.lst Mar 23 09:04:08.686375 check[22595]: [ 9] Assigning defaults to folly.cloudmark.com Mar 23 09:04:08.686489 check[22595]: [ 9] Assigning defaults to joy.cloudmark.com Mar 23 09:04:08.686610 check[22595]: [ 9] Assigning defaults to shock.cloudmark.com Mar 23 09:04:08.687211 check[22595]: [ 5] read_file: 12 items read from /root/.razor/server.joy.cloudmark.com.conf Mar 23 09:04:08.687599 check[22595]: [ 5] read_file: 12 items read from /root/.razor/server.joy.cloudmark.com.conf Mar 23 09:04:08.688071 check[22595]: [ 5] read_file: 16 items read from /root/.razor/server.pride.cloudmark.com.conf Mar 23 09:04:08.688507 check[22595]: [ 5] read_file: 16 items read from /root/.razor/server.pride.cloudmark.com.conf Mar 23 09:04:08.688948 check[22595]: [ 5] read_file: 16 items read from /root/.razor/server.shock.cloudmark.com.conf Mar 23 09:04:08.689375 check[22595]: [ 5] read_file: 16 items read from /root/.razor/server.shock.cloudmark.com.conf Mar 23 09:04:08.689830 check[22595]: [ 5] read_file: 16 items read from /root/.razor/server.tension.cloudmark.com.conf Mar 23 09:04:08.690263 check[22595]: [ 5] read_file: 16 items read from /root/.razor/server.tension.cloudmark.com.conf Mar 23 09:04:08.690712 check[22595]: [ 5] read_file: 16 items read from /root/.razor/server.prejudice.cloudmark.com.conf Mar 23 09:04:08.691145 check[22595]: [ 5] read_file: 16 items read from /root/.razor/server.prejudice.cloudmark.com.conf Mar 23 09:04:08.691282 check[22595]: [ 5] 39439 seconds before closest server discovery Mar 23 09:04:08.691408 check[22595]: [ 6] shock.cloudmark.com is a Catalogue Server srl 5065; computed min_cf=6, Server se: C8 Mar 23 09:04:08.691541 check[22595]: [ 8] Computed supported_engines: 4 8 Mar 23 09:04:08.691632 check[22595]: [ 8] Using next closest server shock.cloudmark.com:2703, cached info srl 5065 Mar 23 09:04:08.691709 check[22595]: [ 8] mail 1 has no subject Mar 23 09:04:08.693278 check[22595]: [ 6] preproc: mail 1.0 went from 1376 bytes to 1339 Mar 23 09:04:08.693380 check[22595]: [ 6] computing sigs for mail 1.0, len 1339 Mar 23 09:04:08.695397 check[22595]: [ 6] Engine (8) didn't produce a signature for mail 1.0 Mar 23 09:04:08.695538 check[22595]: [ 6] skipping whitelist file (empty?): /root/.razor/razor-whitelist Mar 23 09:04:08.695625 check[22595]: [ 5] Connecting to shock.cloudmark.com ... Mar 23 09:04:09.160788 check[22595]: [ 8] Connection established Mar 23 09:04:09.160951 check[22595]: [ 4] shock.cloudmark.com >> 36 server greeting: sn=C&srl=5065&a=l&a=cg&ep4=7542-10 Mar 23 09:04:09.161289 check[22595]: [ 4] shock.cloudmark.com << 25 Mar 23 09:04:09.161343 check[22595]: [ 6] cn=razor-agents&cv=2.67 Mar 23 09:04:09.161503 check[22595]: [ 6] shock.cloudmark.com is a Catalogue Server srl 5065; computed min_cf=6, Server se: C8 Mar 23 09:04:09.161654 check[22595]: [ 8] Computed supported_engines: 4 8 Mar 23 09:04:09.161767 check[22595]: [ 8] mail 1.0 e4 sig: xFaZIZUVHk90OQfARnenjx5BZTMA Mar 23 09:04:09.161867 check[22595]: [ 5] mail 1.0 e8 got no sig Mar 23 09:04:09.161949 check[22595]: [ 8] preparing 1 queries Mar 23 09:04:09.162082 check[22595]: [ 8] sending 1 batches Mar 23 09:04:09.162180 check[22595]: [ 4] shodebug: Using results from Razor v2.67 debug: Found Razor2 part: part=0 engine=4 ct=0 cf=0 debug: leaving helper-app run mode ck.cloudmark.com << 52 Mar 23 09:04:09.162272 check[22595]: [ 6] a=c&e=4&ep4=7542-10&s=xFaZIZUVHk90OQfARnenjx5BZTMA Mar 23 09:04:09.682945 check[22595]: [ 4] shock.cloudmark.com >> 5 Mar 23 09:04:09.683039 check[22595]: [ 6] response to sent.2 p=0 Mar 23 09:04:09.683356 check[22595]: [ 6] mail 1.0 e=4 sig=xFaZIZUVHk90OQfARnenjx5BZTMA: sig not found. Mar 23 09:04:09.683432 check[22595]: [ 7] method 4: mail 1.0: no-contention part, spam=0 Mar 23 09:04:09.683485 check[22595]: [ 7] method 4: mail 1: all non-contention parts not spam, mail not spam Mar 23 09:04:09.683536 check[22595]: [ 3] mail 1 is not known spam. Mar 23 09:04:09.683603 check[22595]: [ 5] disconnecting from server shock.cloudmark.com Mar 23 09:04:09.683716 check[22595]: [ 4] shock.cloudmark.com << 5 Mar 23 09:04:09.683764 check[22595]: [ 6] a=q debug: Razor2 results: spam? 0 highest cf score: 0 debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x96d4be4) implements 'check_tick' debug: running raw-body-text per-line regexp tests; score so far=-4.27 debug: running full-text regexp tests; score so far=-4.27 debug: Razor2 is available debug: Pyzor is available: /usr/local/bin/pyzor debug: entering helper-app run mode debug: setuid: helper proc 22598: ruid=0 euid=0 debug: Pyzor: got response: 66.250.40.33:24441 (200, 'OK') 0 0 debug: leaving helper-app run mode debug: DCCifd is not available: no r/w dccifd socket found. debug: DCC is available: /usr/local/bin/dccproc debug: entering helper-app run mode debug: setuid: helper proc 22600: ruid=0 euid=0 debug: DCC: got response: X-DCC-xmailer-Metrics: mail.rudnick.com.br 1192; Body=49131 Fuz1=7421721 Fuz2=7422029 debug: leaving helper-app run mode debug: DCC: Listed! BODY: 49131 of 999999 FUZ1: 7421721 of 999999 FUZ2: 7422029 of 999999 debug: Running tests for priority: 500 debug: RBL: success for 1 of 1 queries debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x96d4be4) implements 'check_post_dnsbl' debug: running meta tests; score so far=-2.101 debug: running header regexp tests; score so far=-0.875 debug: running body-text per-line regexp tests; score so far=-0.875 debug: running uri tests; score so far=-0.875 debug: running raw-body-text per-line regexp tests; score so far=-0.875 debug: running full-text regexp tests; score so far=-0.875 debug: Running tests for priority: 1000 debug: running meta tests; score so far=-0.875 debug: running header regexp tests; score so far=-0.875 debug: running body-text per-line regexp tests; score so far=-0.875 debug: running uri tests; score so far=-0.875 debug: running raw-body-text per-line regexp tests; score so far=-0.875 debug: running full-text regexp tests; score so far=-0.875 debug: is spam? score=-0.875 required=5 debug: tests=ALL_TRUSTED,BAYES_40,DCC_CHECK,MISSING_HEADERS,MISSING_SUBJECT,NO_REAL _NAME debug: subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__SANE_MSGID,__UNUSAB LE_MSGID ----- Original Message ----- From: "Martin Hepworth" To: Sent: Wednesday, March 23, 2005 8:44 AM Subject: Re: New Spam > That means there's nothing in the input to query. > > Try with your email you originally sent to the list and post the full > output back here.. > > spamassassin -p /spam.assassin.prefs.conf -D --lint \ > < youremail.eml > > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Roger Jochem wrote: > > It is active... > > > > But running in debug it shows: > > > > URIDNSBL: Domains to query: > > > > And doesn't show any domain > > > > ----- Original Message ----- > > From: "Drew Marshall" > > To: > > Sent: Wednesday, March 23, 2005 7:39 AM > > Subject: Re: New Spam > > > > > > > >>Martin Hepworth said: > >> > >>>Roger > >>> > >>>make sure the plugin is enabled in /etc/mail/spamassassin/init.pre > >> > >> > >>Hmm, close with pre.init. Take Martin's advice, much more accurate :-) > >> > >>-- > >>In line with our policy, this message has > >>been scanned for viruses and dangerous > >>content by MailScanner, and is believed to be clean. > >>www.themarshalls.co.uk/policy > >> > >>------------------------ MailScanner list ------------------------ > >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>'leave mailscanner' in the body of the email. > >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> > >>Support MailScanner development - buy the book off the website! > > > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Wed Mar 23 12:18:09 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:29:09 2006 Subject: New Spam Message-ID: Hi! > > I'm receiving messages like the attached one for a while now. Is there > some spamassassin rule that can block this kind of spam? Aparently the > message, lokking the code, is very diferent from what is appearing on > screen. And the original text (that doesn't appear) is always very > diferent... Please dont forward spam to the list, i got plenty myself allready. And most people do i guess. For the one you posted, its picked up by SURBL so if you use SURBL you should see them tagged. Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Mar 23 12:23:21 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:09 2006 Subject: New Spam Message-ID: Roger some 'odd' things I notice quickly. the URI module is 1.19, mine is 1.35, try uopgrading the URI::URL perl module. I get more debug for the DNS tests .... debug: is Net::DNS::Resolver available? yes debug: Net::DNS version: 0.48 debug: trying (3) akamai.com... debug: looking up NS for 'akamai.com' debug: NS lookup of akamai.com succeeded => Dns available (set dns_available to hardcode) debug: is DNS available? 1 you don't seem to be getting all this. Is DNS working properly on this host? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Roger Jochem wrote: >>spamassassin -p /etc/MailScanner/spam.assassin.prefs.conf -D --lint < > > /etc/MailScanner/email.eml > debug: SpamAssassin version 3.0.2 > debug: Score set 0 chosen. > debug: running in taint mode? yes > debug: Running in taint mode, removing unsafe env vars, and resetting PATH > debug: PATH included '/bin', keeping. > debug: PATH included '/usr/bin', keeping. > debug: PATH included '/sbin', keeping. > debug: PATH included '/usr/sbin', keeping. > debug: PATH included '/usr/local/bin', keeping. > debug: Final PATH set to: /bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin > debug: diag: module installed: DBI, version 1.32 > debug: diag: module installed: DB_File, version 1.810 > debug: diag: module installed: Digest::SHA1, version 2.10 > debug: diag: module installed: IO::Socket::UNIX, version 1.2 > debug: diag: module installed: MIME::Base64, version 2.12 > debug: diag: module installed: Net::DNS, version 0.48 > debug: diag: module installed: Net::LDAP, version 0.32 > debug: diag: module installed: Razor2::Client::Agent, version 2.67 > debug: diag: module installed: Storable, version 2.06 > debug: diag: module installed: URI, version 1.19 > debug: ignore: using a test message to lint rules > debug: using "/etc/mail/spamassassin/init.pre" for site rules init.pre > debug: config: read file /etc/mail/spamassassin/init.pre > debug: using "/usr/share/spamassassin" for default rules dir > debug: config: read file /usr/share/spamassassin/10_misc.cf > debug: config: read file /usr/share/spamassassin/20_anti_ratware.cf > debug: config: read file /usr/share/spamassassin/20_body_tests.cf > debug: config: read file /usr/share/spamassassin/20_compensate.cf > debug: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf > debug: config: read file /usr/share/spamassassin/20_drugs.cf > debug: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf > debug: config: read file /usr/share/spamassassin/20_head_tests.cf > debug: config: read file /usr/share/spamassassin/20_html_tests.cf > debug: config: read file /usr/share/spamassassin/20_meta_tests.cf > debug: config: read file /usr/share/spamassassin/20_phrases.cf > debug: config: read file /usr/share/spamassassin/20_porn.cf > debug: config: read file /usr/share/spamassassin/20_ratware.cf > debug: config: read file /usr/share/spamassassin/20_uri_tests.cf > debug: config: read file /usr/share/spamassassin/23_bayes.cf > debug: config: read file /usr/share/spamassassin/25_body_tests_es.cf > debug: config: read file /usr/share/spamassassin/25_hashcash.cf > debug: config: read file /usr/share/spamassassin/25_spf.cf > debug: config: read file /usr/share/spamassassin/25_uribl.cf > debug: config: read file /usr/share/spamassassin/30_text_de.cf > debug: config: read file /usr/share/spamassassin/30_text_fr.cf > debug: config: read file /usr/share/spamassassin/30_text_nl.cf > debug: config: read file /usr/share/spamassassin/30_text_pl.cf > debug: config: read file /usr/share/spamassassin/50_scores.cf > debug: config: read file /usr/share/spamassassin/60_whitelist.cf > debug: using "/etc/mail/spamassassin" for site rules dir > debug: config: read file /etc/mail/spamassassin/bogus-virus-warnings.cf > debug: config: read file /etc/mail/spamassassin/regras-rudnick.cf > debug: using "/root/.spamassassin" for user state dir > debug: using "/etc/MailScanner/spam.assassin.prefs.conf" for user prefs file > debug: config: read file /etc/MailScanner/spam.assassin.prefs.conf > debug: plugin: loading Mail::SpamAssassin::Plugin::RelayCountry from @INC > debug: plugin: registered > Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x96a3f80) > debug: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC > debug: plugin: registered > Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x96d4be4) > debug: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC > debug: plugin: registered > Mail::SpamAssassin::Plugin::Hashcash=HASH(0x96ba9cc) > debug: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC > debug: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x96d4cf4) > debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x96d4be4) > implements 'parse_config' > debug: plugin: Mail::SpamAssassin::Plugin::Hashcash=HASH(0x96ba9cc) > implements 'parse_config' > debug: bayes: 22595 tie-ing to DB file R/O /etc/MailScanner/bayes/bayes_toks > debug: bayes: 22595 tie-ing to DB file R/O /etc/MailScanner/bayes/bayes_seen > debug: bayes: found bayes db version 3 > debug: Score set 3 chosen. > debug: ---- MIME PARSER START ---- > debug: main message type: text/plain > debug: parsing normal part > debug: added part, type: text/plain > debug: ---- MIME PARSER END ---- > debug: metadata: X-Spam-Relays-Trusted: > debug: metadata: X-Spam-Relays-Untrusted: > debug: plugin: Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x96a3f80) > implements 'extract_metadata' > debug: metadata: X-Relay-Countries: > debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x96d4be4) > implements 'parsed_metadata' > debug: dns_available set to yes in config file, skipping test > debug: decoding: no encoding detected > debug: URIDNSBL: domains to query: > debug: is Net::DNS::Resolver available? yes > debug: Net::DNS version: 0.48 > debug: all '*From' addrs: ignore@compiling.spamassassin.taint.org > debug: Running tests for priority: 0 > debug: running header regexp tests; score so far=0 > debug: registering glue method for check_hashcash_double_spend > (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x96ba9cc)) > debug: registering glue method for check_for_spf_helo_pass > (Mail::SpamAssassin::Plugin::SPF=HASH(0x96d4cf4)) > debug: SPF: message was delivered entirely via trusted relays, not required > debug: registering glue method for check_hashcash_value > (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x96ba9cc)) > debug: all '*To' addrs: > debug: registering glue method for check_for_spf_softfail > (Mail::SpamAssassin::Plugin::SPF=HASH(0x96d4cf4)) > debug: SPF: message was delivered entirely via trusted relays, not required > debug: registering glue method for check_for_spf_pass > (Mail::SpamAssassin::Plugin::SPF=HASH(0x96d4cf4)) > debug: registering glue method for check_for_spf_helo_softfail > (Mail::SpamAssassin::Plugin::SPF=HASH(0x96d4cf4)) > debug: registering glue method for check_for_spf_fail > (Mail::SpamAssassin::Plugin::SPF=HASH(0x96d4cf4)) > debug: registering glue method for check_for_spf_helo_fail > (Mail::SpamAssassin::Plugin::SPF=HASH(0x96d4cf4)) > debug: running body-text per-line regexp tests; score so far=-3.174 > debug: running uri tests; score so far=-3.174 > debug: registering glue method for check_uridnsbl > (Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x96d4be4)) > debug: bayes corpus size: nspam = 16915, nham = 42798 > debug: tokenize: header tokens for *F = "U*ignore > D*compiling.spamassassin.taint.org D*spamassassin.taint.org D*taint.org > D*org" > debug: tokenize: header tokens for *m = " 1111579447 lint_rules " > debug: tokenize: header tokens for X-Relay-Countries = " " > debug: tokenize: header tokens for *RT = " " > debug: tokenize: header tokens for *RU = " " > debug: bayes token 'H*Ad:D*org' => 0.0173548387096774 > debug: bayes token 'message' => 0.0636082163551004 > debug: bayes token 'H*F:D*org' => 0.902720711501242 > debug: bayes: score = 0.367449123126298 > debug: bayes: 22595 untie-ing > debug: bayes: 22595 untie-ing db_toks > debug: bayes: 22595 untie-ing db_seen > debug: Razor2 is available > debug: entering helper-app run mode > Razor-Log: Computed razorhome from env: /root/.razor > Razor-Log: Found razorhome: /root/.razor > Razor-Log: No /root/.razor/razor-agent.conf found, skipping. > Razor-Log: No razor-agent.conf found, using defaults. > Mar 23 09:04:08.684766 check[22595]: [ 2] [bootup] Logging initiated > LogDebugLevel=9 to stdout > Mar 23 09:04:08.685113 check[22595]: [ 5] computed razorhome=/root/.razor, > conf=, ident=/root/.razor/identity-ruhf3afFHl > Mar 23 09:04:08.685259 check[22595]: [ 8] Client supported_engines: 4 8 > Mar 23 09:04:08.685545 check[22595]: [ 8] prep_mail done: mail 1 > headers=93, mime0=1376 > Mar 23 09:04:08.685799 check[22595]: [ 5] read_file: 1 items read from > /root/.razor/servers.discovery.lst > Mar 23 09:04:08.685993 check[22595]: [ 5] read_file: 2 items read from > /root/.razor/servers.nomination.lst > Mar 23 09:04:08.686159 check[22595]: [ 5] read_file: 1 items read from > /root/.razor/servers.catalogue.lst > Mar 23 09:04:08.686375 check[22595]: [ 9] Assigning defaults to > folly.cloudmark.com > Mar 23 09:04:08.686489 check[22595]: [ 9] Assigning defaults to > joy.cloudmark.com > Mar 23 09:04:08.686610 check[22595]: [ 9] Assigning defaults to > shock.cloudmark.com > Mar 23 09:04:08.687211 check[22595]: [ 5] read_file: 12 items read from > /root/.razor/server.joy.cloudmark.com.conf > Mar 23 09:04:08.687599 check[22595]: [ 5] read_file: 12 items read from > /root/.razor/server.joy.cloudmark.com.conf > Mar 23 09:04:08.688071 check[22595]: [ 5] read_file: 16 items read from > /root/.razor/server.pride.cloudmark.com.conf > Mar 23 09:04:08.688507 check[22595]: [ 5] read_file: 16 items read from > /root/.razor/server.pride.cloudmark.com.conf > Mar 23 09:04:08.688948 check[22595]: [ 5] read_file: 16 items read from > /root/.razor/server.shock.cloudmark.com.conf > Mar 23 09:04:08.689375 check[22595]: [ 5] read_file: 16 items read from > /root/.razor/server.shock.cloudmark.com.conf > Mar 23 09:04:08.689830 check[22595]: [ 5] read_file: 16 items read from > /root/.razor/server.tension.cloudmark.com.conf > Mar 23 09:04:08.690263 check[22595]: [ 5] read_file: 16 items read from > /root/.razor/server.tension.cloudmark.com.conf > Mar 23 09:04:08.690712 check[22595]: [ 5] read_file: 16 items read from > /root/.razor/server.prejudice.cloudmark.com.conf > Mar 23 09:04:08.691145 check[22595]: [ 5] read_file: 16 items read from > /root/.razor/server.prejudice.cloudmark.com.conf > Mar 23 09:04:08.691282 check[22595]: [ 5] 39439 seconds before closest > server discovery > Mar 23 09:04:08.691408 check[22595]: [ 6] shock.cloudmark.com is a Catalogue > Server srl 5065; computed min_cf=6, Server se: C8 > Mar 23 09:04:08.691541 check[22595]: [ 8] Computed supported_engines: 4 8 > Mar 23 09:04:08.691632 check[22595]: [ 8] Using next closest server > shock.cloudmark.com:2703, cached info srl 5065 > Mar 23 09:04:08.691709 check[22595]: [ 8] mail 1 has no subject > Mar 23 09:04:08.693278 check[22595]: [ 6] preproc: mail 1.0 went from 1376 > bytes to 1339 > Mar 23 09:04:08.693380 check[22595]: [ 6] computing sigs for mail 1.0, len > 1339 > Mar 23 09:04:08.695397 check[22595]: [ 6] Engine (8) didn't produce a > signature for mail 1.0 > Mar 23 09:04:08.695538 check[22595]: [ 6] skipping whitelist file (empty?): > /root/.razor/razor-whitelist > Mar 23 09:04:08.695625 check[22595]: [ 5] Connecting to shock.cloudmark.com > ... > Mar 23 09:04:09.160788 check[22595]: [ 8] Connection established > Mar 23 09:04:09.160951 check[22595]: [ 4] shock.cloudmark.com >> 36 server > greeting: sn=C&srl=5065&a=l&a=cg&ep4=7542-10 > Mar 23 09:04:09.161289 check[22595]: [ 4] shock.cloudmark.com << 25 > Mar 23 09:04:09.161343 check[22595]: [ 6] cn=razor-agents&cv=2.67 > Mar 23 09:04:09.161503 check[22595]: [ 6] shock.cloudmark.com is a Catalogue > Server srl 5065; computed min_cf=6, Server se: C8 > Mar 23 09:04:09.161654 check[22595]: [ 8] Computed supported_engines: 4 8 > Mar 23 09:04:09.161767 check[22595]: [ 8] mail 1.0 e4 sig: > xFaZIZUVHk90OQfARnenjx5BZTMA > Mar 23 09:04:09.161867 check[22595]: [ 5] mail 1.0 e8 got no sig > Mar 23 09:04:09.161949 check[22595]: [ 8] preparing 1 queries > Mar 23 09:04:09.162082 check[22595]: [ 8] sending 1 batches > Mar 23 09:04:09.162180 check[22595]: [ 4] shodebug: Using results from Razor > v2.67 > debug: Found Razor2 part: part=0 engine=4 ct=0 cf=0 > debug: leaving helper-app run mode > ck.cloudmark.com << 52 > Mar 23 09:04:09.162272 check[22595]: [ 6] > a=c&e=4&ep4=7542-10&s=xFaZIZUVHk90OQfARnenjx5BZTMA > Mar 23 09:04:09.682945 check[22595]: [ 4] shock.cloudmark.com >> 5 > Mar 23 09:04:09.683039 check[22595]: [ 6] response to sent.2 > p=0 > Mar 23 09:04:09.683356 check[22595]: [ 6] mail 1.0 e=4 > sig=xFaZIZUVHk90OQfARnenjx5BZTMA: sig not found. > Mar 23 09:04:09.683432 check[22595]: [ 7] method 4: mail 1.0: no-contention > part, spam=0 > Mar 23 09:04:09.683485 check[22595]: [ 7] method 4: mail 1: all > non-contention parts not spam, mail not spam > Mar 23 09:04:09.683536 check[22595]: [ 3] mail 1 is not known spam. > Mar 23 09:04:09.683603 check[22595]: [ 5] disconnecting from server > shock.cloudmark.com > Mar 23 09:04:09.683716 check[22595]: [ 4] shock.cloudmark.com << 5 > Mar 23 09:04:09.683764 check[22595]: [ 6] a=q > debug: Razor2 results: spam? 0 highest cf score: 0 > debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x96d4be4) > implements 'check_tick' > debug: running raw-body-text per-line regexp tests; score so far=-4.27 > debug: running full-text regexp tests; score so far=-4.27 > debug: Razor2 is available > debug: Pyzor is available: /usr/local/bin/pyzor > debug: entering helper-app run mode > debug: setuid: helper proc 22598: ruid=0 euid=0 > debug: Pyzor: got response: 66.250.40.33:24441 (200, 'OK') 0 0 > debug: leaving helper-app run mode > debug: DCCifd is not available: no r/w dccifd socket found. > debug: DCC is available: /usr/local/bin/dccproc > debug: entering helper-app run mode > debug: setuid: helper proc 22600: ruid=0 euid=0 > debug: DCC: got response: X-DCC-xmailer-Metrics: mail.rudnick.com.br 1192; > Body=49131 Fuz1=7421721 Fuz2=7422029 > debug: leaving helper-app run mode > debug: DCC: Listed! BODY: 49131 of 999999 FUZ1: 7421721 of 999999 FUZ2: > 7422029 of 999999 > debug: Running tests for priority: 500 > debug: RBL: success for 1 of 1 queries > debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x96d4be4) > implements 'check_post_dnsbl' > debug: running meta tests; score so far=-2.101 > debug: running header regexp tests; score so far=-0.875 > debug: running body-text per-line regexp tests; score so far=-0.875 > debug: running uri tests; score so far=-0.875 > debug: running raw-body-text per-line regexp tests; score so far=-0.875 > debug: running full-text regexp tests; score so far=-0.875 > debug: Running tests for priority: 1000 > debug: running meta tests; score so far=-0.875 > debug: running header regexp tests; score so far=-0.875 > debug: running body-text per-line regexp tests; score so far=-0.875 > debug: running uri tests; score so far=-0.875 > debug: running raw-body-text per-line regexp tests; score so far=-0.875 > debug: running full-text regexp tests; score so far=-0.875 > debug: is spam? score=-0.875 required=5 > debug: > tests=ALL_TRUSTED,BAYES_40,DCC_CHECK,MISSING_HEADERS,MISSING_SUBJECT,NO_REAL > _NAME > debug: > subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__SANE_MSGID,__UNUSAB > LE_MSGID > > > > ----- Original Message ----- > From: "Martin Hepworth" > To: > Sent: Wednesday, March 23, 2005 8:44 AM > Subject: Re: New Spam > > > >>That means there's nothing in the input to query. >> >>Try with your email you originally sent to the list and post the full >>output back here.. >> >>spamassassin -p /spam.assassin.prefs.conf -D --lint \ >>< youremail.eml >> >> >> >>-- >>Martin Hepworth >>Snr Systems Administrator >>Solid State Logic >>Tel: +44 (0)1865 842300 >> >> >>Roger Jochem wrote: >> >>>It is active... >>> >>>But running in debug it shows: >>> >>>URIDNSBL: Domains to query: >>> >>>And doesn't show any domain >>> >>>----- Original Message ----- >>>From: "Drew Marshall" >>>To: >>>Sent: Wednesday, March 23, 2005 7:39 AM >>>Subject: Re: New Spam >>> >>> >>> >>> >>>>Martin Hepworth said: >>>> >>>> >>>>>Roger >>>>> >>>>>make sure the plugin is enabled in /etc/mail/spamassassin/init.pre >>>> >>>> >>>>Hmm, close with pre.init. Take Martin's advice, much more accurate :-) >>>> >>>>-- >>>>In line with our policy, this message has >>>>been scanned for viruses and dangerous >>>>content by MailScanner, and is believed to be clean. >>>>www.themarshalls.co.uk/policy >>>> >>>>------------------------ MailScanner list ------------------------ >>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>'leave mailscanner' in the body of the email. >>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>>Support MailScanner development - buy the book off the website! >>> >>> >>>------------------------ MailScanner list ------------------------ >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>'leave mailscanner' in the body of the email. >>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>Support MailScanner development - buy the book off the website! >> >>********************************************************************** >> >>This email and any files transmitted with it are confidential and >>intended solely for the use of the individual or entity to whom they >>are addressed. If you have received this email in error please notify >>the system manager. >> >>This footnote confirms that this email message has been swept >>for the presence of computer viruses and is believed to be clean. >> >>********************************************************************** >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Mar 23 12:27:52 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:10 2006 Subject: New Spam Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] And you have installed Net::DNS 0.48 at least haven't you... (won't work with earlier Net::DNS versions) Martin Hepworth wrote: > Roger > > some 'odd' things I notice quickly. > > the URI module is 1.19, mine is 1.35, try uopgrading the URI::URL perl > module. > > I get more debug for the DNS tests .... > > debug: is Net::DNS::Resolver available? yes > debug: Net::DNS version: 0.48 > debug: trying (3) akamai.com... > debug: looking up NS for 'akamai.com' > debug: NS lookup of akamai.com succeeded => Dns available (set > dns_available to hardcode) > debug: is DNS available? 1 > > you don't seem to be getting all this. Is DNS working properly on this > host? > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Roger Jochem wrote: > >>> spamassassin -p /etc/MailScanner/spam.assassin.prefs.conf -D --lint < >> >> >> /etc/MailScanner/email.eml >> debug: SpamAssassin version 3.0.2 >> debug: Score set 0 chosen. >> debug: running in taint mode? yes >> debug: Running in taint mode, removing unsafe env vars, and resetting >> PATH >> debug: PATH included '/bin', keeping. >> debug: PATH included '/usr/bin', keeping. >> debug: PATH included '/sbin', keeping. >> debug: PATH included '/usr/sbin', keeping. >> debug: PATH included '/usr/local/bin', keeping. >> debug: Final PATH set to: /bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin >> debug: diag: module installed: DBI, version 1.32 >> debug: diag: module installed: DB_File, version 1.810 >> debug: diag: module installed: Digest::SHA1, version 2.10 >> debug: diag: module installed: IO::Socket::UNIX, version 1.2 >> debug: diag: module installed: MIME::Base64, version 2.12 >> debug: diag: module installed: Net::DNS, version 0.48 >> debug: diag: module installed: Net::LDAP, version 0.32 >> debug: diag: module installed: Razor2::Client::Agent, version 2.67 >> debug: diag: module installed: Storable, version 2.06 >> debug: diag: module installed: URI, version 1.19 >> debug: ignore: using a test message to lint rules >> debug: using "/etc/mail/spamassassin/init.pre" for site rules init.pre >> debug: config: read file /etc/mail/spamassassin/init.pre >> debug: using "/usr/share/spamassassin" for default rules dir >> debug: config: read file /usr/share/spamassassin/10_misc.cf >> debug: config: read file /usr/share/spamassassin/20_anti_ratware.cf >> debug: config: read file /usr/share/spamassassin/20_body_tests.cf >> debug: config: read file /usr/share/spamassassin/20_compensate.cf >> debug: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf >> debug: config: read file /usr/share/spamassassin/20_drugs.cf >> debug: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf >> debug: config: read file /usr/share/spamassassin/20_head_tests.cf >> debug: config: read file /usr/share/spamassassin/20_html_tests.cf >> debug: config: read file /usr/share/spamassassin/20_meta_tests.cf >> debug: config: read file /usr/share/spamassassin/20_phrases.cf >> debug: config: read file /usr/share/spamassassin/20_porn.cf >> debug: config: read file /usr/share/spamassassin/20_ratware.cf >> debug: config: read file /usr/share/spamassassin/20_uri_tests.cf >> debug: config: read file /usr/share/spamassassin/23_bayes.cf >> debug: config: read file /usr/share/spamassassin/25_body_tests_es.cf >> debug: config: read file /usr/share/spamassassin/25_hashcash.cf >> debug: config: read file /usr/share/spamassassin/25_spf.cf >> debug: config: read file /usr/share/spamassassin/25_uribl.cf >> debug: config: read file /usr/share/spamassassin/30_text_de.cf >> debug: config: read file /usr/share/spamassassin/30_text_fr.cf >> debug: config: read file /usr/share/spamassassin/30_text_nl.cf >> debug: config: read file /usr/share/spamassassin/30_text_pl.cf >> debug: config: read file /usr/share/spamassassin/50_scores.cf >> debug: config: read file /usr/share/spamassassin/60_whitelist.cf >> debug: using "/etc/mail/spamassassin" for site rules dir >> debug: config: read file /etc/mail/spamassassin/bogus-virus-warnings.cf >> debug: config: read file /etc/mail/spamassassin/regras-rudnick.cf >> debug: using "/root/.spamassassin" for user state dir >> debug: using "/etc/MailScanner/spam.assassin.prefs.conf" for user >> prefs file >> debug: config: read file /etc/MailScanner/spam.assassin.prefs.conf >> debug: plugin: loading Mail::SpamAssassin::Plugin::RelayCountry from >> @INC >> debug: plugin: registered >> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x96a3f80) >> debug: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC >> debug: plugin: registered >> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x96d4be4) >> debug: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC >> debug: plugin: registered >> Mail::SpamAssassin::Plugin::Hashcash=HASH(0x96ba9cc) >> debug: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC >> debug: plugin: registered >> Mail::SpamAssassin::Plugin::SPF=HASH(0x96d4cf4) >> debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x96d4be4) >> implements 'parse_config' >> debug: plugin: Mail::SpamAssassin::Plugin::Hashcash=HASH(0x96ba9cc) >> implements 'parse_config' >> debug: bayes: 22595 tie-ing to DB file R/O >> /etc/MailScanner/bayes/bayes_toks >> debug: bayes: 22595 tie-ing to DB file R/O >> /etc/MailScanner/bayes/bayes_seen >> debug: bayes: found bayes db version 3 >> debug: Score set 3 chosen. >> debug: ---- MIME PARSER START ---- >> debug: main message type: text/plain >> debug: parsing normal part >> debug: added part, type: text/plain >> debug: ---- MIME PARSER END ---- >> debug: metadata: X-Spam-Relays-Trusted: >> debug: metadata: X-Spam-Relays-Untrusted: >> debug: plugin: Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x96a3f80) >> implements 'extract_metadata' >> debug: metadata: X-Relay-Countries: >> debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x96d4be4) >> implements 'parsed_metadata' >> debug: dns_available set to yes in config file, skipping test >> debug: decoding: no encoding detected >> debug: URIDNSBL: domains to query: >> debug: is Net::DNS::Resolver available? yes >> debug: Net::DNS version: 0.48 >> debug: all '*From' addrs: ignore@compiling.spamassassin.taint.org >> debug: Running tests for priority: 0 >> debug: running header regexp tests; score so far=0 >> debug: registering glue method for check_hashcash_double_spend >> (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x96ba9cc)) >> debug: registering glue method for check_for_spf_helo_pass >> (Mail::SpamAssassin::Plugin::SPF=HASH(0x96d4cf4)) >> debug: SPF: message was delivered entirely via trusted relays, not >> required >> debug: registering glue method for check_hashcash_value >> (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x96ba9cc)) >> debug: all '*To' addrs: >> debug: registering glue method for check_for_spf_softfail >> (Mail::SpamAssassin::Plugin::SPF=HASH(0x96d4cf4)) >> debug: SPF: message was delivered entirely via trusted relays, not >> required >> debug: registering glue method for check_for_spf_pass >> (Mail::SpamAssassin::Plugin::SPF=HASH(0x96d4cf4)) >> debug: registering glue method for check_for_spf_helo_softfail >> (Mail::SpamAssassin::Plugin::SPF=HASH(0x96d4cf4)) >> debug: registering glue method for check_for_spf_fail >> (Mail::SpamAssassin::Plugin::SPF=HASH(0x96d4cf4)) >> debug: registering glue method for check_for_spf_helo_fail >> (Mail::SpamAssassin::Plugin::SPF=HASH(0x96d4cf4)) >> debug: running body-text per-line regexp tests; score so far=-3.174 >> debug: running uri tests; score so far=-3.174 >> debug: registering glue method for check_uridnsbl >> (Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x96d4be4)) >> debug: bayes corpus size: nspam = 16915, nham = 42798 >> debug: tokenize: header tokens for *F = "U*ignore >> D*compiling.spamassassin.taint.org D*spamassassin.taint.org D*taint.org >> D*org" >> debug: tokenize: header tokens for *m = " 1111579447 lint_rules " >> debug: tokenize: header tokens for X-Relay-Countries = " " >> debug: tokenize: header tokens for *RT = " " >> debug: tokenize: header tokens for *RU = " " >> debug: bayes token 'H*Ad:D*org' => 0.0173548387096774 >> debug: bayes token 'message' => 0.0636082163551004 >> debug: bayes token 'H*F:D*org' => 0.902720711501242 >> debug: bayes: score = 0.367449123126298 >> debug: bayes: 22595 untie-ing >> debug: bayes: 22595 untie-ing db_toks >> debug: bayes: 22595 untie-ing db_seen >> debug: Razor2 is available >> debug: entering helper-app run mode >> Razor-Log: Computed razorhome from env: /root/.razor >> Razor-Log: Found razorhome: /root/.razor >> Razor-Log: No /root/.razor/razor-agent.conf found, skipping. >> Razor-Log: No razor-agent.conf found, using defaults. >> Mar 23 09:04:08.684766 check[22595]: [ 2] [bootup] Logging initiated >> LogDebugLevel=9 to stdout >> Mar 23 09:04:08.685113 check[22595]: [ 5] computed >> razorhome=/root/.razor, >> conf=, ident=/root/.razor/identity-ruhf3afFHl >> Mar 23 09:04:08.685259 check[22595]: [ 8] Client supported_engines: 4 8 >> Mar 23 09:04:08.685545 check[22595]: [ 8] prep_mail done: mail 1 >> headers=93, mime0=1376 >> Mar 23 09:04:08.685799 check[22595]: [ 5] read_file: 1 items read from >> /root/.razor/servers.discovery.lst >> Mar 23 09:04:08.685993 check[22595]: [ 5] read_file: 2 items read from >> /root/.razor/servers.nomination.lst >> Mar 23 09:04:08.686159 check[22595]: [ 5] read_file: 1 items read from >> /root/.razor/servers.catalogue.lst >> Mar 23 09:04:08.686375 check[22595]: [ 9] Assigning defaults to >> folly.cloudmark.com >> Mar 23 09:04:08.686489 check[22595]: [ 9] Assigning defaults to >> joy.cloudmark.com >> Mar 23 09:04:08.686610 check[22595]: [ 9] Assigning defaults to >> shock.cloudmark.com >> Mar 23 09:04:08.687211 check[22595]: [ 5] read_file: 12 items read from >> /root/.razor/server.joy.cloudmark.com.conf >> Mar 23 09:04:08.687599 check[22595]: [ 5] read_file: 12 items read from >> /root/.razor/server.joy.cloudmark.com.conf >> Mar 23 09:04:08.688071 check[22595]: [ 5] read_file: 16 items read from >> /root/.razor/server.pride.cloudmark.com.conf >> Mar 23 09:04:08.688507 check[22595]: [ 5] read_file: 16 items read from >> /root/.razor/server.pride.cloudmark.com.conf >> Mar 23 09:04:08.688948 check[22595]: [ 5] read_file: 16 items read from >> /root/.razor/server.shock.cloudmark.com.conf >> Mar 23 09:04:08.689375 check[22595]: [ 5] read_file: 16 items read from >> /root/.razor/server.shock.cloudmark.com.conf >> Mar 23 09:04:08.689830 check[22595]: [ 5] read_file: 16 items read from >> /root/.razor/server.tension.cloudmark.com.conf >> Mar 23 09:04:08.690263 check[22595]: [ 5] read_file: 16 items read from >> /root/.razor/server.tension.cloudmark.com.conf >> Mar 23 09:04:08.690712 check[22595]: [ 5] read_file: 16 items read from >> /root/.razor/server.prejudice.cloudmark.com.conf >> Mar 23 09:04:08.691145 check[22595]: [ 5] read_file: 16 items read from >> /root/.razor/server.prejudice.cloudmark.com.conf >> Mar 23 09:04:08.691282 check[22595]: [ 5] 39439 seconds before closest >> server discovery >> Mar 23 09:04:08.691408 check[22595]: [ 6] shock.cloudmark.com is a >> Catalogue >> Server srl 5065; computed min_cf=6, Server se: C8 >> Mar 23 09:04:08.691541 check[22595]: [ 8] Computed supported_engines: >> 4 8 >> Mar 23 09:04:08.691632 check[22595]: [ 8] Using next closest server >> shock.cloudmark.com:2703, cached info srl 5065 >> Mar 23 09:04:08.691709 check[22595]: [ 8] mail 1 has no subject >> Mar 23 09:04:08.693278 check[22595]: [ 6] preproc: mail 1.0 went from >> 1376 >> bytes to 1339 >> Mar 23 09:04:08.693380 check[22595]: [ 6] computing sigs for mail >> 1.0, len >> 1339 >> Mar 23 09:04:08.695397 check[22595]: [ 6] Engine (8) didn't produce a >> signature for mail 1.0 >> Mar 23 09:04:08.695538 check[22595]: [ 6] skipping whitelist file >> (empty?): >> /root/.razor/razor-whitelist >> Mar 23 09:04:08.695625 check[22595]: [ 5] Connecting to >> shock.cloudmark.com >> ... >> Mar 23 09:04:09.160788 check[22595]: [ 8] Connection established >> Mar 23 09:04:09.160951 check[22595]: [ 4] shock.cloudmark.com >> 36 >> server >> greeting: sn=C&srl=5065&a=l&a=cg&ep4=7542-10 >> Mar 23 09:04:09.161289 check[22595]: [ 4] shock.cloudmark.com << 25 >> Mar 23 09:04:09.161343 check[22595]: [ 6] cn=razor-agents&cv=2.67 >> Mar 23 09:04:09.161503 check[22595]: [ 6] shock.cloudmark.com is a >> Catalogue >> Server srl 5065; computed min_cf=6, Server se: C8 >> Mar 23 09:04:09.161654 check[22595]: [ 8] Computed supported_engines: >> 4 8 >> Mar 23 09:04:09.161767 check[22595]: [ 8] mail 1.0 e4 sig: >> xFaZIZUVHk90OQfARnenjx5BZTMA >> Mar 23 09:04:09.161867 check[22595]: [ 5] mail 1.0 e8 got no sig >> Mar 23 09:04:09.161949 check[22595]: [ 8] preparing 1 queries >> Mar 23 09:04:09.162082 check[22595]: [ 8] sending 1 batches >> Mar 23 09:04:09.162180 check[22595]: [ 4] shodebug: Using results >> from Razor >> v2.67 >> debug: Found Razor2 part: part=0 engine=4 ct=0 cf=0 >> debug: leaving helper-app run mode >> ck.cloudmark.com << 52 >> Mar 23 09:04:09.162272 check[22595]: [ 6] >> a=c&e=4&ep4=7542-10&s=xFaZIZUVHk90OQfARnenjx5BZTMA >> Mar 23 09:04:09.682945 check[22595]: [ 4] shock.cloudmark.com >> 5 >> Mar 23 09:04:09.683039 check[22595]: [ 6] response to sent.2 >> p=0 >> Mar 23 09:04:09.683356 check[22595]: [ 6] mail 1.0 e=4 >> sig=xFaZIZUVHk90OQfARnenjx5BZTMA: sig not found. >> Mar 23 09:04:09.683432 check[22595]: [ 7] method 4: mail 1.0: >> no-contention >> part, spam=0 >> Mar 23 09:04:09.683485 check[22595]: [ 7] method 4: mail 1: all >> non-contention parts not spam, mail not spam >> Mar 23 09:04:09.683536 check[22595]: [ 3] mail 1 is not known spam. >> Mar 23 09:04:09.683603 check[22595]: [ 5] disconnecting from server >> shock.cloudmark.com >> Mar 23 09:04:09.683716 check[22595]: [ 4] shock.cloudmark.com << 5 >> Mar 23 09:04:09.683764 check[22595]: [ 6] a=q >> debug: Razor2 results: spam? 0 highest cf score: 0 >> debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x96d4be4) >> implements 'check_tick' >> debug: running raw-body-text per-line regexp tests; score so far=-4.27 >> debug: running full-text regexp tests; score so far=-4.27 >> debug: Razor2 is available >> debug: Pyzor is available: /usr/local/bin/pyzor >> debug: entering helper-app run mode >> debug: setuid: helper proc 22598: ruid=0 euid=0 >> debug: Pyzor: got response: 66.250.40.33:24441 (200, 'OK') 0 0 >> debug: leaving helper-app run mode >> debug: DCCifd is not available: no r/w dccifd socket found. >> debug: DCC is available: /usr/local/bin/dccproc >> debug: entering helper-app run mode >> debug: setuid: helper proc 22600: ruid=0 euid=0 >> debug: DCC: got response: X-DCC-xmailer-Metrics: mail.rudnick.com.br >> 1192; >> Body=49131 Fuz1=7421721 Fuz2=7422029 >> debug: leaving helper-app run mode >> debug: DCC: Listed! BODY: 49131 of 999999 FUZ1: 7421721 of 999999 FUZ2: >> 7422029 of 999999 >> debug: Running tests for priority: 500 >> debug: RBL: success for 1 of 1 queries >> debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x96d4be4) >> implements 'check_post_dnsbl' >> debug: running meta tests; score so far=-2.101 >> debug: running header regexp tests; score so far=-0.875 >> debug: running body-text per-line regexp tests; score so far=-0.875 >> debug: running uri tests; score so far=-0.875 >> debug: running raw-body-text per-line regexp tests; score so far=-0.875 >> debug: running full-text regexp tests; score so far=-0.875 >> debug: Running tests for priority: 1000 >> debug: running meta tests; score so far=-0.875 >> debug: running header regexp tests; score so far=-0.875 >> debug: running body-text per-line regexp tests; score so far=-0.875 >> debug: running uri tests; score so far=-0.875 >> debug: running raw-body-text per-line regexp tests; score so far=-0.875 >> debug: running full-text regexp tests; score so far=-0.875 >> debug: is spam? score=-0.875 required=5 >> debug: >> tests=ALL_TRUSTED,BAYES_40,DCC_CHECK,MISSING_HEADERS,MISSING_SUBJECT,NO_REAL >> >> _NAME >> debug: >> subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__SANE_MSGID,__UNUSAB >> >> LE_MSGID >> >> >> >> ----- Original Message ----- >> From: "Martin Hepworth" >> To: >> Sent: Wednesday, March 23, 2005 8:44 AM >> Subject: Re: New Spam >> >> >> >>> That means there's nothing in the input to query. >>> >>> Try with your email you originally sent to the list and post the full >>> output back here.. >>> >>> spamassassin -p /spam.assassin.prefs.conf -D --lint \ >>> < youremail.eml >>> >>> >>> >>> -- >>> Martin Hepworth >>> Snr Systems Administrator >>> Solid State Logic >>> Tel: +44 (0)1865 842300 >>> >>> >>> Roger Jochem wrote: >>> >>>> It is active... >>>> >>>> But running in debug it shows: >>>> >>>> URIDNSBL: Domains to query: >>>> >>>> And doesn't show any domain >>>> >>>> ----- Original Message ----- >>>> From: "Drew Marshall" >>>> To: >>>> Sent: Wednesday, March 23, 2005 7:39 AM >>>> Subject: Re: New Spam >>>> >>>> >>>> >>>> >>>>> Martin Hepworth said: >>>>> >>>>> >>>>>> Roger >>>>>> >>>>>> make sure the plugin is enabled in /etc/mail/spamassassin/init.pre >>>>> >>>>> >>>>> >>>>> Hmm, close with pre.init. Take Martin's advice, much more accurate >>>>> :-) >>>>> >>>>> -- >>>>> In line with our policy, this message has >>>>> been scanned for viruses and dangerous >>>>> content by MailScanner, and is believed to be clean. >>>>> www.themarshalls.co.uk/policy >>>>> >>>>> ------------------------ MailScanner list ------------------------ >>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>> 'leave mailscanner' in the body of the email. >>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>> >>> >>> ********************************************************************** >>> >>> This email and any files transmitted with it are confidential and >>> intended solely for the use of the individual or entity to whom they >>> are addressed. If you have received this email in error please notify >>> the system manager. >>> >>> This footnote confirms that this email message has been swept >>> for the presence of computer viruses and is believed to be clean. >>> >>> ********************************************************************** >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >> >> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Wed Mar 23 12:33:50 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:29:10 2006 Subject: New Spam Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Yes. 0.48 ----- Original Message ----- From: "Julian Field" To: Sent: Wednesday, March 23, 2005 9:27 AM Subject: Re: New Spam > And you have installed Net::DNS 0.48 at least haven't you... (won't work > with earlier Net::DNS versions) > > Martin Hepworth wrote: > > > Roger > > > > some 'odd' things I notice quickly. > > > > the URI module is 1.19, mine is 1.35, try uopgrading the URI::URL perl > > module. > > > > I get more debug for the DNS tests .... > > > > debug: is Net::DNS::Resolver available? yes > > debug: Net::DNS version: 0.48 > > debug: trying (3) akamai.com... > > debug: looking up NS for 'akamai.com' > > debug: NS lookup of akamai.com succeeded => Dns available (set > > dns_available to hardcode) > > debug: is DNS available? 1 > > > > you don't seem to be getting all this. Is DNS working properly on this > > host? > > > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > > > Roger Jochem wrote: > > > >>> spamassassin -p /etc/MailScanner/spam.assassin.prefs.conf -D --lint < > >> > >> > >> /etc/MailScanner/email.eml > >> debug: SpamAssassin version 3.0.2 > >> debug: Score set 0 chosen. > >> debug: running in taint mode? yes > >> debug: Running in taint mode, removing unsafe env vars, and resetting > >> PATH > >> debug: PATH included '/bin', keeping. > >> debug: PATH included '/usr/bin', keeping. > >> debug: PATH included '/sbin', keeping. > >> debug: PATH included '/usr/sbin', keeping. > >> debug: PATH included '/usr/local/bin', keeping. > >> debug: Final PATH set to: /bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin > >> debug: diag: module installed: DBI, version 1.32 > >> debug: diag: module installed: DB_File, version 1.810 > >> debug: diag: module installed: Digest::SHA1, version 2.10 > >> debug: diag: module installed: IO::Socket::UNIX, version 1.2 > >> debug: diag: module installed: MIME::Base64, version 2.12 > >> debug: diag: module installed: Net::DNS, version 0.48 > >> debug: diag: module installed: Net::LDAP, version 0.32 > >> debug: diag: module installed: Razor2::Client::Agent, version 2.67 > >> debug: diag: module installed: Storable, version 2.06 > >> debug: diag: module installed: URI, version 1.19 > >> debug: ignore: using a test message to lint rules > >> debug: using "/etc/mail/spamassassin/init.pre" for site rules init.pre > >> debug: config: read file /etc/mail/spamassassin/init.pre > >> debug: using "/usr/share/spamassassin" for default rules dir > >> debug: config: read file /usr/share/spamassassin/10_misc.cf > >> debug: config: read file /usr/share/spamassassin/20_anti_ratware.cf > >> debug: config: read file /usr/share/spamassassin/20_body_tests.cf > >> debug: config: read file /usr/share/spamassassin/20_compensate.cf > >> debug: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf > >> debug: config: read file /usr/share/spamassassin/20_drugs.cf > >> debug: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf > >> debug: config: read file /usr/share/spamassassin/20_head_tests.cf > >> debug: config: read file /usr/share/spamassassin/20_html_tests.cf > >> debug: config: read file /usr/share/spamassassin/20_meta_tests.cf > >> debug: config: read file /usr/share/spamassassin/20_phrases.cf > >> debug: config: read file /usr/share/spamassassin/20_porn.cf > >> debug: config: read file /usr/share/spamassassin/20_ratware.cf > >> debug: config: read file /usr/share/spamassassin/20_uri_tests.cf > >> debug: config: read file /usr/share/spamassassin/23_bayes.cf > >> debug: config: read file /usr/share/spamassassin/25_body_tests_es.cf > >> debug: config: read file /usr/share/spamassassin/25_hashcash.cf > >> debug: config: read file /usr/share/spamassassin/25_spf.cf > >> debug: config: read file /usr/share/spamassassin/25_uribl.cf > >> debug: config: read file /usr/share/spamassassin/30_text_de.cf > >> debug: config: read file /usr/share/spamassassin/30_text_fr.cf > >> debug: config: read file /usr/share/spamassassin/30_text_nl.cf > >> debug: config: read file /usr/share/spamassassin/30_text_pl.cf > >> debug: config: read file /usr/share/spamassassin/50_scores.cf > >> debug: config: read file /usr/share/spamassassin/60_whitelist.cf > >> debug: using "/etc/mail/spamassassin" for site rules dir > >> debug: config: read file /etc/mail/spamassassin/bogus-virus-warnings.cf > >> debug: config: read file /etc/mail/spamassassin/regras-rudnick.cf > >> debug: using "/root/.spamassassin" for user state dir > >> debug: using "/etc/MailScanner/spam.assassin.prefs.conf" for user > >> prefs file > >> debug: config: read file /etc/MailScanner/spam.assassin.prefs.conf > >> debug: plugin: loading Mail::SpamAssassin::Plugin::RelayCountry from > >> @INC > >> debug: plugin: registered > >> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x96a3f80) > >> debug: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC > >> debug: plugin: registered > >> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x96d4be4) > >> debug: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC > >> debug: plugin: registered > >> Mail::SpamAssassin::Plugin::Hashcash=HASH(0x96ba9cc) > >> debug: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC > >> debug: plugin: registered > >> Mail::SpamAssassin::Plugin::SPF=HASH(0x96d4cf4) > >> debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x96d4be4) > >> implements 'parse_config' > >> debug: plugin: Mail::SpamAssassin::Plugin::Hashcash=HASH(0x96ba9cc) > >> implements 'parse_config' > >> debug: bayes: 22595 tie-ing to DB file R/O > >> /etc/MailScanner/bayes/bayes_toks > >> debug: bayes: 22595 tie-ing to DB file R/O > >> /etc/MailScanner/bayes/bayes_seen > >> debug: bayes: found bayes db version 3 > >> debug: Score set 3 chosen. > >> debug: ---- MIME PARSER START ---- > >> debug: main message type: text/plain > >> debug: parsing normal part > >> debug: added part, type: text/plain > >> debug: ---- MIME PARSER END ---- > >> debug: metadata: X-Spam-Relays-Trusted: > >> debug: metadata: X-Spam-Relays-Untrusted: > >> debug: plugin: Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x96a3f80) > >> implements 'extract_metadata' > >> debug: metadata: X-Relay-Countries: > >> debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x96d4be4) > >> implements 'parsed_metadata' > >> debug: dns_available set to yes in config file, skipping test > >> debug: decoding: no encoding detected > >> debug: URIDNSBL: domains to query: > >> debug: is Net::DNS::Resolver available? yes > >> debug: Net::DNS version: 0.48 > >> debug: all '*From' addrs: ignore@compiling.spamassassin.taint.org > >> debug: Running tests for priority: 0 > >> debug: running header regexp tests; score so far=0 > >> debug: registering glue method for check_hashcash_double_spend > >> (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x96ba9cc)) > >> debug: registering glue method for check_for_spf_helo_pass > >> (Mail::SpamAssassin::Plugin::SPF=HASH(0x96d4cf4)) > >> debug: SPF: message was delivered entirely via trusted relays, not > >> required > >> debug: registering glue method for check_hashcash_value > >> (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x96ba9cc)) > >> debug: all '*To' addrs: > >> debug: registering glue method for check_for_spf_softfail > >> (Mail::SpamAssassin::Plugin::SPF=HASH(0x96d4cf4)) > >> debug: SPF: message was delivered entirely via trusted relays, not > >> required > >> debug: registering glue method for check_for_spf_pass > >> (Mail::SpamAssassin::Plugin::SPF=HASH(0x96d4cf4)) > >> debug: registering glue method for check_for_spf_helo_softfail > >> (Mail::SpamAssassin::Plugin::SPF=HASH(0x96d4cf4)) > >> debug: registering glue method for check_for_spf_fail > >> (Mail::SpamAssassin::Plugin::SPF=HASH(0x96d4cf4)) > >> debug: registering glue method for check_for_spf_helo_fail > >> (Mail::SpamAssassin::Plugin::SPF=HASH(0x96d4cf4)) > >> debug: running body-text per-line regexp tests; score so far=-3.174 > >> debug: running uri tests; score so far=-3.174 > >> debug: registering glue method for check_uridnsbl > >> (Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x96d4be4)) > >> debug: bayes corpus size: nspam = 16915, nham = 42798 > >> debug: tokenize: header tokens for *F = "U*ignore > >> D*compiling.spamassassin.taint.org D*spamassassin.taint.org D*taint.org > >> D*org" > >> debug: tokenize: header tokens for *m = " 1111579447 lint_rules " > >> debug: tokenize: header tokens for X-Relay-Countries = " " > >> debug: tokenize: header tokens for *RT = " " > >> debug: tokenize: header tokens for *RU = " " > >> debug: bayes token 'H*Ad:D*org' => 0.0173548387096774 > >> debug: bayes token 'message' => 0.0636082163551004 > >> debug: bayes token 'H*F:D*org' => 0.902720711501242 > >> debug: bayes: score = 0.367449123126298 > >> debug: bayes: 22595 untie-ing > >> debug: bayes: 22595 untie-ing db_toks > >> debug: bayes: 22595 untie-ing db_seen > >> debug: Razor2 is available > >> debug: entering helper-app run mode > >> Razor-Log: Computed razorhome from env: /root/.razor > >> Razor-Log: Found razorhome: /root/.razor > >> Razor-Log: No /root/.razor/razor-agent.conf found, skipping. > >> Razor-Log: No razor-agent.conf found, using defaults. > >> Mar 23 09:04:08.684766 check[22595]: [ 2] [bootup] Logging initiated > >> LogDebugLevel=9 to stdout > >> Mar 23 09:04:08.685113 check[22595]: [ 5] computed > >> razorhome=/root/.razor, > >> conf=, ident=/root/.razor/identity-ruhf3afFHl > >> Mar 23 09:04:08.685259 check[22595]: [ 8] Client supported_engines: 4 8 > >> Mar 23 09:04:08.685545 check[22595]: [ 8] prep_mail done: mail 1 > >> headers=93, mime0=1376 > >> Mar 23 09:04:08.685799 check[22595]: [ 5] read_file: 1 items read from > >> /root/.razor/servers.discovery.lst > >> Mar 23 09:04:08.685993 check[22595]: [ 5] read_file: 2 items read from > >> /root/.razor/servers.nomination.lst > >> Mar 23 09:04:08.686159 check[22595]: [ 5] read_file: 1 items read from > >> /root/.razor/servers.catalogue.lst > >> Mar 23 09:04:08.686375 check[22595]: [ 9] Assigning defaults to > >> folly.cloudmark.com > >> Mar 23 09:04:08.686489 check[22595]: [ 9] Assigning defaults to > >> joy.cloudmark.com > >> Mar 23 09:04:08.686610 check[22595]: [ 9] Assigning defaults to > >> shock.cloudmark.com > >> Mar 23 09:04:08.687211 check[22595]: [ 5] read_file: 12 items read from > >> /root/.razor/server.joy.cloudmark.com.conf > >> Mar 23 09:04:08.687599 check[22595]: [ 5] read_file: 12 items read from > >> /root/.razor/server.joy.cloudmark.com.conf > >> Mar 23 09:04:08.688071 check[22595]: [ 5] read_file: 16 items read from > >> /root/.razor/server.pride.cloudmark.com.conf > >> Mar 23 09:04:08.688507 check[22595]: [ 5] read_file: 16 items read from > >> /root/.razor/server.pride.cloudmark.com.conf > >> Mar 23 09:04:08.688948 check[22595]: [ 5] read_file: 16 items read from > >> /root/.razor/server.shock.cloudmark.com.conf > >> Mar 23 09:04:08.689375 check[22595]: [ 5] read_file: 16 items read from > >> /root/.razor/server.shock.cloudmark.com.conf > >> Mar 23 09:04:08.689830 check[22595]: [ 5] read_file: 16 items read from > >> /root/.razor/server.tension.cloudmark.com.conf > >> Mar 23 09:04:08.690263 check[22595]: [ 5] read_file: 16 items read from > >> /root/.razor/server.tension.cloudmark.com.conf > >> Mar 23 09:04:08.690712 check[22595]: [ 5] read_file: 16 items read from > >> /root/.razor/server.prejudice.cloudmark.com.conf > >> Mar 23 09:04:08.691145 check[22595]: [ 5] read_file: 16 items read from > >> /root/.razor/server.prejudice.cloudmark.com.conf > >> Mar 23 09:04:08.691282 check[22595]: [ 5] 39439 seconds before closest > >> server discovery > >> Mar 23 09:04:08.691408 check[22595]: [ 6] shock.cloudmark.com is a > >> Catalogue > >> Server srl 5065; computed min_cf=6, Server se: C8 > >> Mar 23 09:04:08.691541 check[22595]: [ 8] Computed supported_engines: > >> 4 8 > >> Mar 23 09:04:08.691632 check[22595]: [ 8] Using next closest server > >> shock.cloudmark.com:2703, cached info srl 5065 > >> Mar 23 09:04:08.691709 check[22595]: [ 8] mail 1 has no subject > >> Mar 23 09:04:08.693278 check[22595]: [ 6] preproc: mail 1.0 went from > >> 1376 > >> bytes to 1339 > >> Mar 23 09:04:08.693380 check[22595]: [ 6] computing sigs for mail > >> 1.0, len > >> 1339 > >> Mar 23 09:04:08.695397 check[22595]: [ 6] Engine (8) didn't produce a > >> signature for mail 1.0 > >> Mar 23 09:04:08.695538 check[22595]: [ 6] skipping whitelist file > >> (empty?): > >> /root/.razor/razor-whitelist > >> Mar 23 09:04:08.695625 check[22595]: [ 5] Connecting to > >> shock.cloudmark.com > >> ... > >> Mar 23 09:04:09.160788 check[22595]: [ 8] Connection established > >> Mar 23 09:04:09.160951 check[22595]: [ 4] shock.cloudmark.com >> 36 > >> server > >> greeting: sn=C&srl=5065&a=l&a=cg&ep4=7542-10 > >> Mar 23 09:04:09.161289 check[22595]: [ 4] shock.cloudmark.com << 25 > >> Mar 23 09:04:09.161343 check[22595]: [ 6] cn=razor-agents&cv=2.67 > >> Mar 23 09:04:09.161503 check[22595]: [ 6] shock.cloudmark.com is a > >> Catalogue > >> Server srl 5065; computed min_cf=6, Server se: C8 > >> Mar 23 09:04:09.161654 check[22595]: [ 8] Computed supported_engines: > >> 4 8 > >> Mar 23 09:04:09.161767 check[22595]: [ 8] mail 1.0 e4 sig: > >> xFaZIZUVHk90OQfARnenjx5BZTMA > >> Mar 23 09:04:09.161867 check[22595]: [ 5] mail 1.0 e8 got no sig > >> Mar 23 09:04:09.161949 check[22595]: [ 8] preparing 1 queries > >> Mar 23 09:04:09.162082 check[22595]: [ 8] sending 1 batches > >> Mar 23 09:04:09.162180 check[22595]: [ 4] shodebug: Using results > >> from Razor > >> v2.67 > >> debug: Found Razor2 part: part=0 engine=4 ct=0 cf=0 > >> debug: leaving helper-app run mode > >> ck.cloudmark.com << 52 > >> Mar 23 09:04:09.162272 check[22595]: [ 6] > >> a=c&e=4&ep4=7542-10&s=xFaZIZUVHk90OQfARnenjx5BZTMA > >> Mar 23 09:04:09.682945 check[22595]: [ 4] shock.cloudmark.com >> 5 > >> Mar 23 09:04:09.683039 check[22595]: [ 6] response to sent.2 > >> p=0 > >> Mar 23 09:04:09.683356 check[22595]: [ 6] mail 1.0 e=4 > >> sig=xFaZIZUVHk90OQfARnenjx5BZTMA: sig not found. > >> Mar 23 09:04:09.683432 check[22595]: [ 7] method 4: mail 1.0: > >> no-contention > >> part, spam=0 > >> Mar 23 09:04:09.683485 check[22595]: [ 7] method 4: mail 1: all > >> non-contention parts not spam, mail not spam > >> Mar 23 09:04:09.683536 check[22595]: [ 3] mail 1 is not known spam. > >> Mar 23 09:04:09.683603 check[22595]: [ 5] disconnecting from server > >> shock.cloudmark.com > >> Mar 23 09:04:09.683716 check[22595]: [ 4] shock.cloudmark.com << 5 > >> Mar 23 09:04:09.683764 check[22595]: [ 6] a=q > >> debug: Razor2 results: spam? 0 highest cf score: 0 > >> debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x96d4be4) > >> implements 'check_tick' > >> debug: running raw-body-text per-line regexp tests; score so far=-4.27 > >> debug: running full-text regexp tests; score so far=-4.27 > >> debug: Razor2 is available > >> debug: Pyzor is available: /usr/local/bin/pyzor > >> debug: entering helper-app run mode > >> debug: setuid: helper proc 22598: ruid=0 euid=0 > >> debug: Pyzor: got response: 66.250.40.33:24441 (200, 'OK') 0 0 > >> debug: leaving helper-app run mode > >> debug: DCCifd is not available: no r/w dccifd socket found. > >> debug: DCC is available: /usr/local/bin/dccproc > >> debug: entering helper-app run mode > >> debug: setuid: helper proc 22600: ruid=0 euid=0 > >> debug: DCC: got response: X-DCC-xmailer-Metrics: mail.rudnick.com.br > >> 1192; > >> Body=49131 Fuz1=7421721 Fuz2=7422029 > >> debug: leaving helper-app run mode > >> debug: DCC: Listed! BODY: 49131 of 999999 FUZ1: 7421721 of 999999 FUZ2: > >> 7422029 of 999999 > >> debug: Running tests for priority: 500 > >> debug: RBL: success for 1 of 1 queries > >> debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x96d4be4) > >> implements 'check_post_dnsbl' > >> debug: running meta tests; score so far=-2.101 > >> debug: running header regexp tests; score so far=-0.875 > >> debug: running body-text per-line regexp tests; score so far=-0.875 > >> debug: running uri tests; score so far=-0.875 > >> debug: running raw-body-text per-line regexp tests; score so far=-0.875 > >> debug: running full-text regexp tests; score so far=-0.875 > >> debug: Running tests for priority: 1000 > >> debug: running meta tests; score so far=-0.875 > >> debug: running header regexp tests; score so far=-0.875 > >> debug: running body-text per-line regexp tests; score so far=-0.875 > >> debug: running uri tests; score so far=-0.875 > >> debug: running raw-body-text per-line regexp tests; score so far=-0.875 > >> debug: running full-text regexp tests; score so far=-0.875 > >> debug: is spam? score=-0.875 required=5 > >> debug: > >> tests=ALL_TRUSTED,BAYES_40,DCC_CHECK,MISSING_HEADERS,MISSING_SUBJECT,NO_REAL > >> > >> _NAME > >> debug: > >> subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__SANE_MSGID,__UNUSAB > >> > >> LE_MSGID > >> > >> > >> > >> ----- Original Message ----- > >> From: "Martin Hepworth" > >> To: > >> Sent: Wednesday, March 23, 2005 8:44 AM > >> Subject: Re: New Spam > >> > >> > >> > >>> That means there's nothing in the input to query. > >>> > >>> Try with your email you originally sent to the list and post the full > >>> output back here.. > >>> > >>> spamassassin -p /spam.assassin.prefs.conf -D --lint \ > >>> < youremail.eml > >>> > >>> > >>> > >>> -- > >>> Martin Hepworth > >>> Snr Systems Administrator > >>> Solid State Logic > >>> Tel: +44 (0)1865 842300 > >>> > >>> > >>> Roger Jochem wrote: > >>> > >>>> It is active... > >>>> > >>>> But running in debug it shows: > >>>> > >>>> URIDNSBL: Domains to query: > >>>> > >>>> And doesn't show any domain > >>>> > >>>> ----- Original Message ----- > >>>> From: "Drew Marshall" > >>>> To: > >>>> Sent: Wednesday, March 23, 2005 7:39 AM > >>>> Subject: Re: New Spam > >>>> > >>>> > >>>> > >>>> > >>>>> Martin Hepworth said: > >>>>> > >>>>> > >>>>>> Roger > >>>>>> > >>>>>> make sure the plugin is enabled in /etc/mail/spamassassin/init.pre > >>>>> > >>>>> > >>>>> > >>>>> Hmm, close with pre.init. Take Martin's advice, much more accurate > >>>>> :-) > >>>>> > >>>>> -- > >>>>> In line with our policy, this message has > >>>>> been scanned for viruses and dangerous > >>>>> content by MailScanner, and is believed to be clean. > >>>>> www.themarshalls.co.uk/policy > >>>>> > >>>>> ------------------------ MailScanner list ------------------------ > >>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>>>> 'leave mailscanner' in the body of the email. > >>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >>>>> > >>>>> Support MailScanner development - buy the book off the website! > >>>> > >>>> > >>>> > >>>> ------------------------ MailScanner list ------------------------ > >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>>> 'leave mailscanner' in the body of the email. > >>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >>>> > >>>> Support MailScanner development - buy the book off the website! > >>> > >>> > >>> ********************************************************************** > >>> > >>> This email and any files transmitted with it are confidential and > >>> intended solely for the use of the individual or entity to whom they > >>> are addressed. If you have received this email in error please notify > >>> the system manager. > >>> > >>> This footnote confirms that this email message has been swept > >>> for the presence of computer viruses and is believed to be clean. > >>> > >>> ********************************************************************** > >>> > >>> ------------------------ MailScanner list ------------------------ > >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>> 'leave mailscanner' in the body of the email. > >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >>> > >>> Support MailScanner development - buy the book off the website! > >> > >> > >> > >> ------------------------ MailScanner list ------------------------ > >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >> 'leave mailscanner' in the body of the email. > >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> > >> Support MailScanner development - buy the book off the website! > > > > > > ********************************************************************** > > > > This email and any files transmitted with it are confidential and > > intended solely for the use of the individual or entity to whom they > > are addressed. If you have received this email in error please notify > > the system manager. > > > > This footnote confirms that this email message has been swept > > for the presence of computer viruses and is believed to be clean. > > > > ********************************************************************** > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rakesh at NETCORE.CO.IN Wed Mar 23 13:10:27 2005 From: rakesh at NETCORE.CO.IN (Rakesh) Date: Thu Jan 12 21:29:10 2006 Subject: CustomConfig funtions and parameters. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > Here is a brief example: > > Outgoing Queue Dir = &ChooseZMOutQueueDir("dir1","dir2") > > and then in the Custom Function file: > > my @ZMOutQueueDirs=(); > > sub InitChooseZMOutQueueDir { > @ZMOutQueueDirs=@_; > > MailScanner::Log::InfoLog("Initializing ChooseZMOutQueueDir Version > %s...", > $MailScanner::CustomConfig::ZMRouterDirHash::VERSION); > .... > So they just get picked up as parameters to the Init.... function. It's > that simple. > I tried to do something similar with the 4.38 version for "SpamAssassin User State Dir", without any success. Idea was to have different User state directories for different domains for a virtual domain like setup so that i can have different bayes for different domains and a default fallback path for the domains whose User state directory is not specified. I was trying to do this with versions older than 3.x of spamassassin. Now Spamassassin 3.x has default support for bayes in sql which does support domain wise and userwise bayes, but i haven't really bench marked on using which will be more useful. Any suggestions/comments on this idea. Will it be any useful to have different SpamAssassin User State Dir in MailScanner itself. -- Regards, Rakesh B. Pal Emergic CleanMail Team. Netcore Solutions Pvt. Ltd. ======================================================================== "First they ignore you. Then they laugh at you. Then they fight you. Then you win." - M. Gandhi ======================================================================== ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From davidb at UNIQUEPHOTO.COM Wed Mar 23 16:31:47 2005 From: davidb at UNIQUEPHOTO.COM (David Ballengee) Date: Thu Jan 12 21:29:10 2006 Subject: certain spam messages not be forwarded Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have mailscanner running spamassassin set to forward all spam to a seperate account. Every once and awhile a spam message does not get forwarded, it goes to the intended users. the message appear to be scanned by spamassasiin. In the body of the email appears. spam detection software, running on the system " ", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see the administrator of that system for details. Is this a feature? Can I turn it off? thanks -- David Ballengee IT Supervisor Unique Photo (973)377-5555x259 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Mar 23 16:40:47 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:10 2006 Subject: certain spam messages not be forwarded Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] There are no standard reports in MailScanner that contain the text you have included. I suspect you have something else calling SpamAssassin as well (procmail maybe?). You can turn off spamd completely as MailScanner does not use it. I would start by looking at your procmailrc file(s). David Ballengee wrote: > I have mailscanner running spamassassin set to forward all spam to a > seperate account. > > Every once and awhile a spam message does not get forwarded, it goes to > the intended users. > > the message appear to be scanned by spamassasiin. In the body of the > email appears. > > spam detection software, running on the system " ", has > identified this incoming email as possible spam. The original message > has been attached to this so you can view it (if it isn't spam) or label > similar future email. If you have any questions, see > the administrator of that system for details. > > > Is this a feature? > > Can I turn it off? > > thanks > > > -- > David Ballengee > IT Supervisor > Unique Photo > (973)377-5555x259 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From davidb at UNIQUEPHOTO.COM Wed Mar 23 20:37:33 2005 From: davidb at UNIQUEPHOTO.COM (David Ballengee) Date: Thu Jan 12 21:29:10 2006 Subject: certain spam messages not be forwarded Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] in my procmailrc I have. DROPPRIVS=yes :0fw | /usr/bin/spamassassin :0 * ^X-Spam-Status: Yes $HOME/spam should i remove these entries?? Julian Field wrote: > There are no standard reports in MailScanner that contain the text you > have included. I suspect you have something else calling SpamAssassin as > well (procmail maybe?). You can turn off spamd completely as MailScanner > does not use it. I would start by looking at your procmailrc file(s). > > David Ballengee wrote: > >> I have mailscanner running spamassassin set to forward all spam to a >> seperate account. >> >> Every once and awhile a spam message does not get forwarded, it goes to >> the intended users. >> >> the message appear to be scanned by spamassasiin. In the body of the >> email appears. >> >> spam detection software, running on the system " ", has >> identified this incoming email as possible spam. The original message >> has been attached to this so you can view it (if it isn't spam) or label >> similar future email. If you have any questions, see >> the administrator of that system for details. >> >> >> Is this a feature? >> >> Can I turn it off? >> >> thanks >> >> >> -- >> David Ballengee >> IT Supervisor >> Unique Photo >> (973)377-5555x259 >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- David Ballengee IT Supervisor Unique Photo (973)377-5555x259 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From chris at scorpion.nl Wed Mar 23 21:57:59 2005 From: chris at scorpion.nl (Christiaan den Besten) Date: Thu Jan 12 21:29:10 2006 Subject: CustomConfig funtions and parameters. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] And how do you get them in the 'check' function ? MailScanner.conf: Use SpamAssassin = &HashTable("UseSA","/etc/MailScanner/rules/spamassassin.rules") InitHashTable { my ($tabelname, $filename) = @_; } HashTable { my ($tabelname, $filename, $message) = @_; } EndHashTable { my ($tabelname, $filename) = @_; } After some testing these parameters are found in Init and End functions, but I don't see how (which order with $message) to fetch them in the "HashTable" function. Any hint ? bye, Chirs ----- Original Message ----- From: "Julian Field" To: "Christiaan den Besten" ; "MailScanner mailing list" Sent: Wednesday, March 23, 2005 12:50 PM Subject: Re: CustomConfig funtions and parameters. > Here is a brief example: > > Outgoing Queue Dir = &ChooseZMOutQueueDir("dir1","dir2") > > and then in the Custom Function file: > > my @ZMOutQueueDirs=(); > > sub InitChooseZMOutQueueDir { > @ZMOutQueueDirs=@_; > > MailScanner::Log::InfoLog("Initializing ChooseZMOutQueueDir > Version %s...", > > $MailScanner::CustomConfig::ZMRouterDirHash::VERSION); > ..... > So they just get picked up as parameters to the Init.... function. > It's that simple. > > Christiaan den Besten wrote: > >> Hi ! >> >> I remember from some month's ago someone proposed to be able to >> add >> parameters to a custom function being used as a ruleset. Has this >> even been build ? I would like to use it ;) >> >> e.g. "Use Spamassasin = &Hashtable ("type1","hash-sa-table");" or >> something like that .... >> >> bye, >> Chris >> >> ------------------------ MailScanner >> list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) >> and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pablo at LACNIC.NET Thu Mar 24 02:39:17 2005 From: pablo at LACNIC.NET (Pablo Allietti) Date: Thu Jan 12 21:29:10 2006 Subject: Mail Archive Message-ID: question: i use the option Archive Mail =/backup/mailarchive/emails and cant undertand all faq and comments. is possible to save the mailbox of for exmaple pablo@lacnic.net and ssss@lacnic.net ??? in different folders? what are the sintax of archive.rules thnaks ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bg.mahesh at INDIAINFO.COM Thu Mar 24 05:05:23 2005 From: bg.mahesh at INDIAINFO.COM (BG Mahesh) Date: Thu Jan 12 21:29:10 2006 Subject: All zip files are being blocked Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] hi I am using the following, MailScaner 4.39.5-1 ClamAV 0.83 AVG [grisoft.com] SA 3.02 These days any email recd with a zip file attachment is rejected. The zip file usually has js, outlook.pst, doc, excel files. What setting do I need to change without comprimising on security? regards, -- B.G. Mahesh bg.mahesh@indiainfo.com http://www.indiainfo.com/ -- ______________________________________________ IndiaInfo Mail - the free e-mail service with a difference! www.indiainfo.com Check out our value-added Premium features, such as an extra 20MB for mail storage, POP3, e-mail forwarding, and ads-free mailboxes! Powered by Outblaze ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Mar 24 08:39:36 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:10 2006 Subject: certain spam messages not be forwarded Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Yes. Certainly the :0fw and | /usr/bin/spamassassin lines. David Ballengee wrote: > in my procmailrc I have. > > DROPPRIVS=yes > :0fw > | /usr/bin/spamassassin > :0 > * ^X-Spam-Status: Yes > $HOME/spam > > should i remove these entries?? > > > > Julian Field wrote: > >> There are no standard reports in MailScanner that contain the text you >> have included. I suspect you have something else calling SpamAssassin as >> well (procmail maybe?). You can turn off spamd completely as MailScanner >> does not use it. I would start by looking at your procmailrc file(s). >> >> David Ballengee wrote: >> >>> I have mailscanner running spamassassin set to forward all spam to a >>> seperate account. >>> >>> Every once and awhile a spam message does not get forwarded, it goes to >>> the intended users. >>> >>> the message appear to be scanned by spamassasiin. In the body of the >>> email appears. >>> >>> spam detection software, running on the system " ", has >>> identified this incoming email as possible spam. The original message >>> has been attached to this so you can view it (if it isn't spam) or >>> label >>> similar future email. If you have any questions, see >>> the administrator of that system for details. >>> >>> >>> Is this a feature? >>> >>> Can I turn it off? >>> >>> thanks >>> >>> >>> -- >>> David Ballengee >>> IT Supervisor >>> Unique Photo >>> (973)377-5555x259 >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> > > -- > David Ballengee > IT Supervisor > Unique Photo > (973)377-5555x259 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Mar 24 08:42:31 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:10 2006 Subject: Mail Archive Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Archive Mail = %rules-dir%/archive.mail.rules and then in /etc/MailScanner/rules/archive.mail.rules you want this: To: pablo@lacnic.net /backup/mailarchive/emails/pablo To: ssss@lacnic.net /backup/mailarchive/emails/ssss FromOrTo: default Pablo Allietti wrote: >question: i use the option > >Archive Mail =/backup/mailarchive/emails > >and cant undertand all faq and comments. > >is possible to save the mailbox of for exmaple pablo@lacnic.net and >ssss@lacnic.net ??? in different folders? > >what are the sintax of archive.rules > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Mar 24 08:43:17 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:10 2006 Subject: All zip files are being blocked Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] You need to look at the detailed report line in the Attachment-Warning file which replaces the zip file, so you can see exactly why it is being trapped. BG Mahesh wrote: >hi > >I am using the following, > >MailScaner 4.39.5-1 >ClamAV 0.83 >AVG [grisoft.com] >SA 3.02 > >These days any email recd with a zip file attachment is rejected. The zip file usually has js, outlook.pst, doc, excel files. > > >What setting do I need to change without comprimising on security? > > >regards, > > >-- >B.G. Mahesh >bg.mahesh@indiainfo.com >http://www.indiainfo.com/ > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Mar 24 11:31:36 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:10 2006 Subject: MailScanner beta 4.40.7 released Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have just released 4.40.7. This fixes several issues in 4.40.6. Download as usual from www.mailscanner.info. Please do try this out if you can, it all helps the next stable release to be better than it is otherwise. All help and assistance in testing is much appreciated! The full Change Log for this version is here: * New Features and Improvements * - The "clamavmodule" scanner cannot unpack archives of RAR version 3. 2 new configuration settings allow you to unpack the latest RAR archives for testing by the "clamavmodule" scanner. It also enables the contents of the RAR archive to be checked for illegal filenames and filetypes, and also to see if they are password-protected. Unrar Command = /usr/bin/unrar Unrar Timeout = 50 - "Allow Password-protected Archives" can now be a ruleset when using the clamavmodule virus scanner. - Multiple "Subject:" lines are removed. The 1st one is kept. - If the "Unrar Command" is defined and points to an executable program, it will automatically be used by the "clamav" scanner. No -wrapper tweaking is needed to do this any more. - You can now use shell environment variables such as $HOSTNAME or ${HOSTNAME} in MailScanner.conf and its relatives. - More improvements to the phishing net. - More additions to the starter phishing.safe.sites.conf file. - Removed my spam.assassin.prefs.conf file in favour of the one from www.fsl.com, with just enough changes to produce an identical file layout to my previous versions. - Re-enabled ALL_TRUSTED rule after comments from Matt Kettler. Thanks! - Added long comment about ALL_TRUSTED rule, many thanks to Matt Kettler. - Improved screen behaviour of RPM-based init.d script. - Greatly improved RAR archive handler, thanks to Rick Cooper. - Changed IPBlock DSN to 550 and made it easily configurable. Look for "$FailCode" in the CustomConfig.pm code and the IPBlock cron job. - Changed the "Envelope-From" and "Envelope-To" headers to include your organisation's name. - Made date and time stamps consistent across whole system. - Added extra rules to the phishing net to avoid false alarms with some examples of Microsoft's .NET system. - Added Custom Functions to implement multiple input and output queues for ZMailer users. Many thanks to MailScanner-devel@perl.com.ar (Leonardo Helman and Mariano Absatz) for all their hard work implementing this. * Fixes * - Fixed problem with missing Attachment-Warning when encountering a virus that is both silent and non-forging. - Improved output format of Sender warning, and removed duplicate lines. - In IPBlock facility, changed MTA dsn to 451 to temporarily refuse the connections, rather than the total block it used to do. - Removed erroneous log output from SpamAssassin bayes-rebuilder. - Postfix problem fixes. - Fixed SpamAssassin Bayes database rebuild timeout problem. - Fixed Exim problem with removing multiple "Subject:" headers. - Fixed Postfix problem with removing multiple "Subject:" headers. - Fixed problems in new Unrar code when renaming files in archives. - Fixed problems in earlier betas with occasional missing attachment warnings. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu Mar 24 14:56:46 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:10 2006 Subject: MailScanner beta 4.40.7 released Message-ID: Julain been running for a couple of hours with no noticable issues (FreeBSd/Exim)....Still need to find out what's happening with the 'large to list' issue though... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Julian Field wrote: > I have just released 4.40.7. This fixes several issues in 4.40.6. > > Download as usual from www.mailscanner.info. > > Please do try this out if you can, it all helps the next stable release > to be better than it is otherwise. All help and assistance in testing is > much appreciated! > > The full Change Log for this version is here: > > * New Features and Improvements * > - The "clamavmodule" scanner cannot unpack archives of RAR version 3. > 2 new configuration settings allow you to unpack the latest RAR archives > for testing by the "clamavmodule" scanner. > It also enables the contents of the RAR archive to be checked for illegal > filenames and filetypes, and also to see if they are password-protected. > Unrar Command = /usr/bin/unrar > Unrar Timeout = 50 > - "Allow Password-protected Archives" can now be a ruleset when using the > clamavmodule virus scanner. > - Multiple "Subject:" lines are removed. The 1st one is kept. > - If the "Unrar Command" is defined and points to an executable program, > it will automatically be used by the "clamav" scanner. No -wrapper > tweaking is needed to do this any more. > - You can now use shell environment variables such as $HOSTNAME or > ${HOSTNAME} in MailScanner.conf and its relatives. > - More improvements to the phishing net. > - More additions to the starter phishing.safe.sites.conf file. > - Removed my spam.assassin.prefs.conf file in favour of the one from > www.fsl.com, with just enough changes to produce an identical file > layout to my previous versions. > - Re-enabled ALL_TRUSTED rule after comments from Matt Kettler. Thanks! > - Added long comment about ALL_TRUSTED rule, many thanks to Matt Kettler. > - Improved screen behaviour of RPM-based init.d script. > - Greatly improved RAR archive handler, thanks to Rick Cooper. > - Changed IPBlock DSN to 550 and made it easily configurable. > Look for "$FailCode" in the CustomConfig.pm code and the IPBlock cron job. > - Changed the "Envelope-From" and "Envelope-To" headers to include your > organisation's name. > - Made date and time stamps consistent across whole system. > - Added extra rules to the phishing net to avoid false alarms with some > examples of Microsoft's .NET system. > - Added Custom Functions to implement multiple input and output queues for > ZMailer users. Many thanks to MailScanner-devel@perl.com.ar (Leonardo > Helman and Mariano Absatz) for all their hard work implementing this. > > * Fixes * > - Fixed problem with missing Attachment-Warning when encountering a virus > that is both silent and non-forging. > - Improved output format of Sender warning, and removed duplicate lines. > - In IPBlock facility, changed MTA dsn to 451 to temporarily refuse the > connections, rather than the total block it used to do. > - Removed erroneous log output from SpamAssassin bayes-rebuilder. > - Postfix problem fixes. > - Fixed SpamAssassin Bayes database rebuild timeout problem. > - Fixed Exim problem with removing multiple "Subject:" headers. > - Fixed Postfix problem with removing multiple "Subject:" headers. > - Fixed problems in new Unrar code when renaming files in archives. > - Fixed problems in earlier betas with occasional missing attachment > warnings. > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcel-ml at IRC-ADDICTS.DE Thu Mar 24 15:36:57 2005 From: marcel-ml at IRC-ADDICTS.DE (Marcel Blenkers) Date: Thu Jan 12 21:29:10 2006 Subject: Outstanding feature/fix requests? Message-ID: Hi there, Julian Field wrote: --- Neither of those are valid ruleset entries. Try this instead. virus * yes FromOrTo default no --- Sorry.. this did not work also.. no error message, but also no queue-file for virus infected mails.. :( Greetings Marcel ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Thu Mar 24 18:12:26 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:29:10 2006 Subject: All zip files are being blocked Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] BG Mahesh wrote: >These days any email recd with a zip file attachment is rejected. The zip file usually has js, outlook.pst, doc, excel files. > > >What setting do I need to change without comprimising on security? > > Do you block .doc, js, pst, or excel files in filename.rules.conf? If so, you probably need to change your Maximum Archive Depth to 0 in MailScanner.conf. This setting doesn't affect virus scanning, it just affects how deep MailScanner digs into zipfiles when applying filename and filetype rules. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From itdept at REDRED.COM Thu Mar 24 20:58:56 2005 From: itdept at REDRED.COM (RedRed!com IT Department) Date: Thu Jan 12 21:29:10 2006 Subject: Debugging Sendmail, WAS: How do I set Mailscanner to not use MSP? Message-ID: Sorry to reopen this thread, but after some more digging and some help from the link provided by Gary, I realized that Mailscanner is using the submit.cf for incoming sendmail. I would rather use the sendmail.cf file for both Sendmail processes. How would I go about getting Mailscanner to use the same config file for both processes. I noticed in the MailScanner init script, under the incoming sendmail function, that the second call to Sendmail is as follows: $SENDMAIL -L sm-msp-queue -Ac -q15m -OPidFile=$SMPID 2>/dev/null I'm not sure what the -Ac does, I can't find a description for that argument anywhere. Is this the one that uses submit.cf? Thanks for any help. Sean Pentland G. wrote: Off topic but probably a useful link for you all, the basics of sendmail debugging... http://www.uwsg.iu.edu/usail/mail/debugging/ Hope it is of use, Gary -----Original Message----- From: RedRed!com IT Department [mailto:itdept@REDRED.COM] Sent: 18 March 2005 21:48 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: How do I set Mailscanner to not use MSP? Ok, Well thank you for looking. I wasn't sure what program this issue was with. But since it isn't a MailScanner issue then I will look elsewhere. Thank you again. Sean Drew Marshall wrote: This is definitely not a MailScanner issue but a Sendmail one and I am not your man for Sendmail I'm afraid :-( . I will have to bow out gracefully but I am sure some one with some Sendmail experience can help. Sorry Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From itdept at REDRED.COM Thu Mar 24 22:02:24 2005 From: itdept at REDRED.COM (RedRed!com IT Department) Date: Thu Jan 12 21:29:10 2006 Subject: Debugging Sendmail, WAS: How do I set Mailscanner to not use MSP? Message-ID: Ok, I finally found some info on the -A command line switch. I see that -Ac means to use the submit.cf config file and -Am means to use the default ssendmail.cf file. I changed the -Ac to -Am in the MailScanner init script and restarted everything. It still doesn't work. I also just realized that it is probably a problem with sqwebmail. So, Thanks again for your time. Sean ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dh at UPTIME.AT Fri Mar 25 10:53:46 2005 From: dh at UPTIME.AT ([UTF-8] David Höhn) Date: Thu Jan 12 21:29:10 2006 Subject: 4.40.7 - OK Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Running for a couple of days now with nested sendmail queues, no issues - -d - -- nee anata wo mitsukete soshite nidoto wasurezu ~ donna ni munega itakutemo soba ni iru no ~ zutto...zutto...zutto Key fingerprint = FD77 F0B7 5C65 F546 EB08 A4EC 3CCA 1A32 7E24 291E -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (Darwin) iD8DBQFCQ+26PMoaMn4kKR4RAy87AKCHKiE3eHU7BsvcjQD5sHAtgiKskwCeM6yb 90i0ax+bv5RxA4KAk1jhTV4= =dRry -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Fri Mar 25 11:19:03 2005 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:29:10 2006 Subject: Compelte Rebuild. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Drew, Does this also keep the other programs updated? dcc razor Lance Martin Hepworth said: Lance works fine withe FreeBSD.. using the tar.gz install rather than the rpm or ports version In fact you might even find that FreeBSD is easier to use and maintain (As that seems to be your area of concern). There is an excellent handbook at www.freebsd.org/handbook which will help with the installation and the ports system will help keep MailScanner up todate and the correct, up todate dependencies will also be automatically installed just by changing directory to the application you wish to install (e.g. cd /usr/ports/mail/mailscanner) and typing 'make install'. Sit back and wait for it all to happen and follow the instructions on the screen to make the MailSCanner.conf file and wrapper/ auto update scripts. But please don't let me directly influence you, YMMV but it's certainly worth consideration. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Mar 25 11:33:58 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:10 2006 Subject: Outstanding feature/fix requests? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Marcel Blenkers wrote: >Hi there, > >Julian Field wrote: >--- >Neither of those are valid ruleset entries. Try this instead. >virus * yes >FromOrTo default no >--- > >Sorry.. > >this did not work also.. > >no error message, but also no queue-file for virus infected mails.. > > Are you quarantining silent viruses? There's an option which will disable this entirely. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Fri Mar 25 14:16:49 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:29:10 2006 Subject: Compelte Rebuild. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Lance Haig wrote: >Drew, > >Does this also keep the other programs updated? > >dcc > >razor > You can use portupgrade to update all the 'userland' applications you install from the ports tree. There are some good details here that will help http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ports-using.html section 4.5.5 Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From waldner at WALDNER.PRIV.AT Sat Mar 26 13:06:10 2005 From: waldner at WALDNER.PRIV.AT (Robert Waldner) Date: Thu Jan 12 21:29:10 2006 Subject: Weird problem with local SA tests Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi! Something tells me I haven't had enough coffee yet. I have a couple local tests defined in spam.assassin.prefs.conf, for example: header MAILSCANNER Sender =~ /.*\.*/i describe MAILSCANNER MailScanner mailing list score MAILSCANNER -3 This works as expected. However, any test I define after that one is ignored: header SPAM-L Sender =~ /.*\.*/i describe SPAM-L SPAM-L score SPAM-L -5 I tried reversing the order, and, yes, it's always only the first test that works. I bet it's just something I overlooked, but what? MailScanner 4.37.7, SpamAssassin 3.0.2 Thanks for any hints. cheers+tia, &rw -- -- A future startup with no patents of its own will be forced -- to pay whatever price the giants choose to impose. -- That price might be high: Established companies have an -- interest in excluding future competitors. - Bill Gates ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/PGP-SIGNATURE 196bytes. ] [ Unable to print this part. ] From MailScanner at ecs.soton.ac.uk Sun Mar 27 10:29:59 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:10 2006 Subject: MailScanner beta 4.40.8 release Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have finally managed to fix the long-standing problem of defunct zombie processes being left behind when not virus scanning. If you have been suffering this problem, please try the latest beta. Download as usual from www.mailscanner.info. The full Change Log is this: * New Features and Improvements * - The "clamavmodule" scanner cannot unpack archives of RAR version 3. 2 new configuration settings allow you to unpack the latest RAR archives for testing by the "clamavmodule" scanner. It also enables the contents of the RAR archive to be checked for illegal filenames and filetypes, and also to see if they are password-protected. Unrar Command = /usr/bin/unrar Unrar Timeout = 50 - "Allow Password-protected Archives" can now be a ruleset when using the clamavmodule virus scanner. - Multiple "Subject:" lines are removed. The 1st one is kept. - If the "Unrar Command" is defined and points to an executable program, it will automatically be used by the "clamav" scanner. No -wrapper tweaking is needed to do this any more. - You can now use shell environment variables such as $HOSTNAME or ${HOSTNAME} in MailScanner.conf and its relatives. - More improvements to the phishing net. - More additions to the starter phishing.safe.sites.conf file. - Removed my spam.assassin.prefs.conf file in favour of the one from www.fsl.com, with just enough changes to produce an identical file layout to my previous versions. - Re-enabled ALL_TRUSTED rule after comments from Matt Kettler. Thanks! - Added long comment about ALL_TRUSTED rule, many thanks to Matt Kettler. - Improved screen behaviour of RPM-based init.d script. - Greatly improved RAR archive handler, thanks to Rick Cooper. - Changed IPBlock DSN to 550 and made it easily configurable. Look for "$FailCode" in the CustomConfig.pm code and the IPBlock cron job. - Changed the "Envelope-From" and "Envelope-To" headers to include your organisation's name. - Made date and time stamps consistent across whole system. - Added extra rules to the phishing net to avoid false alarms with some examples of Microsoft's .NET system. - Added Custom Functions to implement multiple input and output queues for ZMailer users. Many thanks to MailScanner-devel@perl.com.ar (Leonardo Helman and Mariano Absatz) for all their hard work implementing this. - Improved RedHat init.d script so reload is handled better for Postfix. * Fixes * - Fixed problem with missing Attachment-Warning when encountering a virus that is both silent and non-forging. - Improved output format of Sender warning, and removed duplicate lines. - In IPBlock facility, changed MTA dsn to 451 to temporarily refuse the connections, rather than the total block it used to do. - Removed erroneous log output from SpamAssassin bayes-rebuilder. - Postfix problem fixes. - Fixed SpamAssassin Bayes database rebuild timeout problem. - Fixed Exim problem with removing multiple "Subject:" headers. - Fixed Postfix problem with removing multiple "Subject:" headers. - Fixed problems in new Unrar code when renaming files in archives. - Fixed problems in earlier betas with occasional missing attachment warnings. - Fixed directory problem in vexira-autoupdate. - Fixed problems with defunct processes when not virus scanning. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mbneto at gmail.com Sun Mar 27 13:10:15 2005 From: mbneto at gmail.com (mbneto) Date: Thu Jan 12 21:29:10 2006 Subject: MailScanner beta 4.40.8 release Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, Is this clamavmodule a better choice than using the external clamav ? I.e in terms of features available or speed ? On Sun, 27 Mar 2005 10:29:59 +0100, Julian Field wrote: > - The "clamavmodule" scanner cannot unpack archives of RAR version 3. > 2 new configuration settings allow you to unpack the latest RAR archives > for testing by the "clamavmodule" scanner. > It also enables the contents of the RAR archive to be checked for illegal > filenames and filetypes, and also to see if they are password-protected. > Unrar Command = /usr/bin/unrar > Unrar Timeout = 50 > - "Allow Password-protected Archives" can now be a ruleset when using the > clamavmodule virus scanner. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Sun Mar 27 13:11:47 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:29:10 2006 Subject: MailScanner beta 4.40.8 release Message-ID: Hi! > Is this clamavmodule a better choice than using the external clamav ? > I.e in terms of features available or speed ? Its faster. Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From devonharding at gmail.com Sun Mar 27 16:21:28 2005 From: devonharding at gmail.com (Devon Harding) Date: Thu Jan 12 21:29:10 2006 Subject: HTML Table SPAM? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Has any seen these kind of SPAM passing through? Where the SPAMMER would use HTML tables to separate the offensive content? The words looks clear when received, but every two letters are separated by a table. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From res at AUSICS.NET Mon Mar 28 10:06:20 2005 From: res at AUSICS.NET (Res) Date: Thu Jan 12 21:29:10 2006 Subject: Feature request or have i missed it? Message-ID: Hi Julian, With the Phising, when it finds a match and renames the inline part, is it possible to have an option to put a notify in the subject line to make the recipient fully alert to the fact there is possible fraud attempt ? Cheers Res ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bg.mahesh at INDIAINFO.COM Mon Mar 28 10:08:21 2005 From: bg.mahesh at INDIAINFO.COM (BG Mahesh) Date: Thu Jan 12 21:29:10 2006 Subject: All zip files are being blocked Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > > You need to look at the detailed report line in the Attachment-Warning > file which replaces the zip file, so you can see exactly why it is being > trapped. > The email had a zip file attachment which contained outlook.pst. The attachment warning file reads, At Mon Mar 28 14:33:10 2005 the virus scanner said: MailScanner: Dangerous attachment according to Microsoft Q883260 (outlook.pst) > BG Mahesh wrote: > > > hi > > > > I am using the following, > > > > MailScaner 4.39.5-1 > > ClamAV 0.83 > > AVG [grisoft.com] > > SA 3.02 > > > > These days any email recd with a zip file attachment is rejected. > > The zip file usually has js, outlook.pst, doc, excel files. > > > > > > What setting do I need to change without comprimising on security? > > > > > > regards, -- B.G. Mahesh bg.mahesh@indiainfo.com http://www.indiainfo.com/ -- ______________________________________________ IndiaInfo Mail - the free e-mail service with a difference! www.indiainfo.com Check out our value-added Premium features, such as an extra 20MB for mail storage, POP3, e-mail forwarding, and ads-free mailboxes! Powered by Outblaze ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vanhorn at WHIDBEY.COM Mon Mar 28 10:57:59 2005 From: vanhorn at WHIDBEY.COM (G. Armour Van Horn) Date: Thu Jan 12 21:29:10 2006 Subject: MailScanner beta 4.40.8 release Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Greetings: I have one system in which my whitelists seem to be completely ignored. I have these lines in MailScanner.conf: %rules-dir% = /etc/MailScanner/rules Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules Allow Form Tags = %rules-dir%/formtag.whitelist.rules Allow Script Tags = %rules-dir%/scripttag.whitelist.rules I'm pretty sure my rules are in the right place: [root@viscount rules]# pwd /etc/MailScanner/rules I've carefully examined the actual filenames about a dozen times to make sure I don't have any typos. This is the contents of formtag.whitelist.rules: From: newsletter@webnames.ca yes #per Charlie From: Continental_Airlines_Inc@coair.rsc01.com yes #per Shelly To: charlier yes To: will yes To: bartoo yes To: shelly yes From: dmaas@shaw.ca yes From: gkoski@arrow.com yes #per Tim From: updatemembers@SUITE101.COM yes From: PCW@client17.email-bureau.co.uk yes FromOrTo: default no All of the "From:" entries in there are an attempt to pass mail that should already have been passed by the "To:" entries. All the whitespace in those entries are tabs, although I'm sure they were converted to spaces when I pasted that in here. Can anybody see anything I've messed up? As far as I can tell, the syntax I'm using on this server matches that which works just fine on my other two servers. Van -- ---------------------------------------------------------- Sign up now for Quotes of the Day, a handful of quotations on a theme delivered every morning. Enlightenment! Daily, for free! mailto:twisted@whidbey.com?subject=Subscribe_QOTD For photography, web design, hosting, and maintenance, visit Van's home page: http://www.domainvanhorn.com/van/ ----------------------------------------------------------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Mon Mar 28 11:06:06 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:29:10 2006 Subject: All zip files are being blocked Message-ID: Hi! >> You need to look at the detailed report line in the Attachment-Warning >> file which replaces the zip file, so you can see exactly why it is being >> trapped. > The email had a zip file attachment which contained outlook.pst. The > attachment warning file reads, > > > At Mon Mar 28 14:33:10 2005 the virus scanner said: >>> These days any email recd with a zip file attachment is rejected. >>> The zip file usually has js, outlook.pst, doc, excel files. >>> >>> >>> What setting do I need to change without comprimising on security? # The maximum depth to which zip archives will be unpacked, to allow for # checking filenames and filetypes within zip archives. # # Note: This setting does *not* affect virus scanning in archives at all. # # To disable this feature set this to 0. # A common useful setting is this option = 0, and Allow Password-Protected # Archives = no. That block password-protected archives but does not do # any filename/filetype checks on the files within the archive. Maximum Archive Depth = 0 What do you have there? Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bg.mahesh at INDIAINFO.COM Mon Mar 28 11:09:22 2005 From: bg.mahesh at INDIAINFO.COM (BG Mahesh) Date: Thu Jan 12 21:29:10 2006 Subject: All zip files are being blocked Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > > > > At Mon Mar 28 14:33:10 2005 the virus scanner said: > > >>> These days any email recd with a zip file attachment is rejected. > >>> The zip file usually has js, outlook.pst, doc, excel files. > >>> > >>> > >>> What setting do I need to change without comprimising on security? > > # The maximum depth to which zip archives will be unpacked, to allow for > # checking filenames and filetypes within zip archives. > # > # Note: This setting does *not* affect virus scanning in archives at all. > # > # To disable this feature set this to 0. > # A common useful setting is this option = 0, and Allow Password-Protected > # Archives = no. That block password-protected archives but does not do > # any filename/filetype checks on the files within the archive. > Maximum Archive Depth = 0 > > What do you have there? > Maximum Archive Depth = 3 Actually I have never changed this value. Looks like I need to change it to zero -- B.G. Mahesh bg.mahesh@indiainfo.com http://www.indiainfo.com/ -- ______________________________________________ IndiaInfo Mail - the free e-mail service with a difference! www.indiainfo.com Check out our value-added Premium features, such as an extra 20MB for mail storage, POP3, e-mail forwarding, and ads-free mailboxes! Powered by Outblaze ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Mon Mar 28 11:16:59 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:29:10 2006 Subject: All zip files are being blocked Message-ID: Hi! >>>>> What setting do I need to change without comprimising on security? >> # The maximum depth to which zip archives will be unpacked, to allow for >> # checking filenames and filetypes within zip archives. >> # >> # Note: This setting does *not* affect virus scanning in archives at all. >> # >> # To disable this feature set this to 0. >> # A common useful setting is this option = 0, and Allow Password-Protected >> # Archives = no. That block password-protected archives but does not do >> # any filename/filetype checks on the files within the archive. >> Maximum Archive Depth = 0 >> What do you have there? > Maximum Archive Depth = 3 > > Actually I have never changed this value. Looks like I need to change it to zero If you want to disable that, yes. Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Mar 28 15:54:12 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:10 2006 Subject: Feature request or have i missed it? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have avoided doing this. There are still a few false alarms, and I don't want people to become used to seeing any warning in the subject line, as that may "cry wolf". I thought (as did other people on this list) that just inserting some text straight into the message, at the point of the link, was more useful. Res wrote: > Hi Julian, > > With the Phising, when it finds a match and renames the inline part, > is it > possible to have an option to put a notify in the subject line to make > the > recipient fully alert to the fact there is possible fraud attempt ? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Mar 28 15:59:08 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:10 2006 Subject: MailScanner beta 4.40.8 release Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] G. Armour Van Horn wrote: > Greetings: > > I have one system in which my whitelists seem to be completely ignored. > I have these lines in MailScanner.conf: > > %rules-dir% = /etc/MailScanner/rules > > Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules > Allow Form Tags = %rules-dir%/formtag.whitelist.rules > Allow Script Tags = %rules-dir%/scripttag.whitelist.rules > > I'm pretty sure my rules are in the right place: > [root@viscount rules]# pwd > /etc/MailScanner/rules As long as your %rules-dir% is pointing to the directory containing your ruleset files (*.rules) then they can be anywhere on your system. There is nothing magic about /etc/MailScanner/rules. > > I've carefully examined the actual filenames about a dozen times to make > sure I don't have any typos. > > This is the contents of formtag.whitelist.rules: > > From: newsletter@webnames.ca yes #per Charlie > From: Continental_Airlines_Inc@coair.rsc01.com yes #per > Shelly > To: charlier yes > To: will yes > To: bartoo yes > To: shelly yes Those 4 "To" rules will be interpreted differently from how you think. It cannot tell the difference between a username on its own and a domain name on its own, so it assumes (wrongly, here) that it is a domain name. So "shelly" will be interpreted as "*@shelly" which isn't what you want. You want to use To: charlier@* yes To: will@* yes To: bartoo@* yes To: shelly@* yes > From: dmaas@shaw.ca yes > From: gkoski@arrow.com yes #per Tim > From: updatemembers@SUITE101.COM yes > From: PCW@client17.email-bureau.co.uk yes > FromOrTo: default no > > All of the "From:" entries in there are an attempt to pass mail that > should already have been passed by the "To:" entries. All the whitespace > in those entries are tabs, although I'm sure they were converted to > spaces when I pasted that in here. In normal ruleset files, all spaces are treated the same, you can use any mixture of tabs and spaces. The only places that tabs/spaces actually matters are in filename.rules.conf and filetype.rules.conf. > Can anybody see anything I've messed up? As far as I can tell, the > syntax I'm using on this server matches that which works just fine on my > other two servers. > > Van > > -- > ---------------------------------------------------------- > Sign up now for Quotes of the Day, a handful of quotations > on a theme delivered every morning. > Enlightenment! Daily, for free! > mailto:twisted@whidbey.com?subject=Subscribe_QOTD > > For photography, web design, hosting, and maintenance, > visit Van's home page: http://www.domainvanhorn.com/van/ > ----------------------------------------------------------- > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bob.jones at USG.EDU Mon Mar 28 16:12:20 2005 From: bob.jones at USG.EDU (Bob Jones) Date: Thu Jan 12 21:29:10 2006 Subject: 2 spam checking issues... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hey all, We recently implemented spamassassin check through mailscanner here and have noticed a couple of issues that we could use some help with. We have it set up a ruleset so that mail originating from our networks bypasses the spam checks and that mail to certain addresses (such as abuse, helpdesk, etc) is not checked for spam either. We are running mailscanner version 4.39.6, spamassassin version 3.0.2 and sendmail version 8.12.11 on Solaris 9. Now for the issues: 1. We received a message that bypassed the spam check. The relevant header info is: Received: from 168.24.195.10 ([220.77.201.250]) by hermes.bor.usg.edu (8.12.11/8.12.11) with SMTP id j2NEuQkB002299; Wed, 23 Mar 2005 09:56:35 -0500 (EST) The IP address of our mailserver (hermes.bor.usg.edu) is 168.24.195.10. It seems that the spammer used our IP address as his HELO during the SMTP connection. The *actual* IP address of the spammer is within the () in the next field. To determine if a ruleset applies, is mailscanner doing a simple grep? It seems to me that it should be grepping for what is within the () and ignore what the HELO was as that can be forged. Or is there an issue here I'm not grasping. 2. The second is with skipping spam checks for certain addresses. It seems that if an address we have added to the ruleset to skip spam checks is listed in the CC or BCC fields (maybe the TO field as well, but haven't seen an example of this yet), that message isn't scanned for *any* of the recipients. Is this the expected behavior? Is there a way to work around this issue? I apologize if these are repeated questions, but I searched the list archives and couldn't find any messages that dealt with these issues. -- Thanks, Bob Jones ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Mar 28 16:25:28 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:10 2006 Subject: 2 spam checking issues... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Bob Jones wrote: > Hey all, > > We recently implemented spamassassin check through mailscanner > here and > have noticed a couple of issues that we could use some help with. We > have it set up a ruleset so that mail originating from our networks > bypasses the spam checks and that mail to certain addresses (such as > abuse, helpdesk, etc) is not checked for spam either. We are running > mailscanner version 4.39.6, spamassassin version 3.0.2 and sendmail > version 8.12.11 on Solaris 9. Now for the issues: > > 1. We received a message that bypassed the spam check. The relevant > header info is: > > Received: from 168.24.195.10 ([220.77.201.250]) > by hermes.bor.usg.edu (8.12.11/8.12.11) with SMTP id > j2NEuQkB002299; Wed, 23 Mar 2005 09:56:35 -0500 (EST) > > The IP address of our mailserver (hermes.bor.usg.edu) is 168.24.195.10. > It seems that the spammer used our IP address as his HELO during the > SMTP connection. The *actual* IP address of the spammer is within the > () in the next field. To determine if a ruleset applies, is mailscanner > doing a simple grep? It seems to me that it should be grepping for what > is within the () and ignore what the HELO was as that can be forged. Or > is there an issue here I'm not grasping. With sendmail, MailScanner uses the IP address at the far end of the SMTP connection, which should be the real address unless they are doing some IP spoofing attack (which looks unlikely as it gives away the 220... IP address). It doesn't just use the "Received" address at all. > 2. The second is with skipping spam checks for certain addresses. It > seems that if an address we have added to the ruleset to skip spam > checks is listed in the CC or BCC fields (maybe the TO field as well, > but haven't seen an example of this yet), that message isn't scanned for > *any* of the recipients. Is this the expected behavior? Is there a way > to work around this issue? There is a workaround. Currently, when faced with a message with multiple headers, some of which want spam checks and some of which don't, it uses the answer for the first recipient. You can change this so that it uses any of the recipients by editing /usr/lib/MailScanner/MailScanner/ConfigDefs.pl. Look for the line starting "SpamChecks". If you look backwards (towards the start of the file) from there, you will see that it is in the [First,YesNo] section. Move that line into the [All,YesNo] section, then stop and restart MailScanner. May be this might be a better place for the option. What do you think? What does anyone else think? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dean at SAHRA.ARIZONA.EDU Mon Mar 28 16:52:09 2005 From: dean at SAHRA.ARIZONA.EDU (Dean Jones) Date: Thu Jan 12 21:29:10 2006 Subject: Problem with MailScanner, postfix and corrupt mails Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Any more updates on this experiment with perl 5.6? On my Solaris, postfix, perl 5.8.4, mailscanner system i managed to find an error with file permissions on a cyrus library that was causing some mailscanner grief very infrequently since fixing the file perms i have yet to have a corrupt mail. so it is looking like pilot error at this point :) Robert Waldner wrote: > On Wed, 16 Mar 2005 17:46:19 +0100, Robert Waldner writes: > >>If I don't hear about someone having this problem with 5.6, I'll start >>rebuilding a test-box with that tomorrow. > > > I've built a box with perl 5.6 now, and it's delivering mail since > yesterday. This is in a pool with 2 other (perl 5.8) machines which > do exhibit the problem with corrupt mails. > > The 5.8 boxen have each had 2 resp. 3 mails "corrupt" in the last 24 > hours, the 5.6 one had none. > > To make matters a bit more interesting, I couldn't get the same MS on > the 5.6 as on the 5.8 machines, eg the perl 5.6 machine now runs: > > ii libcompress-zl 1.16-1 Perl module for creation and manipulation of > ii libconvert-tne 0.16-2 Perl module to read TNEF files > ii libmailtools-p 1.44-1woody2 Manipulate email in perl programs > ii libmime-perl 5.411-3 Perl5 modules for MIME-compliant messages (M > ii libnet-perl 1.09.01-1 Implementation of Internet protocols for Per > ii libnet-server- 0.87-3 An extensible, general perl server engine > ii libtime-hires- 1.20-4 High-resolution time manipulation in perl > ii libtimedate-pe 1.11-1 Time and date functions for perl. > ii liburi-perl 1.30-1 Manipulates and accesses URI strings > ii libwww-perl 5.64-1 WWW client/server library for Perl > ii mailscanner 4.30.3-1 An email virus scanner and spam tagger > ii perl 5.6.1-8.8 Larry Wall's Practical Extraction and Report > ii perl-base 5.6.1-8.8 The Pathologically Eclectic Rubbish Lister. > ii perl-modules 5.6.1-8.8 Core Perl modules. > > (Sorry, "MailScanner -v" doesn't work). > > I'll leave it running until next week, but this sure looks like a Perl > bug to me. > > cheers, > &rw ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Mar 28 17:45:21 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:10 2006 Subject: Problem with MailScanner, postfix and corrupt mails Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Can you give us more details on the Cyrus problem you had? Would be worth adding this to the FAQ to help other people. Dean Jones wrote: > Any more updates on this experiment with perl 5.6? > > On my Solaris, postfix, perl 5.8.4, mailscanner system i managed to find > an error with file permissions on a cyrus library that was causing some > mailscanner grief very infrequently > since fixing the file perms i have yet to have a corrupt mail. > > so it is looking like pilot error at this point :) > > Robert Waldner wrote: > >> On Wed, 16 Mar 2005 17:46:19 +0100, Robert Waldner writes: >> >>> If I don't hear about someone having this problem with 5.6, I'll start >>> rebuilding a test-box with that tomorrow. >> >> >> >> I've built a box with perl 5.6 now, and it's delivering mail since >> yesterday. This is in a pool with 2 other (perl 5.8) machines which >> do exhibit the problem with corrupt mails. >> >> The 5.8 boxen have each had 2 resp. 3 mails "corrupt" in the last 24 >> hours, the 5.6 one had none. >> >> To make matters a bit more interesting, I couldn't get the same MS on >> the 5.6 as on the 5.8 machines, eg the perl 5.6 machine now runs: >> >> ii libcompress-zl 1.16-1 Perl module for creation and >> manipulation of >> ii libconvert-tne 0.16-2 Perl module to read TNEF files >> ii libmailtools-p 1.44-1woody2 Manipulate email in perl programs >> ii libmime-perl 5.411-3 Perl5 modules for MIME-compliant >> messages (M >> ii libnet-perl 1.09.01-1 Implementation of Internet >> protocols for Per >> ii libnet-server- 0.87-3 An extensible, general perl server >> engine >> ii libtime-hires- 1.20-4 High-resolution time manipulation >> in perl >> ii libtimedate-pe 1.11-1 Time and date functions for perl. >> ii liburi-perl 1.30-1 Manipulates and accesses URI strings >> ii libwww-perl 5.64-1 WWW client/server library for Perl >> ii mailscanner 4.30.3-1 An email virus scanner and spam tagger >> ii perl 5.6.1-8.8 Larry Wall's Practical Extraction >> and Report >> ii perl-base 5.6.1-8.8 The Pathologically Eclectic Rubbish >> Lister. >> ii perl-modules 5.6.1-8.8 Core Perl modules. >> >> (Sorry, "MailScanner -v" doesn't work). >> >> I'll leave it running until next week, but this sure looks like a Perl >> bug to me. >> >> cheers, >> &rw > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From webalizer at NWCWEB.COM Mon Mar 28 18:24:23 2005 From: webalizer at NWCWEB.COM (Dave Duffner - PSCGi) Date: Thu Jan 12 21:29:10 2006 Subject: MailScaner suddenly starting up with content issues after upgrade? Message-ID: Greetings, Using Linux/Ensim Pro/Sendmail/ClamAV/MS/SA, which comes with it's own set of nightmares on MS/SA integration. Recently (finally) was able to knock MailScanner up to 3.0.2 from 2.6, seems to be running reasonably well though, at times, it seems to be ignoring configurations we've done. That may be related to the way Ensim deploys sites, possibly not copying the latest config files to each site dir. Could even be skipping some server-wide customizations because of how Ensim calls it up for inbound mail. That being said, we've noticed since the upgrade to 3.XX that we're seeing a slew of these: At Sun Mar 27 11:24:34 2005 the content filters said: MailScanner: Found a script in HTML message It's either tagging them as Virii or Dangerous Content. That tag is random, seems to prefer to call it a Virus more than a DC message, but we can't track down where this ruleset is being called from to either kill it or try to modify it to suit our needs. Now the e-mails being tagged like this are from stock sources like eBay and other reputable addresses we've even gone so far as to put into the whitelists we have. But it either skips processing the message (not that high of a volume to being doing so), ignores the whitelist entry and tags it as a Virus or it ignores the setting and tags it as DC. Even though we've changed all the AutoWhiteList points we're aware of from threads here to stop using it, the AWL is still on a rampage as well. For example, it seems to know who Julian is and aware him with (last time) huge AWL adjustments to the POSITIVE side that get him tagged every time. 95% of this List's traffic doesn't get tagged, but Julian's a winner every time. Last one earlier today was a +164 AWL adjustment that sent a 4 scoring limit into overdrive totaling his post out to like 175+ total points. Still delivers it, because the whitelist we have says to ignore these List messages, but tags it none the less. Any ideas on how to kill the 'script in HTML message' check and/or beat the AWL into submission, we're all ears! Thanks, David J. Duffner President PSCGi Paradise Shore Communications Group www.pscginternet.com I--I Message scanned by MailScanner, and is believed to be clean. CONFIDENTIALITY NOTICE: This transmission intended for the specified destination and person. If this is not you, this e-mail must be deleted immediately. www.pscginternet.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dean at SAHRA.ARIZONA.EDU Mon Mar 28 18:26:38 2005 From: dean at SAHRA.ARIZONA.EDU (Dean Jones) Date: Thu Jan 12 21:29:10 2006 Subject: Problem with MailScanner, postfix and corrupt mails Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > Can you give us more details on the Cyrus problem you had? Would be > worth adding this to the FAQ to help other people. > Ok, i'll throw some more details out at the cost of embarrasing myself ;) Basically on my solaris boxes i compile stuff from scratch. so for my mailscanner system i compiled: cyrus-sasl, openssl, perl, berkely db, postfix and a bunch of other non-related stuff. I had set up postfix first and tested the TLS stuff (which is why i needed cyrus-sasl and openssl to compile TLS into postfix) and the TLS stuff was working. but during my setup of MailScanner i had changed which user postfix runs as and that user didn't have permission to read the cyrus-sasl libraries. (doh) I'm not 100% sure of the next part but it seemed a very small percentage of MailScanner messages require that library for some reason?? So i was debugging MailScanner to check out some spamassassin rules i had created and on one of the debug attempts i noticed there was an error accessing that sasl library. It looked like a rather ugly error as well. so i just gave the mailscanner/postfix user read access on the libraries and that problem went away. And since that point there have been no corrupt mails but that might just be coincidence? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Mar 28 18:46:58 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:10 2006 Subject: MailScaner suddenly starting up with content issues after upgrade? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] You mean SpamAssassin is 3.0.2, not MailScanner. You should be running MailScanner version 4.something. Find the spam.assassin.prefs.conf and add a line in it that says use_auto_whitelist 0 That should switch off the AWL. For the forms, find MailScanner.conf and set Allow Form Tags = disarm I will probably change the default to that now anyway, it is much more useful that way. Dave Duffner - PSCGi wrote: >Greetings, > > Using Linux/Ensim Pro/Sendmail/ClamAV/MS/SA, which comes >with it's own set of nightmares on MS/SA integration. Recently >(finally) was able to knock MailScanner up to 3.0.2 from 2.6, >seems to be running reasonably well though, at times, it seems >to be ignoring configurations we've done. That may be related >to the way Ensim deploys sites, possibly not copying the latest >config files to each site dir. Could even be skipping some >server-wide customizations because of how Ensim calls it up >for inbound mail. > > That being said, we've noticed since the upgrade to 3.XX >that we're seeing a slew of these: > >At Sun Mar 27 11:24:34 2005 the content filters said: > MailScanner: Found a script in HTML message > > It's either tagging them as Virii or Dangerous Content. >That tag is random, seems to prefer to call it a Virus more >than a DC message, but we can't track down where this ruleset >is being called from to either kill it or try to modify it >to suit our needs. > > Now the e-mails being tagged like this are from stock >sources like eBay and other reputable addresses we've even >gone so far as to put into the whitelists we have. But it >either skips processing the message (not that high of a >volume to being doing so), ignores the whitelist entry and >tags it as a Virus or it ignores the setting and tags it >as DC. > > Even though we've changed all the AutoWhiteList points >we're aware of from threads here to stop using it, the AWL >is still on a rampage as well. For example, it seems to know >who Julian is and aware him with (last time) huge AWL adjustments >to the POSITIVE side that get him tagged every time. 95% of >this List's traffic doesn't get tagged, but Julian's a winner >every time. Last one earlier today was a +164 AWL adjustment >that sent a 4 scoring limit into overdrive totaling his post >out to like 175+ total points. Still delivers it, because >the whitelist we have says to ignore these List messages, but >tags it none the less. > > Any ideas on how to kill the 'script in HTML message' >check and/or beat the AWL into submission, we're all ears! > > Thanks, > > David J. Duffner > President > PSCGi > Paradise Shore Communications Group > www.pscginternet.com > > > >I--I >Message scanned by MailScanner, and is believed to be clean. >CONFIDENTIALITY NOTICE: This transmission intended for the >specified destination and person. If this is not you, this >e-mail must be deleted immediately. www.pscginternet.com > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Mar 28 18:48:55 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:10 2006 Subject: Problem with MailScanner, postfix and corrupt mails Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dean Jones wrote: > Julian Field wrote: > >> Can you give us more details on the Cyrus problem you had? Would be >> worth adding this to the FAQ to help other people. >> > > Ok, i'll throw some more details out at the cost of embarrasing myself ;) > > Basically on my solaris boxes i compile stuff from scratch. > so for my mailscanner system i compiled: > cyrus-sasl, openssl, perl, berkely db, postfix and a bunch of other > non-related stuff. > > I had set up postfix first and tested the TLS stuff (which is why i > needed cyrus-sasl and openssl to compile TLS into postfix) and the TLS > stuff was working. > > but during my setup of MailScanner i had changed which user postfix runs > as and that user didn't have permission to read the cyrus-sasl > libraries. (doh) > > I'm not 100% sure of the next part but it seemed a very small percentage > of MailScanner messages require that library for some reason?? > > So i was debugging MailScanner to check out some spamassassin rules i > had created and on one of the debug attempts i noticed there was an > error accessing that sasl library. > It looked like a rather ugly error as well. > > so i just gave the mailscanner/postfix user read access on the libraries > and that problem went away. > > And since that point there have been no corrupt mails but that might > just be coincidence? Please let us know if you see any more corrupt mails, or whether your fix continues to solve the problem. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Mon Mar 28 18:58:04 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:29:10 2006 Subject: MailScaner suddenly starting up with content issues after upgrade? Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Julian Field > Sent: Monday, March 28, 2005 12:47 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: MailScaner suddenly starting up with content issues after > upgrade? > > You mean SpamAssassin is 3.0.2, not MailScanner. You should be running > MailScanner version 4.something. > > Find the spam.assassin.prefs.conf and add a line in it that says > use_auto_whitelist 0 > That should switch off the AWL. > > For the forms, find MailScanner.conf and set > Allow Form Tags = disarm > > I will probably change the default to that now anyway, it is much more > useful that way. I'd vote for that. Most of our customers set: Allow IFrame Tags = disarm Allow Form Tags = disarm Allow Script Tags = disarm Allow WebBugs = disarm Allow Object Codebase Tags = disarm And then a few add rule sets for to allow some sites, but disarm is safe and seems to be acceptable at most sites. Steve Steve Swaney President Fortress Systems Ltd. www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From webalizer at NWCWEB.COM Mon Mar 28 19:48:55 2005 From: webalizer at NWCWEB.COM (Dave Duffner - PSCGi) Date: Thu Jan 12 21:29:10 2006 Subject: MailScaner suddenly starting up with content issues after upgrade? Message-ID: > -----Original Message----- > From: MailScanner mailing list > > You mean SpamAssassin is 3.0.2, not MailScanner. You should > be running MailScanner version 4.something. Yep, that's what I get for reading headers! The SA is the recent upgrade, but an Ensim patch did do something to MailScanner as well. Tried --help with MS, is there a command or a file to scope out that determines what version of MailScanner we're running? > Find the spam.assassin.prefs.conf and add a line in it that > says use_auto_whitelist 0 That should switch off the AWL. Wasn't there, is now, we'll keep tabs on it. Swear it had been put in there but believe that may have been deleted in the patching. Ensim loves to put out destructive patches... > For the forms, find MailScanner.conf and set > Allow Form Tags = disarm > > I will probably change the default to that now anyway, it is > much more useful that way. Actually, we took Stephen's advice on that issue and just set all of those to 'disarm' to see if that improves things on a whole that were being incorrectly tagged. Dave ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Mon Mar 28 19:55:49 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:29:10 2006 Subject: HTML Table SPAM? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Devon Harding wrote: >Has any seen these kind of SPAM passing through? Where the SPAMMER >would use HTML tables to separate the offensive content? The words >looks clear when received, but every two letters are separated by a >table. > I've seen several of these, mostly in drug spams. Apparently now that antidrug is in SA 3.0 they are trying to evade those rules. Strangely, those messages are still getting tagged, mostly by razor and SURBL rules as they still have links to a website.. The most recent example got hit by razor, a weak hit from bayes, and a lot of DNSBLs of the relay (tweaked SA 2.64): score=16.199, required 5, BAYES_60 1.59, HTML_60_70 0.11, HTML_FONT_BIG 0.27, HTML_MESSAGE 0.10, INFO_GREYLIST_NOTDELAYED -0.01, MSGID_FROM_MTA_SHORT 1.00, PRIORITY_NO_NAME 1.21, RAZOR2_CF_RANGE_51_100 0.20, RAZOR2_CHECK 1.05, RCVD_IN_BL_SPAMCOP_NET 1.50, RCVD_IN_DSBL 0.71, RCVD_IN_NJABL_PROXY 2.34, RCVD_IN_SORBS_HTTP 1.20, RCVD_IN_SORBS_MISC 0.00, RCVD_IN_XBL 4.92 So, while I've seen them, I have yet to get a FN on one. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dean at SAHRA.ARIZONA.EDU Mon Mar 28 20:00:03 2005 From: dean at SAHRA.ARIZONA.EDU (Dean Jones) Date: Thu Jan 12 21:29:10 2006 Subject: Problem with MailScanner, postfix and corrupt mails Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dean Jones wrote: > Julian Field wrote: > >> Can you give us more details on the Cyrus problem you had? Would be >> worth adding this to the FAQ to help other people. >> > ok i lied :) must have been coincidence as 2 corrupt mails just showed up while i was in a meeting. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Mon Mar 28 20:01:31 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:29:10 2006 Subject: Weird problem with local SA tests Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Robert Waldner wrote: >Hi! > >Something tells me I haven't had enough coffee yet. > >I have a couple local tests defined in spam.assassin.prefs.conf, for > example: > >header MAILSCANNER Sender =~ /.*\.*/i >describe MAILSCANNER MailScanner mailing list >score MAILSCANNER -3 > >This works as expected. However, any test I define after that one is > ignored: > >header SPAM-L Sender =~ /.*\.*/i >describe SPAM-L SPAM-L >score SPAM-L -5 > >I tried reversing the order, and, yes, it's always only the first test > that works. I bet it's just something I overlooked, but what? > Hmm, can you post an example "Sender" header for Spam-L? I'm not on that list, so I can't begin to guess why it wouldn't match without looking at the header you expect it would match.. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Mar 28 20:06:51 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:10 2006 Subject: MailScaner suddenly starting up with content issues after upgrade? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dave Duffner - PSCGi wrote: > Tried --help with MS, is there a command or a file >to scope out that determines what version of MailScanner >we're running? > > MailScanner -v -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dwinkler at ALGORITHMICS.COM Mon Mar 28 20:10:33 2005 From: dwinkler at ALGORITHMICS.COM (Derek Winkler) Date: Thu Jan 12 21:29:10 2006 Subject: Weird problem with local SA tests Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Did you do a spamassassin --lint? This looks odd, not sure if it's the cause of the problem... header SPAM-L Sender =~ /.*\.*/i possible missing \ before > not consistent with your other rule... header SPAM-L Sender =~ /.*\.*/i The .*s are superfluous and just obfuscate the regular expressions. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Robert Waldner Sent: Saturday, March 26, 2005 8:06 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Weird problem with local SA tests Hi! Something tells me I haven't had enough coffee yet. I have a couple local tests defined in spam.assassin.prefs.conf, for example: header MAILSCANNER Sender =~ /.*\.*/i describe MAILSCANNER MailScanner mailing list score MAILSCANNER -3 This works as expected. However, any test I define after that one is ignored: header SPAM-L Sender =~ /.*\.*/i describe SPAM-L SPAM-L score SPAM-L -5 I tried reversing the order, and, yes, it's always only the first test that works. I bet it's just something I overlooked, but what? MailScanner 4.37.7, SpamAssassin 3.0.2 Thanks for any hints. cheers+tia, &rw This email and any files transmitted with it are confidential and proprietary to Algorithmics Incorporated and its affiliates ("Algorithmics"). If received in error, use is prohibited. Please destroy, and notify sender. Sender does not waive confidentiality or privilege. Internet communications cannot be guaranteed to be timely, secure, error or virus-free. Algorithmics does not accept liability for any errors or omissions. Any commitment intended to bind Algorithmics must be reduced to writing and signed by an authorized signatory. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bob.jones at USG.EDU Mon Mar 28 20:59:38 2005 From: bob.jones at USG.EDU (Bob Jones) Date: Thu Jan 12 21:29:10 2006 Subject: 2 spam checking issues... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > Bob Jones wrote: > >> 1. We received a message that bypassed the spam check. The relevant >> header info is: >> >> Received: from 168.24.195.10 ([220.77.201.250]) >> by hermes.bor.usg.edu (8.12.11/8.12.11) with SMTP id >> j2NEuQkB002299; Wed, 23 Mar 2005 09:56:35 -0500 (EST) >> >> The IP address of our mailserver (hermes.bor.usg.edu) is 168.24.195.10. >> It seems that the spammer used our IP address as his HELO during the >> SMTP connection. The *actual* IP address of the spammer is within the >> () in the next field. To determine if a ruleset applies, is mailscanner >> doing a simple grep? It seems to me that it should be grepping for what >> is within the () and ignore what the HELO was as that can be forged. Or >> is there an issue here I'm not grasping. > > > With sendmail, MailScanner uses the IP address at the far end of the > SMTP connection, which should be the real address unless they are doing > some IP spoofing attack (which looks unlikely as it gives away the > 220... IP address). It doesn't just use the "Received" address at all. I went back and looked at this message again and noticed that it was a red herring, the issue with this one is the same issue as the next one mentioned. It also had an address in the CC field listed in the don't scan ruleset. >> 2. The second is with skipping spam checks for certain addresses. It >> seems that if an address we have added to the ruleset to skip spam >> checks is listed in the CC or BCC fields (maybe the TO field as well, >> but haven't seen an example of this yet), that message isn't scanned for >> *any* of the recipients. Is this the expected behavior? Is there a way >> to work around this issue? > > > There is a workaround. Currently, when faced with a message with > multiple headers, some of which want spam checks and some of which > don't, it uses the answer for the first recipient. You can change this > so that it uses any of the recipients by editing > /usr/lib/MailScanner/MailScanner/ConfigDefs.pl. Look for the line > starting "SpamChecks". If you look backwards (towards the start of the > file) from there, you will see that it is in the [First,YesNo] section. > Move that line into the [All,YesNo] section, then stop and restart > MailScanner. Okay, this is not what we are seeing at all. I checked the ConfigDefs.pl file and we have not changed everything, the entry is still in the [First,YesNo] section. We have run various tests sending a message to 2 addresses. One address is listed in the ruleset to not be scanned as spam (noscan designation) and the other is not listed, so should be scanned. We user virtusertables here, so we tried tests with and without virtusertables, and with and without aliases. So, in the data below a native address is one that is user@host, a virtusertable-native address is a virtualaddress such as user@domain which points to a native address such as user@host and finally a virtusertable-aliases address is a virtualaddress such as user@domain which points to a file in /etc/mail/aliases. The NO and YES entries at the end of each line list whether the message received by that account was scanned for spam or not. I hope that makes sense. Here's the data: native:noscan, native:scan NO, NO native:scan, native:noscan NO, NO virtusertable-native:scan, virtusertable-native:noscan NO, NO virtusertable-native:noscan, virtusertable-native:scan NO, NO virtusertable-aliases:scan, virtusertable-aliases:noscan NO, NO virtusertable-aliases:noscan, virtusertable-aliases:scan NO, NO virtusertable-aliases:noscan, virtusertable-native:scan NO, NO virtusertable-native:scan, virtusertable-aliases:noscan NO, NO native:noscan, virtusertable-native:scan NO, YES virtusertable-native:scan, native:noscan YES, NO If you'll noticed, in the first 4 rounds of testing, the order the address appeared on the line did not impact whether or not any of the messages were scanned, whereas from what you wrote above it seems you are saying that the first address on the TO line should determine if any of the messages are scanned. Am I just being dense here and missing something? Also of note is the last test, where mixing a native and virtualized address seems to also break what you mention above, but in a different way. So, I'm sure I'm just missing something here and hopefully someone can point it out. > May be this might be a better place for the option. > What do you think? > What does anyone else think? As for opinions on the matter, it makes sense to me that the default behavior for a message to multiple recipients with some wanting scanning and some not, we should scan those that want it and not scan those that don't want it. Also, just to clarify, the ruleset I'm using is for the Spam Checks= line of the config file. Thanks, Bob ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Mar 28 21:19:58 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:10 2006 Subject: 2 spam checking issues... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Bob Jones wrote: > Julian Field wrote: > >>> 2. The second is with skipping spam checks for certain addresses. It >>> seems that if an address we have added to the ruleset to skip spam >>> checks is listed in the CC or BCC fields (maybe the TO field as well, >>> but haven't seen an example of this yet), that message isn't scanned >>> for >>> *any* of the recipients. Is this the expected behavior? Is there a >>> way >>> to work around this issue? >> >> >> >> There is a workaround. Currently, when faced with a message with >> multiple headers, some of which want spam checks and some of which >> don't, it uses the answer for the first recipient. You can change this >> so that it uses any of the recipients by editing >> /usr/lib/MailScanner/MailScanner/ConfigDefs.pl. Look for the line >> starting "SpamChecks". If you look backwards (towards the start of the >> file) from there, you will see that it is in the [First,YesNo] section. >> Move that line into the [All,YesNo] section, then stop and restart >> MailScanner. > > > Okay, this is not what we are seeing at all. I checked the > ConfigDefs.pl file and we have not changed everything, the entry is > still in the [First,YesNo] section. We have run various tests sending a > message to 2 addresses. One address is listed in the ruleset to not be > scanned as spam (noscan designation) and the other is not listed, so > should be scanned. We user virtusertables here, so we tried tests with > and without virtusertables, and with and without aliases. So, in the > data below a native address is one that is user@host, a > virtusertable-native address is a virtualaddress such as user@domain > which points to a native address such as user@host and finally a > virtusertable-aliases address is a virtualaddress such as user@domain > which points to a file in /etc/mail/aliases. The NO and YES entries at > the end of each line list whether the message received by that account > was scanned for spam or not. I hope that makes sense. Here's the data: > > native:noscan, native:scan NO, NO > native:scan, native:noscan NO, NO > > virtusertable-native:scan, virtusertable-native:noscan NO, NO > virtusertable-native:noscan, virtusertable-native:scan NO, NO > > virtusertable-aliases:scan, virtusertable-aliases:noscan NO, NO > virtusertable-aliases:noscan, virtusertable-aliases:scan NO, NO > > virtusertable-aliases:noscan, virtusertable-native:scan NO, NO > virtusertable-native:scan, virtusertable-aliases:noscan NO, NO > > native:noscan, virtusertable-native:scan NO, YES > virtusertable-native:scan, native:noscan YES, NO > > If you'll noticed, in the first 4 rounds of testing, the order the > address appeared on the line did not impact whether or not any of the > messages were scanned, whereas from what you wrote above it seems you > are saying that the first address on the TO line should determine if any > of the messages are scanned. Am I just being dense here and missing > something? It's not the order on the To: line that counts, it is the order of the recipients in the message envelope. > > Also of note is the last test, where mixing a native and virtualized > address seems to also break what you mention above, but in a different > way. > > So, I'm sure I'm just missing something here and hopefully someone can > point it out. > > >> May be this might be a better place for the option. >> What do you think? >> What does anyone else think? > > > As for opinions on the matter, it makes sense to me that the default > behavior for a message to multiple recipients with some wanting scanning > and some not, we should scan those that want it and not scan those that > don't want it. There is an option in MailScanner.conf which may well achieve the settings you want: # When trying to work out the value of configuration parameters which are # using a ruleset, this controls the behaviour when a rule is checking the # "To:" addresses. # If this option is set to "yes", then the following happens when checking # the ruleset: # a) 1 recipient. Same behaviour as normal. # b) Several recipients, but all in the same domain (domain.com for example). # The rules are checked for one that matches the string "*@domain.com". # c) Several recipients, not all in the same domain. # The rules are checked for one that matches the string "*@*". # # If this option is set to "no", then some rules will use the result they # get from the first matching rule for any of the recipients of a message, # so the exact value cannot be predicted for messages with more than 1 # recipient. # # This value *cannot* be the filename of a ruleset. Use Default Rules With Multiple Recipients = no -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bob.jones at USG.EDU Mon Mar 28 21:54:03 2005 From: bob.jones at USG.EDU (Bob Jones) Date: Thu Jan 12 21:29:10 2006 Subject: 2 spam checking issues... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > > There is an option in MailScanner.conf which may well achieve the > settings you want: > > # When trying to work out the value of configuration parameters which are > # using a ruleset, this controls the behaviour when a rule is checking the > # "To:" addresses. > # If this option is set to "yes", then the following happens when checking > # the ruleset: > # a) 1 recipient. Same behaviour as normal. > # b) Several recipients, but all in the same domain (domain.com for > example). > # The rules are checked for one that matches the string > "*@domain.com". > # c) Several recipients, not all in the same domain. > # The rules are checked for one that matches the string "*@*". > # > # If this option is set to "no", then some rules will use the result they > # get from the first matching rule for any of the recipients of a message, > # so the exact value cannot be predicted for messages with more than 1 > # recipient. > # > # This value *cannot* be the filename of a ruleset. > Use Default Rules With Multiple Recipients = no Does this also affect the CC: and BCC: addresses? Thanks, Bob ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Mar 28 22:03:38 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:10 2006 Subject: 2 spam checking issues... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Bob Jones wrote: > Julian Field wrote: > >> >> There is an option in MailScanner.conf which may well achieve the >> settings you want: >> >> # When trying to work out the value of configuration parameters which >> are >> # using a ruleset, this controls the behaviour when a rule is >> checking the >> # "To:" addresses. >> # If this option is set to "yes", then the following happens when >> checking >> # the ruleset: >> # a) 1 recipient. Same behaviour as normal. >> # b) Several recipients, but all in the same domain (domain.com for >> example). >> # The rules are checked for one that matches the string >> "*@domain.com". >> # c) Several recipients, not all in the same domain. >> # The rules are checked for one that matches the string "*@*". >> # >> # If this option is set to "no", then some rules will use the result >> they >> # get from the first matching rule for any of the recipients of a >> message, >> # so the exact value cannot be predicted for messages with more than 1 >> # recipient. >> # >> # This value *cannot* be the filename of a ruleset. >> Use Default Rules With Multiple Recipients = no > > > Does this also affect the CC: and BCC: addresses? Yes. Cc and Bcc addresses are just more recipients, as far as the envelope is concerned. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From itdept at FRACTALWEB.COM Mon Mar 28 22:47:44 2005 From: itdept at FRACTALWEB.COM (Fractal IT Dept.) Date: Thu Jan 12 21:29:10 2006 Subject: blocking SDG files? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi everyone, A user of ours was just emailed a zip file containing some SDG files, which are apparently graphics files. For some reason, SDG is classed as an executable file and therefore disallowed by the filename rules. Should I tell the system to allow SDG files or does this really represent a security issue? Thanks. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Mon Mar 28 23:17:40 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:29:10 2006 Subject: blocking SDG files? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Fractal IT Dept. wrote: > Hi everyone, > > A user of ours was just emailed a zip file containing some SDG files, > which are apparently graphics files. For some reason, SDG is classed > as an executable file and therefore disallowed by the filename rules. > Should I tell the system to allow SDG files or does this really > represent a security issue? > > Thanks. SDG's are also StarOffice Gallery files. I'm curious if those are "executable" in the same sense as Microsoft .doc files (scripting), or if they were merely added because they were associated with an "office" product. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From devonharding at gmail.com Tue Mar 29 00:24:24 2005 From: devonharding at gmail.com (Devon Harding) Date: Thu Jan 12 21:29:10 2006 Subject: HTML Table SPAM? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Here is my RBL's and they still seem to get through. What can I do to stop em'? Spam List = dslb.org ORDB-RBL SBL+XBL spamhaus.org spamhaus-XBL spamcop.net NJABL CBL RSL DSBL SORBS-SPAM SURBL On Mon, 28 Mar 2005 13:55:49 -0500, Matt Kettler wrote: > Devon Harding wrote: > > >Has any seen these kind of SPAM passing through? Where the SPAMMER > >would use HTML tables to separate the offensive content? The words > >looks clear when received, but every two letters are separated by a > >table. > > > > I've seen several of these, mostly in drug spams. Apparently now that > antidrug is in SA 3.0 they are trying to evade those rules. > > Strangely, those messages are still getting tagged, mostly by razor and > SURBL rules as they still have links to a website.. > > The most recent example got hit by razor, a weak hit from bayes, and a > lot of DNSBLs of the relay (tweaked SA 2.64): > > score=16.199, required 5, BAYES_60 1.59, HTML_60_70 0.11, > HTML_FONT_BIG 0.27, HTML_MESSAGE 0.10, > INFO_GREYLIST_NOTDELAYED -0.01, MSGID_FROM_MTA_SHORT 1.00, > PRIORITY_NO_NAME 1.21, RAZOR2_CF_RANGE_51_100 0.20, > RAZOR2_CHECK 1.05, RCVD_IN_BL_SPAMCOP_NET 1.50, RCVD_IN_DSBL 0.71, > RCVD_IN_NJABL_PROXY 2.34, > RCVD_IN_SORBS_HTTP 1.20, RCVD_IN_SORBS_MISC 0.00, RCVD_IN_XBL 4.92 > > So, while I've seen them, I have yet to get a FN on one. > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From itdept at FRACTALWEB.COM Tue Mar 29 00:35:08 2005 From: itdept at FRACTALWEB.COM (Fractal IT Dept.) Date: Thu Jan 12 21:29:10 2006 Subject: blocking SDG files? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Matt, I've tried allowing files that have the extension \.sdg$, but it seems to still be detected as an executable. I'm stuck here. Obviously, I don't want to allow executables, but this file is just a data file. Any thoughts? Chris ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Tue Mar 29 00:40:37 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:29:10 2006 Subject: HTML Table SPAM? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Devon Harding wrote: >Here is my RBL's and they still seem to get through. What can I do to stop em'? > > My strongest recommendation would be to use a version of SpamAssassin which has SURBL capabilities. 3.0 ships with it by default, although if your Net::DNS perl module isn't fairly recent it will disable the URI based blacklists and only do normal RBLs. 2.6x can have this functionality added with the Mail::SpamAssassin::SpamCopURI patch. (They call it a plugin, but it's dependent on patch to EvalTests.pm that the "make install" process does automatically.) I'd also recommend using Razor version 2.67. Older versions of razor may not support e8 signatures, or may have bugs in e8. Lastly, if you've got bayes going, be sure to train some of the samples as spam. Between the three approaches SA seems to catch all of these on my network without much trouble (so far). ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From devonharding at gmail.com Tue Mar 29 00:57:35 2005 From: devonharding at gmail.com (Devon Harding) Date: Thu Jan 12 21:29:10 2006 Subject: HTML Table SPAM? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Well, Im running SA 3.0.2, Net::DNS version 0.48, Razor2::Client::Agent version 2.61 (upgrading to 2.67 as we speak..) Whats the procedure in training bayes to detect the samples as spam? On Mon, 28 Mar 2005 18:40:37 -0500, Matt Kettler wrote: > Devon Harding wrote: > > >Here is my RBL's and they still seem to get through. What can I do to stop em'? > > > > > > My strongest recommendation would be to use a version of SpamAssassin > which has SURBL capabilities. > > 3.0 ships with it by default, although if your Net::DNS perl module > isn't fairly recent it will disable the URI based blacklists and only do > normal RBLs. > > 2.6x can have this functionality added with the > Mail::SpamAssassin::SpamCopURI patch. (They call it a plugin, but it's > dependent on patch to EvalTests.pm that the "make install" process does > automatically.) > > I'd also recommend using Razor version 2.67. Older versions of razor may > not support e8 signatures, or may have bugs in e8. > > Lastly, if you've got bayes going, be sure to train some of the samples > as spam. > > Between the three approaches SA seems to catch all of these on my > network without much trouble (so far). > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue Mar 29 00:56:35 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:10 2006 Subject: blocking SDG files? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Fractal IT Dept. wrote: > Hi Matt, > > I've tried allowing files that have the extension \.sdg$, but it seems > to still be detected as an executable. I'm stuck here. Obviously, I > don't want to allow executables, but this file is just a data file. Any > thoughts? > > Chris > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* You might try to run it through the "file" command. That might be picking it up as an executable, and triggering the problem. Or you could set the max archive depth to zero, and not check for executables in zip files. -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From res at AUSICS.NET Tue Mar 29 10:07:44 2005 From: res at AUSICS.NET (Res) Date: Thu Jan 12 21:29:10 2006 Subject: Feature request or have i missed it? Message-ID: On Mon, 28 Mar 2005, Julian Field wrote: > I have avoided doing this. There are still a few false alarms, and I > don't want people to become used to seeing any warning in the subject > line, as that may "cry wolf". I thought (as did other people on this > list) that just inserting some text straight into the message, at the > point of the link, was more useful. ok, thanks > > Res wrote: > >> Hi Julian, >> >> With the Phising, when it finds a match and renames the inline part, >> is it >> possible to have an option to put a notify in the subject line to make >> the >> recipient fully alert to the fact there is possible fraud attempt ? > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Cheers Res ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From waldner at WALDNER.PRIV.AT Tue Mar 29 10:49:30 2005 From: waldner at WALDNER.PRIV.AT (Robert Waldner) Date: Thu Jan 12 21:29:10 2006 Subject: Problem with MailScanner, postfix and corrupt mails Message-ID: On Mon, 28 Mar 2005 08:52:09 PDT, Dean Jones writes: >Any more updates on this experiment with perl 5.6? Nearly a week now without any corrupt messages on the perl 5.6 box, but the usual 1-2/day on the 5.8 ones. Today I'll try to get the same MailScanner version running on the 5.6 box. cheers, &rw -- -- everyone connected to the internet acts globally. -- it is wildly foolish to think locally. -- - Paul Vixie ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/PGP-SIGNATURE 196bytes. ] [ Unable to print this part. ] From martinh at SOLID-STATE-LOGIC.COM Tue Mar 29 13:49:46 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:10 2006 Subject: {Spam?} Re: [MAILSCANNER] HTML Table SPAM? Message-ID: Devon Ok, you've got the ALL_TRUSTED firing wrong as it can do. Read the documentation on how the internal_networks and trusted_networks should be set and make these changes to spam.assassin.prefs.conf Looks like the URI-RBL's are running so that's fine. What extra rules have you got for spamassassin in /etc/mail/spamassassin? I've got alot from www.rulesemporium.com/rules.htm and also the www.rulesemporium.com/other-rules.htm. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Devon Harding wrote: > I'm sure everything is enable. Here is the result of the spamassassin test: > > debug: SpamAssassin version 3.0.2 > debug: Score set 0 chosen. > debug: running in taint mode? yes > debug: Running in taint mode, removing unsafe env vars, and resetting PATH > debug: PATH included '/usr/kerberos/sbin', keeping. > debug: PATH included '/usr/kerberos/bin', keeping. > debug: PATH included '/usr/local/sbin', keeping. > debug: PATH included '/usr/local/bin', keeping. > debug: PATH included '/sbin', keeping. > debug: PATH included '/bin', keeping. > debug: PATH included '/usr/sbin', keeping. > debug: PATH included '/usr/bin', keeping. > debug: PATH included '/usr/X11R6/bin', keeping. > debug: PATH included '/root/bin', which doesn't exist, dropping. > debug: Final PATH set to: > /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin > debug: diag: module installed: DBI, version 1.40 > debug: diag: module installed: DB_File, version 1.810 > debug: diag: module installed: Digest::SHA1, version 2.10 > debug: diag: module installed: IO::Socket::UNIX, version 1.21 > debug: diag: module installed: MIME::Base64, version 3.03 > debug: diag: module installed: Net::DNS, version 0.48 > debug: diag: module installed: Net::LDAP, version 0.32 > debug: diag: module installed: Razor2::Client::Agent, version 2.67 > debug: diag: module installed: Storable, version 2.13 > debug: diag: module installed: URI, version 1.35 > debug: ignore: using a test message to lint rules > debug: using "/etc/mail/spamassassin/init.pre" for site rules init.pre > debug: config: read file /etc/mail/spamassassin/init.pre > debug: using "/usr/share/spamassassin" for default rules dir > debug: config: read file /usr/share/spamassassin/10_misc.cf > debug: config: read file /usr/share/spamassassin/20_anti_ratware.cf > debug: config: read file /usr/share/spamassassin/20_body_tests.cf > debug: config: read file /usr/share/spamassassin/20_compensate.cf > debug: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf > debug: config: read file /usr/share/spamassassin/20_drugs.cf > debug: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf > debug: config: read file /usr/share/spamassassin/20_head_tests.cf > debug: config: read file /usr/share/spamassassin/20_html_tests.cf > debug: config: read file /usr/share/spamassassin/20_meta_tests.cf > debug: config: read file /usr/share/spamassassin/20_phrases.cf > debug: config: read file /usr/share/spamassassin/20_porn.cf > debug: config: read file /usr/share/spamassassin/20_ratware.cf > debug: config: read file /usr/share/spamassassin/20_uri_tests.cf > debug: config: read file /usr/share/spamassassin/23_bayes.cf > debug: config: read file /usr/share/spamassassin/25_body_tests_es.cf > debug: config: read file /usr/share/spamassassin/25_hashcash.cf > debug: config: read file /usr/share/spamassassin/25_spf.cf > debug: config: read file /usr/share/spamassassin/25_uribl.cf > debug: config: read file /usr/share/spamassassin/30_text_de.cf > debug: config: read file /usr/share/spamassassin/30_text_fr.cf > debug: config: read file /usr/share/spamassassin/30_text_nl.cf > debug: config: read file /usr/share/spamassassin/30_text_pl.cf > debug: config: read file /usr/share/spamassassin/50_scores.cf > debug: config: read file /usr/share/spamassassin/60_whitelist.cf > debug: using "/etc/mail/spamassassin" for site rules dir > debug: config: read file /etc/mail/spamassassin/local.cf > debug: using "/root/.spamassassin" for user state dir > debug: using "/etc/MailScanner/spam.assassin.prefs.conf" for user prefs file > debug: config: read file /etc/MailScanner/spam.assassin.prefs.conf > debug: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC > debug: plugin: registered Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x95a7894) > debug: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC > debug: plugin: registered Mail::SpamAssassin::Plugin::Hashcash=HASH(0xa188d04) > debug: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC > debug: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0xa1549dc) > debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x95a7894) > implements 'parse_config' > debug: plugin: Mail::SpamAssassin::Plugin::Hashcash=HASH(0xa188d04) > implements 'parse_config' > debug: bayes: 31538 tie-ing to DB file R/O /etc/MailScanner/bayes/bayes_toks > debug: bayes: 31538 tie-ing to DB file R/O /etc/MailScanner/bayes/bayes_seen > debug: bayes: found bayes db version 3 > debug: Score set 3 chosen. > debug: ---- MIME PARSER START ---- > debug: main message type: text/plain > debug: parsing normal part > debug: added part, type: text/plain > debug: ---- MIME PARSER END ---- > debug: metadata: X-Spam-Relays-Trusted: > debug: metadata: X-Spam-Relays-Untrusted: > debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x95a7894) > implements 'parsed_metadata' > debug: is Net::DNS::Resolver available? yes > debug: Net::DNS version: 0.48 > debug: trying (3) w3.org... > debug: looking up NS for 'w3.org' > debug: NS lookup of w3.org succeeded => Dns available (set > dns_available to hardcode) > debug: is DNS available? 1 > debug: decoding: no encoding detected > debug: URIDNSBL: domains to query: > debug: all '*From' addrs: ignore@compiling.spamassassin.taint.org > debug: Running tests for priority: 0 > debug: running header regexp tests; score so far=0 > debug: registering glue method for check_hashcash_double_spend > (Mail::SpamAssassin::Plugin::Hashcash=HASH(0xa188d04)) > debug: registering glue method for check_for_spf_helo_pass > (Mail::SpamAssassin::Plugin::SPF=HASH(0xa1549dc)) > debug: SPF: message was delivered entirely via trusted relays, not required > debug: registering glue method for check_hashcash_value > (Mail::SpamAssassin::Plugin::Hashcash=HASH(0xa188d04)) > debug: all '*To' addrs: > debug: registering glue method for check_for_spf_softfail > (Mail::SpamAssassin::Plugin::SPF=HASH(0xa1549dc)) > debug: SPF: message was delivered entirely via trusted relays, not required > debug: registering glue method for check_for_spf_pass > (Mail::SpamAssassin::Plugin::SPF=HASH(0xa1549dc)) > debug: registering glue method for check_for_spf_helo_softfail > (Mail::SpamAssassin::Plugin::SPF=HASH(0xa1549dc)) > debug: registering glue method for check_for_spf_fail > (Mail::SpamAssassin::Plugin::SPF=HASH(0xa1549dc)) > debug: registering glue method for check_for_spf_helo_fail > (Mail::SpamAssassin::Plugin::SPF=HASH(0xa1549dc)) > debug: running body-text per-line regexp tests; score so far=-3.174 > debug: running uri tests; score so far=-3.174 > debug: registering glue method for check_uridnsbl > (Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x95a7894)) > debug: bayes corpus size: nspam = 1308, nham = 1457 > debug: tokenize: header tokens for *F = "U*ignore > D*compiling.spamassassin.taint.org D*spamassassin.taint.org > D*taint.org D*org" > debug: tokenize: header tokens for *m = " 1112095616 lint_rules " > debug: tokenize: header tokens for *RT = " " > debug: tokenize: header tokens for *RU = " " > debug: cannot use bayes on this message; not enough usable tokens found > debug: bayes: not scoring message, returning undef > debug: bayes: 31538 untie-ing > debug: bayes: 31538 untie-ing db_toks > debug: bayes: 31538 untie-ing db_seen > debug: Razor2 is available > debug: entering helper-app run mode > Razor-Log: Computed razorhome from env: /root/.razor > Razor-Log: Found razorhome: /root/.razor > Razor-Log: read_file: 16 items read from /root/.razor/razor-agent.conf > Mar 29 06:27:06.633104 check[31538]: [ 2] [bootup] Logging initiated > LogDebugLevel=9 to stdout > Mar 29 06:27:06.637619 check[31538]: [ 5] computed > razorhome=/root/.razor, conf=/root/.razor/razor-agent.conf, > ident=/root/.razor/identity-ruvCQ8G6h1 > Mar 29 06:27:06.640472 check[31538]: [ 8] Client supported_engines: 4 8 > Mar 29 06:27:06.644630 check[31538]: [ 8] prep_mail done: mail 1 > headers=93, mime0=1376 > Mar 29 06:27:06.648077 check[31538]: [ 5] read_file: 1 items read from > /root/.razor/servers.discovery.lst > Mar 29 06:27:06.671355 check[31538]: [ 5] read_file: 2 items read from > /root/.razor/servers.nomination.lst > Mar 29 06:27:06.678582 check[31538]: [ 5] read_file: 1 items read from > /root/.razor/servers.catalogue.lst > Mar 29 06:27:06.682276 check[31538]: [ 9] Assigning defaults to > folly.cloudmark.com > Mar 29 06:27:06.685288 check[31538]: [ 9] Assigning defaults to > joy.cloudmark.com > Mar 29 06:27:06.687704 check[31538]: [ 9] Assigning defaults to > shock.cloudmark.com > Mar 29 06:27:06.715976 check[31538]: [ 5] read_file: 16 items read > from /root/.razor/server.stress.cloudmark.com.conf > Mar 29 06:27:06.723879 check[31538]: [ 5] read_file: 16 items read > from /root/.razor/server.stress.cloudmark.com.conf > Mar 29 06:27:06.757959 check[31538]: [ 5] read_file: 17 items read > from /root/.razor/server.thrill.cloudmark.com.conf > Mar 29 06:27:06.766103 check[31538]: [ 5] read_file: 17 items read > from /root/.razor/server.thrill.cloudmark.com.conf > Mar 29 06:27:06.783177 check[31538]: [ 5] read_file: 16 items read > from /root/.razor/server.joy.cloudmark.com.conf > Mar 29 06:27:06.791015 check[31538]: [ 5] read_file: 16 items read > from /root/.razor/server.joy.cloudmark.com.conf > Mar 29 06:27:06.829923 check[31538]: [ 5] read_file: 17 items read > from /root/.razor/server.pride.cloudmark.com.conf > Mar 29 06:27:06.838190 check[31538]: [ 5] read_file: 17 items read > from /root/.razor/server.pride.cloudmark.com.conf > Mar 29 06:27:06.863375 check[31538]: [ 5] read_file: 16 items read > from /root/.razor/server.shock.cloudmark.com.conf > Mar 29 06:27:06.871244 check[31538]: [ 5] read_file: 16 items read > from /root/.razor/server.shock.cloudmark.com.conf > Mar 29 06:27:06.905572 check[31538]: [ 5] read_file: 16 items read > from /root/.razor/server.tension.cloudmark.com.conf > Mar 29 06:27:06.913456 check[31538]: [ 5] read_file: 16 items read > from /root/.razor/server.tension.cloudmark.com.conf > Mar 29 06:27:06.931460 check[31538]: [ 5] read_file: 15 items read > from /root/.razor/server.folly.cloudmark.com.conf > Mar 29 06:27:06.938968 check[31538]: [ 5] read_file: 15 items read > from /root/.razor/server.folly.cloudmark.com.conf > Mar 29 06:27:06.977843 check[31538]: [ 5] read_file: 17 items read > from /root/.razor/server.wonder.cloudmark.com.conf > Mar 29 06:27:06.986096 check[31538]: [ 5] read_file: 17 items read > from /root/.razor/server.wonder.cloudmark.com.conf > Mar 29 06:27:07.023469 check[31538]: [ 5] read_file: 16 items read > from /root/.razor/server.robust.cloudmark.com.conf > Mar 29 06:27:07.031417 check[31538]: [ 5] read_file: 16 items read > from /root/.razor/server.robust.cloudmark.com.conf > Mar 29 06:27:07.033545 check[31538]: [ 5] 123992 seconds before > closest server discovery > Mar 29 06:27:07.036279 check[31538]: [ 6] shock.cloudmark.com is a > Catalogue Server srl 5066; computed min_cf=6, Server se: C8 > Mar 29 06:27:07.038365 check[31538]: [ 8] Computed supported_engines: 4 8 > Mar 29 06:27:07.039974 check[31538]: [ 8] Using next closest server > shock.cloudmark.com:2703, cached info srl 5066 > Mar 29 06:27:07.042332 check[31538]: [ 8] mail 1 has no subject > Mar 29 06:27:07.046968 check[31538]: [ 6] preproc: mail 1.0 went from > 1376 bytes to 1339 > Mar 29 06:27:07.048457 check[31538]: [ 6] computing sigs for mail 1.0, len 1339 > Mar 29 06:27:07.080809 check[31538]: [ 6] Engine (8) didn't produce a > signature for mail 1.0 > Mar 29 06:27:07.082825 check[31538]: [ 6] skipping whitelist file > (empty?): /root/.razor/razor-whitelist > Mar 29 06:27:07.084261 check[31538]: [ 5] Connecting to shock.cloudmark.com ... > Mar 29 06:27:07.291541 check[31538]: [ 8] Connection established > Mar 29 06:27:07.293199 check[31538]: [ 4] shock.cloudmark.com >> 36 > server greeting: sn=C&srl=5066&a=l&a=cg&ep4=7542-10 > Mar 29 06:27:07.298125 check[31538]: [ 4] shock.cloudmark.com << 25 > Mar 29 06:27:07.299795 check[31538]: [ 6] cn=razor-agents&cv=2.67 > Mar 29 06:27:07.302240 check[31538]: [ 6] shock.cloudmark.com is a > Catalogue Server srl 5066; computed min_cf=6, Server se: C8 > Mar 29 06:27:07.304321 check[31538]: [ 8] Computed supported_engines: 4 8 > Mar 29 06:27:07.306697 check[31538]: [ 8] mail 1.0 e4 sig: > xFaZIZUVHk90OQfARnenjx5BZTMA > Mar 29 06:27:07.308331 check[31538]: [ 5] mail 1.0 e8 got no sig > Mar 29 06:27:07.309828 check[31538]: [ 8] preparing 1 queries > Mar 29 06:27:07.311979 check[31538]: [ 8] sending 1 batches > Mar 29 06:27:07.314299 check[31538]: [ 4] shock.cloudmark.com << 52 > Mar 29 06:27:07.315305 check[31538]: [ 6] > a=c&e=4&ep4=7542-10&s=xFaZIZUVHk90OQfARnenjx5BZTMA > Mar 29 06:27:07.513007 check[31538]: [ 4] shock.cloudmark.com >> 5 > Mar 29 06:27:07.514027 check[31538]: [ 6] response to sent.2 > p=0 > Mar 29 06:27:07.517878 check[31538]: [ 6] mail 1.0 e=4 > sig=xFaZIZUVHk90OQfARnenjx5BZTMA: sig not found. > Mar 29 06:27:07.519031 check[31538]: [ 7] method 4: mail 1.0: > no-contention part, spam=0 > Mar 29 06:27:07.519935 check[31538]: [ 7] method 4: mail 1: all > non-contention parts not spam, mail not spam > Mar 29 06:27:07.520821 check[31538]: [ 3] mail 1 is not known spam. > Mar 29 06:27:07.522901 check[31538]: [ 5] disconnecting from server > shock.cloudmark.com > Mar 29 06:27:07.524449 check[31538]: [ 4] shock.cloudmark.com << 5 > Mar 29 06:27:07.525265 check[31538]: [ 6] a=q > debug: Using results from Razor v2.67 > debug: Found Razor2 part: part=0 engine=4 ct=0 cf=0 > debug: leaving helper-app run mode > debug: Razor2 results: spam? 0 highest cf score: 0 > debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x95a7894) > implements 'check_tick' > debug: running raw-body-text per-line regexp tests; score so far=-3.174 > debug: running full-text regexp tests; score so far=-3.174 > debug: Razor2 is available > debug: Current PATH is: > /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin > debug: executable for pyzor was found at /usr/bin/pyzor > debug: Pyzor is available: /usr/bin/pyzor > debug: entering helper-app run mode > debug: setuid: helper proc 31543: ruid=0 euid=0 > debug: Pyzor: got response: 217.160.253.84:24441 TimeoutError: > debug: leaving helper-app run mode > debug: Pyzor: couldn't grok response "217.160.253.84:24441 TimeoutError: " > debug: DCCifd is available: /var/dcc/dccifd > debug: entering helper-app run mode > debug: leaving helper-app run mode > debug: DCCifd check timed out after 10 secs. > debug: Running tests for priority: 500 > debug: RBL: success for 1 of 1 queries > debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x95a7894) > implements 'check_post_dnsbl' > debug: running meta tests; score so far=-3.174 > debug: running header regexp tests; score so far=-1.948 > debug: running body-text per-line regexp tests; score so far=-1.948 > debug: running uri tests; score so far=-1.948 > debug: running raw-body-text per-line regexp tests; score so far=-1.948 > debug: running full-text regexp tests; score so far=-1.948 > debug: Running tests for priority: 1000 > debug: running meta tests; score so far=-1.948 > debug: running header regexp tests; score so far=-1.948 > debug: using "/root/.spamassassin" for user state dir > debug: lock: 31538 created /root/.spamassassin/auto-whitelist.mutex > debug: lock: 31538 trying to get lock on > /root/.spamassassin/auto-whitelist with 30 timeout > debug: lock: 31538 link to /root/.spamassassin/auto-whitelist.mutex: link ok > debug: Tie-ing to DB file R/W in /root/.spamassassin/auto-whitelist > debug: auto-whitelist (db-based): > ignore@compiling.spamassassin.taint.org|ip=none scores 0/0 > debug: AWL active, pre-score: -1.948, autolearn score: -1.948, mean: > undef, IP: undef > debug: DB addr list: untie-ing and unlocking. > debug: DB addr list: file locked, breaking lock. > debug: unlock: 31538 unlocked /root/.spamassassin/auto-whitelist.mutex > debug: Post AWL score: -1.948 > debug: running body-text per-line regexp tests; score so far=-1.948 > debug: running uri tests; score so far=-1.948 > debug: running raw-body-text per-line regexp tests; score so far=-1.948 > debug: running full-text regexp tests; score so far=-1.948 > debug: is spam? score=-1.948 required=5 > debug: tests=ALL_TRUSTED,MISSING_HEADERS,MISSING_SUBJECT,NO_REAL_NAME > debug: subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__SANE_MSGID,__UNUSABLE_MSGID > > > On Tue, 29 Mar 2005 09:35:59 +0100, Martin Hepworth > wrote: > >>Devon >> >>have you got network tests enabled? >> >>the surbl URI-RBL's wont fire up until this is on. >> >>What happens if you do.. >> >>spamassassin -p /spam.assassin.prefs.conf -D --lint >> >>-- >>Martin Hepworth >>Snr Systems Administrator >>Solid State Logic >>Tel: +44 (0)1865 842300 >> >> >>Devon Harding wrote: >> >>>Well, Im running SA 3.0.2, Net::DNS version 0.48, >>>Razor2::Client::Agent version 2.61 (upgrading to 2.67 as we speak..) >>> >>>Whats the procedure in training bayes to detect the samples as spam? >>> >>> >>>On Mon, 28 Mar 2005 18:40:37 -0500, Matt Kettler wrote: >>> >>> >>>>Devon Harding wrote: >>>> >>>> >>>> >>>>>Here is my RBL's and they still seem to get through. What can I do to stop em'? >>>>> >>>>> >>>> >>>>My strongest recommendation would be to use a version of SpamAssassin >>>>which has SURBL capabilities. >>>> >>>>3.0 ships with it by default, although if your Net::DNS perl module >>>>isn't fairly recent it will disable the URI based blacklists and only do >>>>normal RBLs. >>>> >>>>2.6x can have this functionality added with the >>>>Mail::SpamAssassin::SpamCopURI patch. (They call it a plugin, but it's >>>>dependent on patch to EvalTests.pm that the "make install" process does >>>>automatically.) >>>> >>>>I'd also recommend using Razor version 2.67. Older versions of razor may >>>>not support e8 signatures, or may have bugs in e8. >>>> >>>>Lastly, if you've got bayes going, be sure to train some of the samples >>>>as spam. >>>> >>>>Between the three approaches SA seems to catch all of these on my >>>>network without much trouble (so far). >>>> >>>> >>> >>> >>>------------------------ MailScanner list ------------------------ >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>'leave mailscanner' in the body of the email. >>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>Support MailScanner development - buy the book off the website! >> >>********************************************************************** >> >>This email and any files transmitted with it are confidential and >>intended solely for the use of the individual or entity to whom they >>are addressed. If you have received this email in error please notify >>the system manager. >> >>This footnote confirms that this email message has been swept >>for the presence of computer viruses and is believed to be clean. >> >>********************************************************************** >> >> ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Mar 29 14:01:29 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:11 2006 Subject: exim losing messages Message-ID: Julian I hate replying to myself BUT... I think I figured out the losing messages problem. It was, pas usual, the config catching me out. The MS machine is a gateway (both ways) for my WAN. Several of the users on th MailMan list, are only allowed internal email (delete option in the rules). So when the Mailman server uses the MS machine as the smart host the message gets 'deleted' as thats the rule for one of the users in the 'to' (or BCC or however MM does it). So in order to let the MM machine have the MS machine as the smart host I need to change the rules so the MM machine's ip-address is allowed to send to ALL people and that rule is before the delete action formy internal only email addresses..I'll get mi coat ;-) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Martin Hepworth wrote: > Jules > > upgraded to latest beta this morning and noticed if I have an email to a > fair number of recipients MS seems to drop it. I noticed this whilst > testing a new MailMan setup. If the distibution is a few users its OK, > but once it gets around 30 it just disapears. > > things missing from the logs like the child's died, but it archives the > message, then SQL logs it to MailWatch, then nothing until the MS child > gets another go at the inbound queue. > > I get it logged to MailWatch, but there's no sign of it in the > archive/nonspam and it doesn't get passed to the outgoing exim queue. > > This is exim 4.43 and FreeBSD 4.10. > > Any ideas? > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dwinkler at ALGORITHMICS.COM Tue Mar 29 15:23:45 2005 From: dwinkler at ALGORITHMICS.COM (Derek Winkler) Date: Thu Jan 12 21:29:11 2006 Subject: Virus in HTML Email Style Sheet Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Here's the HTML source for a message that had a virus in it... Hey Love
I reserved us a place at huoston's tonight.
starting to be hungry already, for you!!
Bob



When the CURSOR is retrieved it has Trojan.Moo in it according to NAV. MailScanner did not catch this. Should there be a disarm URLs in style sheets setting in MailScanner? Does anyone know of a virus scanner that checks URLs in email as well? I thought Clam was doing this. Thanks, Derek ------------------------------------------------------------------ This email and any files transmitted with it are confidential and proprietary to Algorithmics Incorporated and its affiliates ("Algorithmics"). If received in error, use is prohibited. Please destroy, and notify sender. Sender does not waive confidentiality or privilege. Internet communications cannot be guaranteed to be timely, secure, error or virus-free. Algorithmics does not accept liability for any errors or omissions. Any commitment intended to bind Algorithmics must be reduced to writing and signed by an authorized signatory. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Mar 29 15:34:12 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:11 2006 Subject: Virus in HTML Email Style Sheet Message-ID: Derek does ClamAV catch it? If so I recommend running that on you MS machine as well. I note that Sophos won't catch this either - their argument is that they don't parse URL end points only actual content. The problem will be on the Windows box (should that be the users O/S) and therefore they will catch it there. (ie the problem's on the desktop so you need protection where the problem is, but just the gateway). -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Derek Winkler wrote: > Here's the HTML source for a message that had a virus in it... > > Hey Love
I reserved us a place at huoston's tonight.
starting to be > hungry already, for you!!
Bob >



> > > When the CURSOR is retrieved it has Trojan.Moo in it according to NAV. > > MailScanner did not catch this. > > Should there be a disarm URLs in style sheets setting in MailScanner? > > Does anyone know of a virus scanner that checks URLs in email as well? I > thought Clam was doing this. > > Thanks, > > Derek > > ------------------------------------------------------------------ > > This email and any files transmitted with it are confidential and > proprietary to Algorithmics Incorporated and its affiliates > ("Algorithmics"). If received in error, use is prohibited. Please destroy, > and notify sender. Sender does not waive confidentiality or privilege. > Internet communications cannot be guaranteed to be timely, secure, error or > virus-free. Algorithmics does not accept liability for any errors or > omissions. Any commitment intended to bind Algorithmics must be reduced to > writing and signed by an authorized signatory. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From john at TRADOC.FR Tue Mar 29 15:55:39 2005 From: john at TRADOC.FR (John Wilcock) Date: Thu Jan 12 21:29:11 2006 Subject: Virus in HTML Email Style Sheet Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Derek Winkler wrote: > * {CURSOR: url("http://banukultepe.sitemynet.com/m89.ani")} > > When the CURSOR is retrieved it has Trojan.Moo in it according to NAV. > > MailScanner did not catch this. > > Should there be a disarm URLs in style sheets setting in MailScanner? I can't see how this could actually result in an infection, unless the e-mail client has a bug that results in code being executed instead of a cursor being displayed. If there are any common clients out there with known vulnerabilities, it would indeed seem logical for Julian to do something about this, similar to the IFRAME disarming. Conversely, are there any legitimate uses for this sort of thing? John. -- -- Over 2500 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From itdept at FRACTALWEB.COM Tue Mar 29 16:02:11 2005 From: itdept at FRACTALWEB.COM (Fractal IT Dept.) Date: Thu Jan 12 21:29:11 2006 Subject: first message spam, next spam gets whitelisted? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi everyone, I'm seeing a bunch of messages these days that look like this: [ ] 29/03/05 06:29:57 itbe_1e3925a6a26ccc4b151239a39c588a... sara@localdomain1.com {**Spam?**} IT Secur... 35.6Kb 7.75 W/L [ ] 29/03/05 06:29:40 itbe_1e3925a6a26ccc4b151239a39c588a... sara@localdomain0.com IT Security--Ignoran... 33.7Kb 6.06 Spam So from what I can see, a message comes in to this user and is correctly tagged as spam. Then 27 seconds later, another (likely duplicate) message from the same spammer comes in for the user's email address on her other address, gets even higher spam but is whitelisted. Needless to say, this spammer is not in the spam.whitelist.rules file. Obviously my question is: how do I stop this from happening? And why is a higher scoring message being let through to the user's inbox as whitelisted (when it isn't) when an identical message only seconds before was correctly tagged? Thanks, Chris ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From itdept at FRACTALWEB.COM Tue Mar 29 16:17:28 2005 From: itdept at FRACTALWEB.COM (Fractal IT Dept.) Date: Thu Jan 12 21:29:11 2006 Subject: blocking SDG files? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Scott Silva wrote: You might try to run it through the "file" command. Hi Scott, I've run the file through the "file" command and I get 'unknown readable demand paged pure executable'. I'm not sure what that means though. I have also had a look at the file in a hex editor, and it certainly doesn't look like a standard dos/windows executable file. It's missing the usual "MZ" at the beginning of the file, for one. To me, this file looks like a binary data file. Chris ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Tue Mar 29 16:28:16 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:29:11 2006 Subject: blocking SDG files? Message-ID: It's "guessing" that it's some form of "unix executable" more or less... file isn't the most ... precise ... tool in history. Using file one can well expect a few FPs from it, after all, the decision mechanism isn't rocket sience any way you look at it:-). Have a look at you /etc/magic .. Usually well-commented. If you use filetype checks, then you'd perhaps best use a quarantine too, if you don't already. -- Glenn -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Fractal IT Dept. Sent: den 29 mars 2005 17:17 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: blocking SDG files? Scott Silva wrote: You might try to run it through the "file" command. Hi Scott, I've run the file through the "file" command and I get 'unknown readable demand paged pure executable'. I'm not sure what that means though. I have also had a look at the file in a hex editor, and it certainly doesn't look like a standard dos/windows executable file. It's missing the usual "MZ" at the beginning of the file, for one. To me, this file looks like a binary data file. Chris ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ^@ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Tue Mar 29 16:16:09 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:29:11 2006 Subject: Virus in HTML Email Style Sheet Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of John Wilcock > Sent: Tuesday, March 29, 2005 9:56 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Virus in HTML Email Style Sheet > > > Derek Winkler wrote: > > * > {CURSOR: url("http://banukultepe.sitemynet.com/m89.ani")} > > > > When the CURSOR is retrieved it has Trojan.Moo in it according to NAV. > > > > MailScanner did not catch this. > > > > Should there be a disarm URLs in style sheets setting in MailScanner? > > I can't see how this could actually result in an infection, unless the > e-mail client has a bug that results in code being executed instead of a > cursor being displayed. If there are any common clients out there with > known vulnerabilities, it would indeed seem logical for Julian to do > something about this, similar to the IFRAME disarming. > > Conversely, are there any legitimate uses for this sort of thing? > From rcooper at DWFORD.COM Tue Mar 29 17:04:56 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:29:11 2006 Subject: Virus in HTML Email Style Sheet Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Derek Winkler > Sent: Tuesday, March 29, 2005 9:24 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Virus in HTML Email Style Sheet > > > Here's the HTML source for a message that had a virus in it... > > Hey Love
I reserved us a place at huoston's tonight.
starting to be > hungry already, for you!!
Bob >



> > > When the CURSOR is retrieved it has Trojan.Moo in it according to NAV. > > MailScanner did not catch this. > > Should there be a disarm URLs in style sheets setting in MailScanner? > > Does anyone know of a virus scanner that checks URLs in email as well? I > thought Clam was doing this. > > Thanks, > > Derek > > Clam does, if it's configured with --with-libcurl and the MailFollowURLs option is set in the config file. To use this feature in the ClamAVModule the bit mask would have to include Mail::ClamAV::CL_SCAN_MAILURL() and it currently does not. There are obvious potential DOS problems with this, but I guess the question would be do enough people want it to warrant Julian adding yet another config option? One would have to use it with care because it would certainly increase the server load significantly as it would retrieve any file pointed to by any url link and then scan it. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Mar 29 17:26:09 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:11 2006 Subject: Virus in HTML Email Style Sheet Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rick Cooper wrote: >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >>Behalf Of Derek Winkler >>Sent: Tuesday, March 29, 2005 9:24 AM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Virus in HTML Email Style Sheet >> >> >>Here's the HTML source for a message that had a virus in it... >> >>Hey Love
I reserved us a place at huoston's tonight.
starting to be >>hungry already, for you!!
Bob >>



>> >> >>When the CURSOR is retrieved it has Trojan.Moo in it according to NAV. >> >>MailScanner did not catch this. >> >>Should there be a disarm URLs in style sheets setting in MailScanner? >> >>Does anyone know of a virus scanner that checks URLs in email as well? I >>thought Clam was doing this. >> >>Thanks, >> >>Derek >> >> >> >> > >Clam does, if it's configured with --with-libcurl and the MailFollowURLs >option is set in the config file. >To use this feature in the ClamAVModule the bit mask would have to include >Mail::ClamAV::CL_SCAN_MAILURL() and it currently does not. There are obvious >potential DOS problems with this, but I guess the question would be do >enough people want it to warrant Julian adding yet another config option? >One would have to use it with care because it would certainly increase the >server load significantly as it would retrieve any file pointed to by any >url link and then scan it. > > Doing this on any machine other than the final client is pretty pointless. It's easy to configure Apache to send one file to one machine, and a different file to other machines. The virus writers get a GET request from an IP address. Is this an MX host of the domain they just sent the message to? If so, send an empty file or a safe file. Not an MX? Then send a virus. This is the same reason MailScanner rejects messages with external bodies. How do I detect URLs inside tags? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Mar 29 18:03:10 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:11 2006 Subject: MailScaner suddenly starting up with content issues after upgrade? Message-ID: Dave what version of MS - this option was only introduced around the 4.31 version. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Dave Duffner - PSCGi wrote: >>-----Original Message----- >> >>Dave Duffner - PSCGi wrote: >> >> >>> Tried --help with MS, is there a command or a file >>>to scope out that determines what version of MailScanner >>>we're running? >>> >>> >> >>MailScanner -v > > > Something must be fouled somewhere... Tried the -v > command, got the same response (no matter where in the drive > I tried to fire it up) error each time: > > Cannot open config file -v, No such file or dir in > etc, etc, /Config.pm Line 575 > > Either I've got a fouled up install, I'm doing something > incredibly simple in a stupid way or I've completely missed > something? > > Dave > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Tue Mar 29 17:50:29 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:29:11 2006 Subject: HTML Table SPAM? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Devon Harding wrote: >Well, Im running SA 3.0.2, Net::DNS version 0.48, >Razor2::Client::Agent version 2.61 (upgrading to 2.67 as we speak..) > >Whats the procedure in training bayes to detect the samples as spam? > sa-learn --spam message.txt Or, if you've got a mbox file full of messages: sa-learn --spam --mbox mailbox.mbox ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From webalizer at NWCWEB.COM Tue Mar 29 17:41:25 2005 From: webalizer at NWCWEB.COM (Dave Duffner - PSCGi) Date: Thu Jan 12 21:29:11 2006 Subject: MailScaner suddenly starting up with content issues after upgrade? Message-ID: > -----Original Message----- > > Dave Duffner - PSCGi wrote: > > > Tried --help with MS, is there a command or a file > >to scope out that determines what version of MailScanner > >we're running? > > > > > MailScanner -v Something must be fouled somewhere... Tried the -v command, got the same response (no matter where in the drive I tried to fire it up) error each time: Cannot open config file -v, No such file or dir in etc, etc, /Config.pm Line 575 Either I've got a fouled up install, I'm doing something incredibly simple in a stupid way or I've completely missed something? Dave ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Tue Mar 29 18:14:24 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:29:11 2006 Subject: blocking SDG files? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Fractal IT Dept. Sent: Tuesday, March 29, 2005 10:17 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: blocking SDG files? Scott Silva wrote: You might try to run it through the "file" command. Hi Scott, I've run the file through the "file" command and I get 'unknown readable demand paged pure executable'. I'm not sure what that means though. I have also had a look at the file in a hex editor, and it certainly doesn't look like a standard dos/windows executable file. It's missing the usual "MZ" at the beginning of the file, for one. To me, this file looks like a binary data file. [Rick Cooper] A demand paged executable is an executable compiled to load only parts of the executable at load time, and then load a needed page directly from the executable when it's required. So if you have a large executable that doesn't always need certain functions they can be compiled as pages and it reduces the load time and memory requirements at the expense of execution speed when the given page is required. As I recall the windows PE executables include a MSDOS MZ (possibly MZP) header and stub (that say must be run under windows) and the PE32 does not, I believe the PE32 starts with a COFF header and that would be something like 16 bytes of non ASCII data relating to machine target, section count and a few pointers. So I would suppose it would be easy to mistake a binary data file with no header for a PE32. Conversely would not recognize a PE32 file as a typical Microsoft format (because it really isn't, it's unix based in reality) because there would not be a MSDOS header and stub so no MZ or MZP. I kind of doubt that there is a magic entry for a Star Office Graphic file since there is no firm structure for it... I would think quarantine and release would be the only answer Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Mar 29 18:34:53 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:11 2006 Subject: MailScaner suddenly starting up with content issues after upgrade? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dave Duffner - PSCGi wrote: >>-----Original Message----- >> >>Dave Duffner - PSCGi wrote: >> >> >> >>> Tried --help with MS, is there a command or a file >>>to scope out that determines what version of MailScanner >>>we're running? >>> >>> >>> >>> >>MailScanner -v >> >> > > Something must be fouled somewhere... Tried the -v >command, got the same response (no matter where in the drive >I tried to fire it up) error each time: > > Cannot open config file -v, No such file or dir in >etc, etc, /Config.pm Line 575 > > Either I've got a fouled up install, I'm doing something >incredibly simple in a stupid way or I've completely missed >something? > > Your version is too old to support the -v option. Look for the 'MailScanner starting' line in your maillog, that will tell you the version number. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Tue Mar 29 18:34:05 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:29:11 2006 Subject: Virus in HTML Email Style Sheet Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Julian Field > Sent: Tuesday, March 29, 2005 11:26 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Virus in HTML Email Style Sheet > > > Rick Cooper wrote: > > >>-----Original Message----- > >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > >>Behalf Of Derek Winkler > >>Sent: Tuesday, March 29, 2005 9:24 AM > >>To: MAILSCANNER@JISCMAIL.AC.UK > >>Subject: Virus in HTML Email Style Sheet > >> > >> > >>Here's the HTML source for a message that had a virus in it... > >> > >>Hey Love
I reserved us a place at huoston's > tonight.
starting to be > >>hungry already, for you!!
Bob > >>



> >> > >> > >>When the CURSOR is retrieved it has Trojan.Moo in it according to NAV. > >> > >>MailScanner did not catch this. > >> > >>Should there be a disarm URLs in style sheets setting in MailScanner? > >> > >>Does anyone know of a virus scanner that checks URLs in email as well? I > >>thought Clam was doing this. > >> > >>Thanks, > >> > >>Derek > >> > >> > >> > >> > > > >Clam does, if it's configured with --with-libcurl and the MailFollowURLs > >option is set in the config file. > >To use this feature in the ClamAVModule the bit mask would have > to include > >Mail::ClamAV::CL_SCAN_MAILURL() and it currently does not. There > are obvious > >potential DOS problems with this, but I guess the question would be do > >enough people want it to warrant Julian adding yet another config option? > >One would have to use it with care because it would certainly > increase the > >server load significantly as it would retrieve any file pointed to by any > >url link and then scan it. > > > > > Doing this on any machine other than the final client is pretty > pointless. It's easy to configure Apache to send one file to one > machine, and a different file to other machines. The virus writers get a > GET request from an IP address. Is this an MX host of the domain they > just sent the message to? If so, send an empty file or a safe file. Not > an MX? Then send a virus. > > This is the same reason MailScanner rejects messages with external bodies. > > How do I detect URLs inside tags? > > -- Off the top of my head... Example: regex: s/()/$1$3/si Example becomes : so that should disarm it I would think However I you would have to pass the entire message body to the regex because the style could be defined as Hence the various .*? entries for white space and line enders (with /si of course) You would probably have to test it a bit more than I did obviously Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Tue Mar 29 19:30:34 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:29:11 2006 Subject: first message spam, next spam gets whitelisted? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Looking at your "problem" it appears the second message is actually the first message. However, the second one looks like it's already been tagged by a version of SpamAssassin that's set to encapsulate spam messages. When spamassassin encapsulates, it replaces all the headers, so MailScanner will see the message as coming from the machine that tagged it as spam, not as coming from the spammer. You might want to dig around and check your headers for the spam message in question VERY closely. You might be double-scanning your messages sent to localdomain1.com. In particular, check if if localdomain0.com is set up as a forward to localdomain1 in such a way that it will get sent back through the MailScanner a second time. Fractal IT Dept. wrote: > Hi everyone, > > I'm seeing a bunch of messages these days that look like this: > [ > ] > 29/03/05 06:29:57 itbe_1e3925a6a26ccc4b151239a39c588a... > sara@localdomain1.com {**Spam?**} IT > Secur... 35.6Kb 7.75 W/L > [ > ] > 29/03/05 06:29:40 itbe_1e3925a6a26ccc4b151239a39c588a... > sara@localdomain0.com IT > Security--Ignoran... 33.7Kb 6.06 Spam > > > So from what I can see, a message comes in to this user and is > correctly tagged as spam. Then 27 seconds later, another (likely > duplicate) message from the same spammer comes in for the user's email > address on her other address, gets even higher spam but is > whitelisted. Needless to say, this spammer is not in the > spam.whitelist.rules file. > > Obviously my question is: how do I stop this from happening? And why > is a higher scoring message being let through to the user's inbox as > whitelisted (when it isn't) when an identical message only seconds > before was correctly tagged? > > Thanks, > Chris > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From webalizer at NWCWEB.COM Tue Mar 29 19:19:09 2005 From: webalizer at NWCWEB.COM (Dave Duffner - PSCGi) Date: Thu Jan 12 21:29:11 2006 Subject: [SA-SPAM] Re: MailScaner Version & flushing AWL Message-ID: > -----Original Message----- > From: MailScanner mailing list > > >>> > >>MailScanner -v > >> > >> > > > > Something must be fouled somewhere... Tried the -v > command, got the same response (no matter where in the drive I tried to > fire it up) error each time: > > > > Cannot open config file -v, No such file or dir in etc, etc, > >/Config.pm Line 575 > > > > Either I've got a fouled up install, I'm doing something > >incredibly simple in a stupid way or I've completely missed > something? > > > > > Your version is too old to support the -v option. Look for > the 'MailScanner starting' line in your maillog, that will > tell you the version number. Ok, that turned up MailScanner Version 4.31.6, so Martin's statement should mean it'd be in there. Not sure if Ensim mangled the thing beyond recall in their packaging, wouldn't be the first time. And a re-install from a separate package or upgrade from a non-Ensim package risks either not being compatible with their setups, overwritten in the next Ensim upgrade patch or fouling something else up - unless someone around here has done an Ensim modification using Ensim Pro 4.0.3-X? To produce those errors sounds more like the install has a bug or is misconfigured, sounds like it should be working to provide the version from the command line. Also, (as you'll note in the Subject) this thing is still in love with you Julian! As someone else mentioned it's not tagging every last one of them since making that AWL=0 mod you gave me the other day, but when it does actually handle your posts it's picking up AWL info from somewhere. Is there a place/file that has the old AWL listings when I had that option on that I can flush or delete so it has no info to apply an AWL setting to? In the headers autolearn=disabled so it certainly seems to have stopped the AWL from learning anything new but it still applies points from anyone who was in the 'list' previously. Thanks! Dave ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From itdept at FRACTALWEB.COM Tue Mar 29 21:09:28 2005 From: itdept at FRACTALWEB.COM (Fractal IT Dept.) Date: Thu Jan 12 21:29:11 2006 Subject: blocking SDG files? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rick Cooper wrote: A demand paged executable is an executable compiled to load only parts of the executable at load time, and then load a needed page directly from the executable when it's required. So if you have a large executable that doesn't always need certain functions they can be compiled as pages and it reduces the load time and memory requirements at the expense of execution speed when the given page is required. As I recall the windows PE executables include a MSDOS MZ (possibly MZP) header and stub (that say must be run under windows) and the PE32 does not, I believe the PE32 starts with a COFF header and that would be something like 16 bytes of non ASCII data relating to machine target, section count and a few pointers. So I would suppose it would be easy to mistake a binary data file with no header for a PE32. Conversely would not recognize a PE32 file as a typical Microsoft format (because it really isn't, it's unix based in reality) because there would not be a MSDOS header and stub so no MZ or MZP. I kind of doubt that there is a magic entry for a Star Office Graphic file since there is no firm structure for it... I would think quarantine and release would be the only answer Rick Rick, Thanks for the response. I do have a quarantine system running where everything stays for 2 weeks before it's sent to the "bit recycler". Unfortunately, when I attempt to release this message from the quarantine, it gets re-trapped by Mailscanner in its incessant thoughness. Is there a way of telling MailScanner to not do file type checks when the message is being sent directly from the server or something? Chris ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From itdept at FRACTALWEB.COM Tue Mar 29 22:40:17 2005 From: itdept at FRACTALWEB.COM (Fractal IT Dept.) Date: Thu Jan 12 21:29:11 2006 Subject: first message spam, next spam gets whitelisted? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Matt Kettler wrote: >Looking at your "problem" it appears the second message is actually the >first message. > > However, the second one looks like it's already been tagged by a >version of SpamAssassin that's set to encapsulate spam messages. When >spamassassin encapsulates, it replaces all the headers, so MailScanner >will see the message as coming from the machine that tagged it as spam, >not as coming from the spammer. > >You might want to dig around and check your headers for the spam message >in question VERY closely. > >You might be double-scanning your messages sent to localdomain1.com. In >particular, check if if localdomain0.com is set up as a forward to >localdomain1 in such a way that it will get sent back through the >MailScanner a second time. > > Hi Matt, Sorry, the order of the messages was backwards because MailWatch displays them in reverse chronological order. When I refer to the first message, I mean the one that arrived earlier in time, which was the second one as displayed. :-) In this case your guess was bang on. Upon further investigation, it turns out that the first email address forwards to the second. So how do we get around this? If it's checked for spam the first time through and tagged, we want it to stay tagged as spam when it gets forwarded. Alternatively, I suppose I could turn off spam checking on the address that's simply a forward alias. What do you suggest? Thanks, Chris ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Tue Mar 29 22:54:53 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:29:11 2006 Subject: first message spam, next spam gets whitelisted? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Fractal IT Dept. wrote: > Hi Matt, > > Sorry, the order of the messages was backwards because MailWatch > displays them in reverse chronological order. When I refer to the first > message, I mean the one that arrived earlier in time, which was the > second one as displayed. :-) Yes, I understood that. In fact, if I misunderstood that part, I wouldn't have suspected forwarding :) > > In this case your guess was bang on. Upon further investigation, it > turns out that the first email address forwards to the second. So how do > we get around this? If it's checked for spam the first time through and > tagged, we want it to stay tagged as spam when it gets forwarded. Well, it already was tagged. Take a look at the subject of the whitelisted message. It's already got a spamtag. Nobody removed it. Therefore, it already is "staying spam tagged", at least in the in the subject and body, you're just getting a different X-*-SpamCheck header that doesn't indicate spam. Basically all that's happening is mailscanner isn't tagging it a second time. But it's already been tagged, so that's not a huge problem unless you later filter by header. If the header rewrite is a problem, your best bet would be to do the forward in a way that doesn't re-deliver the message all the way up through the MTA. Is the forward being done on your MailScanner box, or on some other box which then feeds the message back to the MX for the second domain? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Tue Mar 29 23:20:23 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:29:11 2006 Subject: blocking SDG files? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rick Cooper wrote: > I kind of doubt that there is a magic entry for a Star Office > Graphic file since there is no firm structure for it... I would > think quarantine and release would be the only answer > > Of course, there is an alternative.. disable your blocking in filetype.rules.conf, and only use filename rules. I for one have always found the filetype rules a bit on the over-zealous side. Sure, they're handy if you want to make sure your employees can't email renamed executables as ".renametoexe" files, but unless you're in a truly draconian network I don't see the filetype rules as doing more good than harm. The "file" command is a considerably flaky beast at the absolute best. Using it for attachment capture may be handy for the paranoid, but I for one find it to be troublesome. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From tunc at eresen.com Wed Mar 30 00:09:58 2005 From: tunc at eresen.com (Tunc Eresen) Date: Thu Jan 12 21:29:11 2006 Subject: MailScanner.pid Message-ID: Hello, MailScanner.pid is getting deleted every Day, How can I stop it? I have RaQ550-MailScanner-4.38.9 with ClamAV, I just could not understand why it is deleted Best Regards, O. TUNC ERESEN NT & Security Consultant. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Text/X-VCARD (Name: "OSMAN TUNC ERESEN (tunc@eresen.com) ] [ (tunc@eresen.com).vcf") 23 lines. ] [ Unable to print this part. ] From tunc at eresen.com Wed Mar 30 00:40:13 2005 From: tunc at eresen.com (Tunc Eresen) Date: Thu Jan 12 21:29:11 2006 Subject: MailScanner.pid Message-ID: Hello, -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Tunc Eresen Sent: Wednesday, March 30, 2005 12:10 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: MailScanner.pid Hello, MailScanner.pid is getting deleted every Day, How can I stop it? I have RaQ550-MailScanner-4.38.9 with ClamAV, I just could not understand why it is deleted Best Regards, O. TUNC ERESEN NT & Security Consultant. \ --- Every time mailscanner restarts it does not create MailScanner.pid file How can I configure it to start this file or can I stop MS restarting itself. Tunc ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From devi.sambamoorthy at INMAIL.TRANQUILMONEY.COM Wed Mar 30 05:39:13 2005 From: devi.sambamoorthy at INMAIL.TRANQUILMONEY.COM (Devi Sambamoorthy) Date: Thu Jan 12 21:29:11 2006 Subject: Log abt mail scanner Message-ID: Since I had problems of some mails getting missed, I stopped the spam checks on my mails. However, I am getting this log in my maillog "connection attempt to spamd aborted after 3 retries" Mar 28 06:57:00 spamc[25450]: connect(AF_INET) to spamd at 127.0.0.1 failed, retrying (#1 of 3): Connection refused Mar 28 06:57:01 spamc[25450]: connect(AF_INET) to spamd at 127.0.0.1 failed, retrying (#2 of 3): Connection refused Mar 28 06:57:02 spamc[25450]: connect(AF_INET) to spamd at 127.0.0.1 failed, retrying (#3 of 3): Connection refused Is there a possibility that mails will get missed after this log? My MTA shows the status as mail sent. One of my user again started complaining that her mails are missing. I suspect this log. I have no clue about from where spamc is running. Please advice. Regards Devi S. CONFIDENTIALITY NOTICE: This e-mail and its attachments may contain PRIVILEGED and CONFIDENTIAL INFORMATION and/or PROTECTED PATIENT HEALTH INFORMATION intended solely for the use of Tranquilmoney Inc. it's clients and the recipient(s) named above. If you are not the intended recipient, or the employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any review, dissemination, distribution, printing, or copying of this e-mail message and/or any attachments is strictly prohibited. If you have received this transmission in error, please notify the sender immediately and permanently delete this e-mail [shred the document] and any attachments. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From devi.sambamoorthy at INMAIL.TRANQUILMONEY.COM Wed Mar 30 05:55:16 2005 From: devi.sambamoorthy at INMAIL.TRANQUILMONEY.COM (Devi Sambamoorthy) Date: Thu Jan 12 21:29:11 2006 Subject: spamc logs - even after stopping spam chks Message-ID: Since I had problems of some mails getting missed, I stopped the spam checks on my mails. However, I am getting this log in my maillog "connection attempt to spamd aborted after 3 retries" Mar 28 06:57:00 spamc[25450]: connect(AF_INET) to spamd at 127.0.0.1 failed, retrying (#1 of 3): Connection refused Mar 28 06:57:01 spamc[25450]: connect(AF_INET) to spamd at 127.0.0.1 failed, retrying (#2 of 3): Connection refused Mar 28 06:57:02 spamc[25450]: connect(AF_INET) to spamd at 127.0.0.1 failed, retrying (#3 of 3): Connection refused Is there a possibility that mails will get missed after this log? My MTA shows the status as mail sent. One of my user again started complaining that her mails are missing. I suspect this log. I have no clue about from where spamc is running. Please advice. Regards Devi S. CONFIDENTIALITY NOTICE: This e-mail and its attachments may contain PRIVILEGED and CONFIDENTIAL INFORMATION and/or PROTECTED PATIENT HEALTH INFORMATION intended solely for the use of Tranquilmoney Inc. it's clients and the recipient(s) named above. If you are not the intended recipient, or the employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any review, dissemination, distribution, printing, or copying of this e-mail message and/or any attachments is strictly prohibited. If you have received this transmission in error, please notify the sender immediately and permanently delete this e-mail [shred the document] and any attachments. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michael at NOMENNESCIO.NET Wed Mar 30 07:37:11 2005 From: michael at NOMENNESCIO.NET (Mike) Date: Thu Jan 12 21:29:11 2006 Subject: spamc logs - even after stopping spam chks Message-ID: [ The following text is in the "iso-8859-15" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >Behalf Of Devi Sambamoorthy > >Since I had problems of some mails getting missed, I stopped the spam >checks on my mails. However, I am getting this log in my maillog > >"connection attempt to spamd aborted after 3 retries" >Mar 28 06:57:00 spamc[25450]: connect(AF_INET) to spamd at >127.0.0.1 >failed, retrying (#1 of 3): Connection refused >Mar 28 06:57:01 spamc[25450]: connect(AF_INET) to spamd at >127.0.0.1 >failed, retrying (#2 of 3): Connection refused >Mar 28 06:57:02 spamc[25450]: connect(AF_INET) to spamd at >127.0.0.1 >failed, retrying (#3 of 3): Connection refused > >Is there a possibility that mails will get missed after this log? My MTA >shows the status as mail sent. Did you by any change do a "make test" in the Mail-SpamAssassin directory? If so, you can ignore these messages all together, spamc is being tested, as well as spamd, as part of SpamAssassin's test suite. If not, how did you "stop the spam checks on my mails". MailScanner does NOT use spamd and you should not be using any of the SpamAssassin tools, as MailScanner takes care of all of it. >One of my user again started complaining that her mails are missing. I >suspect this log. I have no clue about from where spamc is running. The maillog should at least give you information if the mail the user is complaining about has been delivered and where to look further. >Please advice. > >Regards >Devi S. Mike. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From devi.sambamoorthy at INMAIL.TRANQUILMONEY.COM Wed Mar 30 07:56:21 2005 From: devi.sambamoorthy at INMAIL.TRANQUILMONEY.COM (Devi Sambamoorthy) Date: Thu Jan 12 21:29:11 2006 Subject: spamc logs - even after stopping spam chks Message-ID: I have disabled spam checks by putting, "Spam Checks = no", "Use SpamAssassin=no" If MailScanner is not generating this log, any idea from where this is generated. I have checked my running processes there is no "spam daemon" or nothing relating to spam running. I have no clue what triggers this spam log. Thanks, Devi S. On Wed, 30 Mar 2005, Mike wrote: >> -----Original Message----- >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >> Behalf Of Devi Sambamoorthy >> >> Since I had problems of some mails getting missed, I stopped the spam >> checks on my mails. However, I am getting this log in my maillog >> >> "connection attempt to spamd aborted after 3 retries" >> Mar 28 06:57:00 spamc[25450]: connect(AF_INET) to spamd at >> 127.0.0.1 >> failed, retrying (#1 of 3): Connection refused >> Mar 28 06:57:01 spamc[25450]: connect(AF_INET) to spamd at >> 127.0.0.1 >> failed, retrying (#2 of 3): Connection refused >> Mar 28 06:57:02 spamc[25450]: connect(AF_INET) to spamd at >> 127.0.0.1 >> failed, retrying (#3 of 3): Connection refused >> >> Is there a possibility that mails will get missed after this log? My MTA >> shows the status as mail sent. > > Did you by any change do a "make test" in the Mail-SpamAssassin directory? > > If so, you can ignore these messages all together, spamc is being tested, as well as spamd, as part of SpamAssassin's test suite. > > If not, how did you "stop the spam checks on my mails". MailScanner does NOT use spamd and you should not be using any of the SpamAssassin tools, as MailScanner takes care of all of it. > >> One of my user again started complaining that her mails are missing. I >> suspect this log. I have no clue about from where spamc is running. > > The maillog should at least give you information if the mail the user is complaining about has been delivered and where to look further. > >> Please advice. >> >> Regards >> Devi S. > > Mike. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > CONFIDENTIALITY NOTICE: This e-mail and its attachments may contain PRIVILEGED and CONFIDENTIAL INFORMATION and/or PROTECTED PATIENT HEALTH INFORMATION intended solely for the use of Tranquilmoney Inc. it's clients and the recipient(s) named above. If you are not the intended recipient, or the employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any review, dissemination, distribution, printing, or copying of this e-mail message and/or any attachments is strictly prohibited. If you have received this transmission in error, please notify the sender immediately and permanently delete this e-mail [shred the document] and any attachments. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Mar 30 08:13:15 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:11 2006 Subject: spamc logs - even after stopping spam chks Message-ID: Devi check SA isn't getting called from the MTA or procmail/.forward. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Devi Sambamoorthy wrote: > I have disabled spam checks by putting, "Spam Checks = no", "Use > SpamAssassin=no" > > If MailScanner is not generating this log, any idea from where this is > generated. I have checked my running processes there is no "spam daemon" > or nothing relating to spam running. I have no clue what triggers this > spam log. > > Thanks, > Devi S. > > > > On Wed, 30 Mar 2005, Mike wrote: > >>> -----Original Message----- >>> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>> Behalf Of Devi Sambamoorthy >>> >>> Since I had problems of some mails getting missed, I stopped the spam >>> checks on my mails. However, I am getting this log in my maillog >>> >>> "connection attempt to spamd aborted after 3 retries" >>> Mar 28 06:57:00 spamc[25450]: connect(AF_INET) to spamd at >>> 127.0.0.1 >>> failed, retrying (#1 of 3): Connection refused >>> Mar 28 06:57:01 spamc[25450]: connect(AF_INET) to spamd at >>> 127.0.0.1 >>> failed, retrying (#2 of 3): Connection refused >>> Mar 28 06:57:02 spamc[25450]: connect(AF_INET) to spamd at >>> 127.0.0.1 >>> failed, retrying (#3 of 3): Connection refused >>> >>> Is there a possibility that mails will get missed after this log? My MTA >>> shows the status as mail sent. >> >> >> Did you by any change do a "make test" in the Mail-SpamAssassin >> directory? >> >> If so, you can ignore these messages all together, spamc is being >> tested, as well as spamd, as part of SpamAssassin's test suite. >> >> If not, how did you "stop the spam checks on my mails". MailScanner >> does NOT use spamd and you should not be using any of the SpamAssassin >> tools, as MailScanner takes care of all of it. >> >>> One of my user again started complaining that her mails are missing. I >>> suspect this log. I have no clue about from where spamc is running. >> >> >> The maillog should at least give you information if the mail the user >> is complaining about has been delivered and where to look further. >> >>> Please advice. >>> >>> Regards >>> Devi S. >> >> >> Mike. >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > CONFIDENTIALITY NOTICE: This e-mail and its attachments may contain > PRIVILEGED and CONFIDENTIAL INFORMATION and/or PROTECTED PATIENT HEALTH > INFORMATION intended solely for the use of Tranquilmoney Inc. it's > clients and the recipient(s) named above. If you are not the intended > recipient, or the employee or agent responsible for delivering this > message to the intended recipient, you are hereby notified that any > review, dissemination, distribution, printing, or copying of this e-mail > message and/or any attachments is strictly prohibited. If you have > received this transmission in error, please notify the sender > immediately and permanently delete this e-mail [shred the document] and > any attachments. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From waldner at WALDNER.PRIV.AT Wed Mar 30 08:21:41 2005 From: waldner at WALDNER.PRIV.AT (Robert Waldner) Date: Thu Jan 12 21:29:11 2006 Subject: Problem with MailScanner, postfix and corrupt mails Message-ID: On Tue, 29 Mar 2005 11:49:30 +0200, Robert Waldner writes: >Nearly a week now without any corrupt messages on the perl 5.6 box, but > the usual 1-2/day on the 5.8 ones. > >Today I'll try to get the same MailScanner version running on the 5.6 > box. I can definitely say that this problem has something to do with perl 5.8 now. From raymond at PROLOCATION.NET Wed Mar 30 08:55:41 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:29:11 2006 Subject: Log abt mail scanner Message-ID: Hi! > Since I had problems of some mails getting missed, I stopped the > spam checks on my mails. However, I am getting this log in my maillog > > "connection attempt to spamd aborted after 3 retries" > Mar 28 06:57:00 spamc[25450]: connect(AF_INET) to spamd at > 127.0.0.1 failed, retrying (#1 of 3): Connection refused > Mar 28 06:57:01 spamc[25450]: connect(AF_INET) to spamd at > 127.0.0.1 failed, retrying (#2 of 3): Connection refused > Mar 28 06:57:02 spamc[25450]: connect(AF_INET) to spamd at > 127.0.0.1 failed, retrying (#3 of 3): Connection refused > > Is there a possibility that mails will get missed after this log? My MTA > shows the status as mail sent. > > One of my user again started complaining that her mails are missing. I > suspect this log. I have no clue about from where spamc is running. If you use MailScanner you dont use spamd, you can shoot it down. Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Wed Mar 30 09:11:39 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:29:11 2006 Subject: spamc logs - even after stopping spam chks Message-ID: Hi! > I have disabled spam checks by putting, "Spam Checks = no", "Use > SpamAssassin=no" > > If MailScanner is not generating this log, any idea from where this is > generated. I have checked my running processes there is no "spam daemon" > or nothing relating to spam running. I have no clue what triggers this > spam log. >> Did you by any change do a "make test" in the Mail-SpamAssassin directory? Like mentioned, if you install spamassassin it also logs some lines like the ones you mentioned. Nothing to worry about. Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From liste at CROYER.NET Wed Mar 30 09:44:06 2005 From: liste at CROYER.NET (Royer Christophe) Date: Thu Jan 12 21:29:11 2006 Subject: Problems with users rules Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi everybody I'm trying to use MS/SA and I would like to do the following thing, I've looked on FAQ and MAQ, but I didn't find the tips, maybe someone can help me. Some users want to remove ack message from their mails before downloading the mails, so I've created for this users the following rules in /home/nameofuser/.spamassassin/user_prefs header CONTAIN_ACK Subject =~ /ack:/i score CONTAIN_ACK 99.0 body CONTAIN_RECEIPT /Receipt/i score CONTAIN_RECEIPT 99.0 and in /opt/MailScanner/etc/spam.assassin.prefs.conf, I've said allow_user_rules 1 So, the problem is the following, when I'm running MS, it doesn't take care about user rules. If someone can help me Many thanks Christophe ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Wed Mar 30 10:06:27 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:29:11 2006 Subject: Problems with users rules Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Royer Christophe wrote: > Hi everybody > > I'm trying to use MS/SA and I would like to do the following thing, I've > looked on FAQ and MAQ, but I didn't find the tips, maybe someone can > help me. > > Some users want to remove ack message from their mails before > downloading the mails, so I've created for this users the following > rules in /home/nameofuser/.spamassassin/user_prefs > > header CONTAIN_ACK Subject =~ /ack:/i > score CONTAIN_ACK 99.0 > body CONTAIN_RECEIPT /Receipt/i > score CONTAIN_RECEIPT 99.0 > > and in /opt/MailScanner/etc/spam.assassin.prefs.conf, I've said > allow_user_rules 1 > > So, the problem is the following, when I'm running MS, it doesn't take > care about user rules. SA is run as one user, normally root, by MS. You can't map unix users to mail recipients using MS. I suggest you use procmail or similar. -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From liste at CROYER.NET Wed Mar 30 10:16:29 2005 From: liste at CROYER.NET (Royer Christophe) Date: Thu Jan 12 21:29:11 2006 Subject: Problems with users rules Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Peter Bonivart wrote: > Royer Christophe wrote: > >> Hi everybody >> >> I'm trying to use MS/SA and I would like to do the following thing, I've >> looked on FAQ and MAQ, but I didn't find the tips, maybe someone can >> help me. >> >> Some users want to remove ack message from their mails before >> downloading the mails, so I've created for this users the following >> rules in /home/nameofuser/.spamassassin/user_prefs >> >> header CONTAIN_ACK Subject =~ /ack:/i >> score CONTAIN_ACK 99.0 >> body CONTAIN_RECEIPT /Receipt/i >> score CONTAIN_RECEIPT 99.0 >> >> and in /opt/MailScanner/etc/spam.assassin.prefs.conf, I've said >> allow_user_rules 1 >> >> So, the problem is the following, when I'm running MS, it doesn't take >> care about user rules. > > > SA is run as one user, normally root, by MS. You can't map unix users to > mail recipients using MS. I suggest you use procmail or similar. > > -- > /Peter Bonivart > Oki doki, I've found something about this somewhere, so if I'm make a .procmailrc file in home users directory with something like | /usr/bin/spamassassin, it seems then SA is running after MS. and at end, I cannot delete the ack mails like I should Many thanks Christophe ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martelm at QUARK.VSC.EDU Wed Mar 30 13:46:48 2005 From: martelm at QUARK.VSC.EDU (Michael H. Martel) Date: Thu Jan 12 21:29:11 2006 Subject: Problems with BitDefender updtaes ? Message-ID: Hello! Is anyone else seeing problesm with the BitDefender updates ? This isn't a MailScanner issue per se, since it happens with : /opt/bdc/bdc --update But it causes the cronjob (update_virus_scanners.cron) to hang and not update other av scanners. Just thought I'd mention it. Michael -- --------------------------------o--------------------------------- Michael H. Martel | Systems Administrator michael.martel@vsc.edu | Vermont State Colleges http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From adrik at SALESMANAGER.NL Wed Mar 30 13:52:28 2005 From: adrik at SALESMANAGER.NL (Adri Koppes) Date: Thu Jan 12 21:29:11 2006 Subject: Problems with BitDefender updtaes ? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] No problem here. bdc -update takes about 1 min. and then says 'No update available' and exists normal. Running on FreeBSD 4.10 Adri. > -----Original Message----- > From: Michael H. Martel [mailto:martelm@QUARK.VSC.EDU] > Sent: 30 March, 2005 14:47 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Problems with BitDefender updtaes ? > > > Hello! > > Is anyone else seeing problesm with the BitDefender updates ? > This isn't a > MailScanner issue per se, since it happens with : > > /opt/bdc/bdc --update > > But it causes the cronjob (update_virus_scanners.cron) to hang and not > update other av scanners. > > Just thought I'd mention it. > > > Michael > > -- > > --------------------------------o--------------------------------- > Michael H. Martel | Systems Administrator > michael.martel@vsc.edu | Vermont State Colleges > http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Wed Mar 30 13:54:34 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:29:11 2006 Subject: Problems with BitDefender updtaes ? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] It happened with me about two weeks ago, and I posted the problem to the list, and then discovered that bdc update was blocking all the other updates... After killing the processes (a lot of them where stopped) all returned to normality. ----- Original Message ----- From: "Michael H. Martel" To: Sent: Wednesday, March 30, 2005 9:46 AM Subject: Problems with BitDefender updtaes ? > Hello! > > Is anyone else seeing problesm with the BitDefender updates ? This isn't a > MailScanner issue per se, since it happens with : > > /opt/bdc/bdc --update > > But it causes the cronjob (update_virus_scanners.cron) to hang and not > update other av scanners. > > Just thought I'd mention it. > > > Michael > > -- > > --------------------------------o--------------------------------- > Michael H. Martel | Systems Administrator > michael.martel@vsc.edu | Vermont State Colleges > http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vlad at MAZEK.COM Wed Mar 30 14:43:12 2005 From: vlad at MAZEK.COM (Vlad Mazek) Date: Thu Jan 12 21:29:11 2006 Subject: OT: mailscanner & oom killer on fc2 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello folks, Troubleshooting MailScanner on friends machine and I seem to be running into a problem that may be related to MailScanner but I can't quite figure out what is the issue (hardware or software) and my Googling so far has been futile, thus the OT message. System is stock Fedora FC2 with 2.6.10. As you read this message please keep in mind that I'm not drunk, this is what I'm seeing: At start MailScanner process simply hits the roof: ---- PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 29947 root 25 0 137m 131m 3188 R 92.4 8.6 0:15.15 MailScanner 27854 root 25 0 766m 760m 2828 R 92.1 50.1 6:46.87 MailScanner ---- Running it in debug mode does not reveal anything unusual. As the system starts to run out of memory, MailScanner keeps on spawning - Its set to 5 children, I've seen it go as high up as 40. It keeps on growing until it allocates all available ram: ---- Tasks: 90 total, 4 running, 86 sleeping, 0 stopped, 0 zombie Cpu(s): 94.5% us, 5.5% sy, 0.0% ni, 0.0% id, 0.0% wa, 0.0% hi, 0.0% si Mem: 1554180k total, 1485752k used, 68428k free, 4084k buffers Swap: 0k total, 0k used, 0k free, 31016k cached ---- This is where oom killer steps in. MailScanner eventually runs out of memory and gets killed. Another MailScanner thread starts in its place, until they eat up all available memory. Thats when oom killer steps in and things get ugly very fast: ---- Mar 30 07:44:21 mail1 root: Process did not exit cleanly, returned 255 with signal 0 Mar 30 07:46:14 mail1 kernel: oom-killer: gfp_mask=0x1d2 Mar 30 07:46:17 mail1 kernel: Mem-info: Mar 30 07:46:23 mail1 kernel: DMA per-cpu: Mar 30 07:48:06 mail1 kernel: cpu 0 hot: low 2, high 6, batch 1 Mar 30 07:48:42 mail1 shutdown: shutting down for system reboot Mar 30 07:48:42 mail1 kernel: cpu 0 cold: low 0, high 2, batch 1 Mar 30 07:48:45 mail1 sshd(pam_unix)[30028]: session opened for user root by (uid=0) Mar 30 07:48:45 mail1 kernel: cpu 1 hot: low 2, high 6, batch 1 Mar 30 07:48:45 mail1 sshd(pam_unix)[30038]: session opened for user root by (uid=0) Mar 30 07:48:45 mail1 kernel: cpu 1 cold: low 0, high 2, batch 1 Mar 30 07:48:46 mail1 kernel: Normal per-cpu: Mar 30 07:48:46 mail1 kernel: cpu 0 hot: low 32, high 96, batch 16 Mar 30 07:48:46 mail1 kernel: cpu 0 cold: low 0, high 32, batch 16 Mar 30 07:48:46 mail1 kernel: cpu 1 hot: low 32, high 96, batch 16 Mar 30 07:48:46 mail1 kernel: cpu 1 cold: low 0, high 32, batch 16 Mar 30 07:48:46 mail1 kernel: HighMem per-cpu: Mar 30 07:48:46 mail1 kernel: cpu 0 hot: low 32, high 96, batch 16 Mar 30 07:48:47 mail1 kernel: cpu 0 cold: low 0, high 32, batch 16 Mar 30 07:48:47 mail1 kernel: cpu 1 hot: low 32, high 96, batch 16 Mar 30 07:48:47 mail1 kernel: cpu 1 cold: low 0, high 32, batch 16 Mar 30 07:48:47 mail1 kernel: Mar 30 07:48:47 mail1 kernel: Free pages: 4276kB (512kB HighMem) Mar 30 07:48:47 mail1 kernel: Active:379452 inactive:120 dirty:0 writeback:0 unstable:0 free:1069 slab:3159 mapped:379503 pagetable$ Mar 30 07:48:47 mail1 kernel: DMA free:68kB min:68kB low:84kB high:100kB active:12552kB inactive:0kB present:16384kB pages_scanned:$ Mar 30 07:48:47 mail1 kernel: protections[]: 0 0 0 Mar 30 07:48:47 mail1 kernel: Normal free:3696kB min:3756kB low:4692kB high:5632kB active:859620kB inactive:148kB present:901120kB $ Mar 30 07:48:47 mail1 kernel: protections[]: 0 0 0 Mar 30 07:48:47 mail1 kernel: HighMem free:512kB min:512kB low:640kB high:768kB active:645708kB inactive:332kB present:654528kB pag$ Mar 30 07:48:47 mail1 kernel: protections[]: 0 0 0 Mar 30 07:48:47 mail1 kernel: DMA: 1*4kB 0*8kB 0*16kB 0*32kB 1*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 68kB Mar 30 07:48:47 mail1 kernel: Normal: 0*4kB 0*8kB 1*16kB 1*32kB 1*64kB 0*128kB 0*256kB 1*512kB 1*1024kB 1*2048kB 0*4096kB = 3696kB Mar 30 07:48:47 mail1 kernel: HighMem: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 1*512kB 0*1024kB 0*2048kB 0*4096kB = 512kB Mar 30 07:48:47 mail1 kernel: Swap cache: add 0, delete 0, find 0/0, race 0+0 Mar 30 07:48:47 mail1 kernel: Free swap: 0kB Mar 30 07:48:47 mail1 kernel: 393008 pages of RAM Mar 30 07:48:47 mail1 kernel: 163632 pages of HIGHMEM Mar 30 07:48:47 mail1 kernel: 4479 reserved pages Mar 30 07:48:47 mail1 kernel: 163514 pages shared Mar 30 07:48:48 mail1 kernel: 0 pages swap cached Mar 30 07:48:48 mail1 kernel: Out of Memory: Killed process 26299 (MailScanner). ---- If I disable oom killer (echo "2" >/proc/sys/vm/overcommit_memory) I do not get the nasty oom message above but processes still die due to the lack of memory. MailScanner again spawns out of control and the system is basically trashed. Considering that no new software was installed recently and that the system was running without a problem for over 4 months, could this be a hardware issue? MailScanner is stock install as well, nothing fancy (MailScanner, SA, dcc) -Vlad ExchangeDefender.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Mar 30 14:58:31 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:11 2006 Subject: OT: mailscanner & oom killer on fc2 Message-ID: Vlad check in the message for old messages. There maybe some message in there that's causing the thing to fall over. IE, stop MS, move everything out of the inbound queue, start MS. If everythings back to normal drip in the queue files back and see if one of them triggers the bad. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Vlad Mazek wrote: > Hello folks, > > Troubleshooting MailScanner on friends machine and I seem to be running > into a problem that may be related to MailScanner but I can't quite > figure out what is the issue (hardware or software) and my Googling so > far has been futile, thus the OT message. System is stock Fedora FC2 > with 2.6.10. As you read this message please keep in mind that I'm not > drunk, this is what I'm seeing: > > At start MailScanner process simply hits the roof: > ---- > PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ > COMMAND > 29947 root 25 0 137m 131m 3188 R 92.4 8.6 0:15.15 > MailScanner > 27854 root 25 0 766m 760m 2828 R 92.1 50.1 6:46.87 > MailScanner > ---- > Running it in debug mode does not reveal anything unusual. > > As the system starts to run out of memory, MailScanner keeps on spawning > - Its set to 5 children, I've seen it go as high up as 40. It keeps on > growing until it allocates all available ram: > ---- > Tasks: 90 total, 4 running, 86 sleeping, 0 stopped, 0 zombie > Cpu(s): 94.5% us, 5.5% sy, 0.0% ni, 0.0% id, 0.0% wa, 0.0% hi, > 0.0% si > Mem: 1554180k total, 1485752k used, 68428k free, 4084k buffers > Swap: 0k total, 0k used, 0k free, 31016k cached > ---- > > This is where oom killer steps in. MailScanner eventually runs out of > memory and gets killed. Another MailScanner thread starts in its place, > until they eat up all available memory. Thats when oom killer steps in > and things get ugly very fast: > > ---- > Mar 30 07:44:21 mail1 root: Process did not exit cleanly, returned 255 > with signal 0 > Mar 30 07:46:14 mail1 kernel: oom-killer: gfp_mask=0x1d2 > Mar 30 07:46:17 mail1 kernel: Mem-info: > Mar 30 07:46:23 mail1 kernel: DMA per-cpu: > Mar 30 07:48:06 mail1 kernel: cpu 0 hot: low 2, high 6, batch 1 > Mar 30 07:48:42 mail1 shutdown: shutting down for system reboot > Mar 30 07:48:42 mail1 kernel: cpu 0 cold: low 0, high 2, batch 1 > Mar 30 07:48:45 mail1 sshd(pam_unix)[30028]: session opened for user > root by (uid=0) > Mar 30 07:48:45 mail1 kernel: cpu 1 hot: low 2, high 6, batch 1 > Mar 30 07:48:45 mail1 sshd(pam_unix)[30038]: session opened for user > root by (uid=0) > Mar 30 07:48:45 mail1 kernel: cpu 1 cold: low 0, high 2, batch 1 > Mar 30 07:48:46 mail1 kernel: Normal per-cpu: > Mar 30 07:48:46 mail1 kernel: cpu 0 hot: low 32, high 96, batch 16 > Mar 30 07:48:46 mail1 kernel: cpu 0 cold: low 0, high 32, batch 16 > Mar 30 07:48:46 mail1 kernel: cpu 1 hot: low 32, high 96, batch 16 > Mar 30 07:48:46 mail1 kernel: cpu 1 cold: low 0, high 32, batch 16 > Mar 30 07:48:46 mail1 kernel: HighMem per-cpu: > Mar 30 07:48:46 mail1 kernel: cpu 0 hot: low 32, high 96, batch 16 > Mar 30 07:48:47 mail1 kernel: cpu 0 cold: low 0, high 32, batch 16 > Mar 30 07:48:47 mail1 kernel: cpu 1 hot: low 32, high 96, batch 16 > Mar 30 07:48:47 mail1 kernel: cpu 1 cold: low 0, high 32, batch 16 > Mar 30 07:48:47 mail1 kernel: > Mar 30 07:48:47 mail1 kernel: Free pages: 4276kB (512kB HighMem) > Mar 30 07:48:47 mail1 kernel: Active:379452 inactive:120 dirty:0 > writeback:0 unstable:0 free:1069 slab:3159 mapped:379503 pagetable$ > Mar 30 07:48:47 mail1 kernel: DMA free:68kB min:68kB low:84kB high:100kB > active:12552kB inactive:0kB present:16384kB pages_scanned:$ > Mar 30 07:48:47 mail1 kernel: protections[]: 0 0 0 > Mar 30 07:48:47 mail1 kernel: Normal free:3696kB min:3756kB low:4692kB > high:5632kB active:859620kB inactive:148kB present:901120kB $ > Mar 30 07:48:47 mail1 kernel: protections[]: 0 0 0 > Mar 30 07:48:47 mail1 kernel: HighMem free:512kB min:512kB low:640kB > high:768kB active:645708kB inactive:332kB present:654528kB pag$ > Mar 30 07:48:47 mail1 kernel: protections[]: 0 0 0 > Mar 30 07:48:47 mail1 kernel: DMA: 1*4kB 0*8kB 0*16kB 0*32kB 1*64kB > 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 68kB > Mar 30 07:48:47 mail1 kernel: Normal: 0*4kB 0*8kB 1*16kB 1*32kB 1*64kB > 0*128kB 0*256kB 1*512kB 1*1024kB 1*2048kB 0*4096kB = 3696kB > Mar 30 07:48:47 mail1 kernel: HighMem: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB > 0*128kB 0*256kB 1*512kB 0*1024kB 0*2048kB 0*4096kB = 512kB > Mar 30 07:48:47 mail1 kernel: Swap cache: add 0, delete 0, find 0/0, > race 0+0 > Mar 30 07:48:47 mail1 kernel: Free swap: 0kB > Mar 30 07:48:47 mail1 kernel: 393008 pages of RAM > Mar 30 07:48:47 mail1 kernel: 163632 pages of HIGHMEM > Mar 30 07:48:47 mail1 kernel: 4479 reserved pages > Mar 30 07:48:47 mail1 kernel: 163514 pages shared > Mar 30 07:48:48 mail1 kernel: 0 pages swap cached > Mar 30 07:48:48 mail1 kernel: Out of Memory: Killed process 26299 > (MailScanner). > ---- > > If I disable oom killer (echo "2" >/proc/sys/vm/overcommit_memory) I do > not get the nasty oom message above but processes still die due to the > lack of memory. MailScanner again spawns out of control and the system > is basically trashed. > > Considering that no new software was installed recently and that the > system was running without a problem for over 4 months, could this be a > hardware issue? MailScanner is stock install as well, nothing fancy > (MailScanner, SA, dcc) > > -Vlad > ExchangeDefender.com > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Wed Mar 30 15:30:49 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:29:11 2006 Subject: Problems with BitDefender updtaes ? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Michael H. Martel wrote: > Hello! > > Is anyone else seeing problesm with the BitDefender updates ? This > isn't a > MailScanner issue per se, since it happens with : > > /opt/bdc/bdc --update > > But it causes the cronjob (update_virus_scanners.cron) to hang and not > update other av scanners. > Same problem here yesterday on one server (others were running OK). I noticed it when I didn't get McAfee updated on one server while the 3 others did get updated. Looks like their site is sometimes quite slow... Didn't Julian put some timeout validation in recent versions of MS? I know it's not there in 4.34/4.35. Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From MailScanner at ecs.soton.ac.uk Wed Mar 30 15:53:46 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:11 2006 Subject: Problems with BitDefender updtaes ? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Denis Beauchemin wrote: > Michael H. Martel wrote: > >> Hello! >> >> Is anyone else seeing problesm with the BitDefender updates ? This >> isn't a >> MailScanner issue per se, since it happens with : >> >> /opt/bdc/bdc --update >> >> But it causes the cronjob (update_virus_scanners.cron) to hang and not >> update other av scanners. >> > > Same problem here yesterday on one server (others were running OK). I > noticed it when I didn't get McAfee updated on one server while the 3 > others did get updated. > > Looks like their site is sometimes quite slow... > > Didn't Julian put some timeout validation in recent versions of MS? I > know it's not there in 4.34/4.35. I have added a 5 minute timeout to the "bdc --update" command. Please give it a try. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/X-GZIP 9.5KB. ] [ Unable to print this part. ] From webalizer at NWCWEB.COM Wed Mar 30 15:48:47 2005 From: webalizer at NWCWEB.COM (Dave Duffner - PSCGi) Date: Thu Jan 12 21:29:11 2006 Subject: MailScanner now on the fritz Message-ID: Greetings, Apparently gone from bad to worse. Determined we're running MS 4.31.6, on an Ensim Pro box w/FC1, SA, ClamAV, etc. We had reports from late yesterday and this morning that some e-mail was taking over an hour to be delivered, even from 2 accounts within the same box. So we took a look and found some serious problems cropping up: Since the last Ensim Pro upgrade from 4.02-XX to 4.03-XX, which apparently modified MailScanner (and other elements) in some way, this sucker's just not right. The AWL issue still remains, randomly tags those who apparently must be in an existing AWL file somewhere, that seriously needs to be flushed as the AWL adjustment is always a positive number (usually massive like in the 100's) and instantly earns the e-mail a spam tag. In trying to perform the -v or --help commands, it turns up errors regarding the lack of some config file as specified in line 575 of the Config.pm file. According to posts, that shouldn't be the case, those commands should produce a result. Now, since changing the SpamAssassin and AWL tags in the conf files, we're suddenly seeing (using top) a constant stream of zombie processes and 'defunct' MailScanner processes running. Kill the PID, new one comes up. Should be running 5-8 processes tops, wants to run 12. At least 5 are zombies and keep respawning. The top report shows them as MailScanner and zombied process. Strange part is that one of the processes seems to run just fine? Top that off with the fact that after changing the conf files to the recently suggested 'disarm' to prevent MS from nailing 'script in HTML' mail, that's back again? Restarted services multiple times, rebooted the server to ensure everything is reset properly. All that, zombies and defunct's abound. Any clues out there? I--I Message scanned by MailScanner, and is believed to be clean. CONFIDENTIALITY NOTICE: This transmission intended for the specified destination and person. If this is not you, this e-mail must be deleted immediately. www.pscginternet.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Mar 30 16:10:06 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:11 2006 Subject: MailScanner now on the fritz Message-ID: Dave have you tried turning off AWL in SA? I find a real PITA esp with SA 3.x. in spam.assassin.prefs.conf set use_auto_whitelist 0 -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Dave Duffner - PSCGi wrote: > Greetings, > > Apparently gone from bad to worse. Determined we're > running MS 4.31.6, on an Ensim Pro box w/FC1, SA, ClamAV, etc. > We had reports from late yesterday and this morning that some > e-mail was taking over an hour to be delivered, even from 2 > accounts within the same box. So we took a look and found > some serious problems cropping up: > > Since the last Ensim Pro upgrade from 4.02-XX to 4.03-XX, > which apparently modified MailScanner (and other elements) in > some way, this sucker's just not right. > > The AWL issue still remains, randomly tags those who > apparently must be in an existing AWL file somewhere, that > seriously needs to be flushed as the AWL adjustment is always > a positive number (usually massive like in the 100's) and > instantly earns the e-mail a spam tag. > > In trying to perform the -v or --help commands, it turns > up errors regarding the lack of some config file as specified > in line 575 of the Config.pm file. According to posts, that > shouldn't be the case, those commands should produce a result. > > Now, since changing the SpamAssassin and AWL tags in > the conf files, we're suddenly seeing (using top) a constant > stream of zombie processes and 'defunct' MailScanner processes > running. > > Kill the PID, new one comes up. Should be running 5-8 > processes tops, wants to run 12. At least 5 are zombies and > keep respawning. The top report shows them as MailScanner > and zombied process. Strange part is that one of the processes > seems to run just fine? > > Top that off with the fact that after changing the conf > files to the recently suggested 'disarm' to prevent MS from > nailing 'script in HTML' mail, that's back again? > > Restarted services multiple times, rebooted the server > to ensure everything is reset properly. All that, zombies > and defunct's abound. > > Any clues out there? > > > I--I > Message scanned by MailScanner, and is believed to be clean. > CONFIDENTIALITY NOTICE: This transmission intended for the > specified destination and person. If this is not you, this > e-mail must be deleted immediately. www.pscginternet.com > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Wed Mar 30 16:16:09 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:29:11 2006 Subject: Problems with BitDefender updtaes ? Message-ID: steve.swaney@fsl.com > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Denis Beauchemin > Sent: Wednesday, March 30, 2005 9:31 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Problems with BitDefender updtaes ? > > Michael H. Martel wrote: > > > Hello! > > > > Is anyone else seeing problesm with the BitDefender updates ? This > > isn't a > > MailScanner issue per se, since it happens with : > > > > /opt/bdc/bdc --update > > > > But it causes the cronjob (update_virus_scanners.cron) to hang and not > > update other av scanners. > > > > Same problem here yesterday on one server (others were running OK). I > noticed it when I didn't get McAfee updated on one server while the 3 > others did get updated. > > Looks like their site is sometimes quite slow... > I'm seeing the same thing on several systems. Their site is quite slow. I just killed a lot of bdc processes and then ran the update manually. It took a little over 10 minutes to finish. > Didn't Julian put some timeout validation in recent versions of MS? I > know it's not there in 4.34/4.35. > > Denis As you probably know by now, Julian just posted an update to the BitDefender update script. I'm installing it but upping the timeout to 20 minutes based on what I just saw. Steve Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Wed Mar 30 16:16:03 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:29:11 2006 Subject: Problems with BitDefender updtaes ? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > Denis Beauchemin wrote: > >> Michael H. Martel wrote: >> >>> Hello! >>> >>> Is anyone else seeing problesm with the BitDefender updates ? This >>> isn't a >>> MailScanner issue per se, since it happens with : >>> >>> /opt/bdc/bdc --update >>> >>> But it causes the cronjob (update_virus_scanners.cron) to hang and not >>> update other av scanners. >>> >> >> Same problem here yesterday on one server (others were running OK). I >> noticed it when I didn't get McAfee updated on one server while the 3 >> others did get updated. >> >> Looks like their site is sometimes quite slow... >> >> Didn't Julian put some timeout validation in recent versions of MS? I >> know it's not there in 4.34/4.35. > > > I have added a 5 minute timeout to the "bdc --update" command. > Please give it a try. Installed it on my 4 servers. Seems OK but it didn't need the timeout yet. Will keep you posted on this. Thanks! Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From MailScanner at ecs.soton.ac.uk Wed Mar 30 16:24:23 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:11 2006 Subject: Problems with BitDefender updtaes ? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Stephen Swaney wrote: >steve.swaney@fsl.com > > >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>Behalf Of Denis Beauchemin >>Sent: Wednesday, March 30, 2005 9:31 AM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: Problems with BitDefender updtaes ? >> >>Michael H. Martel wrote: >> >> >> >>>Hello! >>> >>>Is anyone else seeing problesm with the BitDefender updates ? This >>>isn't a >>>MailScanner issue per se, since it happens with : >>> >>>/opt/bdc/bdc --update >>> >>>But it causes the cronjob (update_virus_scanners.cron) to hang and not >>>update other av scanners. >>> >>> >>> >>Same problem here yesterday on one server (others were running OK). I >>noticed it when I didn't get McAfee updated on one server while the 3 >>others did get updated. >> >>Looks like their site is sometimes quite slow... >> >> >> > >I'm seeing the same thing on several systems. Their site is quite slow. I >just killed a lot of bdc processes and then ran the update manually. It took >a little over 10 minutes to finish. > > > >>Didn't Julian put some timeout validation in recent versions of MS? I >>know it's not there in 4.34/4.35. >> >>Denis >> >> > >As you probably know by now, Julian just posted an update to the BitDefender >update script. I'm installing it but upping the timeout to 20 minutes based >on what I just saw. > > I have just changed the default value to 20 minutes, and it is now set in a variable right at the top of the file so that it is easy to change. To change it at the moment, look for the word "alarm" and you will find it. Measured in seconds. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From webalizer at NWCWEB.COM Wed Mar 30 16:22:57 2005 From: webalizer at NWCWEB.COM (Dave Duffner - PSCGi) Date: Thu Jan 12 21:29:11 2006 Subject: MailScanner now on the fritz Message-ID: Martin, Yep, that was the only place that it wasn't done until Julian's suggestion yesterday. Popped that into the file, restarted services (and with today's reboot it's definitely applied) and still it's at it again. Random, which is the real strange part, but it loves to do it. On the AWL issue, I'm not sure it's a problem with the AWL function, as that's showing 'disabled'. I think it's more than we've built up an AWL file over time before disarming it and for whatever reason SA's dipping back into that file as a reference. Then it tags. So my goal on that issue is to determine where this 'AWL list' is and flush that file, then see if it keeps tagging mail. If so, then it's a larger issue and possibly time to revamp that server. If it stops, problem solved. UPDATE: On the zombie issue mentioned, after changing some of the tags in MailScanner.conf to 'disarm' frame tags, etc. to match what someone suggested was working for them in this List, that's the culprit for the zombies! Changed the settings back to yes/no as I had them, restarted MailScanner and all the zombies and loads are now gone. So one of those 'disarms' apparently either has issues with trying to disarm certain messages that causes the processes to loop forever as zombies, or can't do it and instead of killing the process for good it's dumping the PID, handing the message back to be re-processed and then a new PID goes defunct trying to do the same thing. > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth > Sent: Wednesday, March 30, 2005 10:10 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: MailScanner now on the fritz > > > Dave > > have you tried turning off AWL in SA? I find a real PITA esp > with SA 3.x. > > in spam.assassin.prefs.conf set > > use_auto_whitelist 0 > > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Dave Duffner - PSCGi wrote: > > Greetings, > > > > Apparently gone from bad to worse. Determined > we're running > > MS 4.31.6, on an Ensim Pro box w/FC1, SA, ClamAV, etc. We > had reports > > from late yesterday and this morning that some e-mail was > taking over > > an hour to be delivered, even from 2 accounts within the > same box. So > > we took a look and found some serious problems cropping up: > > > > Since the last Ensim Pro upgrade from 4.02-XX to 4.03-XX, > > which apparently modified MailScanner (and other elements) in some > > way, this sucker's just not right. > > > > The AWL issue still remains, randomly tags those who > > apparently must be in an existing AWL file somewhere, that > seriously > > needs to be flushed as the AWL adjustment is always a > positive number > > (usually massive like in the 100's) and instantly earns the > e-mail a > > spam tag. > > > > In trying to perform the -v or --help commands, it turns up > > errors regarding the lack of some config file as specified > in line 575 > > of the Config.pm file. According to posts, that shouldn't be the > > case, those commands should produce a result. > > > > Now, since changing the SpamAssassin and AWL tags > in the conf > > files, we're suddenly seeing (using top) a constant stream > of zombie > > processes and 'defunct' MailScanner processes running. > > > > Kill the PID, new one comes up. Should be running 5-8 > > processes tops, wants to run 12. At least 5 are zombies and keep > > respawning. The top report shows them as MailScanner and > > zombied process. Strange part is that one of the processes > seems to > > run just fine? > > > > Top that off with the fact that after changing the > conf files > > to the recently suggested 'disarm' to prevent MS from > nailing 'script > > in HTML' mail, that's back again? > > > > Restarted services multiple times, rebooted the server to > > ensure everything is reset properly. All that, zombies and > defunct's > > abound. > > > > Any clues out there? > > > > > > I--I > > Message scanned by MailScanner, and is believed to be clean. > > CONFIDENTIALITY NOTICE: This transmission intended for the > specified > > destination and person. If this is not you, this > > e-mail must be deleted immediately. www.pscginternet.com > > > > ------------------------ MailScanner list > ------------------------ To > > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > > mailscanner' in the body of the email. Before posting, read the MAQ > > (http://www.mailscanner.biz/maq/) and the archives > > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > ********************************************************************** > > This email and any files transmitted with it are confidential > and intended solely for the use of the individual or entity > to whom they are addressed. If you have received this email > in error please notify the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' > in the body of the email. Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > I--I > Message scanned by MailScanner, and is believed to be clean. > CONFIDENTIALITY NOTICE: This transmission intended for the > specified destination and person. If this is not you, this > e-mail must be deleted immediately. www.pscginternet.com > I--I Message scanned by MailScanner, and is believed to be clean. CONFIDENTIALITY NOTICE: This transmission intended for the specified destination and person. If this is not you, this e-mail must be deleted immediately. www.pscginternet.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vlad at MAZEK.COM Wed Mar 30 16:38:11 2005 From: vlad at MAZEK.COM (Vlad Mazek) Date: Thu Jan 12 21:29:11 2006 Subject: OT: mailscanner & oom killer on fc2 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] That is what I suspected was the issue because I saw a number of tnef and doc files in the /var/spool/mqueue.in directory. However, after cleaning it up, I ran into the problem again. I ran MailScanner in the debug mode and it reported no problems at all. Things are stable again, for the time being, but I cannot figure out what caused the issue to begin with. Has anybody had a similar issue? -Vlad Martin Hepworth wrote: > Vlad > > check in the message for old messages. There maybe some message in there > that's causing the thing to fall over. > > IE, stop MS, move everything out of the inbound queue, start MS. If > everythings back to normal drip in the queue files back and see if one > of them triggers the bad. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Mar 30 16:40:39 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:29:11 2006 Subject: OT: mailscanner & oom killer on fc2 Message-ID: Hmm I wonder if this related to the Ensim issue as well. Quite different versions of MS, but both on FC.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Vlad Mazek wrote: > That is what I suspected was the issue because I saw a number of tnef > and doc files in the /var/spool/mqueue.in directory. However, after > cleaning it up, I ran into the problem again. I ran MailScanner in the > debug mode and it reported no problems at all. > > Things are stable again, for the time being, but I cannot figure out > what caused the issue to begin with. Has anybody had a similar issue? > > -Vlad > > Martin Hepworth wrote: > >> Vlad >> >> check in the message for old messages. There maybe some message in there >> that's causing the thing to fall over. >> >> IE, stop MS, move everything out of the inbound queue, start MS. If >> everythings back to normal drip in the queue files back and see if one >> of them triggers the bad. > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From gdoris at rogers.com Wed Mar 30 16:55:14 2005 From: gdoris at rogers.com (Gerry Doris) Date: Thu Jan 12 21:29:11 2006 Subject: Warnings in FSL spam.assassin.prefs.conf Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I installed the new beta release and noticed that it now includes the FSL version of spam.assassin.prefs.conf. I installed this version and did a little editing to activate some of the options. Enabling all four of the bayes rules to raise/lower the scores at the high and low ends (99% confident to +15 and 0% to -15) worked fine but the 10% and 90% rule caused a warning when running spamassassin lint. There are no bayes 10% or 90% rules...at least in my version of spamassassin. I'm using the latest version and haven't modified anything. It's not a big deal but should probably be corrected. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vlad at MAZEK.COM Wed Mar 30 17:00:12 2005 From: vlad at MAZEK.COM (Vlad Mazek) Date: Thu Jan 12 21:29:11 2006 Subject: OT: mailscanner & oom killer on fc2 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I doubt it, they don't use Ensim (or any other control panel for that matter). What could possibly cause the MailScanner process to ping the processor at 99% for over 6 minutes? I have found a number of issues with sendmail and oom killer, one with MailScanner/FC3 specifically. However, none of those were ever answered which is why I decided to post here. -Vlad Martin Hepworth wrote: > Hmm I wonder if this related to the Ensim issue as well. Quite different > versions of MS, but both on FC.. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Mar 30 17:22:02 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:11 2006 Subject: Warnings in FSL spam.assassin.prefs.conf Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Well spotted. I have changed them to 05 and 95. Gerry Doris wrote: >I installed the new beta release and noticed that it now includes the FSL >version of spam.assassin.prefs.conf. I installed this version and did a >little editing to activate some of the options. > >Enabling all four of the bayes rules to raise/lower the scores at the high >and low ends (99% confident to +15 and 0% to -15) worked fine but the 10% >and 90% rule caused a warning when running spamassassin lint. There are >no bayes 10% or 90% rules...at least in my version of spamassassin. I'm >using the latest version and haven't modified anything. > >It's not a big deal but should probably be corrected. > > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From itdept at REDRED.COM Wed Mar 30 17:22:05 2005 From: itdept at REDRED.COM (RedRed!com IT Department) Date: Thu Jan 12 21:29:11 2006 Subject: Vexira command line switches Message-ID: Maybe I'm just not looking in the right place, but I'm trying to figure out how to specify some of the command line switches that Mailscanner uses when it calls vascan. Currently my logs are showing that it's calling vascan -qq --scanning=full --action=skip. All of that is great except for the skip part. I would rather have it rename or delete. How would I tell Mailscanner that those are the arguments I want on the call to vascan? Thanks. Sean ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Mar 30 17:30:41 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:11 2006 Subject: Problems with BitDefender updtaes ? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > Stephen Swaney wrote: > >> steve.swaney@fsl.com >> >> >>> -----Original Message----- >>> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>> Behalf Of Denis Beauchemin >>> Sent: Wednesday, March 30, 2005 9:31 AM >>> To: MAILSCANNER@JISCMAIL.AC.UK >>> Subject: Re: Problems with BitDefender updtaes ? >>> >>> Michael H. Martel wrote: >>> >>> >>> >>>> Hello! >>>> >>>> Is anyone else seeing problesm with the BitDefender updates ? This >>>> isn't a >>>> MailScanner issue per se, since it happens with : >>>> >>>> /opt/bdc/bdc --update >>>> >>>> But it causes the cronjob (update_virus_scanners.cron) to hang and not >>>> update other av scanners. >>>> >>>> >>>> >>> Same problem here yesterday on one server (others were running OK). I >>> noticed it when I didn't get McAfee updated on one server while the 3 >>> others did get updated. >>> >>> Looks like their site is sometimes quite slow... >>> >>> >>> >> >> I'm seeing the same thing on several systems. Their site is quite >> slow. I >> just killed a lot of bdc processes and then ran the update manually. >> It took >> a little over 10 minutes to finish. >> >> >> >>> Didn't Julian put some timeout validation in recent versions of MS? I >>> know it's not there in 4.34/4.35. >>> >>> Denis >>> >>> >> >> As you probably know by now, Julian just posted an update to the >> BitDefender >> update script. I'm installing it but upping the timeout to 20 minutes >> based >> on what I just saw. >> >> > I have just changed the default value to 20 minutes, and it is now set > in a variable right at the top of the file so that it is easy to change. > To change it at the moment, look for the word "alarm" and you will find > it. Measured in seconds. As Steve just pointed out to me, it might be a good idea if I actually sent you the improved script with the 20 minute timeout, configured at the top of the script. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/X-GZIP 9.6KB. ] [ Unable to print this part. ] From MailScanner at ecs.soton.ac.uk Wed Mar 30 17:32:25 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:11 2006 Subject: Vexira command line switches Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] If you set it to delete or rename you will break the filename/filetype checking functionality, as the files won't exist any more. Why would you want to do this? RedRed!com IT Department wrote: > Maybe I'm just not looking in the right place, but I'm trying to figure > out how to specify some of the command line switches that Mailscanner > uses when it calls vascan. Currently my logs are showing that it's > calling vascan -qq --scanning=full --action=skip. All of that is great > except for the skip part. I would rather have it rename or delete. > > How would I tell Mailscanner that those are the arguments I want on the > call to vascan? Thanks. You would have to hack vexira-wrapper and SweepViruses.pm. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From itdept at REDRED.COM Wed Mar 30 17:34:38 2005 From: itdept at REDRED.COM (RedRed!com IT Department) Date: Thu Jan 12 21:29:11 2006 Subject: Vexira command line switches Message-ID: Becuase if the file is found to be a virus I do not want it to be forwarded on to the customer. At the point that it is determined to be a virus, I would like to get rid of it then. Why process it any further? Sean Julian Field wrote: > If you set it to delete or rename you will break the filename/filetype > checking functionality, as the files won't exist any more. > Why would you want to do this? > > RedRed!com IT Department wrote: > >> Maybe I'm just not looking in the right place, but I'm trying to figure >> out how to specify some of the command line switches that Mailscanner >> uses when it calls vascan. Currently my logs are showing that it's >> calling vascan -qq --scanning=full --action=skip. All of that is great >> except for the skip part. I would rather have it rename or delete. >> >> How would I tell Mailscanner that those are the arguments I want on the >> call to vascan? Thanks. > > > You would have to hack vexira-wrapper and SweepViruses.pm. > > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Wed Mar 30 17:53:33 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:29:11 2006 Subject: Problems with BitDefender updtaes ? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > Julian Field wrote: > >> Stephen Swaney wrote: >> >>> steve.swaney@fsl.com >>> >>> >>>> -----Original Message----- >>>> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>>> Behalf Of Denis Beauchemin >>>> Sent: Wednesday, March 30, 2005 9:31 AM >>>> To: MAILSCANNER@JISCMAIL.AC.UK >>>> Subject: Re: Problems with BitDefender updtaes ? >>>> >>>> Michael H. Martel wrote: >>>> >>>> >>>> >>>>> Hello! >>>>> >>>>> Is anyone else seeing problesm with the BitDefender updates ? This >>>>> isn't a >>>>> MailScanner issue per se, since it happens with : >>>>> >>>>> /opt/bdc/bdc --update >>>>> >>>>> But it causes the cronjob (update_virus_scanners.cron) to hang and not >>>>> update other av scanners. >>>>> >>>>> >>>>> >>>> Same problem here yesterday on one server (others were running OK). I >>>> noticed it when I didn't get McAfee updated on one server while the 3 >>>> others did get updated. >>>> >>>> Looks like their site is sometimes quite slow... >>>> >>>> >>>> >>> >>> I'm seeing the same thing on several systems. Their site is quite >>> slow. I >>> just killed a lot of bdc processes and then ran the update manually. >>> It took >>> a little over 10 minutes to finish. >>> >>> >>> >>>> Didn't Julian put some timeout validation in recent versions of MS? I >>>> know it's not there in 4.34/4.35. >>>> >>>> Denis >>>> >>>> >>> >>> As you probably know by now, Julian just posted an update to the >>> BitDefender >>> update script. I'm installing it but upping the timeout to 20 minutes >>> based >>> on what I just saw. >>> >>> >> I have just changed the default value to 20 minutes, and it is now set >> in a variable right at the top of the file so that it is easy to change. >> To change it at the moment, look for the word "alarm" and you will find >> it. Measured in seconds. > > > As Steve just pointed out to me, it might be a good idea if I actually > sent you the improved script with the 20 minute timeout, configured at > the top of the script. Just need to run /usr/Julian/sleep a little more often! -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Wed Mar 30 17:55:59 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:29:11 2006 Subject: blocking SDG files? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > > I do have a quarantine system running where everything stays for 2 weeks > before it's sent to the "bit recycler". Unfortunately, when I attempt to > release this message from the quarantine, it gets re-trapped by > Mailscanner in its incessant thoughness. Is there a way of telling > MailScanner to not do file type checks when the message is being sent > directly from the server or something? Yes, use a ruleset and don't do any filename/type checks either from 127.0.0.1 or your web server's user (apache@localhost?) Ugo ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Mar 30 18:12:15 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:11 2006 Subject: Vexira command line switches Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Why hack MailScanner to achieve something it already does perfectly well anyway? As long as you have switched on virus scanning and have told it which scanner to use, it won't deliver a virus to your customers anyway. Deleting them by hacking MailScanner won't make any difference at all. And people who hack MailScanner don't get any support from me either, unless there is a very good reason for them having made a change. RedRed!com IT Department wrote: > Becuase if the file is found to be a virus I do not want it to be > forwarded on to the customer. At the point that it is determined to be a > virus, I would like to get rid of it then. Why process it any further? > > Sean > > Julian Field wrote: > >> If you set it to delete or rename you will break the filename/filetype >> checking functionality, as the files won't exist any more. >> Why would you want to do this? >> >> RedRed!com IT Department wrote: >> >>> Maybe I'm just not looking in the right place, but I'm trying to figure >>> out how to specify some of the command line switches that Mailscanner >>> uses when it calls vascan. Currently my logs are showing that it's >>> calling vascan -qq --scanning=full --action=skip. All of that is great >>> except for the skip part. I would rather have it rename or delete. >>> >>> How would I tell Mailscanner that those are the arguments I want on the >>> call to vascan? Thanks. >> >> >> >> You would have to hack vexira-wrapper and SweepViruses.pm. >> >> -- >> Julian Field >> www.MailScanner.info >> MailScanner thanks transtec Computers for their support >> Buy the MailScanner book at www.MailScanner.info/store >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Mar 30 18:13:48 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:11 2006 Subject: Problems with BitDefender updtaes ? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Scott Silva wrote: > Just need to run /usr/Julian/sleep a little more often! :-) >-- >"If you have ever eaten crow, >It don't taste like chicken!!" > > Does it taste like chicken if you not ever eaten crow? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From itdept at REDRED.COM Wed Mar 30 18:34:59 2005 From: itdept at REDRED.COM (RedRed!com IT Department) Date: Thu Jan 12 21:29:11 2006 Subject: Vexira command line switches Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian, I'm an idiot, sorry, I found the settings in MailScanner.conf dealing with silent viruses and so on. I guess I should lay off the coffee, maybe I'll slow down enough to actually see what I'm reading. Talk to you later. Sean Julian Field wrote: > Why hack MailScanner to achieve something it already does perfectly well > anyway? > > As long as you have switched on virus scanning and have told it which > scanner to use, it won't deliver a virus to your customers anyway. > Deleting them by hacking MailScanner won't make any difference at all. > And people who hack MailScanner don't get any support from me either, > unless there is a very good reason for them having made a change. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Mar 30 18:55:51 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:11 2006 Subject: Vexira command line switches Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] No problem. For info, there is no way of delivering a virus to an original recipient (not that I know of anyway :-) There is no configuration option to allow this. A few people have asked for it in the past (heaven only knows why!) but I have always refused to implement it, as it's a dumb thing to ask for :-) They get a quick slap with the "clue bat". RedRed!com IT Department wrote: > Julian, > > I'm an idiot, sorry, I found the settings in MailScanner.conf > dealing with silent viruses and so on. I guess I should lay off the > coffee, maybe I'll slow down enough to actually see what I'm reading. > Talk to you later. > > Sean > > > Julian Field wrote: > >> Why hack MailScanner to achieve something it already does perfectly well >> anyway? >> >> As long as you have switched on virus scanning and have told it which >> scanner to use, it won't deliver a virus to your customers anyway. >> Deleting them by hacking MailScanner won't make any difference at all. >> And people who hack MailScanner don't get any support from me either, >> unless there is a very good reason for them having made a change. > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Wed Mar 30 20:18:11 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:29:11 2006 Subject: Virus question Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Does anybody knows about a virus that writes a lot of threes on screen? A friend of mine asked me today, but I never heard about it... He says he tiped some letters and then the line fills with "3333333333333333333333333333". Any clues? He did't found anything with the antivirus he had installed, AVG. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Wed Mar 30 20:22:09 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:29:12 2006 Subject: Virus question Message-ID: Could be, but I'd suspect a stuck keyboard.... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ________________________________________________________________________________ From: Roger Jochem [mailto:roger@RUDNICK.COM.BR] Sent: Wednesday, March 30, 2005 10:18 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Virus question Does anybody knows about a virus that writes a lot of threes on screen? A friend of mine asked me today, but I never heard about it... He says he tiped some letters and then the line fills with "3333333333333333333333333333". Any clues? He did't found anything with the antivirus he had installed, AVG. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Wed Mar 30 20:22:24 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:29:12 2006 Subject: Virus question Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I suspected It too, but he said that he has shure it's not the case... ----- Original Message ----- From: Kevin Miller To: MAILSCANNER@JISCMAIL.AC.UK Sent: Wednesday, March 30, 2005 4:22 PM Subject: Re: Virus question Could be, but I'd suspect a stuck keyboard.... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ________________________________________________________________________________ From: Roger Jochem [mailto:roger@RUDNICK.COM.BR] Sent: Wednesday, March 30, 2005 10:18 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Virus question Does anybody knows about a virus that writes a lot of threes on screen? A friend of mine asked me today, but I never heard about it... He says he tiped some letters and then the line fills with "3333333333333333333333333333". Any clues? He did't found anything with the antivirus he had installed, AVG. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From webalizer at NWCWEB.COM Wed Mar 30 20:26:33 2005 From: webalizer at NWCWEB.COM (Dave Duffner - PSCGi) Date: Thu Jan 12 21:29:12 2006 Subject: [OT] Virus question Message-ID: Is he using a wireless keyboard? Or possibly has a bad keyboard jack that could cause this? I've had it on my wireless setup when one of the batteries in the receiver or keyboard is going down, also when certain cell phones get near the path it seems to screw it up. Reset the connection (should be buttons for this) and see what it does. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Roger Jochem Sent: Wednesday, March 30, 2005 2:22 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Virus question I suspected It too, but he said that he has shure it's not the case... ----- Original Message ----- From: Kevin Miller To: MAILSCANNER@JISCMAIL.AC.UK Sent: Wednesday, March 30, 2005 4:22 PM Subject: Re: Virus question Could be, but I'd suspect a stuck keyboard.... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From: Roger Jochem [mailto:roger@RUDNICK.COM.BR] Sent: Wednesday, March 30, 2005 10:18 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Virus question Does anybody knows about a virus that writes a lot of threes on screen? A friend of mine asked me today, but I never heard about it... He says he tiped some letters and then the line fills with "3333333333333333333333333333". Any clues? He did't found anything with the antivirus he had installed, AVG. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! I--I Message scanned by MailScanner and is believed to be clean. CONFIDENTIALITY NOTICE: This transmission intended for the specified destination and person. If this is not you, this e-mail must be deleted immediately. www.pscginternet.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! I--I Message scanned by MailScanner, and is believed to be clean. CONFIDENTIALITY NOTICE: This transmission intended for the specified destination and person. If this is not you, this e-mail must be deleted immediately. www.pscginternet.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Wed Mar 30 20:30:34 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:29:12 2006 Subject: [OT] Virus question Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] It's a regular keyboard. But I will recomend a test replacing the keyboard, anyway... Thanks! ----- Original Message ----- From: "Dave Duffner - PSCGi" To: Sent: Wednesday, March 30, 2005 4:26 PM Subject: Re: [OT] Virus question > Is he using a wireless keyboard? > Or possibly has a bad keyboard jack that could cause this? > > I've had it on my wireless setup when one of the batteries > in the receiver or keyboard is going down, also when certain > cell phones get near the path it seems to screw it up. Reset > the connection (should be buttons for this) and see what it > does. > > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of > Roger Jochem > Sent: Wednesday, March 30, 2005 2:22 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Virus question > > > I suspected It too, but he said that he has shure it's not the case... > ----- Original Message ----- > From: Kevin Miller > To: MAILSCANNER@JISCMAIL.AC.UK > Sent: Wednesday, March 30, 2005 4:22 PM > Subject: Re: Virus question > > > Could be, but I'd suspect a stuck keyboard.... > ...Kevin > -- > Kevin Miller Registered Linux User No: 307357 > CBJ MIS Dept. Network Systems Admin., Mail Admin. > 155 South Seward Street ph: (907) 586-0242 > Juneau, Alaska 99801 fax: (907 586-4500 > > > > > > > From: Roger Jochem [mailto:roger@RUDNICK.COM.BR] > Sent: Wednesday, March 30, 2005 10:18 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Virus question > > > Does anybody knows about a virus that writes a lot of threes on screen? A friend > of mine asked me today, but I never heard about it... He says he tiped some > letters and then the line fills with "3333333333333333333333333333". > > Any clues? He did't found anything with the antivirus he had installed, AVG. > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > I--I > Message scanned by MailScanner and is believed to be clean. > CONFIDENTIALITY NOTICE: This transmission intended for the > specified destination and person. If this is not you, this > e-mail must be deleted immediately. www.pscginternet.com > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > I--I > Message scanned by MailScanner, and is believed to be clean. > CONFIDENTIALITY NOTICE: This transmission intended for the > specified destination and person. If this is not you, this > e-mail must be deleted immediately. www.pscginternet.com > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Wed Mar 30 23:02:07 2005 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:29:12 2006 Subject: MS book Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian how new is the version of your book? I ordered one some time ago and want to get the new one if it would help Lance -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.308 / Virus Database: 266.8.6 - Release Date: 30/03/2005 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vachanta at GMAIL.COM Wed Mar 30 23:13:29 2005 From: vachanta at GMAIL.COM (Venkata Achanta) Date: Thu Jan 12 21:29:12 2006 Subject: MCP checks for outgoing only Message-ID: Hello everybody, Goal - TO do MCP checks for outgoing e-mail only and forward those e- mails that trigger the MCP to user@domain.com Problem - user@domain.com is getting all the incoming messages(MCP checks triggered tagged spam messages as well) and all the outgoing mail as well.I can see from the headers that its getting MCP scores correctly but I just want to do MCP checks on outgoing e-mail from domain.com. I have this in my %rules-dir%/mcp.rules From: @domain.com yes FromOrTo: default no My regular spam actions, Spam Actions = store deliver forward spam@domain.com High Scoring Spam Actions = store forward spam@domain.com Non Spam Actions = deliver Am i doing something wrong here ? Let me know if you need more info. Thanks, Venkata Achanta Here is my config for the MCP part MCP Checks = yes First Check = MCP MCP Required SpamAssassin Score = 100 MCP High SpamAssassin Score = 100 MCP Error Score = 0 MCP Header = X-%org-name%-SpoofChecker: Non MCP Actions = deliver MCP Actions = deliver user@domain.com High Scoring MCP Actions = deliver user@domain.com Bounce MCP As Attachment = no MCP Modify Subject = no MCP Subject Text = {MCP?} High Scoring MCP Modify Subject = no High Scoring MCP Subject Text = {MCP?} Is Definitely MCP = %rules-dir%/mcp.rules Is Definitely Not MCP = no Definite MCP Is High Scoring = yes Always Include MCP Report = yes Detailed MCP Report = yes Include Scores In MCP Report = yes Log MCP = yes MCP Max SpamAssassin Timeouts = 20 MCP Max SpamAssassin Size = 100000 MCP SpamAssassin Timeout = 10 MCP SpamAssassin Prefs File = %mcp-dir%/mcp.spam.assassin.prefs.conf MCP SpamAssassin User State Dir = MCP SpamAssassin Local Rules Dir = %mcp-dir% MCP SpamAssassin Default Rules Dir = %mcp-dir% MCP SpamAssassin Install Prefix = %mcp-dir% Recipient MCP Report = %report-dir%/recipient.mcp.report.txt Sender MCP Report = %report-dir%/sender.mcp.report.txt ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Wed Mar 30 23:19:46 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:29:12 2006 Subject: OT: mailscanner & oom killer on fc2 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] We just ahd the exact same problem on RHEL4 we have 3 machines but this ocured on only one of them. Vlad Mazek wrote: > Hello folks, > > Troubleshooting MailScanner on friends machine and I seem to be running > into a problem that may be related to MailScanner but I can't quite > figure out what is the issue (hardware or software) and my Googling so > far has been futile, thus the OT message. System is stock Fedora FC2 > with 2.6.10. As you read this message please keep in mind that I'm not > drunk, this is what I'm seeing: > > At start MailScanner process simply hits the roof: > ---- > PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ > COMMAND > 29947 root 25 0 137m 131m 3188 R 92.4 8.6 0:15.15 > MailScanner > 27854 root 25 0 766m 760m 2828 R 92.1 50.1 6:46.87 > MailScanner > ---- > Running it in debug mode does not reveal anything unusual. > > As the system starts to run out of memory, MailScanner keeps on spawning > - Its set to 5 children, I've seen it go as high up as 40. It keeps on > growing until it allocates all available ram: > ---- > Tasks: 90 total, 4 running, 86 sleeping, 0 stopped, 0 zombie > Cpu(s): 94.5% us, 5.5% sy, 0.0% ni, 0.0% id, 0.0% wa, 0.0% hi, > 0.0% si > Mem: 1554180k total, 1485752k used, 68428k free, 4084k buffers > Swap: 0k total, 0k used, 0k free, 31016k cached > ---- > > This is where oom killer steps in. MailScanner eventually runs out of > memory and gets killed. Another MailScanner thread starts in its place, > until they eat up all available memory. Thats when oom killer steps in > and things get ugly very fast: > > ---- > Mar 30 07:44:21 mail1 root: Process did not exit cleanly, returned 255 > with signal 0 > Mar 30 07:46:14 mail1 kernel: oom-killer: gfp_mask=0x1d2 > Mar 30 07:46:17 mail1 kernel: Mem-info: > Mar 30 07:46:23 mail1 kernel: DMA per-cpu: > Mar 30 07:48:06 mail1 kernel: cpu 0 hot: low 2, high 6, batch 1 > Mar 30 07:48:42 mail1 shutdown: shutting down for system reboot > Mar 30 07:48:42 mail1 kernel: cpu 0 cold: low 0, high 2, batch 1 > Mar 30 07:48:45 mail1 sshd(pam_unix)[30028]: session opened for user ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Wed Mar 30 23:25:42 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:29:12 2006 Subject: OT: mailscanner & oom killer on fc2 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] YEah we had this issues on RHEL4, we have 3 machines and this occured only on one of them. Same symptoms as you. The message queue had a few thousand emails in it as this occured at the start of a long weekend. My colleague checked over the red hat stuff and found that we had rhen a few patches and some required a restart which we hadnt done, restarted mail was processed, it hasnt re occured in the past 3 days. MailScanner version 4.38.10 SA 3.02 (dcc, razor, pyzor, heaps of SAREs) Postfix 2.1.5 Vlad Mazek wrote: > That is what I suspected was the issue because I saw a number of tnef > and doc files in the /var/spool/mqueue.in directory. However, after > cleaning it up, I ran into the problem again. I ran MailScanner in the > debug mode and it reported no problems at all. > > Things are stable again, for the time being, but I cannot figure out > what caused the issue to begin with. Has anybody had a similar issue? > > -Vlad > > Martin Hepworth wrote: > >> Vlad >> >> check in the message for old messages. There maybe some message in there >> that's causing the thing to fall over. >> >> IE, stop MS, move everything out of the inbound queue, start MS. If >> everythings back to normal drip in the queue files back and see if one >> of them triggers the bad. > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vlad at MAZEK.COM Thu Mar 31 00:15:57 2005 From: vlad at MAZEK.COM (Vlad Mazek) Date: Thu Jan 12 21:29:12 2006 Subject: OT: mailscanner & oom killer on fc2 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have gotten a little further in my debugging - in one of the crashes in addition to memory errors I got the processes complaining they were running out of file handles; I've started MailScanner in shell with ulimit -n 4096 and it seemed to plow through the queue. No errors yet, I am waiting for the off-peak hours so I can do some load testing. I intend to slam it with a few thousand messages and see if I can replicate the issue. -Vlad Peter Russell wrote: > YEah we had this issues on RHEL4, we have 3 machines and this occured > only on one of them. Same symptoms as you. The message queue had a few > thousand emails in it as this occured at the start of a long weekend. > > My colleague checked over the red hat stuff and found that we had rhen a > few patches and some required a restart which we hadnt done, restarted > mail was processed, it hasnt re occured in the past 3 days. > > MailScanner version 4.38.10 > SA 3.02 (dcc, razor, pyzor, heaps of SAREs) > Postfix 2.1.5 > > > Vlad Mazek wrote: > >> That is what I suspected was the issue because I saw a number of tnef >> and doc files in the /var/spool/mqueue.in directory. However, after >> cleaning it up, I ran into the problem again. I ran MailScanner in the >> debug mode and it reported no problems at all. >> >> Things are stable again, for the time being, but I cannot figure out >> what caused the issue to begin with. Has anybody had a similar issue? >> >> -Vlad >> >> Martin Hepworth wrote: >> >>> Vlad >>> >>> check in the message for old messages. There maybe some message in >>> there >>> that's causing the thing to fall over. >>> >>> IE, stop MS, move everything out of the inbound queue, start MS. If >>> everythings back to normal drip in the queue files back and see if one >>> of them triggers the bad. >> >> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Mar 31 08:40:29 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:12 2006 Subject: MS book Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I updated it in January, and so there are just 2 releases not covered in it. Lance Haig wrote: > Julian how new is the version of your book? > > I ordered one some time ago and want to get the new one if it would help -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Mar 31 08:41:40 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:12 2006 Subject: MCP checks for outgoing only Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] The spam actions are nothing to do with MCP, you want to use the MCP Actions. Venkata Achanta wrote: >Hello everybody, > > Goal - TO do MCP checks for outgoing e-mail only and forward those e- >mails that trigger the MCP to user@domain.com > > Problem - user@domain.com is getting all the incoming messages(MCP >checks triggered tagged spam messages as well) and all the outgoing mail as >well.I can see from the headers that its getting MCP scores correctly but I >just want to do MCP checks on outgoing e-mail from domain.com. > > > I have this in my %rules-dir%/mcp.rules > >From: @domain.com yes >FromOrTo: default no > >My regular spam actions, > >Spam Actions = store deliver forward spam@domain.com >High Scoring Spam Actions = store forward spam@domain.com >Non Spam Actions = deliver > >Am i doing something wrong here ? Let me know if you need more info. > >Thanks, >Venkata Achanta > >Here is my config for the MCP part > >MCP Checks = yes >First Check = MCP >MCP Required SpamAssassin Score = 100 >MCP High SpamAssassin Score = 100 >MCP Error Score = 0 >MCP Header = X-%org-name%-SpoofChecker: >Non MCP Actions = deliver >MCP Actions = deliver user@domain.com >High Scoring MCP Actions = deliver user@domain.com >Bounce MCP As Attachment = no >MCP Modify Subject = no >MCP Subject Text = {MCP?} >High Scoring MCP Modify Subject = no >High Scoring MCP Subject Text = {MCP?} >Is Definitely MCP = %rules-dir%/mcp.rules >Is Definitely Not MCP = no >Definite MCP Is High Scoring = yes >Always Include MCP Report = yes >Detailed MCP Report = yes >Include Scores In MCP Report = yes >Log MCP = yes >MCP Max SpamAssassin Timeouts = 20 >MCP Max SpamAssassin Size = 100000 >MCP SpamAssassin Timeout = 10 >MCP SpamAssassin Prefs File = %mcp-dir%/mcp.spam.assassin.prefs.conf >MCP SpamAssassin User State Dir = >MCP SpamAssassin Local Rules Dir = %mcp-dir% >MCP SpamAssassin Default Rules Dir = %mcp-dir% >MCP SpamAssassin Install Prefix = %mcp-dir% >Recipient MCP Report = %report-dir%/recipient.mcp.report.txt >Sender MCP Report = %report-dir%/sender.mcp.report.txt > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From chris at TRUDEAU.ORG Thu Mar 31 14:16:41 2005 From: chris at TRUDEAU.ORG (Chris Trudeau) Date: Thu Jan 12 21:29:12 2006 Subject: I MUST be missing something.... Message-ID: Just installed 4.39.6. With Sophos/Clamav Have tried starting in debug mode and everything seems fine....messages are received, and it appears that MailScanner launches and starts to scan, but never finishes. No listing of the mqueue, mqueue.in or incoming directories show any files at all, the message just seems to vanish. Below are log entries of what I am seeing, the sendmail MTS receives the message and MailScanner picksup the queue, then nothing. No delivery, no spam report nothing...and yep have logging for SPAM report turned on. Any idea where to look? Mar 31 06:18:09 mta04 sendmail[7172]: j2VBHZ5k007172: from=chris.trudeau@gmail.com, size=15, class=0, nrcpts=1, msgid=<200503311118.j2VBHZ5k007172@host.domain.com>, proto=SMTP, daemon=MTA, relay=client.domain.net [111.222.333.444] Mar 31 06:18:09 mta04 sendmail[7172]: j2VBHZ5k007172: to=chris.trudeau@domain.com, delay=00:00:09, mailer=smtp, pri=30015, stat=queued Mar 31 06:18:10 mta04 MailScanner[7173]: New Batch: Scanning 1 Messages, 658 bytes Mar 31 06:18:10 mta04 MailScanner[7173]: Spam Checks: Starting Mar 31 06:18:10 mta04 MailScanner[7173]: Virus and Content Scanning: Starting Chris Trudeau, CISSP, ISSAP chris@trudeau.org -- This message has been scanned for viruses and dangerous content by DefendMail, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Mar 31 14:46:13 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:12 2006 Subject: I MUST be missing something.... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] What are your Non-Spam Actions Spam Actions High Scoring Spam Actions set to? Chris Trudeau wrote: > Just installed 4.39.6. With Sophos/Clamav Have tried starting in > debug mode > > and everything seems fine....messages are received, and it appears > that MailScanner launches and starts to scan, but never finishes. > > > > No listing of the mqueue, mqueue.in or incoming directories show any > files at all, the message just seems to vanish. > > > > Below are log entries of what I am seeing, the sendmail MTS receives > the message and MailScanner picksup the queue, then nothing. No > delivery, no spam report nothing...and yep have logging for SPAM > report turned on. > > Any idea where to look? > > > > Mar 31 06:18:09 mta04 sendmail[7172]: j2VBHZ5k007172: > > from=chris.trudeau@gmail.com, size=15, class=0, nrcpts=1, > msgid=<200503311118.j2VBHZ5k007172@host.domain.com>, proto=SMTP, > daemon=MTA, relay=client.domain.net [111.222.333.444] > > Mar 31 06:18:09 mta04 sendmail[7172]: j2VBHZ5k007172: > > to=chris.trudeau@domain.com, delay=00:00:09, mailer=smtp, pri=30015, > stat=queued > > Mar 31 06:18:10 mta04 MailScanner[7173]: New Batch: Scanning 1 > Messages, 658 bytes > > Mar 31 06:18:10 mta04 MailScanner[7173]: Spam Checks: Starting > > Mar 31 06:18:10 mta04 MailScanner[7173]: Virus and Content > > Scanning: Starting > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From chris at TRUDEAU.ORG Thu Mar 31 17:17:44 2005 From: chris at TRUDEAU.ORG (Chris Trudeau) Date: Thu Jan 12 21:29:12 2006 Subject: I MUST be missing something.... Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] These are all rules files, checked to make sure they are in fact in place and syntactically correct. They are and the default in each is set to "store". ( I do this for learning later) (these rules files are actually copied from a production MailScanner running) Here is debug output from the message processing: Mar 31 11:23:12 mta04 sendmail[9289]: j2VGMneZ009289: from=chris.trudeau@gmail.com, size=9, class=0, nrcpts=1, msgid=<200503311623.j2VGMneZ009289@host.domain.com>, proto=SMTP , proto=SMTP> , daemon=MTA, relay=localhost.localdomain [127.0.0.1] Mar 31 11:23:12 mta04 sendmail[9289]: j2VGMneZ009289: to=chris.trudeau@domain.com, delay=00:00:06, mailer=smtp, pri=30009, stat=queued Mar 31 11:23:13 mta04 MailScanner[9287]: New Batch: Scanning 1 messages, 613 bytes Mar 31 11:23:13 mta04 MailScanner[9287]: Created attachment dirs for 1 messages Mar 31 11:23:13 mta04 MailScanner[9287]: Spam Checks: Starting Mar 31 11:23:13 mta04 MailScanner[9287]: Virus and Content Scanning: Starting Mar 31 11:23:13 mta04 MailScanner[9287]: Commencing scanning by clamavmodule... Mar 31 11:23:13 mta04 MailScanner[9287]: Completed scanning by clamavmodule Mar 31 11:23:13 mta04 MailScanner[9287]: Config: calling custom end function ByDomainSpamWhitelist Mar 31 11:23:13 mta04 MailScanner[9287]: Closing down by-domain spam whitelist Mar 31 11:23:13 mta04 MailScanner[9287]: MailScanner child dying of old age Might be important to note (not sure if it is) but the system is running CentOS 3.4 (64-bit) on Athlon 3300 (64-bit). CT -----Original Message----- From: Julian Field [mailto:MailScanner@ECS.SOTON.AC.UK] Sent: Thu 3/31/2005 8:46 AM To: MAILSCANNER@JISCMAIL.AC.UK Cc: Subject: Re: I MUST be missing something.... What are your Non-Spam Actions Spam Actions High Scoring Spam Actions set to? Chris Trudeau wrote: > Just installed 4.39.6. With Sophos/Clamav Have tried starting in > debug mode > > and everything seems fine....messages are received, and it appears > that MailScanner launches and starts to scan, but never finishes. > > > > No listing of the mqueue, mqueue.in or incoming directories show any > files at all, the message just seems to vanish. > > > > Below are log entries of what I am seeing, the sendmail MTS receives > the message and MailScanner picksup the queue, then nothing. No > delivery, no spam report nothing...and yep have logging for SPAM > report turned on. > > Any idea where to look? > > > > Mar 31 06:18:09 mta04 sendmail[7172]: j2VBHZ5k007172: > > from=chris.trudeau@gmail.com, size=15, class=0, nrcpts=1, > msgid=<200503311118.j2VBHZ5k007172@host.domain.com>, proto=SMTP, > daemon=MTA, relay=client.domain.net [111.222.333.444] > > Mar 31 06:18:09 mta04 sendmail[7172]: j2VBHZ5k007172: > > to=chris.trudeau@domain.com, delay=00:00:09, mailer=smtp, pri=30015, > stat=queued > > Mar 31 06:18:10 mta04 MailScanner[7173]: New Batch: Scanning 1 > Messages, 658 bytes > > Mar 31 06:18:10 mta04 MailScanner[7173]: Spam Checks: Starting > > Mar 31 06:18:10 mta04 MailScanner[7173]: Virus and Content > > Scanning: Starting > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by DefendMail, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by DefendMail, and is believed to be clean. From devonharding at gmail.com Thu Mar 31 17:48:54 2005 From: devonharding at gmail.com (Devon Harding) Date: Thu Jan 12 21:29:12 2006 Subject: Check sa-learn status? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] How can I check if SA is actually learning new SPAM when I run the command 'sa-learn -C sa\ruleset --spam --mbox spam/'? I use Thunderbird to copy mesasges to mbox format and then SCP the file to the MailScanner box. The result says 'Learned from X message(s) (XX message(s) examined).', but how do I know its working? -Devon ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Mar 31 17:53:19 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:12 2006 Subject: Check sa-learn status? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] sa-learn --dump magic Devon Harding wrote: >How can I check if SA is actually learning new SPAM when I run the >command 'sa-learn -C sa\ruleset --spam --mbox spam/'? I use >Thunderbird to copy mesasges to mbox format and then SCP the file to >the MailScanner box. The result says 'Learned from X message(s) (XX >message(s) examined).', but how do I know its working? > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vachanta at GMAIL.COM Thu Mar 31 18:06:37 2005 From: vachanta at GMAIL.COM (Venkata Achanta) Date: Thu Jan 12 21:29:12 2006 Subject: MCP checks for outgoing only Message-ID: Julian, I think you didnt see the MCP config in the e-mail. Yes ! i am aware that spam actions have nothing to do with MCP. >MCP Actions = deliver user@domain.com is what i have in the MCP actions and i still the behaviour mentioned earlier. Thanks Venkata Achanta ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Mar 31 18:55:51 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:12 2006 Subject: MCP checks for outgoing only Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] You realise that those MCP actions will deliver the mail to the original recipient as well as forward it to user@domain.com. Venkata Achanta wrote: >Julian, > >I think you didnt see the MCP config in the e-mail. > >Yes ! i am aware that spam actions have nothing to do with MCP. > > > >>MCP Actions = deliver user@domain.com >> >> >is what i have in the MCP actions and i still the behaviour mentioned >earlier. > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vlad at MAZEK.COM Thu Mar 31 19:00:34 2005 From: vlad at MAZEK.COM (Vlad Mazek) Date: Thu Jan 12 21:29:12 2006 Subject: I MUST be missing something.... Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Are you able to get clamav and sweep to scan the file outside of MailScanner? Its very unusual to see MailScnner prune the second it processes the message. -Vlad Chris Trudeau wrote: >These are all rules files, checked to make sure they are in fact in place and syntactically correct. They are and the default in each is set to "store". ( I do this for learning later) (these rules files are actually copied from a production MailScanner running) > >Here is debug output from the message processing: > >Mar 31 11:23:12 mta04 sendmail[9289]: j2VGMneZ009289: from=chris.trudeau@gmail.com, size=9, class=0, nrcpts=1, msgid=<200503311623.j2VGMneZ009289@host.domain.com>, proto=SMTP , proto=SMTP> , daemon=MTA, relay=localhost.localdomain [127.0.0.1] >Mar 31 11:23:12 mta04 sendmail[9289]: j2VGMneZ009289: to=chris.trudeau@domain.com, delay=00:00:06, mailer=smtp, pri=30009, stat=queued >Mar 31 11:23:13 mta04 MailScanner[9287]: New Batch: Scanning 1 messages, 613 bytes >Mar 31 11:23:13 mta04 MailScanner[9287]: Created attachment dirs for 1 messages >Mar 31 11:23:13 mta04 MailScanner[9287]: Spam Checks: Starting >Mar 31 11:23:13 mta04 MailScanner[9287]: Virus and Content Scanning: Starting >Mar 31 11:23:13 mta04 MailScanner[9287]: Commencing scanning by clamavmodule... >Mar 31 11:23:13 mta04 MailScanner[9287]: Completed scanning by clamavmodule >Mar 31 11:23:13 mta04 MailScanner[9287]: Config: calling custom end function ByDomainSpamWhitelist >Mar 31 11:23:13 mta04 MailScanner[9287]: Closing down by-domain spam whitelist >Mar 31 11:23:13 mta04 MailScanner[9287]: MailScanner child dying of old age > > >Might be important to note (not sure if it is) but the system is running CentOS 3.4 (64-bit) on Athlon 3300 (64-bit). > >CT > > > -----Original Message----- > From: Julian Field [mailto:MailScanner@ECS.SOTON.AC.UK] > Sent: Thu 3/31/2005 8:46 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Cc: > Subject: Re: I MUST be missing something.... > > > > What are your > Non-Spam Actions > Spam Actions > High Scoring Spam Actions > set to? > > Chris Trudeau wrote: > > > Just installed 4.39.6. With Sophos/Clamav Have tried starting in > > debug mode > > > > and everything seems fine....messages are received, and it appears > > that MailScanner launches and starts to scan, but never finishes. > > > > > > > > No listing of the mqueue, mqueue.in or incoming directories show any > > files at all, the message just seems to vanish. > > > > > > > > Below are log entries of what I am seeing, the sendmail MTS receives > > the message and MailScanner picksup the queue, then nothing. No > > delivery, no spam report nothing...and yep have logging for SPAM > > report turned on. > > > > Any idea where to look? > > > > > > > > Mar 31 06:18:09 mta04 sendmail[7172]: j2VBHZ5k007172: > > > > from=chris.trudeau@gmail.com, size=15, class=0, nrcpts=1, > > msgid=<200503311118.j2VBHZ5k007172@host.domain.com>, proto=SMTP, > > daemon=MTA, relay=client.domain.net [111.222.333.444] > > > > Mar 31 06:18:09 mta04 sendmail[7172]: j2VBHZ5k007172: > > > > to=chris.trudeau@domain.com, delay=00:00:09, mailer=smtp, pri=30015, > > stat=queued > > > > Mar 31 06:18:10 mta04 MailScanner[7173]: New Batch: Scanning 1 > > Messages, 658 bytes > > > > Mar 31 06:18:10 mta04 MailScanner[7173]: Spam Checks: Starting > > > > Mar 31 06:18:10 mta04 MailScanner[7173]: Virus and Content > > > > Scanning: Starting > > > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by DefendMail, and is > believed to be clean. > > > > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vachanta at GMAIL.COM Thu Mar 31 19:07:32 2005 From: vachanta at GMAIL.COM (Venkata Achanta) Date: Thu Jan 12 21:29:12 2006 Subject: MCP checks for outgoing only Message-ID: Yes! i do reliase that only the e-mail that contain the MCP material should be forwarded to user@domain.com but the problem i am having is all the incoming and outgoing messages are also being fw'ded to user@domain.com instead of the e-mail that just qualifies for MCP. OR is it not built that way ? From webalizer at NWCWEB.COM Thu Mar 31 19:31:27 2005 From: webalizer at NWCWEB.COM (Dave Duffner - PSCGi) Date: Thu Jan 12 21:29:12 2006 Subject: Julian, [SA-SPAM] and the lovely AWL Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field > Sent: Thursday, March 31, 2005 12:56 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: [SA-SPAM] Re: MCP checks for outgoing only Ok, finally some sanity! Note the original reply from Julian that was tagged once again my Spamassassin. For the FIRST time, it's not from the AWL! This is more an SA issue and for reference sake here for those about as insane as I am from screwing with the autowhitelist (AWL) settings. If you've ever run your MS/SA setup with AWL ON, then it's been building up an AWL file in each of your user's filebases. One would've thought a more collective database might make more sense, but on large volume systems I'm not sure if lookups individually would work faster than from a collective AWL situation. Small systems, the individual approach makes more sense for speed. So I went through changing all the locations where the AWL should be disabled, saw in our headers is was disabled, but yet it would randomly tag mail with an SA AWL score of insane positive proportions. Sadly Julian seemed to be a fixation for this install, if there's a post from him - tagged. With no responses here as to how to 'flush' the AWL, figuring it's turned off but pulling info from somewhere, I set out yesterday to dig through tons of SA/AWL pages on the Net. Finally, I located something somewhat irrelevant to our situation, but that led me to find those individual AWL databases. They are in each domain's user file section, once inside their account zone it's /.spamassassin and located down inside. Simply called auto-whitelist. I went into the account I use for this List and found that file, renamed it to the point it'd never be located by SA and DONE! Only reason Julian's post today was tagged was other config items in the rulesets that trigger him slightly over the limit and earn the [SA-SPAM] tag we assign. Easily fixable. So the bad news is once you kill the AWL feature, if you had it running for any period of time you must go in and either delete that AWL file for each user in each domain on your box, or rename it so it can't be found. Now, the only other problem that IS MailScanner related and has been mentioned here in the last week is that Julian posted several times today and only ONE of those was scanned by MS/SA? I see MS tags for SpamCheck, gives no results, but it's either passing the mail on as OK and then not allowing SA to touch it or it's just mod'ing the header with MS info and never processing it? We've seen that on a slew of mail, appears it's missing like 25% of the traffic. Doesn't sound right. We did insert this List into the 'don't touch' conf files, but that's also applied at what appears to be random. Any thoughts? Dave I--I Message scanned by MailScanner, and is believed to be clean. CONFIDENTIALITY NOTICE: This transmission intended for the specified destination and person. If this is not you, this e-mail must be deleted immediately. www.pscginternet.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Mar 31 19:41:15 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:12 2006 Subject: Julian, [SA-SPAM] and the lovely AWL Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Are you using the bogus anti-virus warnings ruleset for SpamAssassin? If so, mail from me will tend to be detected as spam as the patterns just look for "mailscanner" in the From: address. There are a whole load of rules to zero out, they are score VIRUS_WARNING15 0 score VIRUS_WARNING28 0 score VIRUS_WARNING33 0 score VIRUS_WARNING62 0 score VIRUS_WARNING66 0 score VIRUS_WARNING226 0 score VIRUS_WARNING250 0 score VIRUS_WARNING300 0 score VIRUS_WARNING326 0 score VIRUS_WARNING339 0 score VIRUS_WARNING340 0 The AWL files used by MailScanner's SpamAssassin should be in ~root/.spamassassin if you are running MailScanner as root. If not, then insert the appropriate username. They should be with your bayes files. Dave Duffner - PSCGi wrote: >>-----Original Message----- >>From: MailScanner mailing list >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>Sent: Thursday, March 31, 2005 12:56 PM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: [SA-SPAM] Re: MCP checks for outgoing only >> >> > > Ok, finally some sanity! > > Note the original reply from Julian that was tagged >once again my Spamassassin. For the FIRST time, it's not >from the AWL! > > This is more an SA issue and for reference sake here >for those about as insane as I am from screwing with the >autowhitelist (AWL) settings. > > If you've ever run your MS/SA setup with AWL ON, then >it's been building up an AWL file in each of your user's >filebases. One would've thought a more collective database >might make more sense, but on large volume systems I'm not >sure if lookups individually would work faster than from a >collective AWL situation. Small systems, the individual >approach makes more sense for speed. > > So I went through changing all the locations where >the AWL should be disabled, saw in our headers is was >disabled, but yet it would randomly tag mail with an SA >AWL score of insane positive proportions. Sadly Julian >seemed to be a fixation for this install, if there's a >post from him - tagged. > > With no responses here as to how to 'flush' the AWL, >figuring it's turned off but pulling info from somewhere, >I set out yesterday to dig through tons of SA/AWL pages >on the Net. Finally, I located something somewhat irrelevant >to our situation, but that led me to find those individual >AWL databases. They are in each domain's user file section, >once inside their account zone it's /.spamassassin and >located down inside. Simply called auto-whitelist. > > I went into the account I use for this List and >found that file, renamed it to the point it'd never be >located by SA and DONE! > > Only reason Julian's post today was tagged was other >config items in the rulesets that trigger him slightly over >the limit and earn the [SA-SPAM] tag we assign. Easily >fixable. So the bad news is once you kill the AWL feature, >if you had it running for any period of time you must go >in and either delete that AWL file for each user in each >domain on your box, or rename it so it can't be found. > > Now, the only other problem that IS MailScanner >related and has been mentioned here in the last week is >that Julian posted several times today and only ONE of >those was scanned by MS/SA? I see MS tags for SpamCheck, >gives no results, but it's either passing the mail on as >OK and then not allowing SA to touch it or it's just mod'ing >the header with MS info and never processing it? We've >seen that on a slew of mail, appears it's missing like 25% >of the traffic. Doesn't sound right. > > We did insert this List into the 'don't touch' conf >files, but that's also applied at what appears to be random. > > Any thoughts? > > Dave > > >I--I >Message scanned by MailScanner, and is believed to be clean. >CONFIDENTIALITY NOTICE: This transmission intended for the >specified destination and person. If this is not you, this >e-mail must be deleted immediately. www.pscginternet.com > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Thu Mar 31 19:48:08 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:29:12 2006 Subject: Postfix 2.2 and hashed mail queues Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian As of Postfix 2.2 Wietse has decided that it is no longer a requirement for Postfix to run hashed mail queues (Because of advances in file systems). MailScanner insists on finding hashed queue files. Now while it is possible to tell Postfix to hash incoming and deferred (As required by MS) but Postfix only makes the hash directories based on the incoming mail messages, e.g. message 0xxxxxxxxxx arrives, hash directory /var/spool/postfix/incoming/0 is created, no others. In the mean time MailScanner is throwing out errors to log and is not processing mail until it finds all the hash directories. Even if I make them manually, when I stop and start or even re-load Postfix they are removed. Is there any way that you could get MS to check which type of queue it has and process accordingly? I have had to roll back to Postfix 2.1.5 just to get mail moving. Thanks Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Mar 31 19:59:06 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:12 2006 Subject: Postfix 2.2 and hashed mail queues Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I need to expand it to support a hash queue depth of 0. This won't happen in time for the April release (not enough time for testing) but I will work on it as soon as I can. Drew Marshall wrote: > Julian > > As of Postfix 2.2 Wietse has decided that it is no longer a > requirement for Postfix to run hashed mail queues (Because of advances > in file systems). MailScanner insists on finding hashed queue files. > Now while it is possible to tell Postfix to hash incoming and deferred > (As required by MS) but Postfix only makes the hash directories based > on the incoming mail messages, e.g. message 0xxxxxxxxxx arrives, hash > directory /var/spool/postfix/incoming/0 is created, no others. In the > mean time MailScanner is throwing out errors to log and is not > processing mail until it finds all the hash directories. Even if I > make them manually, when I stop and start or even re-load Postfix they > are removed. > > Is there any way that you could get MS to check which type of queue it > has and process accordingly? I have had to roll back to Postfix 2.1.5 > just to get mail moving. > > Thanks > > Drew > > -- > In line with our policy , this > message has been scanned for > viruses and dangerous content by MailScanner > , and is > believed to be clean. ------------------------ MailScanner list > ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From chris at TRUDEAU.ORG Thu Mar 31 19:53:01 2005 From: chris at TRUDEAU.ORG (Chris Trudeau) Date: Thu Jan 12 21:29:12 2006 Subject: I MUST be missing something.... Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Yep... [root@host bin]# ./clamscan /etc/hosts /etc/hosts: OK ----------- SCAN SUMMARY ----------- Known viruses: 32281 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 0.00 MB I/O buffer size: 131072 bytes Time: 0.329 sec (0 m 0 s) I disabled Sophos in the itnerest of eliminating the problem. I also downgraded mailscanner thinking it might be an install issue...same thing running 4.39.5. In thinking along these lines, I also disabled clamavmodule and all virus scanning altogether. Same response. I am wondering if there is something goofy going on with my 64-bit OS...seems that it shouldn';t matter, but it seems to. Any help? CT -----Original Message----- From: Vlad Mazek [mailto:vlad@MAZEK.COM] Sent: Thu 3/31/2005 1:00 PM To: MAILSCANNER@JISCMAIL.AC.UK Cc: Subject: Re: I MUST be missing something.... Are you able to get clamav and sweep to scan the file outside of MailScanner? Its very unusual to see MailScnner prune the second it processes the message. -Vlad Chris Trudeau wrote: >These are all rules files, checked to make sure they are in fact in place and syntactically correct. They are and the default in each is set to "store". ( I do this for learning later) (these rules files are actually copied from a production MailScanner running) > >Here is debug output from the message processing: > >Mar 31 11:23:12 mta04 sendmail[9289]: j2VGMneZ009289: from=chris.trudeau@gmail.com, size=9, class=0, nrcpts=1, msgid=<200503311623.j2VGMneZ009289@host.domain.com>, proto=SMTP , proto=SMTP> , daemon=MTA, relay=localhost.localdomain [127.0.0.1] >Mar 31 11:23:12 mta04 sendmail[9289]: j2VGMneZ009289: to=chris.trudeau@domain.com, delay=00:00:06, mailer=smtp, pri=30009, stat=queued >Mar 31 11:23:13 mta04 MailScanner[9287]: New Batch: Scanning 1 messages, 613 bytes >Mar 31 11:23:13 mta04 MailScanner[9287]: Created attachment dirs for 1 messages >Mar 31 11:23:13 mta04 MailScanner[9287]: Spam Checks: Starting >Mar 31 11:23:13 mta04 MailScanner[9287]: Virus and Content Scanning: Starting >Mar 31 11:23:13 mta04 MailScanner[9287]: Commencing scanning by clamavmodule... >Mar 31 11:23:13 mta04 MailScanner[9287]: Completed scanning by clamavmodule >Mar 31 11:23:13 mta04 MailScanner[9287]: Config: calling custom end function ByDomainSpamWhitelist >Mar 31 11:23:13 mta04 MailScanner[9287]: Closing down by-domain spam whitelist >Mar 31 11:23:13 mta04 MailScanner[9287]: MailScanner child dying of old age > > >Might be important to note (not sure if it is) but the system is running CentOS 3.4 (64-bit) on Athlon 3300 (64-bit). > >CT > > > -----Original Message----- > From: Julian Field [mailto:MailScanner@ECS.SOTON.AC.UK] > Sent: Thu 3/31/2005 8:46 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Cc: > Subject: Re: I MUST be missing something.... > > > > What are your > Non-Spam Actions > Spam Actions > High Scoring Spam Actions > set to? > > Chris Trudeau wrote: > > > Just installed 4.39.6. With Sophos/Clamav Have tried starting in > > debug mode > > > > and everything seems fine....messages are received, and it appears > > that MailScanner launches and starts to scan, but never finishes. > > > > > > > > No listing of the mqueue, mqueue.in or incoming directories show any > > files at all, the message just seems to vanish. > > > > > > > > Below are log entries of what I am seeing, the sendmail MTS receives > > the message and MailScanner picksup the queue, then nothing. No > > delivery, no spam report nothing...and yep have logging for SPAM > > report turned on. > > > > Any idea where to look? > > > > > > > > Mar 31 06:18:09 mta04 sendmail[7172]: j2VBHZ5k007172: > > > > from=chris.trudeau@gmail.com, size=15, class=0, nrcpts=1, > > msgid=<200503311118.j2VBHZ5k007172@host.domain.com>, proto=SMTP, > > daemon=MTA, relay=client.domain.net [111.222.333.444] > > > > Mar 31 06:18:09 mta04 sendmail[7172]: j2VBHZ5k007172: > > > > to=chris.trudeau@domain.com, delay=00:00:09, mailer=smtp, pri=30015, > > stat=queued > > > > Mar 31 06:18:10 mta04 MailScanner[7173]: New Batch: Scanning 1 > > Messages, 658 bytes > > > > Mar 31 06:18:10 mta04 MailScanner[7173]: Spam Checks: Starting > > > > Mar 31 06:18:10 mta04 MailScanner[7173]: Virus and Content > > > > Scanning: Starting > > > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by DefendMail, and is > believed to be clean. > > > > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by DefendMail, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by DefendMail, and is believed to be clean. From drew at THEMARSHALLS.CO.UK Thu Mar 31 20:02:44 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:29:12 2006 Subject: Postfix 2.2 and hashed mail queues Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > I need to expand it to support a hash queue depth of 0. This won't > happen in time for the April release (not enough time for testing) but I > will work on it as soon as I can. Brilliant, thanks D -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From webalizer at NWCWEB.COM Thu Mar 31 20:16:35 2005 From: webalizer at NWCWEB.COM (Dave Duffner - PSCGi) Date: Thu Jan 12 21:29:12 2006 Subject: [SA-SPAM] Re: Julian, [SA-SPAM] and the lovely AWL Message-ID: Julian, In the case of the Virus stuff, yep we're using a heavily modified version that is assigning some points, but not enough to cause the tag in this specific case. There's two other rogue tags for .biz & .info that are coming up, but those are easily handled (or just eliminated as they're really not as accurate as they used to be when they were created originally with the expansion of the TLD's of late). On the AWL, at least in Ensim Pro's outlay it's got them in the individual user files. Went for the root thing awhile back, couldn't find it, checked again recently, same thing. But once I found the potential pathway to the individual users, there it was with those Bayes files as well. On straight server setups without an HSP hosting software like Enism, cPanel, Plesk, etc. or potentially a straight install without someone like Ensim mucking it up, it should have been a large-scale gang file. In Ensim's case, since many things are chroot'ed to the point of insanty (for the sake of security?) they implemented a MailScanner/SA/ClamAV package into the latest 4.XX revisions that gives the individual users some control over what happens to the spam. Since that's the case, it creates individual profiles, Bayes, AWL's and the rest of the goodies. Not saying it's the best layout, but it's what we've got to work with. Would have rather installed it from scratch, but Ensim has a way of producing destructive updates that find installs (no matter where they came from) and obliterating them to replace it with their packaged goodies. I believe cPanel & Plesk are much more forgiving in this sense, but have tradeoffs vs. Ensim. Misconfigured or ignorant rulesets we can deal with easily. The rampant and non-configurable AWL averaging system is the one that needs a swift kick! But at least there's a way to disarm it and move forward. But again, that's an SA issue. Any thoughts on the random MS scanning of packets though? Thanks! Dave > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field > Sent: Thursday, March 31, 2005 1:41 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: [SA-SPAM] Re: Julian, [SA-SPAM] and the lovely AWL > > > Are you using the bogus anti-virus warnings ruleset for > SpamAssassin? If so, mail from me will tend to be detected as > spam as the patterns just look for "mailscanner" in the From: > address. There are a whole load of rules to zero out, they are > score VIRUS_WARNING15 0 > score VIRUS_WARNING28 0 > score VIRUS_WARNING33 0 > score VIRUS_WARNING62 0 > score VIRUS_WARNING66 0 > score VIRUS_WARNING226 0 > score VIRUS_WARNING250 0 > score VIRUS_WARNING300 0 > score VIRUS_WARNING326 0 > score VIRUS_WARNING339 0 > score VIRUS_WARNING340 0 > > The AWL files used by MailScanner's SpamAssassin should be in > ~root/.spamassassin if you are running MailScanner as root. > If not, then insert the appropriate username. They should be > with your bayes files. > > Dave Duffner - PSCGi wrote: > > >>-----Original Message----- > >>From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > >>Behalf Of Julian Field > >>Sent: Thursday, March 31, 2005 12:56 PM > >>To: MAILSCANNER@JISCMAIL.AC.UK > >>Subject: [SA-SPAM] Re: MCP checks for outgoing only > >> > >> > > > > Ok, finally some sanity! > > > > Note the original reply from Julian that was tagged > once again > >my Spamassassin. For the FIRST time, it's not from the AWL! > > > > This is more an SA issue and for reference sake here > for those > >about as insane as I am from screwing with the autowhitelist (AWL) > >settings. > > > > If you've ever run your MS/SA setup with AWL ON, > then it's been > >building up an AWL file in each of your user's filebases. > One would've > >thought a more collective database might make more sense, > but on large > >volume systems I'm not sure if lookups individually would > work faster > >than from a collective AWL situation. Small systems, the individual > >approach makes more sense for speed. > > > > So I went through changing all the locations where > >the AWL should be disabled, saw in our headers is was > disabled, but yet > >it would randomly tag mail with an SA AWL score of insane positive > >proportions. Sadly Julian seemed to be a fixation for this > install, if > >there's a post from him - tagged. > > > > With no responses here as to how to 'flush' the AWL, > figuring > >it's turned off but pulling info from somewhere, I set out > yesterday to > >dig through tons of SA/AWL pages on the Net. Finally, I located > >something somewhat irrelevant to our situation, but that led > me to find > >those individual AWL databases. They are in each domain's user file > >section, once inside their account zone it's /.spamassassin and > >located down inside. Simply called auto-whitelist. > > > > I went into the account I use for this List and > >found that file, renamed it to the point it'd never be > >located by SA and DONE! > > > > Only reason Julian's post today was tagged was other config > >items in the rulesets that trigger him slightly over the > limit and earn > >the [SA-SPAM] tag we assign. Easily fixable. So the bad > news is once > >you kill the AWL feature, if you had it running for any > period of time > >you must go in and either delete that AWL file for each user in each > >domain on your box, or rename it so it can't be found. > > > > Now, the only other problem that IS MailScanner > related and has > >been mentioned here in the last week is that Julian posted several > >times today and only ONE of those was scanned by MS/SA? I > see MS tags > >for SpamCheck, gives no results, but it's either passing the > mail on as > >OK and then not allowing SA to touch it or it's just mod'ing > >the header with MS info and never processing it? We've > >seen that on a slew of mail, appears it's missing like 25% > >of the traffic. Doesn't sound right. > > > > We did insert this List into the 'don't touch' conf > files, but > >that's also applied at what appears to be random. > > > > Any thoughts? > > > > Dave > > > > > >I--I > >Message scanned by MailScanner, and is believed to be clean. > >CONFIDENTIALITY NOTICE: This transmission intended for the > specified > >destination and person. If this is not you, this > >e-mail must be deleted immediately. www.pscginternet.com > > > >------------------------ MailScanner list > ------------------------ To > >unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > >mailscanner' in the body of the email. Before posting, read the MAQ > >(http://www.mailscanner.biz/maq/) and the archives > >(http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > >Support MailScanner development - buy the book off the website! > > > > > > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' > in the body of the email. Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > I--I > Message scanned by MailScanner, and is believed to be clean. > CONFIDENTIALITY NOTICE: This transmission intended for the > specified destination and person. If this is not you, this > e-mail must be deleted immediately. www.pscginternet.com > I--I Message scanned by MailScanner, and is believed to be clean. CONFIDENTIALITY NOTICE: This transmission intended for the specified destination and person. If this is not you, this e-mail must be deleted immediately. www.pscginternet.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From SJCJonker at SJC.NL Thu Mar 31 20:18:45 2005 From: SJCJonker at SJC.NL (Stijn Jonker) Date: Thu Jan 12 21:29:12 2006 Subject: Newlines (\n) in subjects Message-ID: [ The following text is in the "ISO-8859-15" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello all, First of all: I know this has been discussed recently but I can't find it in the jiscmail archives. It seems that MailScanner is inserting a \n in subject lines somewhere around char 80, I tried to dig the source on how to disable this, but unfortunaly I couldn't find it. Is there a way to disable this, as with some emails the subject is used as content for an SMS in which a \n is kind of annoying.. Stijn -- Met Vriendelijke groet/Yours Sincerely Stijn Jonker ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Mar 31 20:27:10 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:12 2006 Subject: Postfix 2.2 and hashed mail queues Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Please can you try out these 2 for me? I haven't got the latest Postfix installed, and it won't let me set hash_queue_depth=0 They should still work with depth 1 and 2 (but please also test that with an older version of Postfix), but should now work with depth 0 (but I haven't been able to test that). Drew Marshall wrote: > Julian Field wrote: > >> I need to expand it to support a hash queue depth of 0. This won't >> happen in time for the April release (not enough time for testing) but I >> will work on it as soon as I can. > > > Brilliant, thanks > > D > > -- > In line with our policy, this message has > been scanned for viruses and dangerous > content by MailScanner, and is believed to be clean. > www.themarshalls.co.uk/policy > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/X-GZIP 9.1KB. ] [ Unable to print this part. ] [ Part 3, Application/X-GZIP 17KB. ] [ Unable to print this part. ] From suporte at SETINET.COM.BR Thu Mar 31 18:26:33 2005 From: suporte at SETINET.COM.BR (Suporte SETi) Date: Thu Jan 12 21:29:12 2006 Subject: Wrong Block Attach Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Why some times my MailScanner block a attach wrong? The real file is 'PRICE M_FNE.ppt' but its blocked because their name list other thing.... iso-8859-1?Q?PRICE_M ..... --- HERE OK Mar 31 14:00:14 internet MailScanner[5720]: Filename Checks: Attach not permited (440065 Rrt 50.lnk) HERE NOT OK Mar 31 14:43:59 internet MailScanner[5748]: Filename Checks: Attach not permited (440069 =?iso-8859-1?Q?PRICE_M=C3ES_FNE.ppt?=) Saved infected "Price M_FNE.ppt" to /var/spool/MailScanner/quarantine/20050331/440069 -------------------------------------------------------------------- Esta mensagem foi verificada pelo sistema de anti-vírus e anti-spam. Seti Segurança e Tecnologia na Internet - suporte@setinet.com.br ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From remy at UNIX-ASP.COM Thu Mar 31 20:19:41 2005 From: remy at UNIX-ASP.COM (Remy de Ruysscher) Date: Thu Jan 12 21:29:12 2006 Subject: Postfix 2.2 and hashed mail queues Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Drew, Thank your for bringing up this question, I was about to ask the same thing. I've found a temporary workaround which seems to work quite well. add these lines to main.cf hash_queue_depth = 2 hash_queue_names = defer, deferred, hold and make sure you have a cronjob something like this: # Remy - Postfix 2.2 / Mailscanner workaround */5 * * * * root test -x /usr/local/sbin/postfix && /usr/local/sbin/postfix reload */5 * * * * root test -x /usr/local/sbin/postqueue && /usr/local/sbin/postqueue -f Let me know if this works for you. Regards, Remy Drew Marshall wrote: Julian As of Postfix 2.2 Wietse has decided that it is no longer a requirement for Postfix to run hashed mail queues (Because of advances in file systems). MailScanner insists on finding hashed queue files. Now while it is possible to tell Postfix to hash incoming and deferred (As required by MS) but Postfix only makes the hash directories based on the incoming mail messages, e.g. message 0xxxxxxxxxx arrives, hash directory /var/spool/postfix/incoming/0 is created, no others. In the mean time MailScanner is throwing out errors to log and is not processing mail until it finds all the hash directories. Even if I make them manually, when I stop and start or even re-load Postfix they are removed. Is there any way that you could get MS to check which type of queue it has and process accordingly? I have had to roll back to Postfix 2.1.5 just to get mail moving. Thanks Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- met vriendelijke groet / with kind regards, Remy de Ruysscher remy@unix-asp.com ---- Microsoft: Where do you want to go today? Linux: Where do you want to go tomorrow? FreeBSD: Are you guys coming or what? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 3.9KB. ] [ Unable to print this part. ] From MailScanner at ecs.soton.ac.uk Thu Mar 31 20:58:49 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:29:12 2006 Subject: Postfix 2.2 and hashed mail queues Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have just tried this out with hash queue depth of 1 (with Postfix 2.1) and 0 (with Postfix 2.2) and it appears to work okay. But please test it some more! I aim to release tomorrow or Saturday. Julian Field wrote: > Please can you try out these 2 for me? > > I haven't got the latest Postfix installed, and it won't let me set > hash_queue_depth=0 > > They should still work with depth 1 and 2 (but please also test that > with an older version of Postfix), but should now work with depth 0 (but > I haven't been able to test that). > > Drew Marshall wrote: > >> Julian Field wrote: >> >>> I need to expand it to support a hash queue depth of 0. This won't >>> happen in time for the April release (not enough time for testing) >>> but I >>> will work on it as soon as I can. >> >> >> >> Brilliant, thanks >> >> D >> >> -- >> In line with our policy, this message has >> been scanned for viruses and dangerous >> content by MailScanner, and is believed to be clean. >> www.themarshalls.co.uk/policy >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vlad at MAZEK.COM Thu Mar 31 22:22:32 2005 From: vlad at MAZEK.COM (Vlad Mazek) Date: Thu Jan 12 21:29:12 2006 Subject: I MUST be missing something.... Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I am not sure what to tell you about the OS, we do have a number of systems on the 64 bit platform and none of them complain. -Vlad Chris Trudeau wrote: >Yep... > >[root@host bin]# ./clamscan /etc/hosts >/etc/hosts: OK >----------- SCAN SUMMARY ----------- >Known viruses: 32281 >Scanned directories: 0 >Scanned files: 1 >Infected files: 0 >Data scanned: 0.00 MB >I/O buffer size: 131072 bytes >Time: 0.329 sec (0 m 0 s) > >I disabled Sophos in the itnerest of eliminating the problem. I also downgraded mailscanner thinking it might be an install issue...same thing running 4.39.5. > >In thinking along these lines, I also disabled clamavmodule and all virus scanning altogether. Same response. > >I am wondering if there is something goofy going on with my 64-bit OS...seems that it shouldn';t matter, but it seems to. Any help? > >CT > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From nats at SSCRMNL.EDU.PH Wed Mar 2 02:44:17 2005 From: nats at SSCRMNL.EDU.PH (nats) Date: Thu Jan 12 21:29:35 2006 Subject: problem after upgraded to 4.39 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, I just upgrade MailScanner to 4-39.5-1 and when i start MAilScanner, it complains about HTML/TokeParser.pm, is this a sign of bad perl compiler? (ie two instances), i just get rid of the perl binary 5.8.5 and replaces with the old perl 5.8.0, but still i have the same problem. i install HTML::TokeParser from cpan and i have this failed tests t/entities.t t/headparser.t t/uentities.t anyone have an idea on how to work with kind of prob? Thanks in advance Nats -- All messages that are coming from this domain is certified to be virus and spam free. If ever you have received any virus infected content or spam, please report it to the internet administrator of this domain nats@sscrmnl.edu.ph ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website!